Forum Thread: Daily CYBERCLIPS March

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
Open Discussions

This thread has been marked as locked.
mogs Daily CYBERCLIPS March
Member 1st Mar, 2012 08:45
Ranking:
Posts: 6,279
User Since: 22nd Apr, 2009
System Score: N/A
Location: UK

Eighteenth Edition.

Thankyou for the support . Hope you find something of value/interest in the new thread. The new INDEX thread will follow shortly.
Please refrain from scoring on both threads.
Security is the mainstay of the thread with some related and varied topics.
Scroll down for the latest posts !!
Note; that no entry/post should be taken as a personal recommendation, unless otherwise stated.
Please continue to keep CYBERCLIPS free of junk and unattractive to any contentious individuals..
* Keep patching : up to date : be Cybersafe ! *

--

mogs CClip 1
Member 1st Mar, 2012 09:01
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 2
Member 1st Mar, 2012 09:04
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Microsoft opens doors to Metro app store for Windows 8
All apps are free for now; Windows Store accessible only with Windows 8 Consumer Preview

By Gregg Keizer

Computerworld - Microsoft today made good on its promise to open the doors to its Windows Store alongside the launch of the public Windows 8 preview.

Windows Store -- Microsoft's name for the app store-style distribution channel it's assigned as the sole source of Metro-style apps for Windows 8 -- requires the Consumer Preview that debuted earlier Wednesday.

Through the stretch between now and the release of Windows 8's final code -- most expect that milestone this fall in time for the holiday season -- all Windows Store apps will be free for the downloading and installing, Microsoft has said.

More at :-
http://www.computerworld.com/s/article/9224771/Mic...

--
Was this reply relevant?
+0
-0
mogs CClip 3
Member 1st Mar, 2012 09:22
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Beta Channel Update
Wednesday, February 29, 2012 | 16:19
Labels: Beta updates

The Beta channel has been updated to 18.0.1025.45 for Windows, Mac, Linux and Chrome Frame platforms

All
Fixed NTP signed in state is missing (Issue: 112676)
Fixed gmail seems to redraw itself (all white) occasionally (Issue: 111263)
Focus "OK" button on Javascript dialogs (Issue: 111015)
Fixed Back button frequently hangs (Issue: 93427)
Increase the buffer size to fix muted playback rate (Issue: 108239)
Fixed Empty span with line-height renders with non-zero height (Issue: 109811)
More details about additional changes are available in the svn log of all revisions. If you find a new issue, please let us know by filing a bug.

Karen Grunberg
Google Chrome

--
Was this reply relevant?
+0
-0
mogs CClip 3
Member 1st Mar, 2012 09:22
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Beta Channel Update
Wednesday, February 29, 2012 | 16:19
Labels: Beta updates

The Beta channel has been updated to 18.0.1025.45 for Windows, Mac, Linux and Chrome Frame platforms

All
Fixed NTP signed in state is missing (Issue: 112676)
Fixed gmail seems to redraw itself (all white) occasionally (Issue: 111263)
Focus "OK" button on Javascript dialogs (Issue: 111015)
Fixed Back button frequently hangs (Issue: 93427)
Increase the buffer size to fix muted playback rate (Issue: 108239)
Fixed Empty span with line-height renders with non-zero height (Issue: 109811)
More details about additional changes are available in the svn log of all revisions. If you find a new issue, please let us know by filing a bug.

Karen Grunberg
Google Chrome

--
Was this reply relevant?
+0
-0
mogs CClip 4
Member 1st Mar, 2012 09:31
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
More than half of organizations take months or years to discover a breach, Verizon says
Over 90 percent of data breaches are caused by external attacks, according to a new Verizon report
By Lucian Constantin | 01 March 12

Over 90 percent of data breaches are the result of external attacks and almost 60 percent of organizations discovered them months or years later, Verizon said in a report released at the RSA security conference on Wednesday.

Called the Verizon 2011 Investigative Response Caseload Review, it compiles statistics from 90 data breach cases investigated by the company's incident response team last year, and provides a preview of Verizon's larger annual report that will contain data collected from additional sources like national CERTs and law enforcement agencies.


http://www.pcadvisor.co.uk/news/security/3341281/m...

--
Was this reply relevant?
+0
-0
mogs CClip 5
Member 1st Mar, 2012 10:14
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Google implements privacy policy despite EU warning
The new privacy policy is rolling out around the world on 1 March

Internet company Google has gone ahead with its new privacy policy despite warnings from the EU that it might violate European law.

The change means private data collected by one Google service can be shared with its other platforms including YouTube, Gmail and Blogger.

Google said the new set-up would enable it to tailor search results better.

But data regulators in France have cast doubt on the legality of the move and launched a Europe-wide investigation.

Google has merged 60 guidelines for its individual sites into a single policy for all of its services.

France's privacy watchdog CNIL wrote to Google earlier this week, urging a "pause" in rolling out the revised policy.

"The CNIL and EU data authorities are deeply concerned about the combination of personal data across services," the regulator wrote.

"They have strong doubts about the lawfulness and fairness of such processing, and its compliance with European data protection legislation."

The regulator said it would send Google questions on the changes by mid-March.
'Strong as ever'
In response, Google's global privacy counsel Peter Fleischer said he was happy to answer any concerns CNIL had.

"As we've said several times over the past week, while our privacy policies will change on 1st March, our commitment to our privacy principles is as strong as ever," Mr Fleischer wrote in a blog post.

More at :-
http://www.bbc.co.uk/news/technology-17205754

--
Was this reply relevant?
+0
-0
mogs CClip 6
Member 1st Mar, 2012 16:59
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Trusteer Uncovers New Banking Malware

The malware uses live chat to trick users into signing and/or verifying fraudulent transactions.

Trusteer researchers recently found a new form of malware that exploits banking Web sites' live chat functionality.

"When people log in to their online banking site, this new malware, using a series of fake HTML and JavaScript injections, stalls their session and informs them 'security checks are being performed,'" writes SecurityNewsDaily's Matt Liebowitz.

"The site, using convoluted language, then tells victims: 'The system couldn't identify your PC. You will be contacted by a representative to confirm your personality. Please pass the process of additional verification otherwise your account will be locked. Sorry for any inconvenience, we are carrying about security of our clients,'" Liebowitz writes. "If the poor grammar doesn't raise a red flag, the malware attack then presents users with a live online chat session that allows the hackers to 'perform real time fraud by enticing the victim to sign/verify fraudulent transactions.'"

Go to "New Banking Malware Launches Fake Live Chat" to read the details.

http://www.esecurityplanet.com/malware/trusteer-wa...

--
Was this reply relevant?
+0
-0
mogs CClip 7
Member 2nd Mar, 2012 08:31
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Windows 8 preview breaks 1M download mark in first 24 hours
Hints at stronger interest in Windows 8 than even 2009's hit, Windows 7

By Gregg Keizer
March 1, 2012 05:02 PM
Computerworld - Microsoft today announced that customers had downloaded more than 1 million copies of the Windows 8 Consumer Preview in its first day of availability.

The company released the preview Wednesday around 9:30 a.m. ET as Windows chief Steven Sinofsky was touting the new operating system's "no compromises" approach to integrating a touch-and-tablet user interface with the traditional Windows desktop.

"One day later...one million downloads of the consumer preview," said Microsoft in a tweet this morning from its Building Windows 8 Twitter account.

More at :-
http://www.computerworld.com/s/article/9224816/Win...

--
Was this reply relevant?
+0
-0
mogs CClip 8
Member 2nd Mar, 2012 08:41
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 9
Member 2nd Mar, 2012 09:24
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Can the Internet Be Made Trustworthy?

Speaking at RSA Conference 2012, the CEO of Qualys points to SSL flaws, malware in third-party ads, and insecure browsers as signs that the Internet needs a fundamental overhaul of trustworthiness.

By Sean Michael Kerner | March 01, 2012

The year 2011 was full of data breaches -- and 2012 may well be even worse, according to Qualys CEO Philippe Courtot.

Courtot delivered a keynote address at the RSA security conference in San Francisco on Wednesday, outlining his views on the need for a more effective approach to security. He also officially launched a new movement to help bring more trust to the Internet.

"The biggest challenge is the trustworthiness of the Internet itself," Courtot said.

The issue of trust comes down to multiple factors that Qualys has helped to quantify. One issue highlighted by Courtot is the problem with SSL trust. SSL is widely used to secure transactions across the Internet. A new study that is currently underway from Qualys has already scanned 1.4 million websites and has found some surprising risks: According to Qualys, 54 percent of the sites scanned so far are still using SSL 2.0 -- a security protocol that Courtot noted was broken in 1995, a full 17 years ago.

Upgrading servers to take advantage of newer security protocols is relatively easy, according to Courtot. The more difficult problem to solve is the issue of SSL governance. Currently there are approximately 650 SSL Certificate Authorities that lack adequate governance and oversight. The issue of Certificate Authority security came to light last year with the breach of certificate authority DigiNotar, which resulted in invalid SSL certificates being issued and used.

Read more at :-
http://www.esecurityplanet.com/network-security/in...

--
Was this reply relevant?
+0
-0
mogs CClip 10
Member 2nd Mar, 2012 09:28
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Symantec IDs New Banking Trojan

Trojan.Neloweg operates in a manner similar to Zeus.

March 01, 2012
Symantec researchers are warning of a new banking Trojan that's infecting users in the UK and the Netherlands.

"Neloweg operates much like its more famous cybercrime toolkit predecessor ZeuS, but with a couple of subtle twists," writes The Register's John Leyden. "'Like Zeus, Neloweg can detect which site it is on and add custom JavaScript. But while Zeus uses an included configuration file, Neloweg stores this on a malicious webserver,' Symantec analyst Fred Gutierrez explains."

"The malware is designed to snatch online login credentials, primarily (but not exclusively) those for online banking sites," Leyden writes.

Go to "Tick-like banking Trojan drills into Firefox, sucks out info" to read the details.

http://www.esecurityplanet.com/malware/symantec-id...

--
Was this reply relevant?
+0
-0
mogs CClip 11
Member 2nd Mar, 2012 09:33
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Mozilla Collusion lets you see who is tracking you

Firefox add-on turns the tables on marketers
By Dave Neal
Thu Mar 01 2012, 15:23
SOFTWARE OUTFIT Mozilla has released an add-on to its Firefox web browser that lets users see where and how they are being tracked by advertisers.
Mozilla has vocally opposed advertisers tracking users and is a proponent of the 'do-not-track' campaign that carries weight with regulators as well as standards groups and privacy watchers.
Collusion is an experimental release for now, but should give web users a much better insight to the tracking that shadows their web browsing.
"Collusion is an experimental add-on for Firefox and allows you to see all the third parties that are tracking your movements across the Web," says Mozilla in its introductory material.
"It will show, in real time, how that data creates a spider-web of interaction between companies and other trackers."
The software was shown off at that technology showcase and forward thinking circus, the Technology

Read more at :-
http://www.theinquirer.net/inquirer/news/2156511/m...

--
Was this reply relevant?
+0
-0
mogs CClip 12
Member 2nd Mar, 2012 11:16
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
EU justice chief: Google is playing privacy 'games'
By David Meyer , 2 March, 2012 09:11
Daily Newsletters

EU justice commissioner Viviane Reding has attacked Google's decision to adopt a new unified privacy policy without waiting for data protection authorities to properly evaluate it.

Reding told the Guardian on Thursday that "we aren't playing games here", while suggesting Google was trying to "sneak" users' privacy away.

Google moved to the new policy on Thursday, allowing it to link up user data from various services such as search, YouTube and Gmail. The shift means, for example, that the user's choice of YouTube viewing may help shape Google Search results or the ads shown in their Gmail.

As long as users are logged into any Google service, they will not be able to opt out of having their data shared in this way.

More at :-
http://www.zdnet.co.uk/blogs/communication-breakdo...

--
Was this reply relevant?
+0
-0
mogs CClip 13
Member 2nd Mar, 2012 11:21
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 14
Member 2nd Mar, 2012 13:15
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Cyberterrorism threat shouldn't be underestimated, some security experts say
Terrorists currently use the Internet for communcation, but some of them also have knowledge of hacking
By Lucian Constantin | 02 March 12

Concern about cyberterrorism was evident this week among security experts at the RSA security conference in San Francisco, who find that some people with extremist views have the technical knowledge that could be used to hack into systems.

Cyberterrorism does not exist currently in a serious form, but some individuals with extremist views have displayed a significant level of knowledge of hacking, so the threat shouldn't be underestimated, said F-Secure's chief research officer Mikko Hypponen on Thursday at the RSA security conference in San Francisco .

Other security experts agree. "I think it's something that we should be concerned about. I wouldn't be surprised if 2012 is the year when we start seeing more cyberterrorism," said Mike Geide, a senior security analyst at security vendor Zscaler.

More at :-
http://www.pcadvisor.co.uk/news/security/3341676/c...

--
Was this reply relevant?
+0
-0
mogs CClip 15
Member 2nd Mar, 2012 13:30
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 16
Member 2nd Mar, 2012 16:21
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 17
Member 2nd Mar, 2012 16:31
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK

Windows 8: What you need to get started
What the Consumer Preview requires, where to get it, how to install it

By Gregg Keizer

Computerworld - Early yesterday, Microsoft shipped the Consumer Preview for Windows 8, the drastically different refresh of the venerable operating system.

Head Windows executive Steven Sinofsky took to a stage in Barcelona, Spain to again chant the "no compromises" mantra that Microsoft has used to label Windows 8, and with help from other employees, demonstrate some of the key features.

With some experts saying Microsoft was "betting the farm" on Windows 8, it wasn't a shock that Sinofsky calling the OS a "generational change."

He wasn't joking. Microsoft has made many fundamental changes to Windows, particularly in the user interface, or UI, to drag the OS into the touch and tablet world.

That may either only temporarily stump long-time users, or send them into a spitting frenzy.

With all that on the line, plenty of people will want to try out Windows 8 themselves to decide whether it's another hit like Windows 7 or a repeat of the Vista mess.

So, where do you get it, how do you install it and who do you go to for help?

You have questions? We have the answers. Some of them, anyway.

Read/see more at :-
http://www.computerworld.com/s/article/9224785/Win...

--
Was this reply relevant?
+0
-0
mogs CClip 18
Member 2nd Mar, 2012 22:32
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 19
Member 3rd Mar, 2012 13:04
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK

Google's Chrome drops share for second straight month
Web tracking firm Net Applications acknowledges it had over-counted Chrome's use

By Gregg Keizer
March 2, 2012
Computerworld - The browser battle returned to a kind of normalcy last month as Microsoft's Internet Explorer (IE), which had posted its largest-ever share increase in January, declined slightly in February.

And Google's Chrome fell for the second straight month in Web metrics firm Net Application's statistics as the company acknowledged it has been over-counting that browser's share for months.

Chrome's pre-rendering feature -- where the browser loads pages in the background that the user may view -- kicked off last August with version 13, and was enhanced in Chrome 17 that launched about a month ago.

As users type in search strings. whether at Google.com or in the browser's combined address bar/search field, dubbed the "omnibox," Google loads one or more hidden pages that it thinks the user will select from the ensuing search links.
Net Applications admitted that it had given Chrome a larger share than the browser deserved. "[Pre-rendering] creates unviewed visits that should not be counted in Chrome's usage share," said Net Applications on its website yesterday.

Starting with the data from February, Net Applications has adjusted Chrome's share -- which is derived from the page views attributed to the browser -- by tossing aside unused pre-loaded pages and counting only those the user actually sees.

More at :-
http://www.computerworld.com/s/article/9224841/Goo...

--
Was this reply relevant?
+0
-0
mogs CClip 20
Member 3rd Mar, 2012 13:13
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Hackers had 'full functional control' of Nasa computers

NASA said the loss of data did not affect the operations of the International Space Station

Hackers gained "full functional control" of key Nasa computers in 2011, the agency's inspector general has told US lawmakers.

Paul K Martin said hackers took over Jet Propulsion Laboratory (JPL) computers and "compromised the accounts of the most privileged JPL users".

He said the attack, involving Chinese IP addresses, was under investigation.

In a statement, Nasa said it had "made significant progress to protect the agency's IT systems".

Mr Martin's testimony on Nasa's cybersecurity was submitted to the House Committee on Science, Space and Technology's Subcommittee on Investigations and Oversight.

More at :-
http://www.bbc.co.uk/news/technology-17231695

--
Was this reply relevant?
+0
-0
mogs CClip 21
Member 3rd Mar, 2012 13:21
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Microsoft will chop Windows 8 into nine SKUs SOFTWARE REDEVELOPER Microsoft is expecting to release nine Windows 8 SKUs according to a registry entry in the consumer preview released on Wednesday.
Microsoft launched its Windows 8 consumer preview with much fanfare at MWC in Barcelona on Wednesday and later claimed that it was downloaded a million times in just 24 hours. With people poking around the operating system, it wasn't long before the chaps at Windows 8 Beta found references to nine Windows 8 SKUs.
According to Microsoft's registry entry there will be two Enterprise editions - one is purely for evaluation - plus Home Basic, Home Premium, Professional and Professional Plus editions, with Starter and Ultimate editions to top off the x86 offerings. There are no prizes for guessing that there will be an ARM version too, rounding off the set.

Read more at :-
http://www.theinquirer.net/inquirer/news/2156811/m...

--
Was this reply relevant?
+0
-0
mogs CClip 22
Member 3rd Mar, 2012 13:26
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 23
Member 4th Mar, 2012 08:27
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Expert on Recovery After an Iframe Injection Attack (Exclusive)

Seeing that a lot of websites are plagued with Iframe Injection vulnerabilities, independent security researcher Shadab Siddiqui made up an advisory to help website administrators recover their websites after such a security hole has been exploited. He also listed some safety measures that must be implemented in order to avoid such incidents.

Read more at :-
http://news.softpedia.com/news/Expert-on-How-to-Re...

--
Was this reply relevant?
+0
-0
mogs CClip 24
Member 4th Mar, 2012 08:33
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Speccy 1.16 Adds Support for Windows 8 Consumer Preview Piriform has just released a new revision for their system information tool, Speccy. The latest build does not feature too many changes, but adds support for Windows 8 Consumer Preview and some improvements.

Rearchitecting data loading order is on the list of the changes available in Speccy 1.16 and so are fixes for minor GUI issues.

As far as the improvements are concerned, the new build has bettered the exception handling for CPU and GFX sections. Also, detection of Admin Shares should be smoother now.

Another enhancement available refers to bug data collection and reporting from the users. This may be among the most important entries in the changelog, since users are the best feedback as far as the performance and functionality of the application is concerned.

You can download Speccy from this page; also available as a portable download.

http://news.softpedia.com/news/Speccy-1-16-Adds-Su...

--
Was this reply relevant?
+0
-0
mogs CClip 25
Member 4th Mar, 2012 09:13
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
A possible tip....of help to others.

I ran my usual monthly auto Windows backup two days ago......having got to the end of, the scan bar turned red....a message with an Error code appeared, stating that the file was corrupt and unreadable. I searched around for an error code explanation, but couldn't find anything specific.

The next day I decided to run CHKDSK.....It found one lost/orphaned file and three unindexed.
Ran Backup again and it completed successfully.
It's not the first time CHKDSK has appeared to save me much distress and searching !

mogs.

--
Was this reply relevant?
+0
-0
mogs CClip 26
Member 5th Mar, 2012 07:25
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 27
Member 5th Mar, 2012 08:04
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK

Diskeeper changes name, announces new product direction
Condusiv to focus on data optimization, recovery technology

By Lucas Mearian
March 5, 2012 12:01 AM ET1 Comment
Computerworld - After 31 years of doing business as Diskeeper, the disk defragmentation company announced today that it has changed its name to Condusiv Technologies and is working to reshape its product image.

Condusiv still offers disk defragmentation software, but the company will focus its marketing efforts on caching software for flash memory and a new version of its Undelete product.

"The company walked and talked like a disk defragmentation company," Condusiv CEO Jerry Baldwin said. "I had to take and change a market leading company that had gotten set in its ways and wasn't looking at the outside world or paying attention to its customers."

"I guess I'd have to say I redid everything ... to reposition its technology prowess and its direction in the marketplace," added Baldwin, who was appointed Diskeeper's CEO in September.

Baldwin said the company's ExpressCache software product, which is used in conjunction with solid state drives (SSD) to cache the most frequently used data on Windows 7 systems, is being used in the products made by five of the top seven PC system manufacturers. And, it will soon be in the products of the top nine PC manufacturers.

More at
http://www.computerworld.com/s/article/9224844/Dis...

--
Was this reply relevant?
+0
-0
mogs CClip 28
Member 6th Mar, 2012 09:03
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 29
Member 6th Mar, 2012 09:40
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK

Adobe patches Flash Player for second time in 20 days
Quashes two bugs as it applies new patch priority ranking for the first time

By Gregg Keizer

Computerworld - Adobe today patched a pair of critical vulnerabilities in Flash Player and told IT administrators to apply the update within 30 days.

The update was the second for Flash this year; Adobe last patched it less than three weeks ago.

"These vulnerabilities could cause a crash and potentially allow an attacker to take control of the affected system," Adobe acknowledged in an accompanying security advisory issued around 3 p.m. ET.

One of the bugs was a memory corruption vulnerability in Matrix3D -- an Adobe ActionScript class that determines the position of three-dimensional objects in Flash -- and, said Adobe, "could lead to code execution."

The second, less serious vulnerability, was labeled an "information disclosure" bug.

Unlike last month's Flash update, attackers have not yet begun exploiting these vulnerabilities, said Adobe.

More at :-
http://www.computerworld.com/s/article/9224885/Ado...

--
Was this reply relevant?
+0
-0
mogs CClip 30
Member 6th Mar, 2012 09:45
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 31
Member 6th Mar, 2012 22:03
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Stable Channel Update
Tuesday, March 6, 2012 | 09:50
Labels: Stable updates
The Chrome Stable channel has been updated to 17.0.963.66 on Windows, Mac, Linux and Chrome Frame. This release fixes an issue in the DOM. Interested in hopping on the stable channel? Find out how. If you find a new issue, please let us know by filing a bug.

Jason Kersey
Google Chrome


--
Was this reply relevant?
+0
-0
mogs CClip 32
Member 6th Mar, 2012 23:09
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 33
Member 6th Mar, 2012 23:15
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Kaspersky Internet Security Technical Preview The next security suite from Kaspersky popped up yesterday. It is a technological preview, intended for installation exclusively on Windows 8 Consumer Preview, so the stage of development is very early at this point.

Although Kaspersky Internet Security Technological Preview also runs on Windows 7, integration with Windows 8 Consumer Preview is deeper. In this sense, the user should be able to handle extending license terms, updating antivirus databases, activating various product features and deactivating the product itself from Windows.

The final form of this release should not hinder the performance of the PC and it should also move faster than previous builds. However, at the moment it is very likely to cause problems as there is plenty of work to be done.

Looks have barely changed, and some of the features have been reordered. The application is active for 90 days after installation. Check the pictures in the gallery below for a closer look.
See at
http://news.softpedia.com/news/Kaspersky-Internet-...

--
Was this reply relevant?
+0
-0
mogs CClip 34
Member 7th Mar, 2012 10:14
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Dev Channel Update
Tuesday, March 6, 2012 | 18:40
Labels: Dev updates
The Dev channel has been updated to 19.0.1061.1 for Windows, Mac, Linux and Chrome Frame. This build contains following updates:

Updated V8 - 3.9.13.0
Added remote file system support for File object by 'create-snapshot-first' approach (Issue: 115603)
Fixed overlap of apps in NTP when deleting and reinstalling app (Issue: 116284)
Fixed issues - 116174, 115309, 115858, 108239, 115399, 105054 (ChromeOS-specific)
Full details about what changes are in this build are available in the SVN revision log. Interested in switching release channels? Find out how. If you find a new issue, please let us know by filing a bug.

Dharani Govindan
Google Chrome

--
Was this reply relevant?
+0
-0
mogs CClip 35
Member 7th Mar, 2012 10:27
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Last edited on 7th Mar, 2012 10:28

Security invaders ahead on IPv6 knowledge
Hackers seeking to breach security are ahead of most organisations looking to implement IPv6, a Wellington seminar was told
By Stephen Bell | Computerworld New Zealand | 07 March 12

Hackers seeking to breach security are ahead of most would-be business implementers when it comes to figuring out the detail of IPv6 and are more motivated, a Wellington seminar has heard.

If a government agency does not intend using IPv6 in the near term, and has IPv6-capable devices communicating with its network, then IPv6 capability will have to be consciously turned off, Jonathan Berry of the Government Communications Security bureau warns. "That's prudent behaviour. Any sort of network hardening will push you down a path of turning off services and functionality you don't need," he told the seminar, on "Practical IPv6 for Government".

It's all too easy, several speakers at the event testified, to acquire IPv6 devices and addresses on a network, effectively providing a backdoor for security breaches if the network is not hardened against such traffic. And once you turn on IPv6, traffic on the network should, of course, be carefully monitored, to make sure only known activity is going on. "Whether you want to use IPv6 or not, you will have to know about it to keep your network secure," said Graeme Neilson of security specialist AuraInfosec.

More at :-
http://www.pcadvisor.co.uk/news/security/3342601/s...

--
Was this reply relevant?
+0
-0
mogs CClip 36
Member 7th Mar, 2012 10:32
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Hackers deface Panda Security's website following arrests
Panda Security was targeted for its praise of the arrests of alleged Anonymous members
By Jeremy Kirk | 07 March 12

Hackers aligned with Anonymous took credit on Wednesday for an attack on Panda Security's website shortly after charges were announced against five of the hacking collective's alleged members.

More than two dozen subdomains within "pandasecurity.com" and other several domains owned by Panda were modified to show a video recounting some of the hacking highlights from Lulz Security or "Lulzsec," a smaller group aligned with Anonymous, according to a post on Pastebin.

Also released were e-mail addresses of people with accounts with Panda, along with their passwords and other internal server details.

Luis Corrons, technical director for the security company's lab, was singled out by the hackers for praising the arrests in a blog post on Tuesday. The hackers accused Panda Security of aiding law enforcement.

More at :-
http://www.pcadvisor.co.uk/news/security/3342592/h...

--
Was this reply relevant?
+0
-0
mogs CClip 37
Member 7th Mar, 2012 10:42
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Most UK frauds now involve the internet
By David Meyer , 6 March, 2012 16:45

More than half of all frauds in the UK are now carried out through or initiated on the internet, the fraud protection service CIFAS has revealed.

CIFAS told ZDNet UK on Tuesday that the internet was the channel of perpetration for 122,988 frauds in 2011, or 53 percent of the total for the year. In 2010, that number was 101,855, or 47 percent of all frauds.

"The internet has been the key focus for fraudsters," a CIFAS spokesman said. "It provides a key level of convenience and ease of use for consumers, but that same convenience is there for the fraudster whether they're a lone operator or a more organised criminal network."

CIFAS released the 2011 edition (PDF) of its annual Fraudscape report on Tuesday. Apart from pointing out that fraud in general went up nine percent between 2010 and 2011, the publication noted that the internet had become a much more prevalent vector for unauthorised account takeovers in particular.

More at :-
http://www.zdnet.co.uk/blogs/communication-breakdo...

--
Was this reply relevant?
+0
-0
mogs CClip 38
Member 7th Mar, 2012 21:02
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK

MARCH 07, 2012
Internet Explorer losing enterprise traction
Enterprise IE use dropped 10 percent in 2011, while unpatched browser plug-ins have become a greater security threat

By Ted Samson
Enterprise usage of Internet Explorer dropped by 10 percent over the past year, to just over 50 percent, with some organizations still clinging to IE6 despite the security risks. The bigger threat, though, lies in the fact that more than a quarter of enterprise Web traffic flows through browser extension and plug-ins -- some of which IT neglects to keep properly patched, thus making them juicy targets for hackers.

Such are the findings of the newly released Q4 2011 edition of Zscaler ThreatlabZ's "State of the Web" report, in which the security company analyzes enterprise Web traffic worldwide. The report reveals interesting trends as enterprises move more toward mobile and the cloud -- but perhaps more important, it reveals potential security holes in enterprise networks that desperately need filling.

Anyone who's been tracking browser trends of late is likely unsurprised to see that use of Internet Explorer is on the decline in the business world, as general use of Microsoft's browser has steadily declined over the past couple of years. As of Q4, Zscaler saw 53.3 percent of enterprise Web traffic driven through some version of IE, a 10 percent decline for the year. As a point of comparison, consumer usage of IE is now below 40 percent, according to StatCounter, with Chrome now ahead of IE8.

More at :-
http://www.infoworld.com/t/cyber-crime/internet-ex...

--
Was this reply relevant?
+0
-0
mogs CClip 39
Member 7th Mar, 2012 21:08
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 40
Member 7th Mar, 2012 21:15
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK

Rival hacking contests kick off today with $1.1M at stake
HP TippingPoint argues Google's 'Pwnium' money is safe because Chrome sandbox-escape exploits are worth more than Google's paying

By Gregg Keizer
March 7, 2012 11:40 AM ET
Computerworld - Two hacking contests kicked off in Canada today, with hundreds of thousands of dollars in prize money up for grabs.

HP TippingPoint's Pwn2Own and Pwnium, Google's offshoot, both begin today at CanSecWest, a security conference that runs March 7-9 in Vancouver, British Columbia.

Just a week ago, there was to be only Pwn2Own, now in its fifth year, with both TippingPoint's Zero Day Initiative (ZDI), the company's bug bounty program, and Google promising to pitch in prize money.

For its part, ZDI committed $105,000 that would award $60,000 for the top score in a three-day event combining zero-day bug exploits with on-site hacking challenges.

Google, meanwhile, said it would pay up to $20,000 for any exploit of its own Chrome browser.

But on Feb. 27, Google withdrew from Pwn2Own, saying the contest did not require participants to hand over their exploits or divulge all the bugs they used to hack Chrome.

Instead, Google announced Pwnium, a separate event that will pay up to $60,000 for any exploit that leverages only bugs in Chrome. Google pledged to pay out as much as $1 million if several researchers stepped forward with Chrome-only "zero-day," or previously unknown, vulnerabilities and their exploits.

More at :-
http://www.computerworld.com/s/article/9224976/Riv...

--
Was this reply relevant?
+0
-0
mogs CClip 41
Member 8th Mar, 2012 11:24
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 42
Member 8th Mar, 2012 11:37
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 43
Member 8th Mar, 2012 11:42
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Spam leads Google to disable interop of its IM network with AOL AIM
AOL is expecting to have the problem fixed soon, possibly as early as Thursday

By Juan Carlos Perez
March 7, 2012 04:31 PM ET
IDG News Service - AOL hopes to roll out a fix soon to a spam surge in its AIM service targeting Google IM users, a situation that prompted Google to temporarily shut down the interoperability between the two instant messaging networks.

Google suspended the IM federation between its IM network and AIM about a week and a half ago in order to shield Gmail Chat and Google Talk users from the high level of AIM spam.

"Our backend servers were sending too many spam messages to Google federation gateways," said Christian Crumlish, senior director of messaging products at AOL.

AOL has been working intensely on the problem and expects to roll out a fix maybe as soon as Thursday. "It's a serious enough problem that we had to pull a number of people off of what they were working on," he said.

More at :-
http://www.computerworld.com/s/article/9224998/Spa...

--
Was this reply relevant?
+0
-0
mogs CClip 44
Member 8th Mar, 2012 11:50
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
DDoS botnet clients start integrating the Apache Killer exploit
A fairly new Apache denial-of-service exploit has been integrated into a popular DDoS botnet client called Armageddon

By Lucian Constantin | IDG News Service


The latest version of a DDoS (distributed denial-of-service) bot called Armageddon integrates a relatively new exploit known as Apache Killer, DDoS mitigation vendor Arbor Networks said on Tuesday.

The Apache Killer exploit was released in August 2011. It exploits a vulnerability in the Apache Web server by sending a specially crafted "Range" HTTP header to trigger a denial-of-service condition.

[ The Web browser is your portal to the world -- as well as the conduit that lets in many security threats. InfoWorld's expert contributors show you how to secure your Web browsers in this "Web Browser Security Deep Dive" PDF guide. ]

The attack is particularly dangerous because it can be successfully executed from a single computer and the entire targeted machine needs to be rebooted in order to recover from it.

"The Kill Apache attack abuses the HTTP protocol by requesting that the target web server return the requested URL content in a huge number of individual chunks, or byte ranges," said Arbor research analyst Jeff Edwards in a blog post on Tuesday. "This can cause a surprisingly heavy load on the target server."

More at :-
http://www.infoworld.com/d/security/ddos-botnet-cl...

--
Was this reply relevant?
+0
-0
mogs CClip 45
Member 8th Mar, 2012 16:11
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Chrome succumbs to Pwn2Own contest hack
Plus, Google's 'Pwnium' snares a Chrome sandbox-escape exploit with $60K bait

By Gregg Keizer
March 8, 2012 08:33 AM
Computerworld - Google's Chrome fell to researchers' exploits Wednesday in both hacking challenges running this week at the CanSecWest security conference.

Yesterday was the first of three days for the "Pwn2Own" contest -- now in its fifth year -- and for Google's rival upstart, "Pwnium."

While Chrome went untouched in the last two years of "Pwn2Own," it was the first to fall to researchers Wednesday when a French team demonstrated a two-vulnerability attack on the browser running in Windows 7.

More at :-
http://www.computerworld.com/s/article/9225010/Chr...

--
Was this reply relevant?
+0
-0
mogs CClip 46
Member 8th Mar, 2012 16:20
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Google search domains to get HTTPS by default
More encouragement to use Google sign-on
By John E Dunn | Techworld | 08 March 12

The steady roll-out of SSL for the world's most popular websites continues with the news Google's global search domains including google.co.uk are finally to get HTTPS encryption by default over the coming weeks.

The company turned on HTTPS by default for its global .com domain in October, which now works for all users while signed into Google services, before which secure searching had to be conducted through a special site few would have heard of, https://encrypted.google.com.

Even once turned on, users outside the US wanting to access the HTTPS feature would have had to manually specify the .com domain (which some know is encrypted), or the equivalent local domain (which many don't) or change the default search engine in their browser, which few do.

Once implemented, the new setting will make that unnecessary although all users will still need to be signed into a Google service to access HTTPS search.

Read more at :-
http://www.pcadvisor.co.uk/news/security/3343123/g...

--
Was this reply relevant?
+0
-0
mogs CClip 47
Member 8th Mar, 2012 17:04
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 48
Member 8th Mar, 2012 21:57
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Chrome Stable Channel Update
| 09:20
Labels: Stable updates
The Chrome Stable channel has been updated to 17.0.963.78 on Windows, Mac, Linux and Chrome Frame. This release fixes issues with Flash games and videos, along with the security fix listed below.

Security fixes and rewards:

Congratulations again to community member Sergey Glazunov for the first submission to Pwnium!

[Ch-ch-ch-ch-ching!!! $60,000] [117226] [117230] Critical CVE-2011-3046: UXSS and bad history navigation. Credit to Sergey Glazunov.

Please see the Chromium security page for more detail. Note that the referenced bugs may be kept private until a majority of our users are up to date with the fix.

Full details about what changes are in this release are available in the SVN revision log. Interested in hopping on the stable channel? Find out how. If you find a new issue, please let us know by filing a bug.

Jason Kersey
Google Chrome

--
Was this reply relevant?
+0
-0
mogs CClip 49
Member 8th Mar, 2012 21:59
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Beta Channel Update
Thursday, March 8, 2012 | 12:11
Labels: Beta updates

The Beta channel has been updated to 18.0.1025.54 for Windows, Mac, Linux and Chrome Frame platforms

All
Fixed Chrome install/update resets Google search preferences (Issue: 105390)
Don't trigger accelerated compositing on 3D CSS when using swiftshader (Issue: 116401)
Fixed a GPU crash (Issue: 116096)
More fixes for Back button frequently hangs (Issue: 93427)
Bastion now works (Issue: 116285)
Fixed Composited layer sorting irregularity with accelerated canvas (Issue: 102943)
Fixed Composited layer sorting irregularity with accelerated canvas (Issue: 102943)
Fixed Google Feedback causes render process to use too much memory (Issue: 114489)
Fixed after upgrade, some pages are rendered as blank (Issue: 109888)
Fixed Pasting text into a single-line text field shouldn't keep literal newlines (Issue: 106551)
More details about additional changes are available in the svn log of all revisions. If you find a new issue, please let us know by filing a bug.

Karen Grunberg
Google Chrome

--
Was this reply relevant?
+0
-0
Anthony Wells RE: Daily CYBERCLIPS March
Expert Contributor 9th Mar, 2012 16:06
Score: 2493
Posts: 3,384
User Since: 19th Dec 2007
System Score: N/A
Location: N/A

Hi ,

Reference CClip 46 (above) , it is important to "sign-in" with each and every browser . For technical/security reasons (specific to me) , I tend to open Firefox first and sign in to my Gmail and thus get the https when on the Google search/home page .

When I then load Chrome , Gmail (normally) is already/still "signed in" , but the Home/Search page is not https ; it probably would be (needs checking) if I used the Google sync option , at the moment , I do not : thus I need to sign in a second time for https to activate and display .

Hope this is helpful .

Take care

Anthony

--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+0
-0
mogs CClip 50
Member 9th Mar, 2012 22:14
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Microsoft to patch Windows bug called 'Holy Grail' by one researcher
Announces next week's Patch Tuesday line-up, will fix 7 flaws in Windows, developer software

By Gregg Keizer
March 9, 2012 02:59 PM ET
Computerworld - Microsoft yesterday said it would ship six security updates next week, only one critical, to patch seven vulnerabilities in Windows and a pair of for-developers-only programs.

This year's March Patch Tuesday will feature three more updates and three more patches than the same month in 2011, but will fix fewer bugs than the March roster in each of the years 2008-2010, according to records kept by Andrew Storms, director of security operations at nCircle Security.

One of the six updates was tagged "critical," the highest threat ranking in Microsoft's four-label system, while four were marked "important," the second-level rating, and the sixth as "moderate." One of the important updates, as well as the sole critical one, will patch bugs that Microsoft confirmed could be exploited by attackers to compromise PCs and plant malware on victimized machines.

More at :-
http://www.computerworld.com/s/article/9225063/Mic...

--
Was this reply relevant?
+0
-0
mogs CClip 51
Member 9th Mar, 2012 22:22
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
French team brings down IE9 at Pwn2Own hacking contest
And Google patches Chrome bugs revealed after $60,000 Pwnium payout

By Gregg Keizer
March 9, 2012 12:56 PM ET
Computerworld - A team from a French security firm hacked Microsoft's Internet Explorer 9 (IE9) yesterday at "Pwn2Own," making it two browsers busted in two days at the annual contest.

Also on Thursday, Google patched Chrome to fix two vulnerabilities that a long-time contributor to its bug bounty program used the day before to win $60,000 at "Pwnium," Google's first-ever hacking event.

The group from Paris-based Vupen Security brought down IE9 running on Windows 7 by exploiting a pair of previously-unknown "zero-day" bugs that bypassed the operating system's defensive technologies to execute attack code, allowing that code to escape from IE's "Protected Mode," the browser's limited-rights anti-exploit system.

More at :-
http://www.computerworld.com/s/article/9225055/Fre...

--
Was this reply relevant?
+0
-0
mogs CClip52
Member 9th Mar, 2012 22:29
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Security firm goes public with Apple Safari flaws
Secunia publishes information on two vulnerabilities in browser after Apple reportedly fails to provide status updates

By Robert Lemos |


Danish security firm Secunia published information on two unpatched vulnerabilities in Apple's Safari 5 browser on Friday, after the consumer-technology firm allegedly failed to provide status updates on the patch process.

Secunia reported the two vulnerabilities -- one of which could result in remote exploitation of a user's machine under certain circumstances -- to Apple more than six months ago, the company stated in a blog post.

Secunia's policy states that if a software vendor fails to adequately respond to a vulnerability report within six months, the security firm will release limited data on the issue. Apple is the first major vendor to run afoul of the deadline that the company has imposed to make software companies take patching more seriously.

Read more at :-
http://www.infoworld.com/t/patch-management/securi...

--
Was this reply relevant?
+0
-0
mogs CClip 53
Member 9th Mar, 2012 22:43
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Google patches rare critical vulnerability in Chrome
The sandbox escape vulnerability patched in Chrome 17.0.963.78 was disclosed this week in the Pwnium contest at CanSecWest

By Lucian Constantin | IDG News Service


Google has patched a critical Chrome vulnerability disclosed Wednesday at the CanSecWest security conference ithat can be exploited to escape from a browser's secure sandbox.

Russian security researcher Sergey Glazunov demonstrated a remote code-execution (RCE) exploit against a fully patched version of Chrome on Windows 7 as part of Google's Pwnium contest held at the conference in Vancouver.

Glazunov's exploit leveraged two Chrome vulnerabilities -- one that allows the execution of arbitrary code and one that bypasses the browser's much-touted security sandbox, which normally restricts such exploits.

Remote code-execution vulnerabilities, while very serious, are relatively common in all software products. However, the sandbox escape ones are extremely rare and, according to TippingPoint, which runs the separate Pwn2Own contest at CanSecWest, are worth much more than the $60,000 Glazunov earned from Google for reporting it.

More at :-
http://www.infoworld.com/d/security/google-patches...

--
Was this reply relevant?
+0
-0
mogs CClip 54
Member 10th Mar, 2012 15:34
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 55
Member 10th Mar, 2012 15:39
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 56
Member 10th Mar, 2012 15:46
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 57
Member 11th Mar, 2012 08:43
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 58
Member 12th Mar, 2012 19:22
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK

Pwn2Own, Pwnium pay researchers $210K for browser bugs
Last day of hacking events shake loose bugs in Firefox, Chrome

By Gregg Keizer
March 12, 2012 06:32 AM ET
Computerworld - Researchers last Friday unveiled zero-day vulnerabilities in Google's Chrome and Mozilla's Firefox during the final day of two hacking challenges that awarded $210,000 to contestants.

The Chrome vulnerabilities were submitted by a teenage researcher identified as "PinkiePie," who was only the second to participate in the Google-sponsored "Pwnium" event.

After verifying that PinkiePie's work met Pwnium's requirement for a "full Chrome exploit" -- meaning that the two bugs were in the browser's own code and included a "sandbox escape" exploit -- Google awarded him $60,000.

It was the second such payout during the three-day event. On Wednesday, Google paid $60,000 to Sergey Glazunov, a frequent recipient of bounties paid by Google throughout the year.

In announcing PinkiePie's win, Jason Kersey, a Chrome program manager, called the researchers' exploits "works of art." Kersey also promised that Google would publish technical write-ups of the two Pwnium submissions.

More at :-
http://www.computerworld.com/s/article/9225088/Pwn...

--
Was this reply relevant?
+0
-0
mogs CClip 59
Member 12th Mar, 2012 19:36
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Microsoft will roll out a critical Windows patch tomorrow SOFTWARE PATCH FACTORY Microsoft has warned users of its Windows operating systems from Windows XP SP3 right up to Windows 7 that it has discovered a critical security flaw that could allow remote code execution.
The software company has given advanced warning that it will be issuing a patch to plug the vulnerability tomorrow in its March Patch Tuesday release.
Windows 7 for 32-bit Systems and Windows 7 for 32-bit Systems Service Pack 1 are affected, as are Windows 7 for 64-bit based Systems and Windows 7 for 64-bit based Systems Service Pack 1.
Older PCs running Windows XP Service Pack 3, together with those running Windows XP Professional 64-bit Edition Service Pack 2 also will all need to be patched.
And it is not just client-side versions of Windows that are vulnerable. Windows Server 2008 R2 for 64-bit based Systems and Windows Server 2008 R2 for 64-bit based Systems Service Pack 1 are also affected. As are Windows Server 2008 R2 for Itanium-based Systems and Windows Server 2008 R2 for Itanium-based Systems Service Pack 1.
Windows Server 2003 is also vulnerable to the bug.
The software firm also said it had discovered some additional Windows security bugs rated "Important", which could result in Denial of Service attacks and escalation of privileges on affected systems running all versions of the operating system from Windows XP SP3 up through Windows 7. There is also a bug rated "Moderate" that could be exploited to allow denial of service (DoS) attacks on Windows Vista and Windows 7 boxes.
In addition, Microsoft will issue a fix for an "Important" rated bug in Visual Studio that could be exploited to escalate privileges on compromised systems.

http://www.theinquirer.net/inquirer/news/2158674/m...


--
Was this reply relevant?
+0
-0
mogs CClip 60
Member 12th Mar, 2012 19:40
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK

Digital Playground porn site hacked, user details stolen

Written by
Jon Martindale

12 March, 2012hackers porn site hacked digital playground

Hackers are claiming to have found a way to steal data on over 70,000 users, from the porn site Digital Playground, stating that they have passwords, user names and email addresses - and a few credit card details too.

This is no Lulzsec or Anonymous hack, instead it is from a new hacking group making themselves known with this attack. Their name? The ominous sounding "Consortium."

In the wake of the hack, the Digital Playground site has been left online, but it has a message stating "Members area is available, but we are not currently accepting new sign up's. Click here to access the members area."

The Consortium has posted some details from the attack over at Zone-h, stating that it currently has 72,000 email addresses, usernames and passwords, along with 40,000 numbers, expiry dates and security codes from user credit cards.



Read more: http://www.itproportal.com/2012/03/12/digital-play...

--
Was this reply relevant?
+0
-0
mogs CClip 61
Member 12th Mar, 2012 19:46
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Two domain name registrars behind most rogue pharma sites, says study
Bahamas registrar pointed out as main culprit
By Loek Essers | 12 March 12

Research done by LegitScript, a company that maintains a database with legitimate online pharmacies, suggests that two domain name registrars are responsible for more than half of all rogue pharmacy sites in the world.

The domains are used to sell "female Viagra" and drugs like Xanax and Vicodin without prescription. U.S.-based LegitScript said that about one in three rogue online pharmacies in its database is registered with Internbet.bs, a registrar that is located in the Bahamas.

Read more at :-
http://www.pcadvisor.co.uk/news/security/3343914/t...

--
Was this reply relevant?
+0
-0
mogs CClip 62
Member 12th Mar, 2012 19:51
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 63
Member 12th Mar, 2012 19:55
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 64
Member 12th Mar, 2012 19:58
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 65
Member 13th Mar, 2012 03:06
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 66
Member 13th Mar, 2012 03:14
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Chrome Beta Channel Update
| 12:33
Labels: Beta updates

update: The Beta channel for Mac is back to the 18.0.1025.54 version due to Flash running incorrectly.


The Beta channel has been updated to 18.0.1025.56 for Windows, Mac, Linux and Chrome Frame platforms

This build has the following changes:
GPU acceleration of the Canvas 2D is now disabled by default and can be enabled in about:flags
We've disabled the image transport surface on Windows Vista and 7. For gpu accelerated content gpu process now renders directly to the window.
Core Animation plugins no longer trigger gpu accelerated compositing on the Mac.

These changes are due to stability measures and some or all of these features may be enabled again in a future release.



If you find a new issue, please let us know by filing a bug.

Karen Grunberg
Google Chrome

--
Was this reply relevant?
+0
-0
mogs CClip 67
Member 13th Mar, 2012 11:35
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 68
Member 13th Mar, 2012 23:21
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Experts sound worm alarm for critical Windows bug
Microsoft patches Remote Desktop Protocol flaw, urges customers to apply update or workaround ASAP

By Gregg Keizer
March 13, 2012 04:22 PM ET
Computerworld - Microsoft today released six security updates that patched seven vulnerabilities, including a critical Windows bug that hackers will certainly try to exploit with a network worm, according to researchers.

"This is a pre-authentication, remote code bug," said Andrew Storms, director of security operations at nCircle Security, referring to MS12-020, the one critical bulletin today and the update that he, other researchers and even Microsoft urged users to patch as soon as possible.

"It will allow network execution without any authentication, and has all the ingredients for a class worm," said Storms.

"I'm particular spooked by this one," said Jason Miller, manager of research and development at VMware. "Hackers want [vulnerabilities] that don't require authentication and are in a part of Windows that's widely used. I guarantee that attackers are going to look at this closely."

Read more at :-
http://www.computerworld.com/s/article/9225160/Exp...

--
Was this reply relevant?
+0
-0
mogs CClip 69
Member 13th Mar, 2012 23:26
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Patch Tuesday: Microsoft Fixes Critical Bug in Remote Desktop Protocol

This month's update from Redmond includes six security advisories, but a pair of IE zero-day exploits demonstrated at last week's Pwn2Own hacking contest remain unpatched.

By Sean Michael Kerner | March 13, 2012 Share

Microsoft's March "Patch Tuesday" update is taking a slightly different approach than in previous months. Released today, this month's Patch Tuesday update includes six security advisories -- and for the most critical flaws, Microsoft is providing both a patch and a 'Fix It' update.

The critical flaws are addressed in the MS12-020 bulletin, detailing vulnerabilities in Remote Desktop Protocol (RDP). The flaws could have potentially enabled an attacker to execute arbitrary remote code.

"The patch actually fixes the problem, and the Fix It implements the workaround," Wolfgang Kandek, CTO of security firm Qualys, told InternetNews.com.

Kandek explained that the Fix It update enables Network Layer Authentication (NLA) protocol, which mitigates the risk that the MS12-020 bulletin warns about. The Fix It also does not require a system reboot, which is required by the full patch.

"The Fix It does not cure the root cause," Amol Sarwate, Director of Vulnerability Labs at Qualys, told InternetNews.com. "It does enough to make sure that attackers can not trigger the vulnerable condition."

Microsoft does not normally release both a Fix It update as well as a full patch at the same time. Typically, Fix It updates have been released as a quick workaround to protect users until a full patch is made available.

More at :-
http://www.esecurityplanet.com/windows-security/pa...

--
Was this reply relevant?
+0
-0
mogs CClip 70
Member 13th Mar, 2012 23:32
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK

Mozilla nixes Firefox 11 delay, will launch upgrade today
The company says concern over last week's Pwn2Own bug is unwarranted because it was already patched

By Gregg Keizer

Mozilla on Monday announced it was postponing the release of Firefox 11, but changed its mind today, saying that the browser upgrade would go out on schedule.

Yesterday, Johnathan Nightingale, senior director of Firefox engineering, said Mozilla was delaying Firefox 11's launch to examine a bug unveiled at last week's Pwn2Own hacking contest and to give developers time to scrutinize Microsoft's security updates, set to release today at approximately 1 p.m. ET.

On the last day of Pwn2Own , a two-man team -- Vincenzo Iozzo and Willem Pinckaers -- exploited a Firefox vulnerability to take the contest's $30,000 second-place prize.

ZDI, which sponsored the Pwn2Own hacking contest that ran March 7-9, reported vulnerabilities used at the event to vendors yesterday.

Originally, Nightingale said that the delay would be "a day or two." Today, he updated his post to a Mozilla blog confirming that the upgrade would go out after all. "The security bug reported by ZDI is one we had already identified and fixed through our internal processes," he said. "This eliminates the need for us to delay this week's releases, and we will be shipping them later today."

Read more at :-
http://www.infoworld.com/d/applications/mozilla-ni...

--
Was this reply relevant?
+0
-0
mogs CClip 71
Member 14th Mar, 2012 08:33
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 72
Member 14th Mar, 2012 10:56
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 73
Member 14th Mar, 2012 20:45
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
We need good code, says Diffie at Black Hat Europe
Cryptography pioneer formulates three rules for making applications secure

By Loek Essers
March 14, 2012 08:16 AM ET
IDG News Service - AMSTERDAM -- Cryptographer Whitfield Diffie reckons one of the most important things for good cryptography and security in the age of the Internet is good code.

Unfortunately, really good code is generally too expensive to write, he said at the Black Hat Europe conference.

"We are as much moving into a software age as we moved into an iron age," Diffie said, comparing the Internet evolution to the first cities formed on earth. "We take our cultural machinery and are moving that into the Internet," told the audience in the opening keynote of Black Hat Europe here this week.

This calls for a good plan to secure software, said Diffie, one of the pioneers of public-key cryptography.

Read more at :-
http://www.computerworld.com/s/article/9225178/We_...

--
Was this reply relevant?
+0
-0
mogs CClip 74
Member 14th Mar, 2012 20:49
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Mozilla, Google commit to Metro browsers for Windows 8
Microsoft's IE10 has five-month head start; documentation on hybrid desktop-Metro browsers only showed up Feb. 29

By Gregg Keizer
March 14, 2012 02:22 PM ET
Computerworld - Mozilla has kick-started development of a Metro-style version of Firefox for Windows 8, Google has committed to doing the same and Opera Software said yesterday that it's looking into the matter.

Those three browser makers would be chasing Microsoft, which has a five-month head start, having already built several iterations of Internet Explorer 10 (IE10) that run on both the Windows 8 traditional desktop and in the operating system's new Metro touch-first user interface (UI).

Mozilla, which first said a month ago that it would build a "proof-of-concept" edition of Firefox for Windows 8's Metro UI, recently revealed more details of the project.

According to Firefox engineer Brian Bondy, Mozilla began actual development of a Windows 8 browser last week.

Read more at :-
http://www.computerworld.com/s/article/9225191/Moz...

--
Was this reply relevant?
+0
-0
mogs CClip 75
Member 14th Mar, 2012 20:55
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK

Safer Internet encryption via TLS may take years, expert says
The newest protocol was defined in 2008, but browsers need to catch up to patches applied since then

By Loek Essers | IDG News Service

Although the TLS (Transport Layer Security) 1.2 protocol, designed to make network connections more secure, was defined in 2008, a security expert at Black Hat Europe this week in Amsterdam said it will be years before Web users can reap its benefits.

TLS was developed in 1999 as an improvement on SSL (Secure Socket Layer) data encryption. Though SSL 3.0 is still used, TLS version 1.0 is supported by most commonly used browsers. However, it was proven vulnerable in 2001 when security researchers demonstrated a working exploit, code named BEAST (Browser Exploit Against SSL/TLS).

TLS developers fixed the flaw in 2006 by updating the protocol to version 1.1. An even safer, 1.2 version, was defined in 2008. The problem is, almost no one uses the 1.1 and 1.2 protocols, said Tom Ritter, security consultant for Isec Partners, during his keynote speech at Black Hat Europe on Wednesday in Amsterdam.

He showed the audience TLS implementation tables to emphasize his point. Almost all important browsers support TLS 1.0, but only Opera and Internet Explorer allow users to switch to TLS 1.1 or 1.2 manually.

Read more at :-
http://www.infoworld.com/d/security/safer-internet...

--
Was this reply relevant?
+0
-0
mogs CClip 76
Member 14th Mar, 2012 21:00
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Google restores interoperability with AOL AIM
A spam problem originating on AIM prompted Google to shut down the federation between the two networks about two weeks ago
By Juan Carlos Perez | 14 March 12

Google and AOL have restored the interoperability between their two instant messaging (IM) networks, a little over two weeks after it was temporarily suspended due to a spam flood originating in AOL's AIM that affected Gmail Chat and Google Talk users.
An AOL official originally forecasted that a fix to the spam problem could be rolled out on Thursday of last week, but the process took a bit longer, finally culminating on Tuesday.

The interoperability between the two IM networks is now again active and everything is "running smoothly," an AOL spokeswoman said via e-mail.

More at :-
http://www.pcadvisor.co.uk/news/security/3344466/g...

--
Was this reply relevant?
+0
-0
mogs CClip 77
Member 14th Mar, 2012 21:04
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 78
Member 14th Mar, 2012 22:42
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Chrome Beta Channel Update
Wednesday, March 14, 2012 | 13:18
Labels: Beta updates

The Beta channel has been updated to 18.0.1025.58 for Windows, Mac, Linux and Chrome Frame platforms

This build has the following changes:
GPU acceleration of the Canvas 2D is now reenabled.
We've reenabled the image transport surface on Windows Vista and 7.
We fixed a race condition in audio.
Disabled prerender.
These changes are due to stability measures and some or all of these features may be enabled again in a future release.

If you find a new issue, please let us know by filing a bug.

Karen Grunberg
Google Chrome

--
Was this reply relevant?
+0
-0
mogs CClip 79
Member 15th Mar, 2012 17:16
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Chrome Dev Channel Update
Thursday, March 15, 2012 | 08:37
Labels: Dev updates

The Dev channel has been updated to 19.0.1068.1 for Windows, Mac, Linux and Chrome Frame. This build contains a fix for browser hang and increase in CPU usage. Full details about what changes are in this build are available in the SVN revision log. Interested in switching release channels? Find out how. If you find a new issue, please let us know by filing a bug.

Dharani Govindan
Google Chrome
1 comments | Links to this post | Email Post

--
Was this reply relevant?
+0
-0
mogs CClip 80
Member 15th Mar, 2012 19:04
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 81
Member 15th Mar, 2012 19:11
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Symantec warns of 64-bit Windows Trojans
by Gareth Morgan

15 Mar 2012
Symantec has warned of a new Windows 7 Trojan that can elevate the privileges of any restricted process to administrator level, without the user's permission or knowledge.
The latest fully patched versions of Windows 7 are vulnerable to backdoor.Conpee Trojan, warned Mircea Ciubotariu, a security response engineer at Symantec, on a company blog.

The new Trojan targets both 32-bit and 64-bit versions of Windows 7, adding to the growing weight of evidence that malware writers are redesigning their software to bypass security features in 64-bit Windows, said Ciubotariu.
The 64-bit version of Windows 7 and Vista included Kernel Mode Code Signing and Kernel Patch Protection, that were intended to make them less vulnerable to malware.

Read more at :-
http://www.v3.co.uk/v3-uk/news/2159725/symantec-wa...

--
Was this reply relevant?
+0
-0
mogs CClip 82
Member 16th Mar, 2012 08:27
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Chrome Beta Channel Update
Thursday, March 15, 2012 | 15:48
Labels: Beta updates
The Beta channel has been updated to 18.0.1025.100 for Windows, Mac, Linux, and Chrome Frame.

This release turns prerendering back on and it contains fixes for a number of stability issues along with other bugs. Full details about what changes are in this build are available in the SVN revision log. Interested in switching to the Beta channel? Find out how. If you find a new issue, please let us know by filing a bug.

Karen Grunberg
Google Chrome


--
Was this reply relevant?
+0
-0
mogs CClip 83
Member 16th Mar, 2012 08:35
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 84
Member 16th Mar, 2012 08:43
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Mozilla will start Firefox silent updates in June
Patches Pwn2Own bug; also announces end of updates for Firefox 3.6

By Gregg Keizer
March 15, 2012 02:23 PM ET
Computerworld - Mozilla yesterday reiterated that it's still working on silent updates for Firefox, and said it should have the Chrome-like service in place by early June.

In a sweeping summary of 2011's accomplishments and an outline of plans for 2012, Robert Nyman, a Mozilla technical evangelist, listed silent updates as one the projects the company will finish this year. "Updates will now be downloaded and installed silently in the background," wrote Nyman in a Wednesday post to the Hacks Mozilla blog. "Silent updates are currently planned to land in Firefox 13."

Mozilla unloads a Firefox upgrade every six weeks -- it launched Firefox 11 just two days ago -- and has Firefox 13's release on the calendar for June 5, 2012.

Mozilla has been working on silent updating for about 17 months. At one point, it thought it could add the feature to Firefox 4, which shipped in March 2011, but abandoned that work when the upgrade was delayed several times for other reasons.

Read more at :-
http://www.computerworld.com/s/article/9225235/Moz...

--
Was this reply relevant?
+0
-0
mogs CClip 85
Member 16th Mar, 2012 08:48
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Digitally signed malware is increasingly prevalent, researchers say
Malware authors are signing their malicious creations with stolen digital certificates to bypass antivirus detection and defense mechanisms

By Lucian Constantin
March 15, 2012 02:01 PM ET
IDG News Service - Security companies have recently identified multiple malware threats that use stolen digital certificates to sign their components in an attempt to avoid detection and bypass Windows defenses.

When it was discovered in 2010, the Stuxnet industrial sabotage worm surprised the security industry with its use of rootkit components that were digitally signed with certificates stolen from semiconductor manufacturers Realtek and JMicron.

Security experts predicted at the time that other malware creators would adopt the technique in order to bypass the driver signature enforcement in 64-bit versions of Windows Vista and 7. Given recent developments it seems that they were right.

A backdoor discovered by Symantec in December installed a rootkit driver signed with a digital certificate stolen from an undisclosed company. The certificate was revoked by VeriSign at the owner's request nine days later.

Read more at :-
http://www.computerworld.com/s/article/9225237/Dig...

--
Was this reply relevant?
+0
-0
mogs CClip 86
Member 16th Mar, 2012 18:31
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 87
Member 16th Mar, 2012 19:11
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 88
Member 16th Mar, 2012 19:39
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Pidgin 2.10.2 Fixes Two DoS Vulnerabilities

Versions up to and including 2.10.1 are affected.

March 15, 2012 Share
Version 2.10.2 of the Pidgin instant messaging application was recently released.

"According to its developers, the maintenance and security update brings a number of changes and addresses two denial-of-service (DoS) vulnerabilities that could be exploited by an attacker to cause the application to be terminated," The H Security reports.

"These remote crashes are caused when the MSN server sends messages that are not UTF-8 encoded and also when some types of nickname changes occur in chat rooms using the XMPP protocol," the article states. "Versions up to and including 2.10.1 are affected."

Go to "Pidgin IM client 2.10.2 closes DoS holes" to read the details

http://www.esecurityplanet.com/patches/pidgin-2.10...

--
Was this reply relevant?
+0
-0
mogs CClip 89
Member 16th Mar, 2012 19:43
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 90
Member 16th Mar, 2012 19:48
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 91
Member 16th Mar, 2012 22:05
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Last edited on 16th Mar, 2012 22:08
Another Chrome Beta Channel Update !!
Friday, March 16, 2012 | 12:14
Labels: Beta updates

The Beta channel has been updated to 18.0.1025.108 for Windows, Mac, Linux, and Chrome Frame.

This release changes to V8 version 3.7 and it contains fixes for a number of stability issues along with other bugs. Full details about what changes are in this build are available in the SVN revision log. Interested in switching to the Beta channel? Find out how. If you find a new issue, please let us know by filing a bug.

Karen Grunberg
Google Chrome

--
Was this reply relevant?
+0
-0
mogs CClip 92
Member 17th Mar, 2012 01:18
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 93
Member 17th Mar, 2012 08:42
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Microsoft may have leaked attack code for critical Windows bug, says researcher
Hackers rushing to create an exploit for worm-ready RDP flaw may have gotten help from Microsoft or one of its AV partners

By Gregg Keizer
March 16, 2012
Computerworld - Hackers who posted a barebones proof-of-concept attack for a critical Windows vulnerability may have obtained some of the code from Microsoft or one of its antivirus partners, the bug's finder said today.

Luigi Auriemma, an Italian security researcher who discovered the vulnerability in Windows' Remote Desktop Protocol (RDP) in May 2011, then submitted it to a Hewlett-Packard bug bounty program, spelled out the leak theory in a long post to his personal blog Friday.

On Tuesday, Microsoft updated all flavors of Windows to patch the critical RDP vulnerability, telling customers "[We] strongly encourage you to make a special priority of applying this particular update."

That same day, several security researchers predicted attackers would quickly craft a working exploit, and would probably tuck it into a worm able to infect any unpatched PC or server that had RDP enabled.

Auriemma asserted that Microsoft gave hackers a head start.

More at :-
http://www.computerworld.com/s/article/9225280/Mic...

--
Was this reply relevant?
+0
-0
mogs CClip 94
Member 17th Mar, 2012 08:49
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 95
Member 17th Mar, 2012 08:49
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Last edited on 17th Mar, 2012 22:06
Chrome Beta Channel Update
Saturday, March 17, 2012 | 08:44
Labels: Beta updates

The Beta channel has been updated to 18.0.1025.109 for Windows, Mac, and Chrome Frame.

This release changes to V8 back version 3.8. Full details about what changes are in this build are available in the SVN revision log. Interested in switching to the Beta channel? Find out how. If you find a new issue, please let us know by filing a bug.

Karen Grunberg
Google Chrome


--
Was this reply relevant?
+0
-0
mogs CClip 96
Member 17th Mar, 2012 22:12
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Valid VeriSign Certificate Used to Sign Mediyes Malware

Kaspersky Lab experts came across pieces of malware that were validated by a legitimate digital certificate issued by Symantec's VeriSign for a Swiss company called Conpavi AG, known for working with government agencies from Switzerland.

Identified by Kaspersky as Trojan-Dropper.Win32.Mediyes or Trojan-Dropper.Win64.Mediyes, depending on the variant, the dropper files were signed somewhere between December 2011 and March 7, 2012.


Mediyes has infected the computers of around 5,000 users, most of them from Western Europe, which would explain why the stolen certificate is from a Swiss company and its command and control server is located in Germany.

So how does this malware operate?

Read more at :-
http://news.softpedia.com/news/Valid-VeriSign-Cert...

--
Was this reply relevant?
+0
-0
mogs CClip 97
Member 19th Mar, 2012 03:13
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Landmark 10 millionth .uk site registered with Nominet

Swarve Magazine's owner says plans to increase the number of top-level domains could prove expensive

The 10 millionth web address ending in .uk has been claimed by the founder of Hampshire-based firm, SN Technologies.

swarvemagazine.co.uk was registered by Steven Northam for a photography-based publication set to launch this summer.

Registration service Nominet described the news as a "mega-milestone". It took charge of the top-level domain name in 1996 when there were 26,000 .uk sites.

However, it faces a shake-up with a huge explosion in the number of international domains later this year.

More at :-
http://www.bbc.co.uk/news/technology-17393008

--
Was this reply relevant?
+0
-0
mogs CClip 98
Member 19th Mar, 2012 03:21
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Microsoft blames security info-sharing program for attack code leak
Trying to figure out how exploit example shared with AV partners ended in hackers' hands Computerworld - Microsoft on Friday confirmed that sample attack code created by the company had likely leaked to hackers from a program it runs with antivirus vendors.

"Details of the proof-of-concept code appear to match the vulnerability information shared with Microsoft Active Protection Program (MAPP) partners," Yunsun Wee, a director with Microsoft's Trustworthy Computing group, said in a statement posted on the company's site.

"Microsoft is actively investigating the disclosure of these details and will take the necessary actions to protect customers and ensure that confidential information we share is protected pursuant to our contracts and program requirements," Wee added.

Under MAPP, Microsoft provides select antivirus companies with technical information about bugs before Microsoft patches the flaws. MAPP is meant to give third-party security vendors advance warning so that they can craft detection signatures.

Among the things Microsoft shares with MAPP members, according to a program FAQ, are "proof-of-concept or repro tools that further illuminate the issue and help with additional protection enhancement."

Read more at :-
http://www.computerworld.com/s/article/9225293/Mic...

--
Was this reply relevant?
+0
-0
mogs CClip 99
Member 19th Mar, 2012 08:24
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 100
Member 19th Mar, 2012 19:44
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Last edited on 19th Mar, 2012 19:49


--
Was this reply relevant?
+0
-0
mogs CClip 101
Member 19th Mar, 2012 19:52
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Microsoft pitches IE9 as the browser for reaching 'a few sites'
Touting IE9 to Firefox, Chrome users, IE marketing chief says, 'You don't need to ditch your current browser'

By Gregg Keizer
March 19, 2012 09:44 AM ET11
Computerworld - Microsoft has kicked off a new marketing campaign for Internet Explorer 9 that urges users of rival browsers to run it, even if only sparingly for "a few sites that you go to every day."

The unusual approach, which Microsoft launched last week on BrowserYouLovedToHate.com, a domain it registered last month, is part of Microsoft's continued campaign to convince Windows users to stick with IE9, or if they've switched browsers, to give it another try.

"One of the more interesting trends these days is the number of Chrome and Firefox enthusiasts who have 'added' Internet Explorer 9 into their browsing mix," said Roger Capriotti, the director of IE marketing, in a blog post last week. "You don't need to ditch your current browser, but there are probably a few sites you go to each day like Facebook that you can pin with IE9."

More at :-
http://www.computerworld.com/s/article/9225301/Mic...

--
Was this reply relevant?
+0
-0
mogs CClip 102
Member 19th Mar, 2012 19:58
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Chrome Beta Channel Update
Monday, March 19, 2012 | 11:20
Labels: Beta updates

The Beta channel has been updated to 18.0.1025.113 for Windows, Mac, Linux, and Chrome Frame.

This release changes to turns of print preview and fixes a few known crashes and memory issues. Please note that print preview will possibly be turned back on in a future release. Full details about what changes are in this build are available in the SVN revision log. Interested in switching to the Beta channel? Find out how. If you find a new issue, please let us know by filing a bug.

Karen Grunberg
Google Chrome

--
Was this reply relevant?
+0
-0
mogs CClip 103
Member 19th Mar, 2012 20:03
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Computer viruses could cross into biological realm, researchers say
Researchers at Black Hat conference speculate that human and computer viruses could converge in the future and could interest bioterrorists

By Loek Essers | IDG News Service
Computer hackers could create malicious software that crosses the line from technology to biology, crafting viruses that could spread dangerous epidemics, researchers said at Black Hat Europe.

"We are really on the border between the living and the not living," said Guillaume Lovet, senior manager of Fortinet's Threat Research and Response Center, during a keynote speech discussing the similarities between biological and computer viruses. Fortinet was the main sponsor of the Black Hat Europe security conference in Amsterdam last week.

The comparison between computer and human viruses was made to give security researchers a better understanding of why the human immune system is so much better in battling viruses then antivirus systems.

"We came to wonder if there can be some kind of convergence between human viruses and computer viruses," Lovet added. "It may sound like a scenario for a bad Hollywood movie, but it is not such a stupid question."

More at :-
http://www.infoworld.com/d/security/computer-virus...

--
Was this reply relevant?
+0
-0
mogs CClip 104
Member 19th Mar, 2012 20:11
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 105
Member 19th Mar, 2012 20:23
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Avast antivirus support firm apologises for mis-selling
iYogi blames "over-sealous sales person"
By John E Dunn | Techworld | 19 March 12

The Indian company suspended this week by antivirus company Avast for mis-selling support contracts during customer phone calls has apologised and offered to refund users unhappy with the service.

The allegation made earlier this week by respected security blogger Brian Krebs was a serious one. Staff working for iYogi had tried to dupe him during a support call into buying an expensive support contract by falsely claiming his PC was experiencing technical problems.

The same staff had also tried to persuade him to upgrade from Avast's Free antivirus software to a paid version on spurious grounds.

"[This organisation's] sales tactics are practically indistinguishable from those employed by peddlers of fake antivirus software or "scareware," was Krebs's damning judgment.

The comment is particularly uncomfortable because Avast and ESET have recently mentioned Indian-based cold-calling scams targetting their customers. There is no suggestion that iYogi is connected to these calls but the timing is embarrassing.

More at :-
http://www.pcadvisor.co.uk/news/security/3345383/a...

--
Was this reply relevant?
+0
-0
mogs CClip 106
Member 19th Mar, 2012 22:36
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Boot Time Defragmentation
Some of the files like MFT, Registry, Pagefile etc cannot be defragmented or are not safe to defrag when Windows is running. This is when Boot Time Defragmentation displays its benefits, defragmenting these files at Windows Boot Time and getting optimal results.

Puran Defrag provides a very powerful Boot Time Defrag that defragments not only the system files but the entire drive, giving you the maximum benefits.

Low Priority Defrag
Low Priority Defrag allows you to use your computer at full capacity even when defragmentation is running. As its name suggests, it keeps itself in Low Priority Mode which means that Puran Defrag will use a resource only if it is not being used by any other process which avoids interruption of your work.

Compatibility
Puran Defrag is compatible with Windows XP/2003/Vista/2008/7 including 64Bit versions. The support for 64Bit Windows is native, so you can enjoy all benefits of your powerful processor.

Much more info at :- http://www.puransoftware.com/Puran-Defrag.html


Download Details - Puran Defrag Free Edition
Filename: PuranDefragFreeSetup.exe

File Size: 3.25 MB

Description: Now get a professional defragmenter for your computer at no price at all.
This is Puran Defrag Free Edition which is exactly the same as its commercial version
except you do not need to pay for it.

* Free for private and non-commercial use only.
http://www.puransoftware.com/Puran-Defrag-Download...

--
Was this reply relevant?
+0
-0
mogs CClip107
Member 21st Mar, 2012 08:35
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Chrome Beta Channel Update
Tuesday, March 20, 2012 | 11:19
Labels: Beta updates

The Beta channel has been updated to 18.0.1025.116 or 18.0.1025.117 for Windows and 18.0.1025.117 Chrome Frame.

This release turns off swiftshader and gamepad. These changes and the version differences are due to stability measures and some or all of these features may be enabled again in a future release Please note that print preview will be turned back on in the next release. Full details about what changes are in this build are available in the SVN revision log. Interested in switching to the Beta channel? Find out how. If you find a new issue, please let us know by filing a bug.

Karen Grunberg
Google Chrome


--
Was this reply relevant?
+0
-0
mogs CClip 108
Member 21st Mar, 2012 20:33
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Firefox to turn on default encryption for Google searches
Firefox is used by more than 20% of all Internet users

By Loek Essers
March 21, 2012
IDG News Service - Mozilla is currently testing default encrypted Google searches for all Firefox users, with the intent to make all Google searches encrypted in the near future, the browser maker said on Wednesday.

"We are currently testing the change to use SSL for built-in Google searches in our Firefox nightly channel," said Johnathan Nightingale, senior director of Firefox engineering, in an email. "If no issues are uncovered, it will move through our Aurora and Beta release channels before eventually shipping to all our Firefox users. This will include migrating the changes to our non-English version of Firefox, as well."

Google is the default search engine used by Firefox. There is no official word from Mozilla, however, on exactly when it will switch Firefox end users to default encrypted Google searches. Once the feature ends up on the Aurora and Beta release channels it will be generally available soon after, Mozilla said. The browser maker noted that development for each release channel could take up to six weeks.

More at :-
http://www.computerworld.com/s/article/9225393/Fir...

--
Was this reply relevant?
+0
-0
mogs CClip 109
Member 21st Mar, 2012 20:38
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Chrome Beta Channel Update
Wednesday, March 21, 2012 | 09:42
Labels: Beta updates

Update: The Beta channel for Mac has now been updated to 18.0.1025.129. This brings back Print Preview.


The Beta channel has been updated to 18.0.1025.118 for Windows Chrome Frame.

This release brings back Print Preview. Full details about what changes are in this build are available in the SVN revision log. Interested in switching to the Beta channel? Find out how. If you find a new issue, please let us know by filing a bug.

Karen Grunberg
Google Chrome

--
Was this reply relevant?
+0
-0
mogs CClip 110
Member 21st Mar, 2012 20:45
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 111
Member 21st Mar, 2012 20:56
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 112
Member 21st Mar, 2012 21:01
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 113
Member 21st Mar, 2012 21:06
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 114
Member 22nd Mar, 2012 10:58
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 115
Member 22nd Mar, 2012 12:16
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 116
Member 22nd Mar, 2012 16:50
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
'Hacktivists' steal more than 100M online records in 2011, says Verizon
More than half of all 2011 data thefts traced to 'hactivism,' Verizon finds in latest data breach study

By Lucian Constantin
March 22, 2012 08:13 AM ETAdd a comment
IDG News Service - More than half of data stolen from companies in 2011 was a result of hacktivist actions, even though the majority of data breaches were still caused by financially motivated cybercriminals, Verizon said in its 2012 Data Breach Investigations Report released on Thursday.

The report spans 855 data breach incidents investigated by the company and several law enforcement agencies -- the U.S. Secret Service, the Dutch National High Tech Crime Unit, the Australian Federal Police, the Irish Reporting & Information Security Service and the Police Central e-Crime Unit of the London Metropolitan Police. These incidents resulted in a total of 174 million compromised records, the second-highest volume of compromised records since Verizon began compiling data breach statistics in 2004.

Up to 98 percent of data breach incidents covered by the new report were caused by external agents and the vast majority of them, 83 percent, were organized criminal groups.

More at :-
http://www.computerworld.com/s/article/9225425/_Ha...

--
Was this reply relevant?
+0
-0
mogs CClip 117
Member 22nd Mar, 2012 17:30
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 118
Member 22nd Mar, 2012 17:38
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 119
Member 22nd Mar, 2012 20:06
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 120
Member 23rd Mar, 2012 18:05
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Microsoft expects 10in 2560x1400 Windows 8 tablets SOFTWARE REDEVELOPER Microsoft has shown off what it claims will be common screen sizes for devices running Windows 8, suggesting that there will be Windows 8 tablets that exceed the resolution of Apple's Retina display on the new Ipad.
Microsoft's Windows 8 hype machine set its focus on screen sizes and display resolutions, touting the multitude of resolutions its Metro user interface will support. Microsoft's Metro user interface is intended for touchscreen devices, with the firm saying that "device diversity" is one of its core goals for Windows 8.
The firm explained how the tiled Metro user interface will adapt to different resolutions in order to make efficient use of screen real estate by packing more onto the screen. Interestingly, Microsoft has decided that 1024x768 will be the minimum resolution for Metro applications while 2560x1600 will be the maximum.
Not only did Microsoft set resolution limits, it also outlined screen sizes that it expects to see Windows 8 use. While the usual laptop screen sizes are accounted for with woefully inadequate resolutions, the firm foresees 10.1in and 11.6in tablet devices with 2560x1400 resolution, producing 291dpi (dots per inch) and 253dpi, respectively.
Microsoft ran through the advantages of high pixel densities, much like Apple did when it announced the Retina display on the Iphone 4. It mentioned the obvious ability to pack more onto the screen and improvements in text clarity, but the firm was also keen to point out that Metro applications will have to support high resolution screens in order to make for comfortable user interaction.
Microsoft's Windows 8 plans might not whet the appetites of that many tablet users, however it does suggest that 10in and 11in Windows tablets sporting 2560x1400 display resolution might tip up in 2013.

http://www.theinquirer.net/inquirer/news/2163051/m...

--
Was this reply relevant?
+0
-0
mogs CClip 121
Member 23rd Mar, 2012 22:15
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Chrome Beta Channel Update
Friday, March 23, 2012 | 11:11
Labels: Beta updates

The Beta channel has been updated to 18.0.1025.137 for Windows and Chrome Frame.

This release contains some stability fixes. Full details about what changes are in this build are available in the SVN revision log. Interested in switching to the Beta channel? Find out how. If you find a new issue, please let us know by filing a bug.

Karen Grunberg
Google Chrome

--
Was this reply relevant?
+0
-0
mogs CClip 122
Member 23rd Mar, 2012 22:26
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 123
Member 24th Mar, 2012 01:53
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Chrome Dev Channel Update
Friday, March 23, 2012 | 15:04
Labels: Dev updates
The Dev channel has been updated to 19.0.1077.3 for Windows, Mac, Linux and Chrome Frame. This build contains following updates:


Updated V8 - 3.9.23.0
Fixed dialog boxes in settings. (Issue: 118031)
Fixed flash videos turning white on mac when running with --disable-composited-core-animation-plugins (Issue: 117916)
Change to look for correctly sized favicon when multiple images are provided. (Issue: 118275)
Fixed issues - 116044, 117470, 117068, 117668, 118620

Known Issues
[Mac] Extension and download icons are drawn incorrectly (Issue: 118755)

Full details about what changes are in this build are available in the SVN revision log. Interested in switching release channels? Find out how. If you find a new issue, please let us know by filing a bug.

Dharani Govindan
Google Chrome

--
Was this reply relevant?
+0
-0
mogs CClip 124
Member 24th Mar, 2012 02:02
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 125
Member 24th Mar, 2012 09:15
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK

European Commission locks horns with Germany over data retention law
Meanwhile, Sweden adopts the controversial law

By Jennifer Baker

IDG News Service - European Union regulators have warned Germany that it must implement the controversial Data Retention Directive within one month or face legal action and possible fines.

The Data Retention Directive requires E.U. member states to store vast amounts of telecommunications information, including data about email, phone calls and text messages, for law enforcement purposes.

The directive was originally adopted in Germany in 2008, but was taken to the German Constitutional Court amid privacy concerns. The court ruled it unconstitutional and it was thrown out. Since then the European Commission has pushed for it to be reinstated , while German data-protection commissioners refuse, describing it as an invasion of privacy.

Romania and the Czech Republic have also declared the directive unconstitutional, while Hungary and Ireland have implemented it but have referred it to higher courts for final judgment. Sweden meanwhile implemented it after a vote in the Swedish Parliament on Wednesday, but not without controversy.

Read more at :-
http://www.computerworld.com/s/article/9225503/Eur...

--
Was this reply relevant?
+0
-0
mogs CClip 126
Member 24th Mar, 2012 21:25
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Malwarebytes Anti-Malware Available for Download Malwarebytes Anti-Malware continues to progress, as the company released a new beta for the application. Version 1.61 of the security product brings to the table improvements and repairs a small batch of problems.

As far as enhancements are concerned, the development team managed to optimize the scan speed for 64-bit operating systems and the application should complete the job 25% faster.

There are also Chameleon improvements, the technology that ensures that Malwarebytes runs even if threats try to block it.

Among the modifications there are also additional security checks for program updates and, for the paid version only, some enhancements address password command line.

As for the repairs, the new release shows accurate protection status in the scheduled scan logs. Also fixed is the context menu language for 'Scan with Malwarebytes Anti-Malware' option, which is now displayed in the selected language.

http://news.softpedia.com/news/Malwarebytes-Anti-M...

--
Was this reply relevant?
+0
-0
mogs CClip 127
Member 25th Mar, 2012 22:59
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Google ends Chrome search rank penalty period
Unclear whether self-imposed punishment affected Chrome's usage share

By Gregg Keizer
March 25, 2012 06:50 AM ET
Computerworld - Google this month released Chrome from the penalty box and reinstated the browser's PageRank after a 60-day self-imposed sentence over a rule-breaking marketing campaign.

At some point during March, Google lifted the penalty it had imposed on Chrome the first week of January, when it demoted the search ranking of the browser's download page, www.google.com/chrome. It's unclear when Google restored the browser's search rank; SearchEngineLand first reported the punishment's expiration on March 16.

The decision to reduce Chrome's PageRank -- the rating Google assigns to sites based on how many other sites link to them -- came after SEO Book and SearchEngineLand revealed a marketing campaign that paid bloggers to create generic posts that linked to a video touting Chrome to small businesses.

More at :-
http://www.computerworld.com/s/article/9225526/Goo...

--
Was this reply relevant?
+0
-0
mogs CClip 128
Member 26th Mar, 2012 09:01
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Chrome extensions malware hijacks Facebook profiles

Chrome Web Store falls to Brazilian whacks
By Simon Sharwood, APAC Editor r

Posted in Security, 25th March 2012 22:17 GMT

Kaspersky Lab has found malware-laden Chrome extensions, along with a criminal gang playing cat and mouse with Google by releasing several variations of its wares.

The attacks manifest as suggestions to download Facebook apps. Those apps are, alas, not real. Instead they are malware and, in one case, a malware-laden Chrome extension hosted in Google's very own Chrome Web Store.

The malware pretends to be a Flash Player installer but instead downloads a Trojan which writes messages to a victim's Facebook profile and automatically Likes certain pages.

Read more at :-
http://www.theregister.co.uk/2012/03/25/chrome_web...

--
Was this reply relevant?
+0
-0
mogs CClip 129
Member 26th Mar, 2012 09:35
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Microsoft leads seizure of Zeus-related cybercrime servers
The company said it has shutdown several botnets that stole an estimated US$100 million over five years

By Jeremy Kirk
March 26, 2012 02:48 AM ET
IDG News Service - Microsoft said on Monday it and several partners had disrupted several cybercrime rings that used a notorious piece of malicious software called Zeus to steal US$100 million over the last five years.

The company said a consolidated legal case has been filed against those allegedly responsible that for the first time applies the Racketeer Influenced and Corrupt Organizations (RICO) Act.

Zeus has been a thorn in the side for financial institutions due to its stealthy nature and advanced spying capabilities that center around stealing online banking and e-commerce credentials for fraud.

More at :-
http://www.computerworld.com/s/article/9225529/Mic...

--
Was this reply relevant?
+0
-0
mogs CClip 130
Member 26th Mar, 2012 19:34
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Mozilla sets end of Firefox for Win2K, early XP
Move to newer dev tools means April's Firefox 12 will be last to work on outdated Windows

By Gregg Keizer
March 26, 2012 05:53 AM ET
Computerworld - Mozilla on Friday announced that next month's Firefox 12 will be the last version to run on early editions of Windows XP and the 12-year-old Windows 2000.

The company also reiterated that it will stop serving security updates for 2010's Firefox 3.6 in April.

Starting with Firefox 13, the browser's minimum requirements will be XP Service Pack 2 (SP2). Firefox 13 will not work on Windows 2000, Windows XP RTM (release to manufacturing, the original mid-2001 build) or XP SP1.

Firefox 12, set to ship April 24 and due to be replaced by the next edition on June 4, will be the last that supports the three older Windows.

Read more at :-
http://www.computerworld.com/s/article/9225528/Moz...

--
Was this reply relevant?
+0
-0
mogs CClip 131
Member 26th Mar, 2012 19:48
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
McAfee: Digitally-signed malware numbers jump
By Tom Espiner , 26 March, 2012 16:32

E-criminals are increasingly using digitally signed malware to try to circumvent computer-security measures, according to security company McAfee.

The number of unique malicious binaries that use digital signatures to try to trick users, admins, and security software into trusting and running malware jumped from almost zero at the beginning of January 2012 to more than 200,000 samples at the end of March, McAfee researcher Craig Schmugar said in a blog post on Friday.

"Much of this malware is signed with stolen certificates, while other binaries are self-signed, or 'test signed'," said Schmugar. "Test signing is sometimes used as part of a social engineering attack."

Test-signing is particularly useful on Microsoft's 64-bit Windows operating system, which automatically disables unsigned drivers, said Schmugar. Test-signing lets developers circumvent driver-signing, but can also be used by e-criminals, said McAfee.

Read more at :-
http://www.zdnet.co.uk/blogs/security-bulletin-100...

--
Was this reply relevant?
+0
-0
mogs CClip 132
Member 26th Mar, 2012 19:55
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 133
Member 27th Mar, 2012 01:38
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
64-bit Opera Wahoo Available for Download Earlier today Opera rolled out the first release candidate for version 11.62 of the browser. Now they make available a new snapshot (build 1351) for Opera 12, codenamed Wahoo. This development build is the first one also available for 64-bit platforms, for Windows and Mac.

Out-of-process plugins (OOPP) are included in this snapshot. Running plugins in a separate process increases the stability and performance of the web browser.

Apart from this, the build runs an updated Presto engine. The improved Core brings to the table initial support for HTML5 Drag and Drop, which caters for functionality such as moving items from the desktop onto a web page.

Support for CSS Animations, although experimental, is also present in this release.

http://news.softpedia.com/news/64-bit-Opera-Wahoo-...

--
Was this reply relevant?
+0
-0
mogs CClip 134
Member 27th Mar, 2012 01:44
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Chrome Beta Channel Update
Monday, March 26, 2012 | 16:24
Labels: Beta updates

The Beta channel has been updated to 18.0.1025.140 for Windows, Mac, Linux and Chrome Frame platforms

All
Fixed Font settings aren't saved on quit (Issue: 112706)
Fixed IME failure on specific flows with a windowless Flash (Issue: 117758)
Fixed Crash when creating a new tab while the previous one is still loading (Issue: 87176)
Fixed Drag and Drop issues (Issue: 119700)
Chrome Frame
Fixed "Find Next" button does not work as intended (Issue: 112193)
More details about additional changes are available in the svn log of all revisions. If you find a new issue, please let us know by filing a bug.

Karen Grunberg
Google Chrome

--
Was this reply relevant?
+0
-0
mogs CClip 135
Member 27th Mar, 2012 01:48
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 136
Member 27th Mar, 2012 20:16
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Study: Open source libraries propagate security flaws Research finds that one-third of the most commonly used open source Java components contain security vulnerabilities

By Robert Lemos | InfoWorldFollow @infoworld

Although companies such as Microsoft, Adobe, and Mozilla have raised awareness of secure programming practices in recent years, getting developers to adopt best practices to weed out vulnerabilities in program code remains a challenge. A case in point: Developers often overlook the necessity of keeping the source components of their software up-to-date, a problem exacerbated by poor update mechanisms, according to a study released on Monday.

The report, which analyzed code downloaded from a popular collection of open source components known as the Central Repository, found that a large number of development organizations, including half of Global 100 financial firms, used vulnerable libraries from the repository.

"The problem we've found is that is no central update mechanism or notification system to tell (developers) of software about the vulnerabilities that are being discovered in individual projects," says Wayne Jackson, CEO of Sonatype, the firm that maintains the Central Repository. "What that has led to is a huge amount of consumption of components that are known to have security flaws."

More at :-
http://www.infoworld.com/t/application-security/st...

--
Was this reply relevant?
+0
-0
mogs CClip 137
Member 27th Mar, 2012 20:24
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 138
Member 27th Mar, 2012 20:30
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Security Firm AVG Releases Do-Not-Track Feature for Windows
AVG's new tool is available to users of its free and paid security products as a free update.
By Ian Paul | PC World | 27 March 12

If the recent debates around the Federal Trade Commission's call for a Do-Not-Track tool have you concerned about online privacy, computer security firm AVG recently announced a new do-not-track feature for Windows. AVG's new tool is available to users of its free and paid security products as a free update. New users can get the tool by downloading AVG Anti-virus Free Edition, and then running a program update to get the new do-not-track feature. The new tool works as an add-on with Internet Explorer, Mozilla Firefox and Google Chrome browsers.

AVG's do-not-track feature actively seeks out tracking cookies on your browser and alerts you when a site attempts to set a tracking mechanism. When it finds a tracking cookie, the anti-tracking feature will tell you whether it's a tracking cookie from an ad network, a "social button" such as Facebook's Like button and Google's +1, or a Web analytics cookie.

Read more at :-
http://www.pcadvisor.co.uk/news/security/3347346/s...

--
Was this reply relevant?
+0
-0
mogs CClip 139
Member 27th Mar, 2012 20:44
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Kaspersky PURE 2.0 Available for Download Kaspersky announced the release of version 2.0 for their complete protection suite for home users, Kaspersky PURE. The most visible change in the package is the interface, which is now more intuitive than ever.

Changes in the product touch on Quarantine and Backup management, which have been separated in different tabs as they fulfilled separate functions. You can check the reputation of apps and websites, based on community ratings.

Also new is the possibility to enable heuristic analysis in order to scan websites for phishing threats.

Other modifications include simpler parental controls, based on predefined profiles, and easier wizard for creating a backup task. Data encryption has also been improved, as the new version of the suite features a ready-to-go preinstalled container is present; customization options are available.

http://news.softpedia.com/news/Kaspersky-PURE-2-0-...

--
Was this reply relevant?
+0
-0
mogs CClip 140
Member 28th Mar, 2012 20:03
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Adobe streamlines Flash Player updates by going silent
And it drops Flash support for Microsoft's IE6

By Gregg Keizer
March 28, 2012 12:32 PM ETAdd a comment
Computerworld - Adobe yesterday released Flash Player 11.2, adding silent updating to speed patching of "zero-day" vulnerabilities in the Windows edition.

"Improving the update process is probably the single most important challenge we can tackle for our customers at this time," Peleus Uhley, a senior security researcher at Adobe, said in a Tuesday blog entry.

On Windows -- silent update will come to the Mac later, the company said -- Flash Player 11.2 checks for security updates, then downloads and installs them without bothering the user.

The background update tool pings Adobe's servers every hour until it gets a response. If it reaches Adobe and finds no ready update, the tool re-checks the servers 24 hours later.

The updater's default setting can be changed so that Flash Player continues to notify the user when updates are available

Read more at :-
http://www.computerworld.com/s/article/9225624/Ado...

--
Was this reply relevant?
+0
-0
mogs CClip 141
Member 28th Mar, 2012 20:13
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 142
Member 28th Mar, 2012 20:18
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Security firms disable the second Kelihos botnet
The second Kelihos botnet was made up of more than 100,000 compromised computers, security researchers said

By Lucian Constantin | IDG News Service

A group of malware experts from security companies Kaspersky Lab, CrowdStrike, Dell SecureWorks, and the Honeynet Project, have worked together to disable the second version of the Kelihos botnet, which is significantly bigger than the one shut down by Microsoft and its partners in September 2011.

The Kelihos botnet, also known as Hlux, is considered the successor of the Waledac and Storm botnets. Like its predecessors, it has a peer-to-peer-like architecture and was primarily used for spam and launching DDoS (distributed denial-of-service) attacks.

More at :-
http://www.infoworld.com/d/security/security-firms...

--
Was this reply relevant?
+0
-0
mogs CClip 143
Member 28th Mar, 2012 20:24
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Rockyou security blunder exposed data on 32 million gamers

US FTC wades in
By Robert Jaques
Wed Mar 28 2012, 10:22
SOCIAL GAMING OUTFIT Rockyou has agreed to implement a "comprehensive data security programme" and cough up a $250,000 fine to the US Federal Trade Commission (FTC).
The FTC revealed that after it issued a complaint against Rockyou the gaming web site operator agreed to settle charges that, despite promoting its internal security measures, it failed to protect the privacy of its users. This allowed hackers to access the personal details of 32 million users, including almost 200,000 children.
The FTC also alleged in its complaint that the gaming developer violated the Children's Online Privacy Protection Act Rule (COPPA Rule) by collecting information from children. The COPPA Rule requires that webs site operators notify parents and obtain their consent before they collect, use or disclose personal information from children under 13. It also requires that web site operators post a privacy policy that is clear, understandable and complete.

More at :-
http://www.theinquirer.net/inquirer/news/2164169/r...

--
Was this reply relevant?
+0
-0
mogs CClip 144
Member 28th Mar, 2012 20:34
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Europe-wide draft law seeks to criminalise hacking
By Tom Espiner , 28 March, 2012 17:26
Daily Newsletters

Cyberattacks could become a criminal offence across Europe punishable by at least two years in jail under a draft law cleared by a European Parliament committee on Tuesday.

Attacks against a website, network or database, and attempts to interfere with or illegally intercept data, would see two years in prison under proposals backed by the European Parliament Civil Liberties Committee. Aggravating circumstances would include the use of tools designed for use in large-scale botnet attacks, and loss of financial data.

The aim is to harmonise European law regarding attacks on computer systems, according to a European Parliament justice and home affairs statement published on Wednesday.

More at :-
http://www.zdnet.co.uk/blogs/security-bulletin-100...

--
Was this reply relevant?
+0
-0
mogs CClip 145
Member 28th Mar, 2012 20:43
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Europe aims to open cybercrime hub in January
By Tom Espiner, ZDNet UK, 28 March, 2012 15:12
Daily Newsletters

Europe's new digital crime hub will concentrate on combating attacks on critical infrastructure and pursuing crimes such as e-banking fraud, officials said as they revealed more details about the proposed organisation.

The European Cybercrime Centre in The Hague will pool information from private and public organisations, and will offer advice to businesses on cyberattacks.
The European Cybercrime Centre, based at Europol in The Hague, will probably begin work in January with a staff of 36, according to European Commission home affairs spokesman Michele Cercone. As a clearinghouse, it will compile data from a range of bodies to support investigations throughout the region, as well as acting as a hub to co-ordinate training and answer inquiries.

More at :-
http://www.zdnet.co.uk/news/security-threats/2012/...

--
Was this reply relevant?
+0
-0
mogs CClip 146
Member 28th Mar, 2012 20:46
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Gangs responsible for eight out of 10 e-crimes Research from BAE Systems Detica and London Metropolitan University's John Grieve Centre has found organised crime has entered a new era, with 80 per cent of all cybercrime now stemming from gangs.
The Organised Crime in the Digital Age report concluded that offline and online crime has converged, with criminal rings now viewing online as a fertile ground for exploitation.
The move demonstrates a change in the nature of online criminality, showcasing how cybercrime has evolved from lone operators into one mainly perpetrated by organised digital crime groups.
The paper also challenges the assumption that cybercrime is an area dominated by the young, reporting that nearly half of digital crime group members are over 35 years old, whereas only around 30 per cent are under 25.
"Organised criminal activity has now moved from being an emerging aspect of cybercrime to become a central feature of the digital crime landscape," said Kenny McKenzie, head of law enforcement at BAE Systems Detica.

More at :-
http://www.v3.co.uk/v3-uk/news/2164355/gangs-respo...

--
Was this reply relevant?
+0
-0
mogs CClip 147
Member 28th Mar, 2012 21:58
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Google lets users monitor their online activity Google on Wednesday began letting people get monthly reports summarizing what they have been up to at the Internet titan's free online services.
A freshly-added feature keeps people posted on patterns at Gmail, YouTube, online search and other Google venues visited while signed into their user accounts with the California-based company.
"Sometimes it's helpful to step back and take stock of what you're doing online," Google product manager Andreas Tuerk said in a blog post announcing the "Account Activity" feature.
"Knowing more about your own account activity also can help you take steps to protect your Google Account."
He gave an example of a report potentially revealing that someone's account was signed into from countries they have not visited or from gadgets they don't own.
Google will incorporate more of its services into Account Activity reports in coming months, according to Tuerk.
Those who sign up with get password-protected links to reports and tools to manage account privacy.

More at :-
http://www.physorg.com/news/2012-03-google-users-o...

--
Was this reply relevant?
+0
-0
mogs CClip 148
Member 29th Mar, 2012 08:18
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Chrome Dev Channel Update
Wednesday, March 28, 2012 | 13:18
Labels: Dev updates
The Dev channel has been updated to 19.0.1081.2 for Windows, Mac, Linux and Chrome Frame. This build contains following updates:

Updated V8 - 3.9.24.1
The Other Devices menu on the new tab page restores the navigation history when a tab is restored.
[Windows] Disable file: or data: downloads for security hardening.
[Mac] Fixed: Extension and download icons are drawn incorrectly (Issue: 118755)

Full details about what changes are in this build are available in the SVN revision log. Interested in switching release channels? Find out how. If you find a new issue, please let us know by filing a bug.

Dharani Govindan
Google Chrome

--
Was this reply relevant?
+0
-0
mogs CClip 149
Member 29th Mar, 2012 08:26
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK

Operation Global Blackout: Real danger or irrelevant?
By Taylor Armerding
March 28, 2012
CSO - Will the hacker group Anonymous make good on its threat to take down the Internet Saturday? Probably not. But it could slow it down, according to a number of security experts. And it may depend in part on how unified Anonymous is about the attack -- there are some indications of divisions within the group.

Anonymous has threatened retaliation for the arrests of about 25 of its members last month, and is also focused on what its members believe is a continuing threat by Congress to censor the Internet through revised versions of the Stop Internet Piracy Act (SOPA) and the companion Senate bill called the Protect IP Act (PIPA), even though the legislation was put on hold in January.

And it is essentially daring anyone to stop Operation Global Blackout -- the group announced March 31 as the date of the attack, along with the method they intend to use -- disabling the Domain Name Service through distributed denial of service attacks on the root servers of the DNS with an attack tool called "ramp," which stands for "reflective amplification." While two of the basic rules of hacking are: Don't tell your target in advance and don't give away your methods, Radware security vice president Carl Herberger says the announcement is a classic Anonymous tactic

--
Was this reply relevant?
+0
-0
mogs CClip 150
Member 29th Mar, 2012 08:32
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK

Duqu malware resurfaces after four-month holiday
'These guys are still working,' says security expert of gang behind Trojan aimed at Iran

By Gregg Keizer
March 28,
Computerworld - Duqu, the malware that has been compared to 2010's notorious Stuxnet, is back, security researchers said today.

After a several-month sabbatical, the Duqu makers recompiled one of the Trojan's components in late February, said Liam O Murchu, manager of operations at Symantec's security response team.

The system driver, which is installed by the malware's dropper agent, is responsible for decrypting the rest of the already-downloaded package, then loading those pieces into the PC's memory.

Symantec has captured a single sample of the driver, which was compiled Feb. 23, 2012. Before that, the last time the Duqu gang updated the driver was Oct. 17, 2011.

Duqu has been characterized by Symantec -- the first to extensively analyze the Trojan last year -- and others as a possible precursor to the next Stuxnet, the ultra-sophisticated worm that sabotaged Iran's nuclear fuel enrichment program by crippling critical gas centrifuges.

More at :-
http://www.computerworld.com/s/article/9225637/Duq...

--
Was this reply relevant?
+0
-0
mogs CClip 151
Member 29th Mar, 2012 08:38
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Opera 11.62 Patches Seven Security Flaws

Two of the vulnerabilities have a high severity rating.

March 28, 2012 Share
The Opera browser was recently updated to version 11.62.

"This maintenance update fixes a number of bugs, improves overall stability, and closes a total of seven security holes, five of which affect all supported platforms," The H Security reports.

"Two of the vulnerabilities are rated as 'high' severity and could be exploited by an attacker to download and execute a possibly malicious file," the article states.

Go to "Opera 11.62 closes security holes" to read the details.

http://www.esecurityplanet.com/browser-security/op...

--
Was this reply relevant?
+0
-0
mogs CClip 152
Member 30th Mar, 2012 21:43
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Last edited on 30th Mar, 2012 21:44


--
Was this reply relevant?
+0
-0
mogs CClip 153
Member 30th Mar, 2012 21:53
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Microsoft claims Windows 7 touchscreen devices will work with Windows 8

But it might be a touch and go experience
By Lawrence Latif
Fri Mar 30 2012, 15:03
SOFTWARE TREADMILL VENDOR Microsoft says most Windows 7 touchscreen devices will work with its touchscreen Metro user interface that's coming in Windows 8.
Microsoft is heavily promoting the Metro user interface in Windows 8, claiming the interface will make Windows 8 a credible alternative to Apple's IOS and Google's Android on tablets. Now the firm claims that its testing shows that the majority of touchscreen Windows 7 devices can work with Windows 8.
Microsoft outlines what it means by Windows 7 touchscreens working by saying, "This means that touch drivers continue to load, and you can perform the basic touch interactions in Windows 8 with a reasonable degree of success." The firm says 'reasonable success' means that windows might not align perfectly when dragged by fingers or interpreting gestures such as swiping and pinch-to-zoom.
According to Microsoft, Windows 8 will understand the user's intentions in its touchscreen behaviour. Microsoft claims this will help the operating system use 'sloppy' user touch-based input, something that isn't a problem with keyboards and mice because they produce very specific inputs - a particular keypress or a right click on a particular pixel.
Although Microsoft says most Windows 7 touchscreen devices will work with Windows 8, the firm claims touchscreen devices designed for Windows 8 will provide a better experience. After all, it needs to provide something more than Windows 7, otherwise its system builders and especially its marketing and sales overhead and management won't be able to profit from yet another Windows operating system release

http://www.theinquirer.net/inquirer/news/2165029/m...

--
Was this reply relevant?
+0
-0
mogs CClip 154
Member 30th Mar, 2012 21:57
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK

Google fixes Pwnium vulnerabilities in Chrome 18

While enabling hardware accelerated 2D rendering
By Lawrence Latif
Fri Mar 30 2012, 15:31
SOFTWARE DEVELOPER Google has released Chrome 18 into the stable channel, bringing a number of security fixes for vulnerabilities that were highlighted at the Pwnium competition.
Google's Chrome web browser was well and truly beaten into submission at the Pwnium competition earlier this month, with Google handing over large amounts of cash to talented security researchers. Now the firm has incorporated fixes for those security vulnerabilities among others and improved performance for Canvas2D and WebGL.
Google outlined some of the cash bounties it paid for particular fixes, with two vulnerabilities netting $1,000 apiece for two researchers. The firm also thanked four researchers for stopping security regressions from entering Chrome's stable channel, and it handed out $8,000 in additional rewards for this.
Aside from security fixes, Google has enabled GPU accelerated Canvas2D on those machines running Windows and Mac OS X that are up to the task. The firm has also enabled a Swiftshader, a software rasteriser, for users that do not have hardware that can accelerate WebGL.
Google's Chrome web browser has achieved significant market share growth in the past three years with the firm aggressively updating it. With the company pushing Chrome 18 into the stable channel, it has already announced Chrome 19 is in the beta channel, though there is no date yet for moving that over to the stable channel

http://www.theinquirer.net/inquirer/news/2165056/g...

--
Was this reply relevant?
+0
-0
mogs CClip 155
Member 31st Mar, 2012 15:14
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 156
Member 31st Mar, 2012 15:23
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK

Anonymous threatening to kill Internet over SOPA, Lulzsec
Will Operation Global Blackout go ahead this weekend, or is it all an elaborate joke?

By Mary-Ann Russon | Computerworld UK | 31 March 12
Hacker group Anonymous has been threatening since February to "shut the Internet down" by launching a Distributed Denial of Service attack (DDOS) on Saturday (31 March). The attack will target the world's 13 DNS servers so that Internet users will be unable to perform domain name lookups , thus temporarily disabling the Internet.

Anonymous is claiming that it will showcase the full extent of their botnet capabilities by compromising machines or clients running DHN software (which was developed by Lulzsec) to generate malformed UDP packets that will cause the DNS root servers to flood themselves with DNS responses and bring them down (check out a blog that explains the technology behind the attacks here).

However this seems unlikely because Anonymous has never offered any evidence that is capable of generating enough traffic to flood the root servers, which are massively overprovided with bandwidth. In addition, Anonymous is unlikely to explain to the world how it is going to perform an attack beforehand.

More at :-
http://www.pcadvisor.co.uk/news/security/3348354/a...

--
Was this reply relevant?
+0
-0
mogs CClip 157
Member 31st Mar, 2012 20:10
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK

Google takes CAPTCHA security to the streets
An experiment with digital images from Street View aims to stymie CAPTCHA-resistant bots

By Ted Samson | InfoWorldFollow @tsamson_IW

In a move that could make CAPTCHA challenges a bit easier for humans and more difficult for bots, Google is experimenting with using street-number images from Street View to strengthen its reCAPTCHA authentication technology.

Traditionally, CAPTCHA technology works by challenging users with one or more sets of distorted text characters, which they must key in to access areas of website. With the reCAPTCHA experiment, Google presents users with one set of distorted text characters and one random digital picture of a street-address number extracted from Street View, the popular Google map technology that provides a 360-degree view of an area. A user on the BlackHat SEO Forum posted a collection of images of the experimental reCAPTCHA challenges.

"We're currently running an experiment in which characters from Street View images are appearing in CAPTCHAs," Google said in a statement. "We often extract data such as street names and traffic signs from Street View imagery to improve Google Maps with useful information like business addresses and locations. Based on the data and results of these reCAPTCHA tests, we'll determine if using imagery might also be an effective way to further refine our tools for fighting machine and bot-related abuse online."

More at :-
http://www.infoworld.com/t/security/google-takes-c...

--
Was this reply relevant?
+0
-0
mogs CClip 158
Member 31st Mar, 2012 20:17
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Yahoo says it will implement do-not-track worldwide later this year
Yahoo has committed to honoring user requests not to be tracked by behavioral ads across its portfolio of websites

By Peter Sayer | IDG News Service

Yahoo websites worldwide will comply with visitors' "do not track" preferences starting later this year, Yahoo announced Wednesday.

Most major browsers are now able to send a message to sites visited, indicating whether users want their surfing behavior to be tracked by cookies for the purposes of displaying personalized ads. In February the last major hold-out, Google, announced that its Chrome browser will include do-not-track support by the end of the year.

That message, an HTTP (hypertext transfer protocol) header accompanying a request to display a Web page, avoids the awkward paradox that to store a visitor's preference not to be tracked by cookies, sites had to store a cookie containing that preference, and provides a consistent way to store and indicate such preferences across all Web sites that respect the do-not-track header.

Support for the do-not-track header has been in the works since last year, Yahoo said. All Yahoo sites will respect the header, including those of Right Media and Interclick, two Yahoo subsidiaries specializing in behavioral or data-driven advertising, the company said.

More at :-
http://www.infoworld.com/d/security/yahoo-says-it-...

--
Was this reply relevant?
+0
-0
mogs CClip 159
Member 31st Mar, 2012 22:53
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK

Chrome 19.0.1084.1 Dev Available, Paves the Way for Chrome 19 Beta With Chrome 18 stable out the door and onto people's computers, Google is working on getting Chrome 19 from the dev channel to the beta channel. The latest dev channel release, Chrome 19.0.1084.1 is probably the first step towards that and a beta should be landing soon enough.

In the meantime, the latest dev releases fixes several issues. Users are now able to add the Gmail app to Chrome, something that was broken in the previous version. The Gmail app comes built into Chrome, of course.

Theme and bookmarks bar notifications have also been fixed in the latest update. Finally, the popup prompt for Flash plugin installs is now working as it should.

Given that Google is trying to graduate Chrome 19 to the beta channel, you can expect nothing but fixes to the dev channel for the next few releases, which should be coming more frequently than usual now.

http://news.softpedia.com/news/Chrome-19-0-1084-1-...

--
Was this reply relevant?
+0
-0
mogs CClip 160
Member 31st Mar, 2012 23:08
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Scan a computer for viruses using the Microsoft Safety Scanner tool
Every PC should have reliable, up-to-date, anti-virus software installed. We show you how a free Microsoft tool can check the security of any computer instantly


Read more: http://www.computeractive.co.uk/ca/step-by-step/21...


--
Was this reply relevant?
+0
-0
CaptainMunch RE: Daily CYBERCLIPS March
Member 1st Apr, 2012 11:06
Score: 0
Posts: 2
User Since: 31st Mar 2012
System Score: 100%
Location: US
HI, Good info i to have heard about this,but don't you think the United States is over stepping there authority when they interfere with other country's legal matters.....That's just my own opinion.

--
Beat me with truth....Don't turture me with lies!
Was this reply relevant?
+0
-0
mogs RE: Daily CYBERCLIPS March
Member 1st Apr, 2012 11:45
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Last edited on 2nd Apr, 2012 19:43
@CaptainMunch

Hello....not exactly sure what above post you're referring to; or if it's your opinion based 'pon a general observation....but the contentions of inter-State legalities is something I try to avoid.
The CYBERCLIPS thread may be likened to an oasis where only figs have flourished without an ancient tree......free of dispute. Personally, I have no gripe about how the US uses it's cyberfingers from within it's own borders....Regards.


This thread is now closed.
Please see April's CYBERCLIPS thread at :-
http://secunia.com/community/forum/thread/show/124...

--
Was this reply relevant?
+0
-0

This thread has been marked as locked.