Secunia CSI7
Advisories
Research
Forums
Create Profile
Our Commitment
PSI
PSI API
CSI
OSI
xSI
Vulnerabilities
Programs
Open Discussions
My Threads
Create Thread
Statistics
About

Forum Thread: Daily CYBERCLIPS March

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
Open Discussions

This thread has been marked as locked.
mogs Daily CYBERCLIPS March
Expert Contributor 1st Mar, 2012 08:45
Ranking: 2265
Posts: 6,266
User Since: 22nd Apr, 2009
System Score: 100%
Location: UK

Eighteenth Edition.

Thankyou for the support . Hope you find something of value/interest in the new thread. The new INDEX thread will follow shortly.
Please refrain from scoring on both threads.
Security is the mainstay of the thread with some related and varied topics.
Scroll down for the latest posts !!
Note; that no entry/post should be taken as a personal recommendation, unless otherwise stated.
Please continue to keep CYBERCLIPS free of junk and unattractive to any contentious individuals..
* Keep patching : up to date : be Cybersafe ! *

--

mogs CClip 1
Expert Contributor 1st Mar, 2012 09:01
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
US shuts down Canadian gambling site with Verisign's help

Got a .com URL? US law applies

By Trevor Pott • Get more from this author

Posted in Law, 1st March 2012 01:43 GMT

The Department of Homeland Security has seized a domain name registered outside of the US, by individuals who are not American citizens, and who registered with a Canadian registrar.

What is unique about this case is that the American authorities did not get the domain's registrar - a Canadian company - to pull the domain. Instead they went to Verisign, which operates the entirety of .com, and had them pull the glue records, the warrant states. Verisign hasn't returned El Reg's request for comment on its role.

The domain in question - bodog.com - has been in trouble before. Bodog is a big name in online gambling and as such an attractive target for many who are seeking to stop US citizens gambling online. It was set up and run by Canadian billionaire Calvin Ayre. He, and three others involved with the site, have been indicted and could be extradited to the US if the authorities catch them.

More at :-
http://www.theregister.co.uk/2012/03/01/bodog_shut...

--
Was this reply relevant?
+0
-0
mogs CClip 2
Expert Contributor 1st Mar, 2012 09:04
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Microsoft opens doors to Metro app store for Windows 8
All apps are free for now; Windows Store accessible only with Windows 8 Consumer Preview

By Gregg Keizer

Computerworld - Microsoft today made good on its promise to open the doors to its Windows Store alongside the launch of the public Windows 8 preview.

Windows Store -- Microsoft's name for the app store-style distribution channel it's assigned as the sole source of Metro-style apps for Windows 8 -- requires the Consumer Preview that debuted earlier Wednesday.

Through the stretch between now and the release of Windows 8's final code -- most expect that milestone this fall in time for the holiday season -- all Windows Store apps will be free for the downloading and installing, Microsoft has said.

More at :-
http://www.computerworld.com/s/article/9224771/Mic...

--
Was this reply relevant?
+0
-0
mogs CClip 3
Expert Contributor 1st Mar, 2012 09:22
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Beta Channel Update
Wednesday, February 29, 2012 | 16:19
Labels: Beta updates

The Beta channel has been updated to 18.0.1025.45 for Windows, Mac, Linux and Chrome Frame platforms

All
Fixed NTP signed in state is missing (Issue: 112676)
Fixed gmail seems to redraw itself (all white) occasionally (Issue: 111263)
Focus "OK" button on Javascript dialogs (Issue: 111015)
Fixed Back button frequently hangs (Issue: 93427)
Increase the buffer size to fix muted playback rate (Issue: 108239)
Fixed Empty span with line-height renders with non-zero height (Issue: 109811)
More details about additional changes are available in the svn log of all revisions. If you find a new issue, please let us know by filing a bug.

Karen Grunberg
Google Chrome

--
Was this reply relevant?
+0
-0
mogs CClip 3
Expert Contributor 1st Mar, 2012 09:22
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Beta Channel Update
Wednesday, February 29, 2012 | 16:19
Labels: Beta updates

The Beta channel has been updated to 18.0.1025.45 for Windows, Mac, Linux and Chrome Frame platforms

All
Fixed NTP signed in state is missing (Issue: 112676)
Fixed gmail seems to redraw itself (all white) occasionally (Issue: 111263)
Focus "OK" button on Javascript dialogs (Issue: 111015)
Fixed Back button frequently hangs (Issue: 93427)
Increase the buffer size to fix muted playback rate (Issue: 108239)
Fixed Empty span with line-height renders with non-zero height (Issue: 109811)
More details about additional changes are available in the svn log of all revisions. If you find a new issue, please let us know by filing a bug.

Karen Grunberg
Google Chrome

--
Was this reply relevant?
+0
-0
mogs CClip 4
Expert Contributor 1st Mar, 2012 09:31
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
More than half of organizations take months or years to discover a breach, Verizon says
Over 90 percent of data breaches are caused by external attacks, according to a new Verizon report
By Lucian Constantin | 01 March 12

Over 90 percent of data breaches are the result of external attacks and almost 60 percent of organizations discovered them months or years later, Verizon said in a report released at the RSA security conference on Wednesday.

Called the Verizon 2011 Investigative Response Caseload Review, it compiles statistics from 90 data breach cases investigated by the company's incident response team last year, and provides a preview of Verizon's larger annual report that will contain data collected from additional sources like national CERTs and law enforcement agencies.


http://www.pcadvisor.co.uk/news/security/3341281/m...

--
Was this reply relevant?
+0
-0
mogs CClip 5
Expert Contributor 1st Mar, 2012 10:14
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Google implements privacy policy despite EU warning
The new privacy policy is rolling out around the world on 1 March

Internet company Google has gone ahead with its new privacy policy despite warnings from the EU that it might violate European law.

The change means private data collected by one Google service can be shared with its other platforms including YouTube, Gmail and Blogger.

Google said the new set-up would enable it to tailor search results better.

But data regulators in France have cast doubt on the legality of the move and launched a Europe-wide investigation.

Google has merged 60 guidelines for its individual sites into a single policy for all of its services.

France's privacy watchdog CNIL wrote to Google earlier this week, urging a "pause" in rolling out the revised policy.

"The CNIL and EU data authorities are deeply concerned about the combination of personal data across services," the regulator wrote.

"They have strong doubts about the lawfulness and fairness of such processing, and its compliance with European data protection legislation."

The regulator said it would send Google questions on the changes by mid-March.
'Strong as ever'
In response, Google's global privacy counsel Peter Fleischer said he was happy to answer any concerns CNIL had.

"As we've said several times over the past week, while our privacy policies will change on 1st March, our commitment to our privacy principles is as strong as ever," Mr Fleischer wrote in a blog post.

More at :-
http://www.bbc.co.uk/news/technology-17205754

--
Was this reply relevant?
+0
-0
mogs CClip 6
Expert Contributor 1st Mar, 2012 16:59
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Trusteer Uncovers New Banking Malware

The malware uses live chat to trick users into signing and/or verifying fraudulent transactions.

Trusteer researchers recently found a new form of malware that exploits banking Web sites' live chat functionality.

"When people log in to their online banking site, this new malware, using a series of fake HTML and JavaScript injections, stalls their session and informs them 'security checks are being performed,'" writes SecurityNewsDaily's Matt Liebowitz.

"The site, using convoluted language, then tells victims: 'The system couldn't identify your PC. You will be contacted by a representative to confirm your personality. Please pass the process of additional verification otherwise your account will be locked. Sorry for any inconvenience, we are carrying about security of our clients,'" Liebowitz writes. "If the poor grammar doesn't raise a red flag, the malware attack then presents users with a live online chat session that allows the hackers to 'perform real time fraud by enticing the victim to sign/verify fraudulent transactions.'"

Go to "New Banking Malware Launches Fake Live Chat" to read the details.

http://www.esecurityplanet.com/malware/trusteer-wa...

--
Was this reply relevant?
+0
-0
mogs CClip 7
Expert Contributor 2nd Mar, 2012 08:31
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Windows 8 preview breaks 1M download mark in first 24 hours
Hints at stronger interest in Windows 8 than even 2009's hit, Windows 7

By Gregg Keizer
March 1, 2012 05:02 PM
Computerworld - Microsoft today announced that customers had downloaded more than 1 million copies of the Windows 8 Consumer Preview in its first day of availability.

The company released the preview Wednesday around 9:30 a.m. ET as Windows chief Steven Sinofsky was touting the new operating system's "no compromises" approach to integrating a touch-and-tablet user interface with the traditional Windows desktop.

"One day later...one million downloads of the consumer preview," said Microsoft in a tweet this morning from its Building Windows 8 Twitter account.

More at :-
http://www.computerworld.com/s/article/9224816/Win...

--
Was this reply relevant?
+0
-0
mogs CClip 8
Expert Contributor 2nd Mar, 2012 08:41
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
FBI boss warns online threats will outpace terrorism

Osama bin Online
By Iain Thomson in San Francisco
Posted in Policing, 2nd March 2012 00:59 GMT

RSA 2012 The head of the FBI warns that the threat to the US from online attacks will shortly become greater than that posed by terrorists.

"In the not too distant future we anticipate that the cyber threat will pose the number one threat to our country," the FBI's director Robert Mueller told delegates at the RSA 2012 conference in San Francisco. "We need to take lessons learned from terrorism and apply them to cybercrime."

He quoted the Roman Stoic philosopher Seneca the Younger, who said that the more connected a society becomes – in Seneca's day it was the spread of roads – then the more likely it is that an individual would become a slave to that connectivity.

More at :-
http://www.theregister.co.uk/2012/03/02/fbi_cyber_...

--
Was this reply relevant?
+0
-0
mogs CClip 9
Expert Contributor 2nd Mar, 2012 09:24
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Can the Internet Be Made Trustworthy?

Speaking at RSA Conference 2012, the CEO of Qualys points to SSL flaws, malware in third-party ads, and insecure browsers as signs that the Internet needs a fundamental overhaul of trustworthiness.

By Sean Michael Kerner | March 01, 2012

The year 2011 was full of data breaches -- and 2012 may well be even worse, according to Qualys CEO Philippe Courtot.

Courtot delivered a keynote address at the RSA security conference in San Francisco on Wednesday, outlining his views on the need for a more effective approach to security. He also officially launched a new movement to help bring more trust to the Internet.

"The biggest challenge is the trustworthiness of the Internet itself," Courtot said.

The issue of trust comes down to multiple factors that Qualys has helped to quantify. One issue highlighted by Courtot is the problem with SSL trust. SSL is widely used to secure transactions across the Internet. A new study that is currently underway from Qualys has already scanned 1.4 million websites and has found some surprising risks: According to Qualys, 54 percent of the sites scanned so far are still using SSL 2.0 -- a security protocol that Courtot noted was broken in 1995, a full 17 years ago.

Upgrading servers to take advantage of newer security protocols is relatively easy, according to Courtot. The more difficult problem to solve is the issue of SSL governance. Currently there are approximately 650 SSL Certificate Authorities that lack adequate governance and oversight. The issue of Certificate Authority security came to light last year with the breach of certificate authority DigiNotar, which resulted in invalid SSL certificates being issued and used.

Read more at :-
http://www.esecurityplanet.com/network-security/in...

--
Was this reply relevant?
+0
-0
mogs CClip 10
Expert Contributor 2nd Mar, 2012 09:28
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Symantec IDs New Banking Trojan

Trojan.Neloweg operates in a manner similar to Zeus.

March 01, 2012
Symantec researchers are warning of a new banking Trojan that's infecting users in the UK and the Netherlands.

"Neloweg operates much like its more famous cybercrime toolkit predecessor ZeuS, but with a couple of subtle twists," writes The Register's John Leyden. "'Like Zeus, Neloweg can detect which site it is on and add custom JavaScript. But while Zeus uses an included configuration file, Neloweg stores this on a malicious webserver,' Symantec analyst Fred Gutierrez explains."

"The malware is designed to snatch online login credentials, primarily (but not exclusively) those for online banking sites," Leyden writes.

Go to "Tick-like banking Trojan drills into Firefox, sucks out info" to read the details.

http://www.esecurityplanet.com/malware/symantec-id...

--
Was this reply relevant?
+0
-0
mogs CClip 11
Expert Contributor 2nd Mar, 2012 09:33
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Mozilla Collusion lets you see who is tracking you

Firefox add-on turns the tables on marketers
By Dave Neal
Thu Mar 01 2012, 15:23
SOFTWARE OUTFIT Mozilla has released an add-on to its Firefox web browser that lets users see where and how they are being tracked by advertisers.
Mozilla has vocally opposed advertisers tracking users and is a proponent of the 'do-not-track' campaign that carries weight with regulators as well as standards groups and privacy watchers.
Collusion is an experimental release for now, but should give web users a much better insight to the tracking that shadows their web browsing.
"Collusion is an experimental add-on for Firefox and allows you to see all the third parties that are tracking your movements across the Web," says Mozilla in its introductory material.
"It will show, in real time, how that data creates a spider-web of interaction between companies and other trackers."
The software was shown off at that technology showcase and forward thinking circus, the Technology

Read more at :-
http://www.theinquirer.net/inquirer/news/2156511/m...

--
Was this reply relevant?
+0
-0
mogs CClip 12
Expert Contributor 2nd Mar, 2012 11:16
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
EU justice chief: Google is playing privacy 'games'
By David Meyer , 2 March, 2012 09:11
Daily Newsletters

EU justice commissioner Viviane Reding has attacked Google's decision to adopt a new unified privacy policy without waiting for data protection authorities to properly evaluate it.

Reding told the Guardian on Thursday that "we aren't playing games here", while suggesting Google was trying to "sneak" users' privacy away.

Google moved to the new policy on Thursday, allowing it to link up user data from various services such as search, YouTube and Gmail. The shift means, for example, that the user's choice of YouTube viewing may help shape Google Search results or the ads shown in their Gmail.

As long as users are logged into any Google service, they will not be able to opt out of having their data shared in this way.

More at :-
http://www.zdnet.co.uk/blogs/communication-breakdo...

--
Was this reply relevant?
+0
-0
mogs CClip 13
Expert Contributor 2nd Mar, 2012 11:21
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Becrypt disk crypto earns first Brit spook kitemark

Trusted ... up to a point
By John Leyden •

Posted in Government, 2nd March 2012 08:04 GMT

A full disk encryption product has become the first bit of kit to be certified by Brit spooks in their new Commercial Product Assurance scheme.

Covent Garden-based Becrypt's DISK Protect demonstrated good commercial security practice, earning it the official stamp of approval to be used by the UK government and public sector bodies in lower threat environments. The foundation-grade certification earned by Becrypt means the DISK Protect is trusted to safeguard data sensitive enough to earn the classification of "restricted". The technology is not approved for guarding more sensitive "confidential" or "secret" material. Nonetheless the seal of approval will make it easier for Becrypt to sell full disk encryption to public sector organisations.

More at :-
http://www.theregister.co.uk/2012/03/02/cesg_becry...

--
Was this reply relevant?
+0
-0
mogs CClip 14
Expert Contributor 2nd Mar, 2012 13:15
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Cyberterrorism threat shouldn't be underestimated, some security experts say
Terrorists currently use the Internet for communcation, but some of them also have knowledge of hacking
By Lucian Constantin | 02 March 12

Concern about cyberterrorism was evident this week among security experts at the RSA security conference in San Francisco, who find that some people with extremist views have the technical knowledge that could be used to hack into systems.

Cyberterrorism does not exist currently in a serious form, but some individuals with extremist views have displayed a significant level of knowledge of hacking, so the threat shouldn't be underestimated, said F-Secure's chief research officer Mikko Hypponen on Thursday at the RSA security conference in San Francisco .

Other security experts agree. "I think it's something that we should be concerned about. I wouldn't be surprised if 2012 is the year when we start seeing more cyberterrorism," said Mike Geide, a senior security analyst at security vendor Zscaler.

More at :-
http://www.pcadvisor.co.uk/news/security/3341676/c...

--
Was this reply relevant?
+0
-0
mogs CClip 15
Expert Contributor 2nd Mar, 2012 13:30
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
McAfee Launches "Security Battleground" to Aid Executives

Security solutions provider McAfee launched a book entitled “Security Battleground: An Executive Field Manual.” Written for Chief Information Officers (CIOs), Chief Information Security Officers (CISOs) and other executives, it acts as a guide for security-related budgets, strategies and operations.

Many executives need to fully understand the cyberthreats that may target their companies and that's precisely why McAfee experts Michael Fey, Brian Kenyon, Kevin Reardon, Bradon Rogers, and Charles Ross put their heads together and wrote the book based on their life experiences.

“Any top company or institution can suffer irreparable harm at the hands of cyber-attackers. Today it’s estimated that over 1 trillion dollars in damages can be attributed to this battle – and this number is expected to skyrocket to over 5 trillion within the next 5 years alone,” revealed Michael Fey, senior vice president at McAfee.

“This is a battle that has turned into a war and is being fought unlike any other and this was the question that started our journey to write this book.”

Read more at :-
http://news.softpedia.com/news/McAfee-Launches-quo...

--
Was this reply relevant?
+0
-0
mogs CClip 16
Expert Contributor 2nd Mar, 2012 16:21
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Anonymous web weapon backfires with hidden banking Trojan

Hacktivists tricked into installing malware
By John Leyden •

Posted in Malware, 2nd March 2012 11:37 GMT

Anonymous supporters queuing up to participate in denial-of-service attacks are being tricked into installing ZeuS botnet clients.

Hacktivists grabbed what they thought was the Slowloris tool, which is designed to flood websites with open connections and ultimately knock them offline. However, the download included a strain of ZeuS, which promptly installed itself on their Microsoft Windows machines.

More at :-
http://www.theregister.co.uk/2012/03/02/trojan_att...


--
Was this reply relevant?
+0
-0
mogs CClip 17
Expert Contributor 2nd Mar, 2012 16:31
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK

Windows 8: What you need to get started
What the Consumer Preview requires, where to get it, how to install it

By Gregg Keizer

Computerworld - Early yesterday, Microsoft shipped the Consumer Preview for Windows 8, the drastically different refresh of the venerable operating system.

Head Windows executive Steven Sinofsky took to a stage in Barcelona, Spain to again chant the "no compromises" mantra that Microsoft has used to label Windows 8, and with help from other employees, demonstrate some of the key features.

With some experts saying Microsoft was "betting the farm" on Windows 8, it wasn't a shock that Sinofsky calling the OS a "generational change."

He wasn't joking. Microsoft has made many fundamental changes to Windows, particularly in the user interface, or UI, to drag the OS into the touch and tablet world.

That may either only temporarily stump long-time users, or send them into a spitting frenzy.

With all that on the line, plenty of people will want to try out Windows 8 themselves to decide whether it's another hit like Windows 7 or a repeat of the Vista mess.

So, where do you get it, how do you install it and who do you go to for help?

You have questions? We have the answers. Some of them, anyway.

Read/see more at :-
http://www.computerworld.com/s/article/9224785/Win...

--
Was this reply relevant?
+0
-0
mogs CClip 18
Expert Contributor 2nd Mar, 2012 22:32
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK

March 2nd, 2012, 20:18 GMT · By Eduard Kovacs
XSS and Other Flaws Found in Honeywell Site (Exclusive)

The official website of the Forbes 100 company Honeywell (honeywell.com) was found to contain a number of vulnerabilities, including cross-site scripting (XSS), an Iframe injection, and an image uploading flaw.

The security holes were identified by independent security researcher Shadab Siddiqui which lately amazed the community by finding weaknesses in sites such as redhat.com, pinterest.com, alshaya.com and the popular Indian search engine Guruji.

Honeywell is a company that makes billions in revenue each year with technologies designed to address the challenges of safety, security and energy, but it turns out that they have been neglecting to keep their public website patched up.

“Using Iframe Injection, an attacker can inject advertisements inside any other websites, insert malware infected site links, redirect to malware infected sites and more. Malware Attackers use this IFrame and include the malware websites,” Siddiqui told us.

“They are able to include the webpage one pixel square(You won't able to see it in webpage). Obfuscate the JavaScript that will run automatically from that included page so that it looks something like '6C framebo' - leaving no obvious clue that it's malicious.”

He also pointed out the fact that an attacker could rely on the XSS vulnerabilities to perform clickjacking.

“Clickjacking is a malicious technique of tricking a Web user into clicking on something different to what the user perceives they are clicking on, thus potentially revealing confidential information or taking control of their computer while clicking on seemingly innocuous web pages,” he explained.

“A vulnerability across a variety of browsers and platforms, a clickjack takes the form of embedded code or a script that can execute without the user's knowledge, such as clicking on a button that appears to perform another function.”

A final security hole identified in Honeywell’s site is a URL redirect which can be utilized by a hacker for cookie hijacking.

Honeywell has been informed of the vulnerabilities, but we have experienced difficulties in communicating with their representatives. This post will be updated as soon as new information is made available.

http://news.softpedia.com/news/XSS-and-Other-Flaws...

--
Was this reply relevant?
+0
-0
mogs CClip 19
Expert Contributor 3rd Mar, 2012 13:04
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK

Google's Chrome drops share for second straight month
Web tracking firm Net Applications acknowledges it had over-counted Chrome's use

By Gregg Keizer
March 2, 2012
Computerworld - The browser battle returned to a kind of normalcy last month as Microsoft's Internet Explorer (IE), which had posted its largest-ever share increase in January, declined slightly in February.

And Google's Chrome fell for the second straight month in Web metrics firm Net Application's statistics as the company acknowledged it has been over-counting that browser's share for months.

Chrome's pre-rendering feature -- where the browser loads pages in the background that the user may view -- kicked off last August with version 13, and was enhanced in Chrome 17 that launched about a month ago.

As users type in search strings. whether at Google.com or in the browser's combined address bar/search field, dubbed the "omnibox," Google loads one or more hidden pages that it thinks the user will select from the ensuing search links.
Net Applications admitted that it had given Chrome a larger share than the browser deserved. "[Pre-rendering] creates unviewed visits that should not be counted in Chrome's usage share," said Net Applications on its website yesterday.

Starting with the data from February, Net Applications has adjusted Chrome's share -- which is derived from the page views attributed to the browser -- by tossing aside unused pre-loaded pages and counting only those the user actually sees.

More at :-
http://www.computerworld.com/s/article/9224841/Goo...

--
Was this reply relevant?
+0
-0
mogs CClip 20
Expert Contributor 3rd Mar, 2012 13:13
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Hackers had 'full functional control' of Nasa computers

NASA said the loss of data did not affect the operations of the International Space Station

Hackers gained "full functional control" of key Nasa computers in 2011, the agency's inspector general has told US lawmakers.

Paul K Martin said hackers took over Jet Propulsion Laboratory (JPL) computers and "compromised the accounts of the most privileged JPL users".

He said the attack, involving Chinese IP addresses, was under investigation.

In a statement, Nasa said it had "made significant progress to protect the agency's IT systems".

Mr Martin's testimony on Nasa's cybersecurity was submitted to the House Committee on Science, Space and Technology's Subcommittee on Investigations and Oversight.

More at :-
http://www.bbc.co.uk/news/technology-17231695

--
Was this reply relevant?
+0
-0
mogs CClip 21
Expert Contributor 3rd Mar, 2012 13:21
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Microsoft will chop Windows 8 into nine SKUs SOFTWARE REDEVELOPER Microsoft is expecting to release nine Windows 8 SKUs according to a registry entry in the consumer preview released on Wednesday.
Microsoft launched its Windows 8 consumer preview with much fanfare at MWC in Barcelona on Wednesday and later claimed that it was downloaded a million times in just 24 hours. With people poking around the operating system, it wasn't long before the chaps at Windows 8 Beta found references to nine Windows 8 SKUs.
According to Microsoft's registry entry there will be two Enterprise editions - one is purely for evaluation - plus Home Basic, Home Premium, Professional and Professional Plus editions, with Starter and Ultimate editions to top off the x86 offerings. There are no prizes for guessing that there will be an ARM version too, rounding off the set.

Read more at :-
http://www.theinquirer.net/inquirer/news/2156811/m...

--
Was this reply relevant?
+0
-0
mogs CClip 22
Expert Contributor 3rd Mar, 2012 13:26
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Secunia bets on open information for security growth

Opens free PSI 3.0 patch scanner for all
By Iain Thomson in San Francisco •

Posted in Security, 2nd March 2012 19:40 GMT
Get a free benefit and free BlackBerry Curve 9380 with Orange Business Solo 25
RSA 2012 Danish vulnerability specialist developer Secunia has released the latest beta of its Personal Software Inspector (PSI), and says it is betting on an open approach to security information to grow the company.

Founder Niels Henrik Rasmussen told The Register that his company will continue to work on open information sharing with the security industry, rather than trying to lock down data for its own advantage. The benefits were clear, he said: Secunia has grown 182 per cent in the last three years, at a time when less-open competition was performing less well.

"The security community provides us with a lot of intelligence, which we can assess and then give back, instead of 'if you want my offering you have to pay for it'," he said. "People like the fact that we provide open solutions, the fact that we push solutions to security community."

So far, the strategy is working very well indeed, he said. The company now gets nearly a third of its revenue from US customers, despite only having opened US operations in 2009. If Secunia's high-profile booth at the RSA expo is any indication, business is good – the first time this El Reg hack met Rasmussen, the company had a tiny booth at the back of the hall held together with duct tape.

Read more at :-
http://www.theregister.co.uk/2012/03/02/secunia_ps...

--
Was this reply relevant?
+0
-0
mogs CClip 23
Expert Contributor 4th Mar, 2012 08:27
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Expert on Recovery After an Iframe Injection Attack (Exclusive)

Seeing that a lot of websites are plagued with Iframe Injection vulnerabilities, independent security researcher Shadab Siddiqui made up an advisory to help website administrators recover their websites after such a security hole has been exploited. He also listed some safety measures that must be implemented in order to avoid such incidents.

Read more at :-
http://news.softpedia.com/news/Expert-on-How-to-Re...

--
Was this reply relevant?
+0
-0
mogs CClip 24
Expert Contributor 4th Mar, 2012 08:33
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Speccy 1.16 Adds Support for Windows 8 Consumer Preview Piriform has just released a new revision for their system information tool, Speccy. The latest build does not feature too many changes, but adds support for Windows 8 Consumer Preview and some improvements.

Rearchitecting data loading order is on the list of the changes available in Speccy 1.16 and so are fixes for minor GUI issues.

As far as the improvements are concerned, the new build has bettered the exception handling for CPU and GFX sections. Also, detection of Admin Shares should be smoother now.

Another enhancement available refers to bug data collection and reporting from the users. This may be among the most important entries in the changelog, since users are the best feedback as far as the performance and functionality of the application is concerned.

You can download Speccy from this page; also available as a portable download.

http://news.softpedia.com/news/Speccy-1-16-Adds-Su...

--
Was this reply relevant?
+0
-0
mogs CClip 25
Expert Contributor 4th Mar, 2012 09:13
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
A possible tip....of help to others.

I ran my usual monthly auto Windows backup two days ago......having got to the end of, the scan bar turned red....a message with an Error code appeared, stating that the file was corrupt and unreadable. I searched around for an error code explanation, but couldn't find anything specific.

The next day I decided to run CHKDSK.....It found one lost/orphaned file and three unindexed.
Ran Backup again and it completed successfully.
It's not the first time CHKDSK has appeared to save me much distress and searching !

mogs.

--
Was this reply relevant?
+0
-0
mogs CClip 26
Expert Contributor 5th Mar, 2012 07:25
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK

Chrome Stable Update
Sunday, March 4, 2012 | 18:30
Labels: Stable updates
The Chrome Stable channel has been updated to 17.0.963.65 on Windows, Mac, Linux and Chrome Frame. This release fixes a number of issues including:
Cursors and backgrounds sometimes do not load (bug 111218)
Plugins not loading on some pages (bug 108228)
Text paste includes trailing spaces (bug 106551)
Websites using touch controls break (bug 110332)
Along with these fixes, the release contains an updated version of the Adobe Flash player. More information on Flash updates is available from Adobe.

Security fixes and rewards:

Firstly, we have some special rewards for some special bugs!

[$10,000] [116661] Rockstar CVE-1337-d00d1: Excessive WebKit fuzzing. Credit to miaubiz.
[$10,000] [116662] Legend CVE-1337-d00d2: Awesome variety of fuzz targets. Credit to Aki Helin of OUSPG.
[$10,000] [116663] Superhero CVE-1337-d00d3: Significant pain inflicted upon SVG. Credit to Arthur Gerkis.
To determine the above rewards, we looked at bug finding performance over the past few months. The three named individuals stood out significantly. It also shouldn’t come as a surprise that they all feature (and earn more!) in the release notes below.

We have always reserved the right to arbitrarily reward sustained, extraordinary contributions. In this instance, we’re dropping a surprise bonus. We reserve the right to do so again and reserve the right to do so on a more regular basis! Chrome has a leading reputation for security and it wouldn’t be possible without the aggressive bug hunting of the wider community.

Please see the Chromium security page for more detail. Note that the referenced bugs may be kept private until a majority of our users are up to date with the fix.

[$1000] [105867] High CVE-2011-3031: Use-after-free in v8 element wrapper. Credit to Chamal de Silva.
[$1000] [108037] High CVE-2011-3032: Use-after-free in SVG value handling. Credit to Arthur Gerkis.
[$2000] [108406] [115471] High CVE-2011-3033: Buffer overflow in the Skia drawing library. Credit to Aki Helin of OUSPG.
[$1000] [111748] High CVE-2011-3034: Use-after-free in SVG document handling. Credit to Arthur Gerkis.
[$2000] [112212] High CVE-2011-3035: Use-after-free in SVG use handling. Credit to Arthur Gerkis.
[$1000] [113258] High CVE-2011-3036: Bad cast in line box handling. Credit to miaubiz.
[$3000] [113439] [114924] [115028] High CVE-2011-3037: Bad casts in anonymous block splitting. Credit to miaubiz.
[$1000] [113497] High CVE-2011-3038: Use-after-free in multi-column handling. Credit to miaubiz.
[$1000] [113707] High CVE-2011-3039: Use-after-free in quote handling. Credit to miaubiz.
[$500] [114054] High CVE-2011-3040: Out-of-bounds read in text handling. Credit to miaubiz.
[$1000] [114068] High CVE-2011-3041: Use-after-free in class attribute handling. Credit to miaubiz.
[$1000] [114219] High CVE-2011-3042: Use-after-free in table section handling. Credit to miaubiz.
[$1000] [115681] High CVE-2011-3043: Use-after-free in flexbox with floats. Credit to miaubiz.
[$1000] [116093] High CVE-2011-3044: Use-after-free with SVG animation elements. Credit to Arthur Gerkis.
The majority of the above bugs were detected using AddressSanitizer, which rocks.

More detailed updates are available on the Chrome Blog. Full details about what changes are in this release are available in the SVN revision log. Interested in hopping on the stable channel? Find out how. If you find a new issue, please let us know by filing a bug.

Jason Kersey
Google Chrome

--
Was this reply relevant?
+0
-0
mogs CClip 27
Expert Contributor 5th Mar, 2012 08:04
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK

Diskeeper changes name, announces new product direction
Condusiv to focus on data optimization, recovery technology

By Lucas Mearian
March 5, 2012 12:01 AM ET1 Comment
Computerworld - After 31 years of doing business as Diskeeper, the disk defragmentation company announced today that it has changed its name to Condusiv Technologies and is working to reshape its product image.

Condusiv still offers disk defragmentation software, but the company will focus its marketing efforts on caching software for flash memory and a new version of its Undelete product.

"The company walked and talked like a disk defragmentation company," Condusiv CEO Jerry Baldwin said. "I had to take and change a market leading company that had gotten set in its ways and wasn't looking at the outside world or paying attention to its customers."

"I guess I'd have to say I redid everything ... to reposition its technology prowess and its direction in the marketplace," added Baldwin, who was appointed Diskeeper's CEO in September.

Baldwin said the company's ExpressCache software product, which is used in conjunction with solid state drives (SSD) to cache the most frequently used data on Windows 7 systems, is being used in the products made by five of the top seven PC system manufacturers. And, it will soon be in the products of the top nine PC manufacturers.

More at
http://www.computerworld.com/s/article/9224844/Dis...

--
Was this reply relevant?
+0
-0
mogs CClip 28
Expert Contributor 6th Mar, 2012 09:03
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
By Eduard Kovacs
Site of Oil and Gas Firm Shell Vulnerable to Hackers (Exclusive)

In the past several weeks hackers and security researchers worldwide demonstrated that even some of the larger companies experience difficulties when it comes to protecting their public websites. One of these firms is Shell, the world renowned oil and gas supplier, as demonstrated by independent security researcher Shadab Siddiqui.

Royal Dutch Shell is the second-largest energy company in the world totaling revenue of $368 billion (276 billion EUR) in 2010, but apparently, little of this sum was invested in the company’s public website which turns out to be full of security holes.

While the internal path leakage issue that exists on the site cannot be exploited directly by an attacker, it can be of great aid during the exploitation of other vulnerabilities, such as the numerous cross-site scripting (XSS) and iFrame injection flaws.

“XSS (Cross-site Scripting) allows an attacker to execute a dynamic script (Javascript, VbScript) in the context of the application,” the researcher explained.

“This allows several different attack opportunities, mostly hijacking the current session of the user or changing the look of the page by changing the HTML on the fly to steal the user's credentials.

“This happens because the input entered by a user has been interpreted as HTML/Javascript/VbScript by the browser.”

According to Siddiqui, the XSS vulnerabilities are not present only on the webpage for which he provided the screenshot, but also on at least 10 others.

The hijacking of user sessions, phishing attacks, and man-in-the-middle attacks are just a few of the malicious operations that can be performed by a cybercriminal that manages to successfully exploit an XSS.

More at :-
http://news.softpedia.com/news/Site-of-Oil-and-Gas...

--
Was this reply relevant?
+0
-0
mogs CClip 29
Expert Contributor 6th Mar, 2012 09:40
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK

Adobe patches Flash Player for second time in 20 days
Quashes two bugs as it applies new patch priority ranking for the first time

By Gregg Keizer

Computerworld - Adobe today patched a pair of critical vulnerabilities in Flash Player and told IT administrators to apply the update within 30 days.

The update was the second for Flash this year; Adobe last patched it less than three weeks ago.

"These vulnerabilities could cause a crash and potentially allow an attacker to take control of the affected system," Adobe acknowledged in an accompanying security advisory issued around 3 p.m. ET.

One of the bugs was a memory corruption vulnerability in Matrix3D -- an Adobe ActionScript class that determines the position of three-dimensional objects in Flash -- and, said Adobe, "could lead to code execution."

The second, less serious vulnerability, was labeled an "information disclosure" bug.

Unlike last month's Flash update, attackers have not yet begun exploiting these vulnerabilities, said Adobe.

More at :-
http://www.computerworld.com/s/article/9224885/Ado...

--
Was this reply relevant?
+0
-0
mogs CClip 30
Expert Contributor 6th Mar, 2012 09:45
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
AOL pulls the plug on Brizzly

Users' pictures to disappear on March 31st
By Simon Sharwood, APAC Editor • Get more from this author

Posted in Software, 6th March 2012 00:32 GMT

Popular social media client Brizzly will pull down the shutters on March 31st and is urging users to hurry up and download any pictures they stored with the service before that date.

Brizzly came to prominence in 2009 at a Tech Crunch event. The next year AOL acquired it and said it had no intention of shuttering the service, but would press its development team into service on AOL projects.


But a blog post and email to customers point out that's just what it has done.

More at :-
http://www.theregister.co.uk/2012/03/06/brizzly_sh...

--
Was this reply relevant?
+0
-0
mogs CClip 31
Expert Contributor 6th Mar, 2012 22:03
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Stable Channel Update
Tuesday, March 6, 2012 | 09:50
Labels: Stable updates
The Chrome Stable channel has been updated to 17.0.963.66 on Windows, Mac, Linux and Chrome Frame. This release fixes an issue in the DOM. Interested in hopping on the stable channel? Find out how. If you find a new issue, please let us know by filing a bug.

Jason Kersey
Google Chrome


--
Was this reply relevant?
+0
-0
mogs CClip 32
Expert Contributor 6th Mar, 2012 23:09
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
200,000 Webpages Compromised to Lead Visitors to Fake AV Sites

In the past couple of months mass infections were not uncommon and now security experts believe they stumbled upon another one. Websense found that 30,000 unique websites are currently compromised to redirect their visitors to sites that promote shady antivirus software.

A total of 200,000 webpages, part of the 30,000 sites, have been compromised, apparently the campaign being designed to target mostly ones hosted by the WordPress content management system.

After multiple redirects, victims are taken to a website that performs a fake scan, pointing out a large number of infections and threats that affect the system. The scan is designed to appear as if it takes place in a Windows Explorer window, but in reality it’s nothing more than a webpage that’s cleverly set up to dupe users.

When the scan is complete, the user is urged to install an antivirus tool that would allegedly remove the pieces of malware. However, the antivirus installer is nothing more than a Trojan that once installed can give its master complete control over the infected machine.

Statistically speaking, more than 85% of the compromised website are located in the United States. This doesn’t mean that only US internauts are exposed to this threat, the sites being also visited by individuals from Turkey, Brazil, UK, India, China, South Africa, Jordan, Canada, Philippines and Taiwan.

More at :-
http://news.softpedia.com/news/200-000-Webpages-Co...

--
Was this reply relevant?
+0
-0
mogs CClip 33
Expert Contributor 6th Mar, 2012 23:15
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Kaspersky Internet Security Technical Preview The next security suite from Kaspersky popped up yesterday. It is a technological preview, intended for installation exclusively on Windows 8 Consumer Preview, so the stage of development is very early at this point.

Although Kaspersky Internet Security Technological Preview also runs on Windows 7, integration with Windows 8 Consumer Preview is deeper. In this sense, the user should be able to handle extending license terms, updating antivirus databases, activating various product features and deactivating the product itself from Windows.

The final form of this release should not hinder the performance of the PC and it should also move faster than previous builds. However, at the moment it is very likely to cause problems as there is plenty of work to be done.

Looks have barely changed, and some of the features have been reordered. The application is active for 90 days after installation. Check the pictures in the gallery below for a closer look.
See at
http://news.softpedia.com/news/Kaspersky-Internet-...

--
Was this reply relevant?
+0
-0
mogs CClip 34
Expert Contributor 7th Mar, 2012 10:14
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Dev Channel Update
Tuesday, March 6, 2012 | 18:40
Labels: Dev updates
The Dev channel has been updated to 19.0.1061.1 for Windows, Mac, Linux and Chrome Frame. This build contains following updates:

Updated V8 - 3.9.13.0
Added remote file system support for File object by 'create-snapshot-first' approach (Issue: 115603)
Fixed overlap of apps in NTP when deleting and reinstalling app (Issue: 116284)
Fixed issues - 116174, 115309, 115858, 108239, 115399, 105054 (ChromeOS-specific)
Full details about what changes are in this build are available in the SVN revision log. Interested in switching release channels? Find out how. If you find a new issue, please let us know by filing a bug.

Dharani Govindan
Google Chrome

--
Was this reply relevant?
+0
-0
mogs CClip 35
Expert Contributor 7th Mar, 2012 10:27
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Last edited on 7th Mar, 2012 10:28

Security invaders ahead on IPv6 knowledge
Hackers seeking to breach security are ahead of most organisations looking to implement IPv6, a Wellington seminar was told
By Stephen Bell | Computerworld New Zealand | 07 March 12

Hackers seeking to breach security are ahead of most would-be business implementers when it comes to figuring out the detail of IPv6 and are more motivated, a Wellington seminar has heard.

If a government agency does not intend using IPv6 in the near term, and has IPv6-capable devices communicating with its network, then IPv6 capability will have to be consciously turned off, Jonathan Berry of the Government Communications Security bureau warns. "That's prudent behaviour. Any sort of network hardening will push you down a path of turning off services and functionality you don't need," he told the seminar, on "Practical IPv6 for Government".

It's all too easy, several speakers at the event testified, to acquire IPv6 devices and addresses on a network, effectively providing a backdoor for security breaches if the network is not hardened against such traffic. And once you turn on IPv6, traffic on the network should, of course, be carefully monitored, to make sure only known activity is going on. "Whether you want to use IPv6 or not, you will have to know about it to keep your network secure," said Graeme Neilson of security specialist AuraInfosec.

More at :-
http://www.pcadvisor.co.uk/news/security/3342601/s...

--
Was this reply relevant?
+0
-0
mogs CClip 36
Expert Contributor 7th Mar, 2012 10:32
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Hackers deface Panda Security's website following arrests
Panda Security was targeted for its praise of the arrests of alleged Anonymous members
By Jeremy Kirk | 07 March 12

Hackers aligned with Anonymous took credit on Wednesday for an attack on Panda Security's website shortly after charges were announced against five of the hacking collective's alleged members.

More than two dozen subdomains within "pandasecurity.com" and other several domains owned by Panda were modified to show a video recounting some of the hacking highlights from Lulz Security or "Lulzsec," a smaller group aligned with Anonymous, according to a post on Pastebin.

Also released were e-mail addresses of people with accounts with Panda, along with their passwords and other internal server details.

Luis Corrons, technical director for the security company's lab, was singled out by the hackers for praising the arrests in a blog post on Tuesday. The hackers accused Panda Security of aiding law enforcement.

More at :-
http://www.pcadvisor.co.uk/news/security/3342592/h...

--
Was this reply relevant?
+0
-0
mogs CClip 37
Expert Contributor 7th Mar, 2012 10:42
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Most UK frauds now involve the internet
By David Meyer , 6 March, 2012 16:45

More than half of all frauds in the UK are now carried out through or initiated on the internet, the fraud protection service CIFAS has revealed.

CIFAS told ZDNet UK on Tuesday that the internet was the channel of perpetration for 122,988 frauds in 2011, or 53 percent of the total for the year. In 2010, that number was 101,855, or 47 percent of all frauds.

"The internet has been the key focus for fraudsters," a CIFAS spokesman said. "It provides a key level of convenience and ease of use for consumers, but that same convenience is there for the fraudster whether they're a lone operator or a more organised criminal network."

CIFAS released the 2011 edition (PDF) of its annual Fraudscape report on Tuesday. Apart from pointing out that fraud in general went up nine percent between 2010 and 2011, the publication noted that the internet had become a much more prevalent vector for unauthorised account takeovers in particular.

More at :-
http://www.zdnet.co.uk/blogs/communication-breakdo...

--
Was this reply relevant?
+0
-0
mogs CClip 38
Expert Contributor 7th Mar, 2012 21:02
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK

MARCH 07, 2012
Internet Explorer losing enterprise traction
Enterprise IE use dropped 10 percent in 2011, while unpatched browser plug-ins have become a greater security threat

By Ted Samson
Enterprise usage of Internet Explorer dropped by 10 percent over the past year, to just over 50 percent, with some organizations still clinging to IE6 despite the security risks. The bigger threat, though, lies in the fact that more than a quarter of enterprise Web traffic flows through browser extension and plug-ins -- some of which IT neglects to keep properly patched, thus making them juicy targets for hackers.

Such are the findings of the newly released Q4 2011 edition of Zscaler ThreatlabZ's "State of the Web" report, in which the security company analyzes enterprise Web traffic worldwide. The report reveals interesting trends as enterprises move more toward mobile and the cloud -- but perhaps more important, it reveals potential security holes in enterprise networks that desperately need filling.

Anyone who's been tracking browser trends of late is likely unsurprised to see that use of Internet Explorer is on the decline in the business world, as general use of Microsoft's browser has steadily declined over the past couple of years. As of Q4, Zscaler saw 53.3 percent of enterprise Web traffic driven through some version of IE, a 10 percent decline for the year. As a point of comparison, consumer usage of IE is now below 40 percent, according to StatCounter, with Chrome now ahead of IE8.

More at :-
http://www.infoworld.com/t/cyber-crime/internet-ex...

--
Was this reply relevant?
+0
-0
mogs CClip 39
Expert Contributor 7th Mar, 2012 21:08
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK

March 7th, 2012, 13:39 GMT · By Eduard Kovacs
“Internet Shutdown” Postponed by Court to July 9, 2012

Good news for the owners of the millions of computing devices affected by the malicious DNSChanger Trojan. The FBI obtained a court order to postpone the termination of the compromised DNS servers from March 8 to July 9, 2012, giving ISPs and companies 120 days to dispose of the malware.


For those who aren’t familiar with the DNSChanger malware, InfoSec Island reveals that it infects computers, altering their DNS settings so that every time the user wants to visit a website they would be pointed to the rogue DNS servers that controlled the botnet.

These, in turn, would ensure that the unsuspecting victim is taken to a domain that promotes fake products.

In November 2011, as part of Operation Ghost Click, the FBI managed to identify the cybercriminals that controlled the rogue DNS servers located in Estonia, New York and Chicago, and terminated the entire operation.

At the time, Trend Micro made an advisory to help users with infected devices. Senior Security Researcher Paul Ferguson even made some important recommendations to internauts in an interview we had with him at the time.

However, the cleansing process turned out to be more difficult than everyone imagined. Because the infected devices connected to the Internet through the DNS servers operated by the crooks, shutting them down would mean that millions of users worldwide would be left without access to the Web.

More at :-
http://news.softpedia.com/news/Internet-Shutdown-P...

--
Was this reply relevant?
+0
-0
mogs CClip 40
Expert Contributor 7th Mar, 2012 21:15
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK

Rival hacking contests kick off today with $1.1M at stake
HP TippingPoint argues Google's 'Pwnium' money is safe because Chrome sandbox-escape exploits are worth more than Google's paying

By Gregg Keizer
March 7, 2012 11:40 AM ET
Computerworld - Two hacking contests kicked off in Canada today, with hundreds of thousands of dollars in prize money up for grabs.

HP TippingPoint's Pwn2Own and Pwnium, Google's offshoot, both begin today at CanSecWest, a security conference that runs March 7-9 in Vancouver, British Columbia.

Just a week ago, there was to be only Pwn2Own, now in its fifth year, with both TippingPoint's Zero Day Initiative (ZDI), the company's bug bounty program, and Google promising to pitch in prize money.

For its part, ZDI committed $105,000 that would award $60,000 for the top score in a three-day event combining zero-day bug exploits with on-site hacking challenges.

Google, meanwhile, said it would pay up to $20,000 for any exploit of its own Chrome browser.

But on Feb. 27, Google withdrew from Pwn2Own, saying the contest did not require participants to hand over their exploits or divulge all the bugs they used to hack Chrome.

Instead, Google announced Pwnium, a separate event that will pay up to $60,000 for any exploit that leverages only bugs in Chrome. Google pledged to pay out as much as $1 million if several researchers stepped forward with Chrome-only "zero-day," or previously unknown, vulnerabilities and their exploits.

More at :-
http://www.computerworld.com/s/article/9224976/Riv...

--
Was this reply relevant?
+0
-0
mogs CClip 41
Expert Contributor 8th Mar, 2012 11:24
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK

Scareware Demands Ransom After Making Files and Folders Invisible

Bitdefender experts came across a piece of scareware that makes victims believe that something may have happened to all the files and folders stored on their computers. The user is then requested to pay $80 (60 EUR) for a tool that allegedly addresses the problem.

Scareware or ransomware is not uncommon, many security solutions providers releasing advisories on how to handle threats which pose as law enforcement agencies that demand the payment of fines, accusing the user of copyright infringement.

However, this Trojan relies on the fact that many computer owners panic if they see that all their personal files and folders have suddenly disappeared.

Identified as Trojan.HiddenFilesFraud.A, the rogue disk repair utility starts operating by informing the user of certain issues that affect the computer. Since many people are already accustomed to fake AV’s, this malicious application has an ace up its sleeve that makes everything look more realistic.

It changes the attributes of all files and folders, setting them as Hidden, so that the user may think that everything has been deleted from the hard drive. Certain key shortcuts are also disabled to induce more panic.

More at :-
http://news.softpedia.com/news/Scareware-Demands-R...

--
Was this reply relevant?
+0
-0
mogs CClip 42
Expert Contributor 8th Mar, 2012 11:37
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Duqu Framework Coded in Unknown Programming Language

F Sharp, Iron Python, CPLEX LIB, High-Level Assembly, LISP, Erlang are just a few of the names of programming languages in which Duqu’s framework could be written. It’s uncertain yet which one it is, but one thing is clear, the malware’s framework looks different from anything else previously analyzed by Kaspersky experts.


The researchers determined that Duqu’s Payload library (DLL) looks like a common Windows PE DLL compiled in Microsoft’s Visual Studio 2008.

“The entry point code is absolutely standard, and there is one function exported by ordinal number 1 that also looks like MSVC++,” Kaspersky Lab Expert Igor Soumenkov said.

“This function is called from the PNF DLL and it is actually the 'main' function that implements all the logics of contacting C&C servers, receiving additional payload modules and executing them.”

However, the way this logic was programmed and the tools that were utilized are mindboggling. The only certain thing is that it's an object-oriented programming language.

More at :-
http://news.softpedia.com/news/Duqu-Framework-Code...

--
Was this reply relevant?
+0
-0
mogs CClip 43
Expert Contributor 8th Mar, 2012 11:42
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Spam leads Google to disable interop of its IM network with AOL AIM
AOL is expecting to have the problem fixed soon, possibly as early as Thursday

By Juan Carlos Perez
March 7, 2012 04:31 PM ET
IDG News Service - AOL hopes to roll out a fix soon to a spam surge in its AIM service targeting Google IM users, a situation that prompted Google to temporarily shut down the interoperability between the two instant messaging networks.

Google suspended the IM federation between its IM network and AIM about a week and a half ago in order to shield Gmail Chat and Google Talk users from the high level of AIM spam.

"Our backend servers were sending too many spam messages to Google federation gateways," said Christian Crumlish, senior director of messaging products at AOL.

AOL has been working intensely on the problem and expects to roll out a fix maybe as soon as Thursday. "It's a serious enough problem that we had to pull a number of people off of what they were working on," he said.

More at :-
http://www.computerworld.com/s/article/9224998/Spa...

--
Was this reply relevant?
+0
-0
mogs CClip 44
Expert Contributor 8th Mar, 2012 11:50
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
DDoS botnet clients start integrating the Apache Killer exploit
A fairly new Apache denial-of-service exploit has been integrated into a popular DDoS botnet client called Armageddon

By Lucian Constantin | IDG News Service


The latest version of a DDoS (distributed denial-of-service) bot called Armageddon integrates a relatively new exploit known as Apache Killer, DDoS mitigation vendor Arbor Networks said on Tuesday.

The Apache Killer exploit was released in August 2011. It exploits a vulnerability in the Apache Web server by sending a specially crafted "Range" HTTP header to trigger a denial-of-service condition.

[ The Web browser is your portal to the world -- as well as the conduit that lets in many security threats. InfoWorld's expert contributors show you how to secure your Web browsers in this "Web Browser Security Deep Dive" PDF guide. ]

The attack is particularly dangerous because it can be successfully executed from a single computer and the entire targeted machine needs to be rebooted in order to recover from it.

"The Kill Apache attack abuses the HTTP protocol by requesting that the target web server return the requested URL content in a huge number of individual chunks, or byte ranges," said Arbor research analyst Jeff Edwards in a blog post on Tuesday. "This can cause a surprisingly heavy load on the target server."

More at :-
http://www.infoworld.com/d/security/ddos-botnet-cl...

--
Was this reply relevant?
+0
-0
mogs CClip 45
Expert Contributor 8th Mar, 2012 16:11
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Chrome succumbs to Pwn2Own contest hack
Plus, Google's 'Pwnium' snares a Chrome sandbox-escape exploit with $60K bait

By Gregg Keizer
March 8, 2012 08:33 AM
Computerworld - Google's Chrome fell to researchers' exploits Wednesday in both hacking challenges running this week at the CanSecWest security conference.

Yesterday was the first of three days for the "Pwn2Own" contest -- now in its fifth year -- and for Google's rival upstart, "Pwnium."

While Chrome went untouched in the last two years of "Pwn2Own," it was the first to fall to researchers Wednesday when a French team demonstrated a two-vulnerability attack on the browser running in Windows 7.

More at :-
http://www.computerworld.com/s/article/9225010/Chr...

--
Was this reply relevant?
+0
-0
mogs CClip 46
Expert Contributor 8th Mar, 2012 16:20
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Google search domains to get HTTPS by default
More encouragement to use Google sign-on
By John E Dunn | Techworld | 08 March 12

The steady roll-out of SSL for the world's most popular websites continues with the news Google's global search domains including google.co.uk are finally to get HTTPS encryption by default over the coming weeks.

The company turned on HTTPS by default for its global .com domain in October, which now works for all users while signed into Google services, before which secure searching had to be conducted through a special site few would have heard of, https://encrypted.google.com.

Even once turned on, users outside the US wanting to access the HTTPS feature would have had to manually specify the .com domain (which some know is encrypted), or the equivalent local domain (which many don't) or change the default search engine in their browser, which few do.

Once implemented, the new setting will make that unnecessary although all users will still need to be signed into a Google service to access HTTPS search.

Read more at :-
http://www.pcadvisor.co.uk/news/security/3343123/g...

--
Was this reply relevant?
+0
-0
mogs CClip 47
Expert Contributor 8th Mar, 2012 17:04
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK

March 8th, 2012, 14:21 GMT · By Eduard Kovacs
Hackers Find Flaws in Microsoft, Dell and TBS Sites

A security researcher that goes by the online handle Flexxpoint found a cross-site scripting (XSS) vulnerability in Microsoft’s main site. The official sites of Dell Australia and Turner Broadcasting System (TBS) were identified as containing security holes by the grey hat hacker team known as BlitzSec.

E Hacking News reports that Flexxpoint discovered the XSS issue in the products page and demonstrated his findings with a simple proof of concept code.

If successfully exploited, the vulnerability could allow a hacker with a malicious plan to steal cookies and even launch phishing attacks.

The same expert recently identified a similar weakness in the official site of Ubuntu (Ubuntu.com).

The other two websites that were appointed as being vulnerable by BlitzSec hackers are also susceptible to XSS attacks.

“Dell.... You should know better than this D: cmmon patch this [expletive] up,” a BlitzSec representative said.

With TBS it’s a bit different. The site was previously named as being easy to compromise by TeamHav0k and its administrators were notified on these issues at the time.

Since the website remained unsecured, cookie stealing, XSS Tunnels, and XSS attacks using Metasplot (XSSF) can be performed by hackers who exploit the high severity flaws.

“TBS you need to implement XSS filters. I was surprised to find this even after TeamHav0k's XSS find on your site, thought you would have learned. Patch up XSS across your whole site, not just the affected page brought to your attention,” a BlitzSec hacker explained.

Lately, the large number of security holes identified by security experts and hackers in the public websites managed by high-profile companies proved that the number of sites that are completely secure is really low.

Hackers are racing to disclose vulnerabilities in sites, but if they keep it up, this will soon become a contest in which the prize will go to those that find a secure domain.

http://news.softpedia.com/news/Hackers-Find-Flaws-...

--
Was this reply relevant?
+0
-0
mogs CClip 48
Expert Contributor 8th Mar, 2012 21:57
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Chrome Stable Channel Update
| 09:20
Labels: Stable updates
The Chrome Stable channel has been updated to 17.0.963.78 on Windows, Mac, Linux and Chrome Frame. This release fixes issues with Flash games and videos, along with the security fix listed below.

Security fixes and rewards:

Congratulations again to community member Sergey Glazunov for the first submission to Pwnium!

[Ch-ch-ch-ch-ching!!! $60,000] [117226] [117230] Critical CVE-2011-3046: UXSS and bad history navigation. Credit to Sergey Glazunov.

Please see the Chromium security page for more detail. Note that the referenced bugs may be kept private until a majority of our users are up to date with the fix.

Full details about what changes are in this release are available in the SVN revision log. Interested in hopping on the stable channel? Find out how. If you find a new issue, please let us know by filing a bug.

Jason Kersey
Google Chrome

--
Was this reply relevant?
+0
-0
mogs CClip 49
Expert Contributor 8th Mar, 2012 21:59
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Beta Channel Update
Thursday, March 8, 2012 | 12:11
Labels: Beta updates

The Beta channel has been updated to 18.0.1025.54 for Windows, Mac, Linux and Chrome Frame platforms

All
Fixed Chrome install/update resets Google search preferences (Issue: 105390)
Don't trigger accelerated compositing on 3D CSS when using swiftshader (Issue: 116401)
Fixed a GPU crash (Issue: 116096)
More fixes for Back button frequently hangs (Issue: 93427)
Bastion now works (Issue: 116285)
Fixed Composited layer sorting irregularity with accelerated canvas (Issue: 102943)
Fixed Composited layer sorting irregularity with accelerated canvas (Issue: 102943)
Fixed Google Feedback causes render process to use too much memory (Issue: 114489)
Fixed after upgrade, some pages are rendered as blank (Issue: 109888)
Fixed Pasting text into a single-line text field shouldn't keep literal newlines (Issue: 106551)
More details about additional changes are available in the svn log of all revisions. If you find a new issue, please let us know by filing a bug.

Karen Grunberg
Google Chrome

--
Was this reply relevant?
+0
-0
Anthony Wells RE: Daily CYBERCLIPS March
Expert Contributor 9th Mar, 2012 16:06
Score: 2434
Posts: 3,317
User Since: 19th Dec 2007
System Score: N/A
Location: N/A

Hi ,

Reference CClip 46 (above) , it is important to "sign-in" with each and every browser . For technical/security reasons (specific to me) , I tend to open Firefox first and sign in to my Gmail and thus get the https when on the Google search/home page .

When I then load Chrome , Gmail (normally) is already/still "signed in" , but the Home/Search page is not https ; it probably would be (needs checking) if I used the Google sync option , at the moment , I do not : thus I need to sign in a second time for https to activate and display .

Hope this is helpful .

Take care

Anthony

--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+0
-0
mogs CClip 50
Expert Contributor 9th Mar, 2012 22:14
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Microsoft to patch Windows bug called 'Holy Grail' by one researcher
Announces next week's Patch Tuesday line-up, will fix 7 flaws in Windows, developer software

By Gregg Keizer
March 9, 2012 02:59 PM ET
Computerworld - Microsoft yesterday said it would ship six security updates next week, only one critical, to patch seven vulnerabilities in Windows and a pair of for-developers-only programs.

This year's March Patch Tuesday will feature three more updates and three more patches than the same month in 2011, but will fix fewer bugs than the March roster in each of the years 2008-2010, according to records kept by Andrew Storms, director of security operations at nCircle Security.

One of the six updates was tagged "critical," the highest threat ranking in Microsoft's four-label system, while four were marked "important," the second-level rating, and the sixth as "moderate." One of the important updates, as well as the sole critical one, will patch bugs that Microsoft confirmed could be exploited by attackers to compromise PCs and plant malware on victimized machines.

More at :-
http://www.computerworld.com/s/article/9225063/Mic...

--
Was this reply relevant?
+0
-0
mogs CClip 51
Expert Contributor 9th Mar, 2012 22:22
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
French team brings down IE9 at Pwn2Own hacking contest
And Google patches Chrome bugs revealed after $60,000 Pwnium payout

By Gregg Keizer
March 9, 2012 12:56 PM ET
Computerworld - A team from a French security firm hacked Microsoft's Internet Explorer 9 (IE9) yesterday at "Pwn2Own," making it two browsers busted in two days at the annual contest.

Also on Thursday, Google patched Chrome to fix two vulnerabilities that a long-time contributor to its bug bounty program used the day before to win $60,000 at "Pwnium," Google's first-ever hacking event.

The group from Paris-based Vupen Security brought down IE9 running on Windows 7 by exploiting a pair of previously-unknown "zero-day" bugs that bypassed the operating system's defensive technologies to execute attack code, allowing that code to escape from IE's "Protected Mode," the browser's limited-rights anti-exploit system.

More at :-
http://www.computerworld.com/s/article/9225055/Fre...

--
Was this reply relevant?
+0
-0
mogs CClip52
Expert Contributor 9th Mar, 2012 22:29
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Security firm goes public with Apple Safari flaws
Secunia publishes information on two vulnerabilities in browser after Apple reportedly fails to provide status updates

By Robert Lemos |


Danish security firm Secunia published information on two unpatched vulnerabilities in Apple's Safari 5 browser on Friday, after the consumer-technology firm allegedly failed to provide status updates on the patch process.

Secunia reported the two vulnerabilities -- one of which could result in remote exploitation of a user's machine under certain circumstances -- to Apple more than six months ago, the company stated in a blog post.

Secunia's policy states that if a software vendor fails to adequately respond to a vulnerability report within six months, the security firm will release limited data on the issue. Apple is the first major vendor to run afoul of the deadline that the company has imposed to make software companies take patching more seriously.

Read more at :-
http://www.infoworld.com/t/patch-management/securi...

--
Was this reply relevant?
+0
-0
mogs CClip 53
Expert Contributor 9th Mar, 2012 22:43
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Google patches rare critical vulnerability in Chrome
The sandbox escape vulnerability patched in Chrome 17.0.963.78 was disclosed this week in the Pwnium contest at CanSecWest

By Lucian Constantin | IDG News Service


Google has patched a critical Chrome vulnerability disclosed Wednesday at the CanSecWest security conference ithat can be exploited to escape from a browser's secure sandbox.

Russian security researcher Sergey Glazunov demonstrated a remote code-execution (RCE) exploit against a fully patched version of Chrome on Windows 7 as part of Google's Pwnium contest held at the conference in Vancouver.

Glazunov's exploit leveraged two Chrome vulnerabilities -- one that allows the execution of arbitrary code and one that bypasses the browser's much-touted security sandbox, which normally restricts such exploits.

Remote code-execution vulnerabilities, while very serious, are relatively common in all software products. However, the sandbox escape ones are extremely rare and, according to TippingPoint, which runs the separate Pwn2Own contest at CanSecWest, are worth much more than the $60,000 Glazunov earned from Google for reporting it.

More at :-
http://www.infoworld.com/d/security/google-patches...

--
Was this reply relevant?
+0
-0
mogs CClip 54
Expert Contributor 10th Mar, 2012 15:34
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK

Symantec: Norton Antivirus Code Leaked by Anonymous Authentic

Symantec confirmed for Infosec Island that the Norton Antivirus 2006 source code leaked by Anonymous yesterday was in fact genuine. However, company representatives state that they were expecting this move and that customers are not affected in any way.

We previously reported that the 1.4 gigabyte code published by the hackers on The Pirate Bay looked to be legitimate, and our suspicions turned out to be true. Symantec confirmed that it was an authentic leak, but since the move was expected, the firm doesn’t seem to be concerned about the outcome.


“Symantec can confirm that the source code for 2006 versions of Norton Antivirus posted by Anonymous is authentic. The exposure of this code poses no increased risk to Norton or Symantec customers,” said Cris Paden, senior manager for corporate communications at Symantec.

More at :-
http://news.softpedia.com/news/Symantec-Norton-Ant...

--
Was this reply relevant?
+0
-0
mogs CClip 55
Expert Contributor 10th Mar, 2012 15:39
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK

Finland Has the Least Malware, Albania the Most

A recent study made by security company Norman shows that Scandinavian countries are the safest from the perspective of global malware rates. At the other end of the poll we find an Eastern European country.


Data supplied by Norman’s Malware Cleaner demonstrates that Finland has the lowest rate of infection in the world. The figures show that malware is present only on close to 25% of all the computers. Of course, this doesn’t mean that 25% is not much; on the contrary.

Finland is followed closely by Norway and Sweden, the fourth position being occupied, surprisingly, by Puerto Rico, with around 25-28% of computers being affected by malware.

The top ten malware-free countries is completed by Denmark, Myanmar, Singapore, Sudan, Netherlands, and Lebanon.

One note must be made before moving on. Hackers from Lebanon told us a few days back that most of the country’s public websites, including ones managed by the government, are full of security holes.

Security holes in sites are not necessarily related to malware infections, but it is something worth mentioning.

More at :-
http://news.softpedia.com/news/Finland-Has-the-Lea...

--
Was this reply relevant?
+0
-0
mogs CClip 56
Expert Contributor 10th Mar, 2012 15:46
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Six Bulletins Included in Microsoft’s March 14th Security Update On March 14th, Microsoft will push a new set of security updates to its users, meant to patch some of the flaws recently found in some of its products.

The company has already announced its intent to push the update out on March 14th, and also unveiled some details on what it will include.

Six bulletins will be included in the update, one of which is rated critical and which affects Windows XP Service Pack 3, Windows Server 2003 Service Pack 2, Windows Vista Service Pack 2, Windows Server 2008 Service Pack 2 (x32), Windows 7(x32), Windows Server 2008 R2 (x64).

The issue could allow for Remote Code Execution, Microsoft explains in the Microsoft Security Bulletin Advance Notification for March 2012.

Two other bulletins in the software update are rated Important for Windows machines, while another is rated Moderate.

One of the said Important bulletins patches a breach that could result in Denial of Service, while the other is destined for an issue that could allow for Elevation of Privilege. The problem rated Moderate could result in Denial of Service.

Additionally, there is a bulletin meant to resolve a security issue with Microsoft Visual Studio, which might result in Elevation of Privilege, while the sixth of them is meant for a security hole in Microsoft Expression Design, which could allow for Remote Code Execution. Both of these are rated Important.

Additional info on these will become available when Microsoft issues the update. The official Microsoft Security Bulletin numbers will be released at that time as well.

As usual, users who have the Windows Update feature enabled on their PCs should be receiving the security patches automatically, without any additional maneuvers. Those who disabled the feature, however, will have to perform a manual update if they want the new security enhancements to be installed on their machines.

http://news.softpedia.com/news/Six-Bulletins-Inclu...

--
Was this reply relevant?
+0
-0
mogs CClip 57
Expert Contributor 11th Mar, 2012 08:43
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Chrome Stable Update
Saturday, March 10, 2012 | 10:26
Labels: Stable updates
The Chrome Stable channel has been updated to 17.0.963.79 on Windows, Mac, Linux and Chrome Frame. This release fixes issues with Flash games, along with the security fix listed below.

Security fixes and rewards:

Congratulations to PinkiePie (aka PwniePie) for a beautiful piece of work to close out the Pwnium competition!

We’re delighted at the success of Pwnium and the ability to study full exploits. We anticipate landing additional changes and hardening measures for both CVE-2011-3046 and CVE-2011-3047 in the near future. We also believe that both submissions are works of art and deserve wider sharing and recognition. We plan to do technical reports on both Pwnium submissions in the future.

[Like a b-b-b-b-boss!!! $60,000] [117620] [117656] Critical CVE-2011-3047: Errant plug-in load and GPU process memory corruption. Credit to PinkiePie.

Please see the Chromium security page for more detail. Note that the referenced bugs may be kept private until a majority of our users are up to date with the fix.

Full details about what changes are in this release are available in the SVN revision log. Interested in hopping on the stable channel? Find out how. If you find a new issue, please let us know by filing a bug.

Jason Kersey
Google Chrome

--
Was this reply relevant?
+0
-0
mogs CClip 58
Expert Contributor 12th Mar, 2012 19:22
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK

Pwn2Own, Pwnium pay researchers $210K for browser bugs
Last day of hacking events shake loose bugs in Firefox, Chrome

By Gregg Keizer
March 12, 2012 06:32 AM ET
Computerworld - Researchers last Friday unveiled zero-day vulnerabilities in Google's Chrome and Mozilla's Firefox during the final day of two hacking challenges that awarded $210,000 to contestants.

The Chrome vulnerabilities were submitted by a teenage researcher identified as "PinkiePie," who was only the second to participate in the Google-sponsored "Pwnium" event.

After verifying that PinkiePie's work met Pwnium's requirement for a "full Chrome exploit" -- meaning that the two bugs were in the browser's own code and included a "sandbox escape" exploit -- Google awarded him $60,000.

It was the second such payout during the three-day event. On Wednesday, Google paid $60,000 to Sergey Glazunov, a frequent recipient of bounties paid by Google throughout the year.

In announcing PinkiePie's win, Jason Kersey, a Chrome program manager, called the researchers' exploits "works of art." Kersey also promised that Google would publish technical write-ups of the two Pwnium submissions.

More at :-
http://www.computerworld.com/s/article/9225088/Pwn...

--
Was this reply relevant?
+0
-0
mogs CClip 59
Expert Contributor 12th Mar, 2012 19:36
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Microsoft will roll out a critical Windows patch tomorrow SOFTWARE PATCH FACTORY Microsoft has warned users of its Windows operating systems from Windows XP SP3 right up to Windows 7 that it has discovered a critical security flaw that could allow remote code execution.
The software company has given advanced warning that it will be issuing a patch to plug the vulnerability tomorrow in its March Patch Tuesday release.
Windows 7 for 32-bit Systems and Windows 7 for 32-bit Systems Service Pack 1 are affected, as are Windows 7 for 64-bit based Systems and Windows 7 for 64-bit based Systems Service Pack 1.
Older PCs running Windows XP Service Pack 3, together with those running Windows XP Professional 64-bit Edition Service Pack 2 also will all need to be patched.
And it is not just client-side versions of Windows that are vulnerable. Windows Server 2008 R2 for 64-bit based Systems and Windows Server 2008 R2 for 64-bit based Systems Service Pack 1 are also affected. As are Windows Server 2008 R2 for Itanium-based Systems and Windows Server 2008 R2 for Itanium-based Systems Service Pack 1.
Windows Server 2003 is also vulnerable to the bug.
The software firm also said it had discovered some additional Windows security bugs rated "Important", which could result in Denial of Service attacks and escalation of privileges on affected systems running all versions of the operating system from Windows XP SP3 up through Windows 7. There is also a bug rated "Moderate" that could be exploited to allow denial of service (DoS) attacks on Windows Vista and Windows 7 boxes.
In addition, Microsoft will issue a fix for an "Important" rated bug in Visual Studio that could be exploited to escalate privileges on compromised systems.

http://www.theinquirer.net/inquirer/news/2158674/m...


--
Was this reply relevant?
+0
-0
mogs CClip 60
Expert Contributor 12th Mar, 2012 19:40
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK

Digital Playground porn site hacked, user details stolen

Written by
Jon Martindale

12 March, 2012hackers porn site hacked digital playground

Hackers are claiming to have found a way to steal data on over 70,000 users, from the porn site Digital Playground, stating that they have passwords, user names and email addresses - and a few credit card details too.

This is no Lulzsec or Anonymous hack, instead it is from a new hacking group making themselves known with this attack. Their name? The ominous sounding "Consortium."

In the wake of the hack, the Digital Playground site has been left online, but it has a message stating "Members area is available, but we are not currently accepting new sign up's. Click here to access the members area."

The Consortium has posted some details from the attack over at Zone-h, stating that it currently has 72,000 email addresses, usernames and passwords, along with 40,000 numbers, expiry dates and security codes from user credit cards.



Read more: http://www.itproportal.com/2012/03/12/digital-play...

--
Was this reply relevant?
+0
-0
mogs CClip 61
Expert Contributor 12th Mar, 2012 19:46
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Two domain name registrars behind most rogue pharma sites, says study
Bahamas registrar pointed out as main culprit
By Loek Essers | 12 March 12

Research done by LegitScript, a company that maintains a database with legitimate online pharmacies, suggests that two domain name registrars are responsible for more than half of all rogue pharmacy sites in the world.

The domains are used to sell "female Viagra" and drugs like Xanax and Vicodin without prescription. U.S.-based LegitScript said that about one in three rogue online pharmacies in its database is registered with Internbet.bs, a registrar that is located in the Bahamas.

Read more at :-
http://www.pcadvisor.co.uk/news/security/3343914/t...

--
Was this reply relevant?
+0
-0
mogs CClip 62
Expert Contributor 12th Mar, 2012 19:51
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Mozilla to drop Windows 8 Firefox bomb on IE 10

One browser to straddle Metro and classic UIs
By Gavin Clarke •

Posted in Operating Systems, 12th March 2012 10:39 GMT
VeriSign SSL, now from Symantec. www.verisign-trusted.com/symantec
The Mozilla Foundation has started work on a Firefox port that will run in the Windows 8 classic desktop and the tablet-friendly Metro user interfaces.

Moz dev Brian Bondy, who described the project in detail on his blog, said the goal is to deliver a single browser capable of straddling the Microsoft operating system's split personalities, rather than building two separate applications.


Mozilla unveiled its plans for Firefox on Windows 8 in February. An alpha and beta are due in the second half of 2012.

The unified build of Firefox will be a "Metro-style enabled desktop browser", allowing it to compete directly against Internet Explorer 10. This is a third application type; until now the assumption had been there would be just two operating modes for Windows 8 programs: classic desktop or Metro.

Read more at :-
http://www.theregister.co.uk/2012/03/12/firefox_wi...

--
Was this reply relevant?
+0
-0
mogs CClip 63
Expert Contributor 12th Mar, 2012 19:55
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Fake CAPTCHAs Fool Users into Posting Comments

It’s known that the success of a Facebook scam campaign largely depends on the number of Shares, Likes and comments the phony advertisement gets from real users. Crooks devised a new way to dupe customers into commenting on a scheme that ultimately leads to a survey.


Bitdefender experts reveal that it all starts as with any other scam. A post promises prizes or outrageous content.

While in regular scams the unsuspecting victim would be urged to press a Like or a Share button, in this case he/she is presented with a site that displays a CAPTCHA that allegedly must be entered as part of a security verification.

What Facebook members don’t know is that when they write the “security code” they are actually posting a comment to the scam.

Read more at :-
http://news.softpedia.com/news/Fake-CAPTCHAs-Fool-...

--
Was this reply relevant?
+0
-0
mogs CClip 64
Expert Contributor 12th Mar, 2012 19:58
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Firefox 11 Release May Be Delayed According to their release schedule, Mozilla should offer Firefox 11 stable tomorrow. However, a few problems may delay the launch.

Some of the issues that may deter the development team from delivering Firefox 11 according to the plan, there is the security hole uncovered during the Pwn2Own contest at CanSecWest. Since there are no details about the nature of the vulnerability, the team is having a hard time patching the application.

Equally important is a bug that cannot be reproduced. It causes problems with the graphics driver blocklist, which results in crashes and blank/black screens.

The third reason is that tomorrow’s patch Tuesday and Microsoft’s updates might contain something that affects Firefox.

At the moment, the release schedule remains unchanged and the plan is to start pushing the updates on Thursday or Friday. The release candidate is available for download from Mozilla’s servers.

http://news.softpedia.com/news/Firefox-11-Release-...

--
Was this reply relevant?
+0
-0
mogs CClip 65
Expert Contributor 13th Mar, 2012 03:06
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK

March 12th, 2012, 19:00 GMT · By Eduard Kovacs
Security Holes Found on HCL Site, Vendor Secretly Fixes Bugs (Exclusive)

Independent security researcher Shadab Siddiqui provided us proof that shows the presence of some serious vulnerabilities on the Intranet site of HCL Technologies, a global IT services company based in India.

“This is a website that has SSL installed (i.e. HTTPS) and they are IT service providers and this is the quality they develop. Their own website is vulnerable to SQL Injection and other things,” Shadab told us.


The screenshots and the documentation the expert provided revealed the existence of SQL Injection and cross-site scripting (XSS) issues that could have allowed an attacker to compromise the site.

“I found that the target web site is connecting to the backend database by using a user that has administrative privileges. This can allow an attacker to gain extra privileges via SQL Injection attacks,” he explained.

By leveraging these weaknesses a hacker may have been able to gain full access to the database server and execute commands on the underlying operating system.

Regarding the XSS flaws, Shadab said, “Cookie was not marked as secure and transmitted over HTTPS. This means the cookie could potentially be stolen by an attacker who can successfully intercept and decrypt the traffic or following a successful MITM (Man in the middle) attack.”

HCL was contacted a few days ago, all the necessary documentation regarding the presence of the security holes being given to the site’s webmasters. Today, the site was checked once again and the vulnerabilities seem to have disappeared, which means that in the past days the issues have been addressed.

“This is the issue with these people. They can’t even say ‘thanks’,” Shadab concluded.

On the bright side, at least the company takes security seriously and rushed to patch up the vulnerabilities. On the other hand, it’s a shame that companies refuse to work with security professionals that want to lend them a hand in securing their infrastructures and public websites.

http://news.softpedia.com/news/Security-Holes-Foun...

--
Was this reply relevant?
+0
-0
mogs CClip 66
Expert Contributor 13th Mar, 2012 03:14
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Chrome Beta Channel Update
| 12:33
Labels: Beta updates

update: The Beta channel for Mac is back to the 18.0.1025.54 version due to Flash running incorrectly.


The Beta channel has been updated to 18.0.1025.56 for Windows, Mac, Linux and Chrome Frame platforms

This build has the following changes:
GPU acceleration of the Canvas 2D is now disabled by default and can be enabled in about:flags
We've disabled the image transport surface on Windows Vista and 7. For gpu accelerated content gpu process now renders directly to the window.
Core Animation plugins no longer trigger gpu accelerated compositing on the Mac.

These changes are due to stability measures and some or all of these features may be enabled again in a future release.



If you find a new issue, please let us know by filing a bug.

Karen Grunberg
Google Chrome

--
Was this reply relevant?
+0
-0
mogs CClip 67
Expert Contributor 13th Mar, 2012 11:35
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
XSS, Memory Corruption and Other Issues Addressed in Safari 5.1.4 Apple recently released Safari 5.1.4, the latest version of the popular browser, bringing not only improvements in the feature department, but also some updates that address security holes that could allow an ill-intended hacker to cause some serious damage.


One of the more important issues was identified by Matt Cooley from Symantec, who noticed that the International Domain Name (IDN) support in Safari could be utilized to create URLs that contain look-alike characters.

These URLs could have been easily leveraged by an attacker in phishing and other malicious campaigns that promoted shady or dangerous products. Fortunately, the weakness was resolved with the use of an improved domain name validity check system.

A problem that posed a serious threat to the privacy of customers referred to the fact that the browsing history was recorded, even if the Private Browsing feature was active.

As far as the vulnerabilities discovered in the WebKit are concerned, a familiar name pops up. Three of the five cross-site scripting issues that existed in the WebKit were credited to Sergey Glazunov, the Russian security expert that amazed everyone by finding a flaw in Google Chrome, shortly after the browser-hacking Pwnium competition started.

Glazunov also credited a cross-origin issue in the WebKit component which could have allowed for cookies to be disclosed across origins.

A similar security hole was found by Adam Barth of Google Chrome Security Team. He demonstrated that by visiting a malicious site and by dragging content with the mouse, a cross-site scripting (XSS) attack could be launched.

Other aspects that affected the users’ privacy included an issue in the enforcement of the cookie policy and one in the HTTP authentication process.

Finally, a large number of memory corruption vulnerabilities that may have permitted the execution of arbitrary code have been addressed. Among those who discovered the flaws we find Arthur Gerkis, miaubiz, Abhishek Arya, Cris Neckar, and Aki Helin of OUSPG.

http://news.softpedia.com/news/XSS-Memory-Corrupti...

--
Was this reply relevant?
+0
-0
mogs CClip 68
Expert Contributor 13th Mar, 2012 23:21
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Experts sound worm alarm for critical Windows bug
Microsoft patches Remote Desktop Protocol flaw, urges customers to apply update or workaround ASAP

By Gregg Keizer
March 13, 2012 04:22 PM ET
Computerworld - Microsoft today released six security updates that patched seven vulnerabilities, including a critical Windows bug that hackers will certainly try to exploit with a network worm, according to researchers.

"This is a pre-authentication, remote code bug," said Andrew Storms, director of security operations at nCircle Security, referring to MS12-020, the one critical bulletin today and the update that he, other researchers and even Microsoft urged users to patch as soon as possible.

"It will allow network execution without any authentication, and has all the ingredients for a class worm," said Storms.

"I'm particular spooked by this one," said Jason Miller, manager of research and development at VMware. "Hackers want [vulnerabilities] that don't require authentication and are in a part of Windows that's widely used. I guarantee that attackers are going to look at this closely."

Read more at :-
http://www.computerworld.com/s/article/9225160/Exp...

--
Was this reply relevant?
+0
-0
mogs CClip 69
Expert Contributor 13th Mar, 2012 23:26
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Patch Tuesday: Microsoft Fixes Critical Bug in Remote Desktop Protocol

This month's update from Redmond includes six security advisories, but a pair of IE zero-day exploits demonstrated at last week's Pwn2Own hacking contest remain unpatched.

By Sean Michael Kerner | March 13, 2012 Share

Microsoft's March "Patch Tuesday" update is taking a slightly different approach than in previous months. Released today, this month's Patch Tuesday update includes six security advisories -- and for the most critical flaws, Microsoft is providing both a patch and a 'Fix It' update.

The critical flaws are addressed in the MS12-020 bulletin, detailing vulnerabilities in Remote Desktop Protocol (RDP). The flaws could have potentially enabled an attacker to execute arbitrary remote code.

"The patch actually fixes the problem, and the Fix It implements the workaround," Wolfgang Kandek, CTO of security firm Qualys, told InternetNews.com.

Kandek explained that the Fix It update enables Network Layer Authentication (NLA) protocol, which mitigates the risk that the MS12-020 bulletin warns about. The Fix It also does not require a system reboot, which is required by the full patch.

"The Fix It does not cure the root cause," Amol Sarwate, Director of Vulnerability Labs at Qualys, told InternetNews.com. "It does enough to make sure that attackers can not trigger the vulnerable condition."

Microsoft does not normally release both a Fix It update as well as a full patch at the same time. Typically, Fix It updates have been released as a quick workaround to protect users until a full patch is made available.

More at :-
http://www.esecurityplanet.com/windows-security/pa...

--
Was this reply relevant?
+0
-0
mogs CClip 70
Expert Contributor 13th Mar, 2012 23:32
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK

Mozilla nixes Firefox 11 delay, will launch upgrade today
The company says concern over last week's Pwn2Own bug is unwarranted because it was already patched

By Gregg Keizer

Mozilla on Monday announced it was postponing the release of Firefox 11, but changed its mind today, saying that the browser upgrade would go out on schedule.

Yesterday, Johnathan Nightingale, senior director of Firefox engineering, said Mozilla was delaying Firefox 11's launch to examine a bug unveiled at last week's Pwn2Own hacking contest and to give developers time to scrutinize Microsoft's security updates, set to release today at approximately 1 p.m. ET.

On the last day of Pwn2Own , a two-man team -- Vincenzo Iozzo and Willem Pinckaers -- exploited a Firefox vulnerability to take the contest's $30,000 second-place prize.

ZDI, which sponsored the Pwn2Own hacking contest that ran March 7-9, reported vulnerabilities used at the event to vendors yesterday.

Originally, Nightingale said that the delay would be "a day or two." Today, he updated his post to a Mozilla blog confirming that the upgrade would go out after all. "The security bug reported by ZDI is one we had already identified and fixed through our internal processes," he said. "This eliminates the need for us to delay this week's releases, and we will be shipping them later today."

Read more at :-
http://www.infoworld.com/d/applications/mozilla-ni...

--
Was this reply relevant?
+0
-0
mogs CClip 71
Expert Contributor 14th Mar, 2012 08:33
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Chrome Dev Channel Update
Tuesday, March 13, 2012 | 16:09
Labels: Dev updates
The Dev channel has been updated to 19.0.1068.0 for Windows, Mac, Linux and Chrome Frame. This build contains following updates:

Users of Chrome for Android who have tab sync enabled can use the “Other Devices” menu on the new tab page to open tabs from other devices.
Several fixes and improvements in the new Settings, Extensions, and Help pages.
Fixed the flashing when switched between composited and non-composited mode. [Issue: 116603]
Fixed stability issues 116913, 117217, 117347, 117081

Full details about what changes are in this build are available in the SVN revision log. Interested in switching release channels? Find out how. If you find a new issue, please let us know by filing a bug.

Dharani Govindan
Google Chrome

--
Was this reply relevant?
+0
-0
mogs CClip 72
Expert Contributor 14th Mar, 2012 10:56
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
TeamHav0k Explains the Perils Behind the Flaws in Ancestry.com

TeamHav0k, the grey hat hacker collective that previously uncovered a lot of vulnerabilities in some high-profile sites, returns. They provided proof to show that ancestry.com, a site that allows users to trace their family roots, contains some dangerous security holes.

“We're back baby, and for our first hack back, we will be providing you with the DB of ‘Ancestry.com’ the site that allows you to trace your family roots. A site like this should be more protected considing the kind of information they have on people,” the hackers write.


“Just imagine if NATO, UN, FBI, CIA etc. officials use this site to look back in time to see who all is in their family tree... DoX made easier then [expletive]. This release is not meant to harm anyone its simply just to prove 'Security Is An Illusion'.”

TeamHav0k published a small proof of concept that shows the existence of the vulnerability, along with some database tables to demonstrate that the cross-site scripting (XSS) and the SQL Injection issues they uncovered can be exploited by hackers who don’t have the most honorable intentions.

More at :-
http://news.softpedia.com/news/TeamHav0k-Explains-...

--
Was this reply relevant?
+0
-0
mogs CClip 73
Expert Contributor 14th Mar, 2012 20:45
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
We need good code, says Diffie at Black Hat Europe
Cryptography pioneer formulates three rules for making applications secure

By Loek Essers
March 14, 2012 08:16 AM ET
IDG News Service - AMSTERDAM -- Cryptographer Whitfield Diffie reckons one of the most important things for good cryptography and security in the age of the Internet is good code.

Unfortunately, really good code is generally too expensive to write, he said at the Black Hat Europe conference.

"We are as much moving into a software age as we moved into an iron age," Diffie said, comparing the Internet evolution to the first cities formed on earth. "We take our cultural machinery and are moving that into the Internet," told the audience in the opening keynote of Black Hat Europe here this week.

This calls for a good plan to secure software, said Diffie, one of the pioneers of public-key cryptography.

Read more at :-
http://www.computerworld.com/s/article/9225178/We_...

--
Was this reply relevant?
+0
-0
mogs CClip 74
Expert Contributor 14th Mar, 2012 20:49
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Mozilla, Google commit to Metro browsers for Windows 8
Microsoft's IE10 has five-month head start; documentation on hybrid desktop-Metro browsers only showed up Feb. 29

By Gregg Keizer
March 14, 2012 02:22 PM ET
Computerworld - Mozilla has kick-started development of a Metro-style version of Firefox for Windows 8, Google has committed to doing the same and Opera Software said yesterday that it's looking into the matter.

Those three browser makers would be chasing Microsoft, which has a five-month head start, having already built several iterations of Internet Explorer 10 (IE10) that run on both the Windows 8 traditional desktop and in the operating system's new Metro touch-first user interface (UI).

Mozilla, which first said a month ago that it would build a "proof-of-concept" edition of Firefox for Windows 8's Metro UI, recently revealed more details of the project.

According to Firefox engineer Brian Bondy, Mozilla began actual development of a Windows 8 browser last week.

Read more at :-
http://www.computerworld.com/s/article/9225191/Moz...

--
Was this reply relevant?
+0
-0
mogs CClip 75
Expert Contributor 14th Mar, 2012 20:55
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK

Safer Internet encryption via TLS may take years, expert says
The newest protocol was defined in 2008, but browsers need to catch up to patches applied since then

By Loek Essers | IDG News Service

Although the TLS (Transport Layer Security) 1.2 protocol, designed to make network connections more secure, was defined in 2008, a security expert at Black Hat Europe this week in Amsterdam said it will be years before Web users can reap its benefits.

TLS was developed in 1999 as an improvement on SSL (Secure Socket Layer) data encryption. Though SSL 3.0 is still used, TLS version 1.0 is supported by most commonly used browsers. However, it was proven vulnerable in 2001 when security researchers demonstrated a working exploit, code named BEAST (Browser Exploit Against SSL/TLS).

TLS developers fixed the flaw in 2006 by updating the protocol to version 1.1. An even safer, 1.2 version, was defined in 2008. The problem is, almost no one uses the 1.1 and 1.2 protocols, said Tom Ritter, security consultant for Isec Partners, during his keynote speech at Black Hat Europe on Wednesday in Amsterdam.

He showed the audience TLS implementation tables to emphasize his point. Almost all important browsers support TLS 1.0, but only Opera and Internet Explorer allow users to switch to TLS 1.1 or 1.2 manually.

Read more at :-
http://www.infoworld.com/d/security/safer-internet...

--
Was this reply relevant?
+0
-0
mogs CClip 76
Expert Contributor 14th Mar, 2012 21:00
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Google restores interoperability with AOL AIM
A spam problem originating on AIM prompted Google to shut down the federation between the two networks about two weeks ago
By Juan Carlos Perez | 14 March 12

Google and AOL have restored the interoperability between their two instant messaging (IM) networks, a little over two weeks after it was temporarily suspended due to a spam flood originating in AOL's AIM that affected Gmail Chat and Google Talk users.
An AOL official originally forecasted that a fix to the spam problem could be rolled out on Thursday of last week, but the process took a bit longer, finally culminating on Tuesday.

The interoperability between the two IM networks is now again active and everything is "running smoothly," an AOL spokeswoman said via e-mail.

More at :-
http://www.pcadvisor.co.uk/news/security/3344466/g...

--
Was this reply relevant?
+0
-0
mogs CClip 77
Expert Contributor 14th Mar, 2012 21:04
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK

Shady Media Player Advertises Fake Streaming Services

An apparently harmless looking media player called Web Player, leads unsuspecting users to a number of shady websites that advertise movie streaming services. The worst part about this scam is that it requests credit card details that could later allow the cyber-crooks to access the victims’ bank accounts.


Bitdefender experts came across the player, which comes packed with EULA and other elements designed to dupe internauts into believing that it’s legitimate.

On the other hand, a detailed analysis determined the researchers to catalogue the application as being malicious, naming it Trojan.FakePlayer.B for future references.

Once installed, a pop-up screen requests users to enter an email address and a password allegedly needed for authentication.

Read more at :-
http://news.softpedia.com/news/Shady-Media-Player-...

--
Was this reply relevant?
+0
-0
mogs CClip 78
Expert Contributor 14th Mar, 2012 22:42
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Chrome Beta Channel Update
Wednesday, March 14, 2012 | 13:18
Labels: Beta updates

The Beta channel has been updated to 18.0.1025.58 for Windows, Mac, Linux and Chrome Frame platforms

This build has the following changes:
GPU acceleration of the Canvas 2D is now reenabled.
We've reenabled the image transport surface on Windows Vista and 7.
We fixed a race condition in audio.
Disabled prerender.
These changes are due to stability measures and some or all of these features may be enabled again in a future release.

If you find a new issue, please let us know by filing a bug.

Karen Grunberg
Google Chrome

--
Was this reply relevant?
+0
-0
mogs CClip 79
Expert Contributor 15th Mar, 2012 17:16
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Chrome Dev Channel Update
Thursday, March 15, 2012 | 08:37
Labels: Dev updates

The Dev channel has been updated to 19.0.1068.1 for Windows, Mac, Linux and Chrome Frame. This build contains a fix for browser hang and increase in CPU usage. Full details about what changes are in this build are available in the SVN revision log. Interested in switching release channels? Find out how. If you find a new issue, please let us know by filing a bug.

Dharani Govindan
Google Chrome
1 comments | Links to this post | Email Post

--
Was this reply relevant?
+0
-0
mogs CClip 80
Expert Contributor 15th Mar, 2012 19:04
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Mozilla Changes Firefox Update Cycle .... Because Of Microsoft’s Patch Tuesday
Mozilla has confirmed that it will no longer be releasing Firefox updates on Tuesday as they usually do in order not to clash with Microsoft's scheduled monthly update to Windows and other related applications.
In a http://blog.mozilla.com/futurereleases/ blog post by Johnathan Nightingale, Senior Director of Firefox Engineering, the not-for-profit entity confirmed that Firefox would be released for manual updates only before adding that "in order to understand the impacts [sic] of Microsoft's "Patch Tuesday" fixes, we will initially release Firefox for manual updates only. Once those impacts are understood, we'll push automatic updates out to all of our users."
This means that automatic updates have not taken place as originally expected on the 12th of March. In addition, Nightingale said that a security vulnerability discovered by TippingPoint's Zero Day Initiative had already been idenfitied and fixed through their internal processes.
Firefox's latest update stands at version 11 although the more adventurous could either try the beta version or the alpha one called Aurora.


Read more: http://www.itproportal.com/2012/03/14/mozilla-chan...

--
Was this reply relevant?
+0
-0
mogs CClip 81
Expert Contributor 15th Mar, 2012 19:11
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Symantec warns of 64-bit Windows Trojans
by Gareth Morgan

15 Mar 2012
Symantec has warned of a new Windows 7 Trojan that can elevate the privileges of any restricted process to administrator level, without the user's permission or knowledge.
The latest fully patched versions of Windows 7 are vulnerable to backdoor.Conpee Trojan, warned Mircea Ciubotariu, a security response engineer at Symantec, on a company blog.

The new Trojan targets both 32-bit and 64-bit versions of Windows 7, adding to the growing weight of evidence that malware writers are redesigning their software to bypass security features in 64-bit Windows, said Ciubotariu.
The 64-bit version of Windows 7 and Vista included Kernel Mode Code Signing and Kernel Patch Protection, that were intended to make them less vulnerable to malware.

Read more at :-
http://www.v3.co.uk/v3-uk/news/2159725/symantec-wa...

--
Was this reply relevant?
+0
-0
mogs CClip 82
Expert Contributor 16th Mar, 2012 08:27
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Chrome Beta Channel Update
Thursday, March 15, 2012 | 15:48
Labels: Beta updates
The Beta channel has been updated to 18.0.1025.100 for Windows, Mac, Linux, and Chrome Frame.

This release turns prerendering back on and it contains fixes for a number of stability issues along with other bugs. Full details about what changes are in this build are available in the SVN revision log. Interested in switching to the Beta channel? Find out how. If you find a new issue, please let us know by filing a bug.

Karen Grunberg
Google Chrome


--
Was this reply relevant?
+0
-0
mogs CClip 83
Expert Contributor 16th Mar, 2012 08:35
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Fraudsters “Steal” SIM Cards to Gain Access to OTP Passwords Many bank customers know that when they want to make online transactions from their accounts, the financial institution sends a one-time password (OTP) to their mobile phone to ensure the safety of the operation. However, crooks came up with clever ways to gain access to the passwords without raising any suspicion.

Trusteer experts report that they came across two attack scenarios used by the fraudsters to get the bank to send them the OTP instead of the real customer.


In both scenarios, the con artists use a man-in-the-browser of a phishing attack to obtain the basic information like bank account number, credentials, names, and phone numbers.

These types of schemes are common, which is why financial institutions introduced the OTP authorization system.

So how do the crooks get the OTP?

In the first situation, they use the Gozi Trojan to steal the mobile phone’s IMEI (international mobile equipment identity) from the victims. Gozi does this by prompting the user to enter his/her IMEI before logging in to the online banking account.

Because not everyone knows how to find the phone’s IMEI, the webpage that requests it gives detailed instructions.

Once they’re in the possession of the IMEI, the criminals can contact the victim’s wireless carrier, report the device as being stolen and request a new SIM card. The old SIM card, which is in the possession of the account holder, is deactivated and all the OTPs coming from the bank are sent to the fraudster.

The second scenario is even more complex. The fraudsters use the stolen information (name, address, phone number, etc) to file a report at the local law enforcement agency, saying that the phone has been stolen.

With the police report in hand, the criminal goes to the wireless service provider and requests a new SIM card, but not before calling the victim to notify him/her that there will be a 12 hour service interruption.

When the victim’s SIM is deactivated, it doesn’t raise any suspicion, because he/she was informed, allegedly by the phone company, that the service is about to be interrupted. Until the accountholder picks up on the scam, the crooks have enough time to cause serious damage.

http://news.softpedia.com/news/Fraudsters-Steal-SI...

--
Was this reply relevant?
+0
-0
mogs CClip 84
Expert Contributor 16th Mar, 2012 08:43
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Mozilla will start Firefox silent updates in June
Patches Pwn2Own bug; also announces end of updates for Firefox 3.6

By Gregg Keizer
March 15, 2012 02:23 PM ET
Computerworld - Mozilla yesterday reiterated that it's still working on silent updates for Firefox, and said it should have the Chrome-like service in place by early June.

In a sweeping summary of 2011's accomplishments and an outline of plans for 2012, Robert Nyman, a Mozilla technical evangelist, listed silent updates as one the projects the company will finish this year. "Updates will now be downloaded and installed silently in the background," wrote Nyman in a Wednesday post to the Hacks Mozilla blog. "Silent updates are currently planned to land in Firefox 13."

Mozilla unloads a Firefox upgrade every six weeks -- it launched Firefox 11 just two days ago -- and has Firefox 13's release on the calendar for June 5, 2012.

Mozilla has been working on silent updating for about 17 months. At one point, it thought it could add the feature to Firefox 4, which shipped in March 2011, but abandoned that work when the upgrade was delayed several times for other reasons.

Read more at :-
http://www.computerworld.com/s/article/9225235/Moz...

--
Was this reply relevant?
+0
-0
mogs CClip 85
Expert Contributor 16th Mar, 2012 08:48
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Digitally signed malware is increasingly prevalent, researchers say
Malware authors are signing their malicious creations with stolen digital certificates to bypass antivirus detection and defense mechanisms

By Lucian Constantin
March 15, 2012 02:01 PM ET
IDG News Service - Security companies have recently identified multiple malware threats that use stolen digital certificates to sign their components in an attempt to avoid detection and bypass Windows defenses.

When it was discovered in 2010, the Stuxnet industrial sabotage worm surprised the security industry with its use of rootkit components that were digitally signed with certificates stolen from semiconductor manufacturers Realtek and JMicron.

Security experts predicted at the time that other malware creators would adopt the technique in order to bypass the driver signature enforcement in 64-bit versions of Windows Vista and 7. Given recent developments it seems that they were right.

A backdoor discovered by Symantec in December installed a rootkit driver signed with a digital certificate stolen from an undisclosed company. The certificate was revoked by VeriSign at the owner's request nine days later.

Read more at :-
http://www.computerworld.com/s/article/9225237/Dig...

--
Was this reply relevant?
+0
-0
mogs CClip 86
Expert Contributor 16th Mar, 2012 18:31
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
PoC code uses super-critical Windows bug to crash PCs

Crash code real, but Sabu worm rumours ... not so much
By John Leyden •

Posted in Malware, 16th March 2012 13:44 GMT
Security watchers have discovered proof-of-concept code that attempts to exploit a high-risk Windows security hole, causing computers to crash.

The exploit attacks a RDP (Remote Desktop Protocol) flaw patched by Microsoft on Tuesday. Redmond's security staffers warned at the time that the critical update (MS12-020) was of a type hackers were likely to latch onto, warning that exploits were likely to follow within 30 days.


The discovery of proof-of-concept code on a Chinese website less than 72 hours later came as no great surprise. Security firms warned that worse is likely to follow. The vulnerability might easily be exploited to create a worm that spreads automatically between vulnerable computers.

More at :-
http://www.theregister.co.uk/2012/03/16/rdp_worm/

--
Was this reply relevant?
+0
-0
mogs CClip 87
Expert Contributor 16th Mar, 2012 19:11
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK

Microsoft Addresses Flash Component Vulnerability in Bing

Three of the Vulnerability Lab’s researchers worked together on finding and demonstrating a critical editor Flash component vulnerability on Microsoft’s Bing Service Application.


Security experts Subho Halder, Aditya Gupta and Dev Kar identified the critical severity flaw and reported it to Microsoft on February 7, 2012.

Microsoft responded 2 days later and on March 14 the issue was addressed.

If unaddressed, the remotely exploitable Flash component vulnerability may have allowed an attacker to implement malicious persistent comments while the user was editing or posting via Flash.

More at :-
http://news.softpedia.com/news/Microsoft-Addresses...

--
Was this reply relevant?
+0
-0
mogs CClip 88
Expert Contributor 16th Mar, 2012 19:39
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Pidgin 2.10.2 Fixes Two DoS Vulnerabilities

Versions up to and including 2.10.1 are affected.

March 15, 2012 Share
Version 2.10.2 of the Pidgin instant messaging application was recently released.

"According to its developers, the maintenance and security update brings a number of changes and addresses two denial-of-service (DoS) vulnerabilities that could be exploited by an attacker to cause the application to be terminated," The H Security reports.

"These remote crashes are caused when the MSN server sends messages that are not UTF-8 encoded and also when some types of nickname changes occur in chat rooms using the XMPP protocol," the article states. "Versions up to and including 2.10.1 are affected."

Go to "Pidgin IM client 2.10.2 closes DoS holes" to read the details

http://www.esecurityplanet.com/patches/pidgin-2.10...

--
Was this reply relevant?
+0
-0
mogs CClip 89
Expert Contributor 16th Mar, 2012 19:43
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
If you’re worried about identity theft, Trend Micro has the answer.
Most of us live our lives online these days, and that includes all kinds of ecommerce activity from buying a new Blu-ray to checking how healthy (or unhealthy) our bank account is. But despite the obvious convenience that online financial transactions offer, there's always that underlying fear of someone stealing your details and going on a spending spree.
In an effort to avoid the scenario above we're encouraged to create ever more complex passwords, and to employ different passwords for each service or website. That's good advice, but the problem is that it's all too easy to forget which password is associated with which site, leading to a lot of time wasting and frustration.
DirectPass from Trend Micro aims to keep your identity secure, while also making your life easier by remembering all your login and password details. DirectPass can manage all your passwords and login IDs and seamlessly login to websites without the need for entering any user data. Of course all your passwords and login details are kept safe - far safer than all those post-it notes you have dotted around with passwords on them anyway!
As well as storing all your password and login details, DirectPass also provides a secure browser specifically for accessing bank and financial transaction websites. On top of that, it also protects against key-logging malware, even if you weren't aware it was there.


Read more: http://www.itproportal.com/2012/03/16/protect-your...

--
Was this reply relevant?
+0
-0
mogs CClip 90
Expert Contributor 16th Mar, 2012 19:48
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
SourceForge pulls Anonymous OS due to ‘security risk’

The site distributing the questionable operating system has removed it from the site just one day after launch.
By Jennifer Scott, 16 Mar 2012 at 12:09

SourceForge prides itself on its lack of judgement on the internet, but even it has drawn the line with the operating system, reportedly launched by hacktivist group Anonymous.

Yesterday, the site began hosting the file for users to download the Linux-based OS, which some claimed to be the work of Anonymous, designed to help get around security protections and increase the capabilities of its hacker followers.

Today has seen SourceForge remove the file and release a statement claiming it now believes it is a security risk.

More at :-
http://www.itpro.co.uk/639613/sourceforge-pulls-an...

--
Was this reply relevant?
+0
-0
mogs CClip 91
Expert Contributor 16th Mar, 2012 22:05
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Last edited on 16th Mar, 2012 22:08
Another Chrome Beta Channel Update !!
Friday, March 16, 2012 | 12:14
Labels: Beta updates

The Beta channel has been updated to 18.0.1025.108 for Windows, Mac, Linux, and Chrome Frame.

This release changes to V8 version 3.7 and it contains fixes for a number of stability issues along with other bugs. Full details about what changes are in this build are available in the SVN revision log. Interested in switching to the Beta channel? Find out how. If you find a new issue, please let us know by filing a bug.

Karen Grunberg
Google Chrome

--
Was this reply relevant?
+0
-0
mogs CClip 92
Expert Contributor 17th Mar, 2012 01:18
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
AVAST Drops Main Support Service AVAST CEO Vince Steckler has announced on the company blog that they have removed iYogi support service from their website.

The grounds for this decision are the recent reports that iYogi employees would pitch premium support packages to users calling in to get support for Avast Free, by scamming them into believing their computers had issues.

iYogi’s services included free phone support for users of the security product, primarily the free version. The number of users requiring assistance was between 20 and 30,000, and customer satisfaction level was quite high, according to AVAST’s CEO.

However, since the company’s profit is not made from striking retail deals, but relies on user referral and recommendation, such behavior from iYogi employees would negatively impact the users’ trust in AVAST.

Until resolving this issue with iYogi, Avast users in need of technical support have at their disposal the options available on the website.

http://news.softpedia.com/news/AVAST-Drops-Main-Su...

--
Was this reply relevant?
+0
-0
mogs CClip 93
Expert Contributor 17th Mar, 2012 08:42
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Microsoft may have leaked attack code for critical Windows bug, says researcher
Hackers rushing to create an exploit for worm-ready RDP flaw may have gotten help from Microsoft or one of its AV partners

By Gregg Keizer
March 16, 2012
Computerworld - Hackers who posted a barebones proof-of-concept attack for a critical Windows vulnerability may have obtained some of the code from Microsoft or one of its antivirus partners, the bug's finder said today.

Luigi Auriemma, an Italian security researcher who discovered the vulnerability in Windows' Remote Desktop Protocol (RDP) in May 2011, then submitted it to a Hewlett-Packard bug bounty program, spelled out the leak theory in a long post to his personal blog Friday.

On Tuesday, Microsoft updated all flavors of Windows to patch the critical RDP vulnerability, telling customers "[We] strongly encourage you to make a special priority of applying this particular update."

That same day, several security researchers predicted attackers would quickly craft a working exploit, and would probably tuck it into a worm able to infect any unpatched PC or server that had RDP enabled.

Auriemma asserted that Microsoft gave hackers a head start.

More at :-
http://www.computerworld.com/s/article/9225280/Mic...

--
Was this reply relevant?
+0
-0
mogs CClip 94
Expert Contributor 17th Mar, 2012 08:49
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
DuckDuckGo : The hacktivist’s search engine Written by
Darren Allan
16 March, 2012

Search with privacy the foremost priority

So we’ve heard about the whole dodgy, alleged Anonymous-released Ubuntu-based operating system, but apparently the hacktivist group also has a search engine of choice.

The Next Web spotted that the oddly named DuckDuckGo is the search engine for Anon members, or at least some of them. Certainly no self-respecting web radical would be caught anywhere near Google’s brightly coloured logo, but still; DuckDuckGo?

Anonymous confirmed that they backed DuckDuckGo when The Next Web contacted them, stating that it was one of the safest search engines to use.

Why is it safe? Because it has a tight privacy policy, and a commitment not to track surfers.

In the help centre for the search engine, the owners note: “DuckDuckGo does not store any personal information, e.g. IP addresses or user agents: see our privacy policy for details. We also have an encrypted (SSL) version, two non-JS versions (HTML & lite), aTor hidden service (about), several privacy settings (including POST & RefControl), and we allow you to use URL parameters instead of cookies to store settings.”



Read more: http://www.itproportal.com/2012/03/16/duckduckgo-h...

--
Was this reply relevant?
+0
-0
mogs CClip 95
Expert Contributor 17th Mar, 2012 08:49
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Last edited on 17th Mar, 2012 22:06
Chrome Beta Channel Update
Saturday, March 17, 2012 | 08:44
Labels: Beta updates

The Beta channel has been updated to 18.0.1025.109 for Windows, Mac, and Chrome Frame.

This release changes to V8 back version 3.8. Full details about what changes are in this build are available in the SVN revision log. Interested in switching to the Beta channel? Find out how. If you find a new issue, please let us know by filing a bug.

Karen Grunberg
Google Chrome


--
Was this reply relevant?
+0
-0
mogs CClip 96
Expert Contributor 17th Mar, 2012 22:12
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Valid VeriSign Certificate Used to Sign Mediyes Malware

Kaspersky Lab experts came across pieces of malware that were validated by a legitimate digital certificate issued by Symantec's VeriSign for a Swiss company called Conpavi AG, known for working with government agencies from Switzerland.

Identified by Kaspersky as Trojan-Dropper.Win32.Mediyes or Trojan-Dropper.Win64.Mediyes, depending on the variant, the dropper files were signed somewhere between December 2011 and March 7, 2012.


Mediyes has infected the computers of around 5,000 users, most of them from Western Europe, which would explain why the stolen certificate is from a Swiss company and its command and control server is located in Germany.

So how does this malware operate?

Read more at :-
http://news.softpedia.com/news/Valid-VeriSign-Cert...

--
Was this reply relevant?
+0
-0
mogs CClip 97
Expert Contributor 19th Mar, 2012 03:13
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Landmark 10 millionth .uk site registered with Nominet

Swarve Magazine's owner says plans to increase the number of top-level domains could prove expensive

The 10 millionth web address ending in .uk has been claimed by the founder of Hampshire-based firm, SN Technologies.

swarvemagazine.co.uk was registered by Steven Northam for a photography-based publication set to launch this summer.

Registration service Nominet described the news as a "mega-milestone". It took charge of the top-level domain name in 1996 when there were 26,000 .uk sites.

However, it faces a shake-up with a huge explosion in the number of international domains later this year.

More at :-
http://www.bbc.co.uk/news/technology-17393008

--
Was this reply relevant?
+0
-0
mogs CClip 98
Expert Contributor 19th Mar, 2012 03:21
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Microsoft blames security info-sharing program for attack code leak
Trying to figure out how exploit example shared with AV partners ended in hackers' hands Computerworld - Microsoft on Friday confirmed that sample attack code created by the company had likely leaked to hackers from a program it runs with antivirus vendors.

"Details of the proof-of-concept code appear to match the vulnerability information shared with Microsoft Active Protection Program (MAPP) partners," Yunsun Wee, a director with Microsoft's Trustworthy Computing group, said in a statement posted on the company's site.

"Microsoft is actively investigating the disclosure of these details and will take the necessary actions to protect customers and ensure that confidential information we share is protected pursuant to our contracts and program requirements," Wee added.

Under MAPP, Microsoft provides select antivirus companies with technical information about bugs before Microsoft patches the flaws. MAPP is meant to give third-party security vendors advance warning so that they can craft detection signatures.

Among the things Microsoft shares with MAPP members, according to a program FAQ, are "proof-of-concept or repro tools that further illuminate the issue and help with additional protection enhancement."

Read more at :-
http://www.computerworld.com/s/article/9225293/Mic...

--
Was this reply relevant?
+0
-0
mogs CClip 99
Expert Contributor 19th Mar, 2012 08:24
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
"Fileless" malware installs into RAM

Exploit found in Russian adware invades process, doesn't install files
By Simon Sharwood, APAC Editor • Get more from this author

Posted in Security, 18th March 2012 23:05 GMT
VeriSign SSL, now from Symantec. www.verisign-trusted.com/symantec
Researchers at Kaspersky Labs have found malware which, unusually, does not install any files on its victims PCs.

The researchers aren’t quite sure how unusual it is, describing it as both “unique” and “very rare”, but no matter how scarce this type of malware is it does sound rather nasty as it “… uses its payload to inject an encrypted dll from the web directly into the memory of the javaw.exe process.” That mode of operation means Windows and MacOS are both affected by the exploit, which is hard for many antivirus programs to spot given it runs within a trusted process.

Once under your machine’s guard, the malware tries to attack Windows User Account Control so it install the Lurk Trojan and connect to an associated botnet. That installation attempt is the malware’s key task, as living in RAM means fileless malware won’t survive a system reboot.

That the malware is able to do so is down to a known Java vulnerability, CVE-2011-3544 to be precise. Snoracle has long-since patched that hole. Another mitigating factor that will hopefully make this a short-lived attack is the fact Kaspersky picked it up in ads served only on Russian web sites. The security company has informed the ad-serving company and the offending code has been withdrawn.

More at :-
http://www.theregister.co.uk/2012/03/18/fileless_m...

--
Was this reply relevant?
+0
-0
mogs CClip 100
Expert Contributor 19th Mar, 2012 19:44
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Last edited on 19th Mar, 2012 19:49
Crowdsourcing helps Kaspersky crack Duqu code Security researchers at Kasperksy Labs have been able to unlock the secrets of the mysterious code found in the Duqu worm, thanks to a nifty spot of crowdsourcing.
According to Igor Soumenkov of Kaspersky, Duqu's strange command and control communication modules were either written using a custom framework based on an obscure object-oriented dialect of the C programming language, known as OO C or it was manually coded using that dialect.
“No matter which of these two variants is true, the implications are impressive,” wrote Soumenkov on a company blog.
Kaspersky had originally asked for help in identifying the mysterious code, having spent months analysing the worm, which was dubbed Stuxnet 2 in some quarters, as the sophisticated code looked to be aimed an industrial-grade cyber espionage operations.
It paid a closer resemblance to code found in “complex 'civil' software projects, rather than contemporary malware,” added Soumenkov.
Kaspersky said more than 200 people provided comments, with a further 60 emailing suggestions, to help it crack the Duqu conundrum.

More at :-
http://www.v3.co.uk/v3-uk/news/2161876/crowdsourci...

--
Was this reply relevant?
+0
-0
mogs CClip 101
Expert Contributor 19th Mar, 2012 19:52
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Microsoft pitches IE9 as the browser for reaching 'a few sites'
Touting IE9 to Firefox, Chrome users, IE marketing chief says, 'You don't need to ditch your current browser'

By Gregg Keizer
March 19, 2012 09:44 AM ET11
Computerworld - Microsoft has kicked off a new marketing campaign for Internet Explorer 9 that urges users of rival browsers to run it, even if only sparingly for "a few sites that you go to every day."

The unusual approach, which Microsoft launched last week on BrowserYouLovedToHate.com, a domain it registered last month, is part of Microsoft's continued campaign to convince Windows users to stick with IE9, or if they've switched browsers, to give it another try.

"One of the more interesting trends these days is the number of Chrome and Firefox enthusiasts who have 'added' Internet Explorer 9 into their browsing mix," said Roger Capriotti, the director of IE marketing, in a blog post last week. "You don't need to ditch your current browser, but there are probably a few sites you go to each day like Facebook that you can pin with IE9."

More at :-
http://www.computerworld.com/s/article/9225301/Mic...

--
Was this reply relevant?
+0
-0
mogs CClip 102
Expert Contributor 19th Mar, 2012 19:58
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Chrome Beta Channel Update
Monday, March 19, 2012 | 11:20
Labels: Beta updates

The Beta channel has been updated to 18.0.1025.113 for Windows, Mac, Linux, and Chrome Frame.

This release changes to turns of print preview and fixes a few known crashes and memory issues. Please note that print preview will possibly be turned back on in a future release. Full details about what changes are in this build are available in the SVN revision log. Interested in switching to the Beta channel? Find out how. If you find a new issue, please let us know by filing a bug.

Karen Grunberg
Google Chrome

--
Was this reply relevant?
+0
-0
mogs CClip 103
Expert Contributor 19th Mar, 2012 20:03
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Computer viruses could cross into biological realm, researchers say
Researchers at Black Hat conference speculate that human and computer viruses could converge in the future and could interest bioterrorists

By Loek Essers | IDG News Service
Computer hackers could create malicious software that crosses the line from technology to biology, crafting viruses that could spread dangerous epidemics, researchers said at Black Hat Europe.

"We are really on the border between the living and the not living," said Guillaume Lovet, senior manager of Fortinet's Threat Research and Response Center, during a keynote speech discussing the similarities between biological and computer viruses. Fortinet was the main sponsor of the Black Hat Europe security conference in Amsterdam last week.

The comparison between computer and human viruses was made to give security researchers a better understanding of why the human immune system is so much better in battling viruses then antivirus systems.

"We came to wonder if there can be some kind of convergence between human viruses and computer viruses," Lovet added. "It may sound like a scenario for a bad Hollywood movie, but it is not such a stupid question."

More at :-
http://www.infoworld.com/d/security/computer-virus...

--
Was this reply relevant?
+0
-0
mogs CClip 104
Expert Contributor 19th Mar, 2012 20:11
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Indian Call Centre Staff Selling Off Britons’ Credit Card Details For 2p

Written by
Darren Allan

Medical and financial records, even card details, on the go for pennies

The latest privacy and data related scandal involves unscrupulous Indian call centre staff flogging off the details of UK citizens - including credit cards - for as little as two pence.

An array of confidential data is for sale via corrupt call centre workers, according to an investigation conducted by the Sunday Times (as reported by the Daily Mail). Undercover reporters from the newspaper met with two so-called "consultants" who were IT workers at Indian call centres, who boasted about having a raft of information available on British people.

We're talking 45 sets of personal information on some 500,000 citizens. Medical and financial records were part of this ill-gotten data, with names, addresses and phone numbers, all of which could be used by spammers and bothersome marketers.

More worryingly, even credit card information was offered which could obviously be used by outright criminals to siphon money from bank balances.



Read more: http://www.itproportal.com/2012/03/19/indian-call-...

--
Was this reply relevant?
+0
-0
mogs CClip 105
Expert Contributor 19th Mar, 2012 20:23
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Avast antivirus support firm apologises for mis-selling
iYogi blames "over-sealous sales person"
By John E Dunn | Techworld | 19 March 12

The Indian company suspended this week by antivirus company Avast for mis-selling support contracts during customer phone calls has apologised and offered to refund users unhappy with the service.

The allegation made earlier this week by respected security blogger Brian Krebs was a serious one. Staff working for iYogi had tried to dupe him during a support call into buying an expensive support contract by falsely claiming his PC was experiencing technical problems.

The same staff had also tried to persuade him to upgrade from Avast's Free antivirus software to a paid version on spurious grounds.

"[This organisation's] sales tactics are practically indistinguishable from those employed by peddlers of fake antivirus software or "scareware," was Krebs's damning judgment.

The comment is particularly uncomfortable because Avast and ESET have recently mentioned Indian-based cold-calling scams targetting their customers. There is no suggestion that iYogi is connected to these calls but the timing is embarrassing.

More at :-
http://www.pcadvisor.co.uk/news/security/3345383/a...

--
Was this reply relevant?
+0
-0
mogs CClip 106
Expert Contributor 19th Mar, 2012 22:36
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Boot Time Defragmentation
Some of the files like MFT, Registry, Pagefile etc cannot be defragmented or are not safe to defrag when Windows is running. This is when Boot Time Defragmentation displays its benefits, defragmenting these files at Windows Boot Time and getting optimal results.

Puran Defrag provides a very powerful Boot Time Defrag that defragments not only the system files but the entire drive, giving you the maximum benefits.

Low Priority Defrag
Low Priority Defrag allows you to use your computer at full capacity even when defragmentation is running. As its name suggests, it keeps itself in Low Priority Mode which means that Puran Defrag will use a resource only if it is not being used by any other process which avoids interruption of your work.

Compatibility
Puran Defrag is compatible with Windows XP/2003/Vista/2008/7 including 64Bit versions. The support for 64Bit Windows is native, so you can enjoy all benefits of your powerful processor.

Much more info at :- http://www.puransoftware.com/Puran-Defrag.html


Download Details - Puran Defrag Free Edition
Filename: PuranDefragFreeSetup.exe

File Size: 3.25 MB

Description: Now get a professional defragmenter for your computer at no price at all.
This is Puran Defrag Free Edition which is exactly the same as its commercial version
except you do not need to pay for it.

* Free for private and non-commercial use only.
http://www.puransoftware.com/Puran-Defrag-Download...

--
Was this reply relevant?
+0
-0
mogs CClip107
Expert Contributor 21st Mar, 2012 08:35
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Chrome Beta Channel Update
Tuesday, March 20, 2012 | 11:19
Labels: Beta updates

The Beta channel has been updated to 18.0.1025.116 or 18.0.1025.117 for Windows and 18.0.1025.117 Chrome Frame.

This release turns off swiftshader and gamepad. These changes and the version differences are due to stability measures and some or all of these features may be enabled again in a future release Please note that print preview will be turned back on in the next release. Full details about what changes are in this build are available in the SVN revision log. Interested in switching to the Beta channel? Find out how. If you find a new issue, please let us know by filing a bug.

Karen Grunberg
Google Chrome


--
Was this reply relevant?
+0
-0
mogs CClip 108
Expert Contributor 21st Mar, 2012 20:33
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Firefox to turn on default encryption for Google searches
Firefox is used by more than 20% of all Internet users

By Loek Essers
March 21, 2012
IDG News Service - Mozilla is currently testing default encrypted Google searches for all Firefox users, with the intent to make all Google searches encrypted in the near future, the browser maker said on Wednesday.

"We are currently testing the change to use SSL for built-in Google searches in our Firefox nightly channel," said Johnathan Nightingale, senior director of Firefox engineering, in an email. "If no issues are uncovered, it will move through our Aurora and Beta release channels before eventually shipping to all our Firefox users. This will include migrating the changes to our non-English version of Firefox, as well."

Google is the default search engine used by Firefox. There is no official word from Mozilla, however, on exactly when it will switch Firefox end users to default encrypted Google searches. Once the feature ends up on the Aurora and Beta release channels it will be generally available soon after, Mozilla said. The browser maker noted that development for each release channel could take up to six weeks.

More at :-
http://www.computerworld.com/s/article/9225393/Fir...

--
Was this reply relevant?
+0
-0
mogs CClip 109
Expert Contributor 21st Mar, 2012 20:38
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Chrome Beta Channel Update
Wednesday, March 21, 2012 | 09:42
Labels: Beta updates

Update: The Beta channel for Mac has now been updated to 18.0.1025.129. This brings back Print Preview.


The Beta channel has been updated to 18.0.1025.118 for Windows Chrome Frame.

This release brings back Print Preview. Full details about what changes are in this build are available in the SVN revision log. Interested in switching to the Beta channel? Find out how. If you find a new issue, please let us know by filing a bug.

Karen Grunberg
Google Chrome

--
Was this reply relevant?
+0
-0
mogs CClip 110
Expert Contributor 21st Mar, 2012 20:45
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Microsoft Gives Police Tools To Fight Child Pornography

Written by
Darren Allan
21 March, 2012

PhotoDNA technology uses a digital “fingerprint” to locate copies of images online

Microsoft has announced that it's making technology available to law enforcement agencies to help fight the peddlers of child pornography.

The company announced that it's partnering with NetClean to make PhotoDNA image matching technology available to the police at no cost.

In a blog post, Associate General Counsel at Microsoft Digital Crimes Unit, Bill Harmon, noted that the National Centre for Missing & Exploited Children has reviewed more than 65 million images and videos of child sexual exploitation reported by law enforcement bodies in the past decade.

Harmon wrote: "We simply cannot allow people to continue trading these horrifying images online when we have the technology to help do something about it. Microsoft is proud to make PhotoDNA available to law enforcement, to help in their battle to quickly identify and rescue these children."

PhotoDNA is an image matching technology which creates a unique digital "fingerprint" for an image, allowing this to be compared to other images online to hunt out matching signatures, locating copies of the picture.

Read more: http://www.itproportal.com/2012/03/21/microsoft-gi...

--
Was this reply relevant?
+0
-0
mogs CClip 111
Expert Contributor 21st Mar, 2012 20:56
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Nordic portal crash creates high frequency of Kenneths
By Tom Espiner , 21 March, 2012 17:28

Norwegian online portal Altinn crashed on Tuesday, and mistakenly started logging people into the financial records of a 36–year-old man in Oslo named 'Kenneth', according to tech news publication Icrontic.

People logging onto the Norwegian government website Altinn to check tax results crashed the service on Tuesday morning. Service was restored, but due to a caching error, anyone who logged onto the service after 6.17pm was logged-in as 'Kenneth', and could see two-years worth of his financial records, said Icrontic. In addition, some of his wife's details were also revealed.

Kenneth has consulted his lawyer, said Icrontic. The Altinn web service was down at the time of writing.

"Altinn is unavailable," said an error message in Norwegian. "We are striving to correct the error, but unfortunately cannot give an exact timescale for when Altinn will be back in operation."

Citizen interaction with the UK government over taxes has also overwhelmed servers in the past. In February 2008 HMRC had to extend the filing deadline for tax returns after demand crashed its website.

http://www.zdnet.co.uk/blogs/security-bulletin-100...

--
Was this reply relevant?
+0
-0
mogs CClip 112
Expert Contributor 21st Mar, 2012 21:01
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Researcher Finds Code Execution Flaw in Google Earth

A code execution vulnerability was identified by Georgian security researcher Ucha Gobejishvili in the popular Google Earth application.

Most internauts have utilized Google Earth at least once for the maps and other geographical information it provides. The satellite view is another great feature that attracts users, but what many don’t know is that the program contains a flaw that could be taken advantage of by cybercrooks.


The expert demonstrated how a local attacker could leverage a security hole to execute a piece of malicious code.

The flaw can be reproduced by opening the program and clicking on the Placemark button. Instead of a legitimate Place parameter, an arbitrary code can be inserted and run.

http://news.softpedia.com/news/Researcher-Finds-Co...

--
Was this reply relevant?
+0
-0
mogs CClip 113
Expert Contributor 21st Mar, 2012 21:06
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK

Vupen Sells Exploits to Spy Agencies, They Pay Much More Than Google

Many have been wondering why the security experts from French company Vupen refused to enter the Google-funded Pwnium competition and only enrolled in TippingPoint’s Pwn2Own event. The short answer is because Google would have wanted the complete description of the vulnerabilities in return for the bounty.


According to Forbes, Vupen didn’t want to enroll in Pwnium because the sums offered by Google were small change in comparison to what they can make if they sell their findings to government agencies, which are constantly in search for new ways of spying on people.

“We wouldn’t share this with Google for even $1 million. We don’t want to give them any knowledge that can help them in fixing this exploit or other similar exploits. We want to keep this for our customers,” said Chaouki Bekrar, Vupen’s CEO.

While he refuses to talk about exact figures, experts believe that zero-day exploits that allow seamless access to computers can worth 10 or even 100 times more than what a software firm would normally pay.

More at :-
http://news.softpedia.com/news/Vupen-Sells-Exploit...

--
Was this reply relevant?
+0
-0
mogs CClip 114
Expert Contributor 22nd Mar, 2012 10:58
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK

Chrome Stable Channel Update
Wednesday, March 21, 2012 | 17:44
Labels: Stable updates
The Chrome Stable channel has been updated to 17.0.963.83 on Windows, Mac, Linux and Chrome Frame. This release fixes issues with Flash games, along with the security fixes listed below.

Security fixes and rewards:

Please see the Chromium security page for more detail. Note that the referenced bugs may be kept private until a majority of our users are up to date with the fix.

Some of the items listed below represent the start of hardening measures based on study of the exploits submitted to the Pwnium competition.

[$1000] [113902] High CVE-2011-3050: Use-after-free with first-letter handling. Credit to miaubiz.
[116162] High CVE-2011-3045: libpng integer issue from upstream. Credit to Glenn Randers-Pehrson of the libpng project.
[$1000] [116461] High CVE-2011-3051: Use-after-free in CSS cross-fade handling. Credit to Arthur Gerkis.
[116637] High CVE-2011-3052: Memory corruption in WebGL canvas handling. Credit to Ben Vanik of Google.
[$1000] [116746] High CVE-2011-3053: Use-after-free in block splitting. Credit to miaubiz.
[117418] Low CVE-2011-3054: Apply additional isolations to webui privileges. Credit to Sergey Glazunov.
[117736] Low CVE-2011-3055: Prompt in the browser native UI for unpacked extension installation. Credit to PinkiePie.
[$2000] [117550] High CVE-2011-3056: Cross-origin violation with “magic iframe”. Credit to Sergey Glazunov.
[$500] [117794] Medium CVE-2011-3057: Invalid read in v8. Credit to Christian Holler.

Also, this single low severity issue was fixed in a previous patch but we forgot to issue proper credit:

[108648] Low CVE-2011-3049: Extension web request API can interfere with system requests. Credit to Michael Gundlach.

More detailed updates are available on the Chrome Blog. Full details about what changes are in this release are available in the SVN revision log. Interested in hopping on the stable channel? Find out how. If you find a new issue, please let us know by filing a bug.

Jason Kersey
Google Chrome

--
Was this reply relevant?
+0
-0
mogs CClip 115
Expert Contributor 22nd Mar, 2012 12:16
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
CA reveals ARCserve DDOS threat

Forced upgrades on the way for some users?
By Simon Sharwood, APAC Editor • Get more from this author

Posted in Security, 22nd March 2012 04:17 GMT
VeriSign SSL, now from Symantec. www.verisign-trusted.com/symantec
CA Technologies has found a nasty flaw in flagship backup software ARCServe.

The flaw goes all the way back to version 10 of the product, which has just reached v.16.

CA says the problem “can allow a remote attacker to cause a denial of service condition“ and “ … occurs due to insufficient validation of certain network requests. An attacker can potentially use the vulnerability to disable network services.”

Many versions of ARCserve can fix the bug with a patch, but CA's advisory says the solution for ARCserve Backup for Windows r12.0 is to “Update to CA ARCserve Backup for Windows r16 SP1.”

We're sure ARCserve users will appreciate the forced upgrade and happily set aside other work to make it happen. ®

http://www.theregister.co.uk/2012/03/22/arcserve_d...

--
Was this reply relevant?
+0
-0
mogs CClip 116
Expert Contributor 22nd Mar, 2012 16:50
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
'Hacktivists' steal more than 100M online records in 2011, says Verizon
More than half of all 2011 data thefts traced to 'hactivism,' Verizon finds in latest data breach study

By Lucian Constantin
March 22, 2012 08:13 AM ETAdd a comment
IDG News Service - More than half of data stolen from companies in 2011 was a result of hacktivist actions, even though the majority of data breaches were still caused by financially motivated cybercriminals, Verizon said in its 2012 Data Breach Investigations Report released on Thursday.

The report spans 855 data breach incidents investigated by the company and several law enforcement agencies -- the U.S. Secret Service, the Dutch National High Tech Crime Unit, the Australian Federal Police, the Irish Reporting & Information Security Service and the Police Central e-Crime Unit of the London Metropolitan Police. These incidents resulted in a total of 174 million compromised records, the second-highest volume of compromised records since Verizon began compiling data breach statistics in 2004.

Up to 98 percent of data breach incidents covered by the new report were caused by external agents and the vast majority of them, 83 percent, were organized criminal groups.

More at :-
http://www.computerworld.com/s/article/9225425/_Ha...

--
Was this reply relevant?
+0
-0
mogs CClip 117
Expert Contributor 22nd Mar, 2012 17:30
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK

Waterfox, the 64-bit Firefox, is not in beta

Mistake in the release matrix
By Dave Neal
Thu Mar 22 2012, 13:00
THE WHISPERED ABOUT Mozilla 64-bit web browser called Waterfox is not a beta, despite appearances, but is a release candidate.
Waterfox has progressed in fits and starts and the latest candidate came out earlier this month. However it was incorrectly labeled as a beta release.
"Some users may have noticed that the latest version of Waterfox has put them on the beta channel," said a post on the Mozilla Waterfox web pages.
"There is no need for alarm, as this is a mistake on my part for leaving the channel to Beta on the config script instead of Release. You will still get updates and this does not affect functionality at all."
Waterfox 11 comes hot on the heels of Firefox 11 and mirrors its new features. It is a free download for PCs running the 64-bit versions of Windows XP, Windows Vista and Windows 7.
Mozilla said that the two are comparable, but Waterfox is better. "In benchmarks, the 64-Bit variant of Firefox out-performs the 32-Bit variant," read its FAQ.
"Also because this variant is being built specifically for Windows, there might be further performance increases."
Of course, this could all become redundant once a 64-bit version of Firefox is released. However, that won't be anytime soon.
However, writing on the Mozilla Hacks web site, Mozilla technical writer Jean-Yves Perrier said that this is not a priority, and suggested that there is more to improving performance than just making something work on 64-bit systems.
"There are currently no plan to release a 64-bit release of Firefox for Windows in 2012. This is a question of priority. Especially as it means a lot of work just to reach the same level of performance than the 32-bit version which is much quicker under Windows for the moment than the test 64-bit version," he wrote in response to a question about Mozilla's plans for 2012.
"64-bits is not a free meal for performance." µ

http://www.theinquirer.net/inquirer/news/2162979/w...

--
Was this reply relevant?
+0
-0
mogs CClip 118
Expert Contributor 22nd Mar, 2012 17:38
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK

Google's Chrome is the top web browser for a day

Trend to Chrome at weekends
By Robert Jaques
Thu Mar 22 2012, 10:29
SOFTWARE HOUSE Google's Chrome overtook Microsoft's Internet Explorer (IE) to become the world's number one web browser, but only for one day.
According to Statcounter web monitoring data, there is a "trend to Chrome at weekends" that narrowly drove Chrome into the top spot globally on Sunday, 18 March.
Web analytics outfit Statcounter published statistics showing that Chrome topped the polls in India, Russia and Brazil, all of which contributed to it becoming the number one browser for that day on a global basis.
"While it is only one day, this is a milestone," said Statcounter CEO Aodhan Cullen. He added that Chrome still faces a battle to unseat its main rivals including IE and Firefox in many regions. The company's monitoring shows that on a day to day basis Chrome remains in second or third place in China, the United States and Germany.
"Whether Chrome can take the lead in the browser wars in the long term remains to be seen, however the trend towards Chrome usage at weekends is undeniable. At weekends, when people are free to choose what browser to use, many of them are selecting Chrome in preference to IE," added Cullen.
Statcounter's data is based on over 15 billion page views per month, four billion from the US, to its network of more than three million web sites.
The web monitoring company stressed that it does not apply artificial weights to its worldwide data, arguing that such weighting factors are not relevant for individual country statistics. µ

http://www.theinquirer.net/inquirer/news/2162880/g...

--
Was this reply relevant?
+0
-0
mogs CClip 119
Expert Contributor 22nd Mar, 2012 20:06
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Opera 11.62 Stable Is Almost Here It’s Thursday, so another snapshot for Opera 11.62 is in order. The Norwegian developer delivered today build 1340 of their web browser and strangely enough, changes are almost invisible.

Since the purpose of Opera 11.62 is stability and performance improvements over version 11.61, there are no new features in this revision, only repairs. In this case, however, there is only one entry in the changelog, which refers to missing architecture information in the User Agent.

This is indicative of a stable release getting closer, just as the developer announced on their blog earlier today. Judging by the list of modifications one could easily draw the conclusion that this might be among the last development snapshots for Opera 11.62 and that the launch should occur sometime next week, if not sooner.

http://news.softpedia.com/news/Opera-11-62-Stable-...

--
Was this reply relevant?
+0
-0
mogs CClip 120
Expert Contributor 23rd Mar, 2012 18:05
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Microsoft expects 10in 2560x1400 Windows 8 tablets SOFTWARE REDEVELOPER Microsoft has shown off what it claims will be common screen sizes for devices running Windows 8, suggesting that there will be Windows 8 tablets that exceed the resolution of Apple's Retina display on the new Ipad.
Microsoft's Windows 8 hype machine set its focus on screen sizes and display resolutions, touting the multitude of resolutions its Metro user interface will support. Microsoft's Metro user interface is intended for touchscreen devices, with the firm saying that "device diversity" is one of its core goals for Windows 8.
The firm explained how the tiled Metro user interface will adapt to different resolutions in order to make efficient use of screen real estate by packing more onto the screen. Interestingly, Microsoft has decided that 1024x768 will be the minimum resolution for Metro applications while 2560x1600 will be the maximum.
Not only did Microsoft set resolution limits, it also outlined screen sizes that it expects to see Windows 8 use. While the usual laptop screen sizes are accounted for with woefully inadequate resolutions, the firm foresees 10.1in and 11.6in tablet devices with 2560x1400 resolution, producing 291dpi (dots per inch) and 253dpi, respectively.
Microsoft ran through the advantages of high pixel densities, much like Apple did when it announced the Retina display on the Iphone 4. It mentioned the obvious ability to pack more onto the screen and improvements in text clarity, but the firm was also keen to point out that Metro applications will have to support high resolution screens in order to make for comfortable user interaction.
Microsoft's Windows 8 plans might not whet the appetites of that many tablet users, however it does suggest that 10in and 11in Windows tablets sporting 2560x1400 display resolution might tip up in 2013.

http://www.theinquirer.net/inquirer/news/2163051/m...

--
Was this reply relevant?
+0
-0
mogs CClip 121
Expert Contributor 23rd Mar, 2012 22:15
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Chrome Beta Channel Update
Friday, March 23, 2012 | 11:11
Labels: Beta updates

The Beta channel has been updated to 18.0.1025.137 for Windows and Chrome Frame.

This release contains some stability fixes. Full details about what changes are in this build are available in the SVN revision log. Interested in switching to the Beta channel? Find out how. If you find a new issue, please let us know by filing a bug.

Karen Grunberg
Google Chrome

--
Was this reply relevant?
+0
-0
mogs CClip 122
Expert Contributor 23rd Mar, 2012 22:26
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Spam Emails Advertise Fake “Windows Risk Minimizer” Antivirus While usually cybercriminals prefer to spread pieces of scareware through drive-by exploits, in the latest campaign they turned to spam emails to advertise fake antivirus programs.

Symantec has come across a shady application called Windows Risk Minimizer, which is hosted on over 300 compromised websites to which the links from the malicious emails point to.

In the initial phase of the infection, when the compromised sites are visited, the user is alerted of “critical process activity” by a so-called Windows Secure Kit 2012.

After an OK button is hit, a fake scan starts to detect Worm and Trojan infections that threaten the computer.

The biggest difference between this fake AV and the ones seen previously is that in this case the phony scan is actually a Flash animation that appoints random virus names to random files contained within it.

The next stage represents a summary of the scan which is displayed in a window that’s also highly sophisticated compared to other products. Not only the different infections can be selected and unselected, but also the window can be moved around on the screen.

More at :-
http://news.softpedia.com/news/Spam-Emails-Adverti...

--
Was this reply relevant?
+0
-0
mogs CClip 123
Expert Contributor 24th Mar, 2012 01:53
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Chrome Dev Channel Update
Friday, March 23, 2012 | 15:04
Labels: Dev updates
The Dev channel has been updated to 19.0.1077.3 for Windows, Mac, Linux and Chrome Frame. This build contains following updates:


Updated V8 - 3.9.23.0
Fixed dialog boxes in settings. (Issue: 118031)
Fixed flash videos turning white on mac when running with --disable-composited-core-animation-plugins (Issue: 117916)
Change to look for correctly sized favicon when multiple images are provided. (Issue: 118275)
Fixed issues - 116044, 117470, 117068, 117668, 118620

Known Issues
[Mac] Extension and download icons are drawn incorrectly (Issue: 118755)

Full details about what changes are in this build are available in the SVN revision log. Interested in switching release channels? Find out how. If you find a new issue, please let us know by filing a bug.

Dharani Govindan
Google Chrome

--
Was this reply relevant?
+0
-0
mogs CClip 124
Expert Contributor 24th Mar, 2012 02:02
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Congress warned that military systems may already be pwned

Radical rethink of computer security needed
By Iain Thomson in San Francisco •

Posted in Security, 24th March 2012 00:02 GMT

Security experts testifying at hearings held by the US Senate Armed Services Committee on cybersecurity have warned that maintaining a perimeter to keep out spies is unsupportable, and that the US should assume that its networks have already been fully penetrated.

"We've got the wrong mental model here," said Dr. James Peery, director of the Information Systems Analysis Center at Sandia National Laboratories. "I don't think that we would think that we could keep spies out of our country. We've got this model for cyber that says, 'We're going to develop a system where we're not attacked.' I think we have to go to a model where we assume that the adversary is in our networks. It's on our machines, and we've got to operate anyway."

More at :-
http://www.theregister.co.uk/2012/03/24/congress_d...

--
Was this reply relevant?
+0
-0
mogs CClip 125
Expert Contributor 24th Mar, 2012 09:15
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK

European Commission locks horns with Germany over data retention law
Meanwhile, Sweden adopts the controversial law

By Jennifer Baker

IDG News Service - European Union regulators have warned Germany that it must implement the controversial Data Retention Directive within one month or face legal action and possible fines.

The Data Retention Directive requires E.U. member states to store vast amounts of telecommunications information, including data about email, phone calls and text messages, for law enforcement purposes.

The directive was originally adopted in Germany in 2008, but was taken to the German Constitutional Court amid privacy concerns. The court ruled it unconstitutional and it was thrown out. Since then the European Commission has pushed for it to be reinstated , while German data-protection commissioners refuse, describing it as an invasion of privacy.

Romania and the Czech Republic have also declared the directive unconstitutional, while Hungary and Ireland have implemented it but have referred it to higher courts for final judgment. Sweden meanwhile implemented it after a vote in the Swedish Parliament on Wednesday, but not without controversy.

Read more at :-
http://www.computerworld.com/s/article/9225503/Eur...

--
Was this reply relevant?
+0
-0
mogs CClip 126
Expert Contributor 24th Mar, 2012 21:25
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Malwarebytes Anti-Malware Available for Download Malwarebytes Anti-Malware continues to progress, as the company released a new beta for the application. Version 1.61 of the security product brings to the table improvements and repairs a small batch of problems.

As far as enhancements are concerned, the development team managed to optimize the scan speed for 64-bit operating systems and the application should complete the job 25% faster.

There are also Chameleon improvements, the technology that ensures that Malwarebytes runs even if threats try to block it.

Among the modifications there are also additional security checks for program updates and, for the paid version only, some enhancements address password command line.

As for the repairs, the new release shows accurate protection status in the scheduled scan logs. Also fixed is the context menu language for 'Scan with Malwarebytes Anti-Malware' option, which is now displayed in the selected language.

http://news.softpedia.com/news/Malwarebytes-Anti-M...

--
Was this reply relevant?
+0
-0
mogs CClip 127
Expert Contributor 25th Mar, 2012 22:59
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Google ends Chrome search rank penalty period
Unclear whether self-imposed punishment affected Chrome's usage share

By Gregg Keizer
March 25, 2012 06:50 AM ET
Computerworld - Google this month released Chrome from the penalty box and reinstated the browser's PageRank after a 60-day self-imposed sentence over a rule-breaking marketing campaign.

At some point during March, Google lifted the penalty it had imposed on Chrome the first week of January, when it demoted the search ranking of the browser's download page, www.google.com/chrome. It's unclear when Google restored the browser's search rank; SearchEngineLand first reported the punishment's expiration on March 16.

The decision to reduce Chrome's PageRank -- the rating Google assigns to sites based on how many other sites link to them -- came after SEO Book and SearchEngineLand revealed a marketing campaign that paid bloggers to create generic posts that linked to a video touting Chrome to small businesses.

More at :-
http://www.computerworld.com/s/article/9225526/Goo...

--
Was this reply relevant?
+0
-0
mogs CClip 128
Expert Contributor 26th Mar, 2012 09:01
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Chrome extensions malware hijacks Facebook profiles

Chrome Web Store falls to Brazilian whacks
By Simon Sharwood, APAC Editor r

Posted in Security, 25th March 2012 22:17 GMT

Kaspersky Lab has found malware-laden Chrome extensions, along with a criminal gang playing cat and mouse with Google by releasing several variations of its wares.

The attacks manifest as suggestions to download Facebook apps. Those apps are, alas, not real. Instead they are malware and, in one case, a malware-laden Chrome extension hosted in Google's very own Chrome Web Store.

The malware pretends to be a Flash Player installer but instead downloads a Trojan which writes messages to a victim's Facebook profile and automatically Likes certain pages.

Read more at :-
http://www.theregister.co.uk/2012/03/25/chrome_web...

--
Was this reply relevant?
+0
-0
mogs CClip 129
Expert Contributor 26th Mar, 2012 09:35
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Microsoft leads seizure of Zeus-related cybercrime servers
The company said it has shutdown several botnets that stole an estimated US$100 million over five years

By Jeremy Kirk
March 26, 2012 02:48 AM ET
IDG News Service - Microsoft said on Monday it and several partners had disrupted several cybercrime rings that used a notorious piece of malicious software called Zeus to steal US$100 million over the last five years.

The company said a consolidated legal case has been filed against those allegedly responsible that for the first time applies the Racketeer Influenced and Corrupt Organizations (RICO) Act.

Zeus has been a thorn in the side for financial institutions due to its stealthy nature and advanced spying capabilities that center around stealing online banking and e-commerce credentials for fraud.

More at :-
http://www.computerworld.com/s/article/9225529/Mic...

--
Was this reply relevant?
+0
-0
mogs CClip 130
Expert Contributor 26th Mar, 2012 19:34
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Mozilla sets end of Firefox for Win2K, early XP
Move to newer dev tools means April's Firefox 12 will be last to work on outdated Windows

By Gregg Keizer
March 26, 2012 05:53 AM ET
Computerworld - Mozilla on Friday announced that next month's Firefox 12 will be the last version to run on early editions of Windows XP and the 12-year-old Windows 2000.

The company also reiterated that it will stop serving security updates for 2010's Firefox 3.6 in April.

Starting with Firefox 13, the browser's minimum requirements will be XP Service Pack 2 (SP2). Firefox 13 will not work on Windows 2000, Windows XP RTM (release to manufacturing, the original mid-2001 build) or XP SP1.

Firefox 12, set to ship April 24 and due to be replaced by the next edition on June 4, will be the last that supports the three older Windows.

Read more at :-
http://www.computerworld.com/s/article/9225528/Moz...

--
Was this reply relevant?
+0
-0
mogs CClip 131
Expert Contributor 26th Mar, 2012 19:48
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
McAfee: Digitally-signed malware numbers jump
By Tom Espiner , 26 March, 2012 16:32

E-criminals are increasingly using digitally signed malware to try to circumvent computer-security measures, according to security company McAfee.

The number of unique malicious binaries that use digital signatures to try to trick users, admins, and security software into trusting and running malware jumped from almost zero at the beginning of January 2012 to more than 200,000 samples at the end of March, McAfee researcher Craig Schmugar said in a blog post on Friday.

"Much of this malware is signed with stolen certificates, while other binaries are self-signed, or 'test signed'," said Schmugar. "Test signing is sometimes used as part of a social engineering attack."

Test-signing is particularly useful on Microsoft's 64-bit Windows operating system, which automatically disables unsigned drivers, said Schmugar. Test-signing lets developers circumvent driver-signing, but can also be used by e-criminals, said McAfee.

Read more at :-
http://www.zdnet.co.uk/blogs/security-bulletin-100...

--
Was this reply relevant?
+0
-0
mogs CClip 132
Expert Contributor 26th Mar, 2012 19:55
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Crooks Replicate eBay Verification Emails to Steal Accounts Cybercriminals have taken the body of a legitimate eBay identity verification email and began using it in a malicious campaign designed to steal the accounts of unsuspecting users.

“You're signing in from a computer we're not familiar with. That's no problem, but we need to take a few moments just to make sure no one is trying to access your account without permission. Please log in to your account and complete the form on the next page. [Link],” reads the false email provided by Hoax Slayer.


The crooks not only copied the text of a genuine eBay notification, but they have also made the shady link look like it really points to the eBay site.

Once the phony link is clicked, the victim is taken to a website that replicates an eBay login page. After the username and password are submitted, another webpage appears, requesting the answer to the security question, along with the customer’s email address.

Read more at :-
http://news.softpedia.com/news/Crooks-Replicate-eB...

--
Was this reply relevant?
+0
-0
mogs CClip 133
Expert Contributor 27th Mar, 2012 01:38
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
64-bit Opera Wahoo Available for Download Earlier today Opera rolled out the first release candidate for version 11.62 of the browser. Now they make available a new snapshot (build 1351) for Opera 12, codenamed Wahoo. This development build is the first one also available for 64-bit platforms, for Windows and Mac.

Out-of-process plugins (OOPP) are included in this snapshot. Running plugins in a separate process increases the stability and performance of the web browser.

Apart from this, the build runs an updated Presto engine. The improved Core brings to the table initial support for HTML5 Drag and Drop, which caters for functionality such as moving items from the desktop onto a web page.

Support for CSS Animations, although experimental, is also present in this release.

http://news.softpedia.com/news/64-bit-Opera-Wahoo-...

--
Was this reply relevant?
+0
-0
mogs CClip 134
Expert Contributor 27th Mar, 2012 01:44
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Chrome Beta Channel Update
Monday, March 26, 2012 | 16:24
Labels: Beta updates

The Beta channel has been updated to 18.0.1025.140 for Windows, Mac, Linux and Chrome Frame platforms

All
Fixed Font settings aren't saved on quit (Issue: 112706)
Fixed IME failure on specific flows with a windowless Flash (Issue: 117758)
Fixed Crash when creating a new tab while the previous one is still loading (Issue: 87176)
Fixed Drag and Drop issues (Issue: 119700)
Chrome Frame
Fixed "Find Next" button does not work as intended (Issue: 112193)
More details about additional changes are available in the svn log of all revisions. If you find a new issue, please let us know by filing a bug.

Karen Grunberg
Google Chrome

--
Was this reply relevant?
+0
-0
mogs CClip 135
Expert Contributor 27th Mar, 2012 01:48
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Microsoft censors Pirate Bay links from IM

Malware blamed – but other torrent links still allowed
By Iain Thomson in San Francisco
Posted in Music and Media, 26th March 2012 19:57 GMT

Microsoft has confirmed that users of its instant messaging app will not be able to send each other links to popular torrent site The Pirate Bay, citing malware fears.

"We block instant messages if they contain malicious or spam URLs based on intelligence algorithms, third-party sources, and/or user complaints. Pirate Bay URLs were flagged by one or more of these and were consequently blocked," Redmond told The Register in an emailed statement.

One can understand banning links to malware, even if that's something that IM providers have been less than successful at managing in the past. But Redmond's ban does rather raise the question as to why Pirate Bay has been singled out for blocking, when there are plenty of other sites to choose from, many with a much worse record for malware content than the Swedish site.

More at :-
http://www.theregister.co.uk/2012/03/26/microsoft_...

--
Was this reply relevant?
+0
-0
mogs CClip 136
Expert Contributor 27th Mar, 2012 20:16
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Study: Open source libraries propagate security flaws Research finds that one-third of the most commonly used open source Java components contain security vulnerabilities

By Robert Lemos | InfoWorldFollow @infoworld

Although companies such as Microsoft, Adobe, and Mozilla have raised awareness of secure programming practices in recent years, getting developers to adopt best practices to weed out vulnerabilities in program code remains a challenge. A case in point: Developers often overlook the necessity of keeping the source components of their software up-to-date, a problem exacerbated by poor update mechanisms, according to a study released on Monday.

The report, which analyzed code downloaded from a popular collection of open source components known as the Central Repository, found that a large number of development organizations, including half of Global 100 financial firms, used vulnerable libraries from the repository.

"The problem we've found is that is no central update mechanism or notification system to tell (developers) of software about the vulnerabilities that are being discovered in individual projects," says Wayne Jackson, CEO of Sonatype, the firm that maintains the Central Repository. "What that has led to is a huge amount of consumption of components that are known to have security flaws."

More at :-
http://www.infoworld.com/t/application-security/st...

--
Was this reply relevant?
+0
-0
mogs CClip 137
Expert Contributor 27th Mar, 2012 20:24
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK

New Java Attack Rolled into Exploit Packs
If your computer is running Java and you have not updated to the latest version, you may be asking for trouble: A powerful exploit that takes advantage of a newly-disclosed security hole in Java has been rolled into automated exploit kits and is rapidly increasing the success rates of these tools in attacking vulnerable Internet users.

The exploit targets a bug in Java (CVE-20120-0507) that effectively allows the bypassing of Java’s sandbox, a mechanism built into the ubiquitous software that is designed partly to blunt attacks from malicious code. Microsoft’s Malware Protection Center warned last week that new malware samples were surfacing which proved highly effective at exploiting the flaw. Microsoft says the samples it saw loaded the ZeuS Trojan, but thieves can use such attacks to install malware of their choosing.

Read more at :-
http://krebsonsecurity.com/category/latest-warning...

--
Was this reply relevant?
+0
-0
mogs CClip 138
Expert Contributor 27th Mar, 2012 20:30
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Security Firm AVG Releases Do-Not-Track Feature for Windows
AVG's new tool is available to users of its free and paid security products as a free update.
By Ian Paul | PC World | 27 March 12

If the recent debates around the Federal Trade Commission's call for a Do-Not-Track tool have you concerned about online privacy, computer security firm AVG recently announced a new do-not-track feature for Windows. AVG's new tool is available to users of its free and paid security products as a free update. New users can get the tool by downloading AVG Anti-virus Free Edition, and then running a program update to get the new do-not-track feature. The new tool works as an add-on with Internet Explorer, Mozilla Firefox and Google Chrome browsers.

AVG's do-not-track feature actively seeks out tracking cookies on your browser and alerts you when a site attempts to set a tracking mechanism. When it finds a tracking cookie, the anti-tracking feature will tell you whether it's a tracking cookie from an ad network, a "social button" such as Facebook's Like button and Google's +1, or a Web analytics cookie.

Read more at :-
http://www.pcadvisor.co.uk/news/security/3347346/s...

--
Was this reply relevant?
+0
-0
mogs CClip 139
Expert Contributor 27th Mar, 2012 20:44
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Kaspersky PURE 2.0 Available for Download Kaspersky announced the release of version 2.0 for their complete protection suite for home users, Kaspersky PURE. The most visible change in the package is the interface, which is now more intuitive than ever.

Changes in the product touch on Quarantine and Backup management, which have been separated in different tabs as they fulfilled separate functions. You can check the reputation of apps and websites, based on community ratings.

Also new is the possibility to enable heuristic analysis in order to scan websites for phishing threats.

Other modifications include simpler parental controls, based on predefined profiles, and easier wizard for creating a backup task. Data encryption has also been improved, as the new version of the suite features a ready-to-go preinstalled container is present; customization options are available.

http://news.softpedia.com/news/Kaspersky-PURE-2-0-...

--
Was this reply relevant?
+0
-0
mogs CClip 140
Expert Contributor 28th Mar, 2012 20:03
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Adobe streamlines Flash Player updates by going silent
And it drops Flash support for Microsoft's IE6

By Gregg Keizer
March 28, 2012 12:32 PM ETAdd a comment
Computerworld - Adobe yesterday released Flash Player 11.2, adding silent updating to speed patching of "zero-day" vulnerabilities in the Windows edition.

"Improving the update process is probably the single most important challenge we can tackle for our customers at this time," Peleus Uhley, a senior security researcher at Adobe, said in a Tuesday blog entry.

On Windows -- silent update will come to the Mac later, the company said -- Flash Player 11.2 checks for security updates, then downloads and installs them without bothering the user.

The background update tool pings Adobe's servers every hour until it gets a response. If it reaches Adobe and finds no ready update, the tool re-checks the servers 24 hours later.

The updater's default setting can be changed so that Flash Player continues to notify the user when updates are available

Read more at :-
http://www.computerworld.com/s/article/9225624/Ado...

--
Was this reply relevant?
+0
-0
mogs CClip 141
Expert Contributor 28th Mar, 2012 20:13
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK

Chrome Stable Channel Release and Beta Channel Update
Wednesday, March 28, 2012 | 10:55
Labels: Beta updates, Stable updates

The Chrome team is excited to announce the release of Chrome 18 to the Stable Channel for Windows, Mac, Linux and Chrome Frame. 18.0.1025.142 contains a number of new features including faster and fancier graphics. More detailed updates are available on the Chrome Blog and the Chromium Blog.


Security fixes and rewards:
Please see the Chromium security page for more detail. Note that the referenced bugs may be kept private until a majority of our users are up to date with the fix.

Some of the items listed below represent the start of hardening measures based on study of the exploits submitted to the Pwnium competition.

[$500] [109574] Medium CVE-2011-3058: Bad interaction possibly leading to XSS in EUC-JP. Credit to Masato Kinugawa.
[$500] [112317] Medium CVE-2011-3059: Out-of-bounds read in SVG text handling. Credit to Arthur Gerkis.
[$500] [114056] Medium CVE-2011-3060: Out-of-bounds read in text fragment handling. Credit to miaubiz.
[116398] Medium CVE-2011-3061: SPDY proxy certificate checking error. Credit to Leonidas Kontothanassis of Google.
[116524] High CVE-2011-3062: Off-by-one in OpenType Sanitizer. Credit to Mateusz Jurczyk of the Google Security Team.
[117417] Low CVE-2011-3063: Validate navigation requests from the renderer more carefully. Credit to kuzzcc, Sergey Glazunov, PinkiePie and scarybeasts (Google Chrome Security Team).
[$1000] [117471] High CVE-2011-3064: Use-after-free in SVG clipping. Credit to Atte Kettunen of OUSPG.
[$1000] [117588] High CVE-2011-3065: Memory corruption in Skia. Credit to Omair.
[$500] [117794] Medium CVE-2011-3057: Invalid read in v8. Credit to Christian Holler.

The bugs [112317], [114056] and [117471] were detected using AddressSanitizer.

We’d also like to thank miaubiz, Chamal de Silva, Atte Kettunen of OUSPG, Aki Helin of OUSPG and Arthur Gerkis for working with us during the development cycle and preventing security regressions from ever reaching the stable channel. $8000 of additional rewards were issued for this awesomeness.


This version also contains the new Adobe Flash release. Full details about what changes are in this release are available in the SVN revision log. Interested in hopping on the stable channel? Find out how. If you find a new issue, please let us know by filing a bug.

Karen Grunberg
Google Chrome

--
Was this reply relevant?
+0
-0
mogs CClip 142
Expert Contributor 28th Mar, 2012 20:18
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Security firms disable the second Kelihos botnet
The second Kelihos botnet was made up of more than 100,000 compromised computers, security researchers said

By Lucian Constantin | IDG News Service

A group of malware experts from security companies Kaspersky Lab, CrowdStrike, Dell SecureWorks, and the Honeynet Project, have worked together to disable the second version of the Kelihos botnet, which is significantly bigger than the one shut down by Microsoft and its partners in September 2011.

The Kelihos botnet, also known as Hlux, is considered the successor of the Waledac and Storm botnets. Like its predecessors, it has a peer-to-peer-like architecture and was primarily used for spam and launching DDoS (distributed denial-of-service) attacks.

More at :-
http://www.infoworld.com/d/security/security-firms...

--
Was this reply relevant?
+0
-0
mogs CClip 143
Expert Contributor 28th Mar, 2012 20:24
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Rockyou security blunder exposed data on 32 million gamers

US FTC wades in
By Robert Jaques
Wed Mar 28 2012, 10:22
SOCIAL GAMING OUTFIT Rockyou has agreed to implement a "comprehensive data security programme" and cough up a $250,000 fine to the US Federal Trade Commission (FTC).
The FTC revealed that after it issued a complaint against Rockyou the gaming web site operator agreed to settle charges that, despite promoting its internal security measures, it failed to protect the privacy of its users. This allowed hackers to access the personal details of 32 million users, including almost 200,000 children.
The FTC also alleged in its complaint that the gaming developer violated the Children's Online Privacy Protection Act Rule (COPPA Rule) by collecting information from children. The COPPA Rule requires that webs site operators notify parents and obtain their consent before they collect, use or disclose personal information from children under 13. It also requires that web site operators post a privacy policy that is clear, understandable and complete.

More at :-
http://www.theinquirer.net/inquirer/news/2164169/r...

--
Was this reply relevant?
+0
-0
mogs CClip 144
Expert Contributor 28th Mar, 2012 20:34
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Europe-wide draft law seeks to criminalise hacking
By Tom Espiner , 28 March, 2012 17:26
Daily Newsletters

Cyberattacks could become a criminal offence across Europe punishable by at least two years in jail under a draft law cleared by a European Parliament committee on Tuesday.

Attacks against a website, network or database, and attempts to interfere with or illegally intercept data, would see two years in prison under proposals backed by the European Parliament Civil Liberties Committee. Aggravating circumstances would include the use of tools designed for use in large-scale botnet attacks, and loss of financial data.

The aim is to harmonise European law regarding attacks on computer systems, according to a European Parliament justice and home affairs statement published on Wednesday.

More at :-
http://www.zdnet.co.uk/blogs/security-bulletin-100...

--
Was this reply relevant?
+0
-0
mogs CClip 145
Expert Contributor 28th Mar, 2012 20:43
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Europe aims to open cybercrime hub in January
By Tom Espiner, ZDNet UK, 28 March, 2012 15:12
Daily Newsletters

Europe's new digital crime hub will concentrate on combating attacks on critical infrastructure and pursuing crimes such as e-banking fraud, officials said as they revealed more details about the proposed organisation.

The European Cybercrime Centre in The Hague will pool information from private and public organisations, and will offer advice to businesses on cyberattacks.
The European Cybercrime Centre, based at Europol in The Hague, will probably begin work in January with a staff of 36, according to European Commission home affairs spokesman Michele Cercone. As a clearinghouse, it will compile data from a range of bodies to support investigations throughout the region, as well as acting as a hub to co-ordinate training and answer inquiries.

More at :-
http://www.zdnet.co.uk/news/security-threats/2012/...

--
Was this reply relevant?
+0
-0
mogs CClip 146
Expert Contributor 28th Mar, 2012 20:46
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Gangs responsible for eight out of 10 e-crimes Research from BAE Systems Detica and London Metropolitan University's John Grieve Centre has found organised crime has entered a new era, with 80 per cent of all cybercrime now stemming from gangs.
The Organised Crime in the Digital Age report concluded that offline and online crime has converged, with criminal rings now viewing online as a fertile ground for exploitation.
The move demonstrates a change in the nature of online criminality, showcasing how cybercrime has evolved from lone operators into one mainly perpetrated by organised digital crime groups.
The paper also challenges the assumption that cybercrime is an area dominated by the young, reporting that nearly half of digital crime group members are over 35 years old, whereas only around 30 per cent are under 25.
"Organised criminal activity has now moved from being an emerging aspect of cybercrime to become a central feature of the digital crime landscape," said Kenny McKenzie, head of law enforcement at BAE Systems Detica.

More at :-
http://www.v3.co.uk/v3-uk/news/2164355/gangs-respo...

--
Was this reply relevant?
+0
-0
mogs CClip 147
Expert Contributor 28th Mar, 2012 21:58
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Google lets users monitor their online activity Google on Wednesday began letting people get monthly reports summarizing what they have been up to at the Internet titan's free online services.
A freshly-added feature keeps people posted on patterns at Gmail, YouTube, online search and other Google venues visited while signed into their user accounts with the California-based company.
"Sometimes it's helpful to step back and take stock of what you're doing online," Google product manager Andreas Tuerk said in a blog post announcing the "Account Activity" feature.
"Knowing more about your own account activity also can help you take steps to protect your Google Account."
He gave an example of a report potentially revealing that someone's account was signed into from countries they have not visited or from gadgets they don't own.
Google will incorporate more of its services into Account Activity reports in coming months, according to Tuerk.
Those who sign up with get password-protected links to reports and tools to manage account privacy.

More at :-
http://www.physorg.com/news/2012-03-google-users-o...

--
Was this reply relevant?
+0
-0
mogs CClip 148
Expert Contributor 29th Mar, 2012 08:18
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Chrome Dev Channel Update
Wednesday, March 28, 2012 | 13:18
Labels: Dev updates
The Dev channel has been updated to 19.0.1081.2 for Windows, Mac, Linux and Chrome Frame. This build contains following updates:

Updated V8 - 3.9.24.1
The Other Devices menu on the new tab page restores the navigation history when a tab is restored.
[Windows] Disable file: or data: downloads for security hardening.
[Mac] Fixed: Extension and download icons are drawn incorrectly (Issue: 118755)

Full details about what changes are in this build are available in the SVN revision log. Interested in switching release channels? Find out how. If you find a new issue, please let us know by filing a bug.

Dharani Govindan
Google Chrome

--
Was this reply relevant?
+0
-0
mogs CClip 149
Expert Contributor 29th Mar, 2012 08:26
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK

Operation Global Blackout: Real danger or irrelevant?
By Taylor Armerding
March 28, 2012
CSO - Will the hacker group Anonymous make good on its threat to take down the Internet Saturday? Probably not. But it could slow it down, according to a number of security experts. And it may depend in part on how unified Anonymous is about the attack -- there are some indications of divisions within the group.

Anonymous has threatened retaliation for the arrests of about 25 of its members last month, and is also focused on what its members believe is a continuing threat by Congress to censor the Internet through revised versions of the Stop Internet Piracy Act (SOPA) and the companion Senate bill called the Protect IP Act (PIPA), even though the legislation was put on hold in January.

And it is essentially daring anyone to stop Operation Global Blackout -- the group announced March 31 as the date of the attack, along with the method they intend to use -- disabling the Domain Name Service through distributed denial of service attacks on the root servers of the DNS with an attack tool called "ramp," which stands for "reflective amplification." While two of the basic rules of hacking are: Don't tell your target in advance and don't give away your methods, Radware security vice president Carl Herberger says the announcement is a classic Anonymous tactic

--
Was this reply relevant?
+0
-0
mogs CClip 150
Expert Contributor 29th Mar, 2012 08:32
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK

Duqu malware resurfaces after four-month holiday
'These guys are still working,' says security expert of gang behind Trojan aimed at Iran

By Gregg Keizer
March 28,
Computerworld - Duqu, the malware that has been compared to 2010's notorious Stuxnet, is back, security researchers said today.

After a several-month sabbatical, the Duqu makers recompiled one of the Trojan's components in late February, said Liam O Murchu, manager of operations at Symantec's security response team.

The system driver, which is installed by the malware's dropper agent, is responsible for decrypting the rest of the already-downloaded package, then loading those pieces into the PC's memory.

Symantec has captured a single sample of the driver, which was compiled Feb. 23, 2012. Before that, the last time the Duqu gang updated the driver was Oct. 17, 2011.

Duqu has been characterized by Symantec -- the first to extensively analyze the Trojan last year -- and others as a possible precursor to the next Stuxnet, the ultra-sophisticated worm that sabotaged Iran's nuclear fuel enrichment program by crippling critical gas centrifuges.

More at :-
http://www.computerworld.com/s/article/9225637/Duq...

--
Was this reply relevant?
+0
-0
mogs CClip 151
Expert Contributor 29th Mar, 2012 08:38
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Opera 11.62 Patches Seven Security Flaws

Two of the vulnerabilities have a high severity rating.

March 28, 2012 Share
The Opera browser was recently updated to version 11.62.

"This maintenance update fixes a number of bugs, improves overall stability, and closes a total of seven security holes, five of which affect all supported platforms," The H Security reports.

"Two of the vulnerabilities are rated as 'high' severity and could be exploited by an attacker to download and execute a possibly malicious file," the article states.

Go to "Opera 11.62 closes security holes" to read the details.

http://www.esecurityplanet.com/browser-security/op...

--
Was this reply relevant?
+0
-0
mogs CClip 152
Expert Contributor 30th Mar, 2012 21:43
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Last edited on 30th Mar, 2012 21:44
MasterCard, VISA Warn of Processor Breach

VISA and MasterCard are alerting banks across the country about a recent major breach at a U.S.-based credit card processor. Sources in the financial sector are calling the breach “massive,” and say it may involve more than 10 million compromised card numbers.

In separate non-public alerts sent late last week, VISA and MasterCard began warning banks about specific cards that may have been compromised. The card associations stated that the breached credit card processor was compromised between Jan. 21, 2012 and Feb. 25, 2012. The alerts also said that full Track 1 and Track 2 data was taken – meaning that the information could be used to counterfeit new cards.

Neither VISA nor MasterCard have said which U.S.-based processor was the source of the breach. But affected banks are now starting to analyze transaction data on the compromised cards, in hopes of finding a common point of purchase. Sources at two different major financial institutions said the transactions that most of the cards they analyzed seem to have in common are that they were used in parking garages in and around the New York City area

More at :-
http://krebsonsecurity.com/category/latest-warning...

--
Was this reply relevant?
+0
-0
mogs CClip 153
Expert Contributor 30th Mar, 2012 21:53
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Microsoft claims Windows 7 touchscreen devices will work with Windows 8

But it might be a touch and go experience
By Lawrence Latif
Fri Mar 30 2012, 15:03
SOFTWARE TREADMILL VENDOR Microsoft says most Windows 7 touchscreen devices will work with its touchscreen Metro user interface that's coming in Windows 8.
Microsoft is heavily promoting the Metro user interface in Windows 8, claiming the interface will make Windows 8 a credible alternative to Apple's IOS and Google's Android on tablets. Now the firm claims that its testing shows that the majority of touchscreen Windows 7 devices can work with Windows 8.
Microsoft outlines what it means by Windows 7 touchscreens working by saying, "This means that touch drivers continue to load, and you can perform the basic touch interactions in Windows 8 with a reasonable degree of success." The firm says 'reasonable success' means that windows might not align perfectly when dragged by fingers or interpreting gestures such as swiping and pinch-to-zoom.
According to Microsoft, Windows 8 will understand the user's intentions in its touchscreen behaviour. Microsoft claims this will help the operating system use 'sloppy' user touch-based input, something that isn't a problem with keyboards and mice because they produce very specific inputs - a particular keypress or a right click on a particular pixel.
Although Microsoft says most Windows 7 touchscreen devices will work with Windows 8, the firm claims touchscreen devices designed for Windows 8 will provide a better experience. After all, it needs to provide something more than Windows 7, otherwise its system builders and especially its marketing and sales overhead and management won't be able to profit from yet another Windows operating system release

http://www.theinquirer.net/inquirer/news/2165029/m...

--
Was this reply relevant?
+0
-0
mogs CClip 154
Expert Contributor 30th Mar, 2012 21:57
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK

Google fixes Pwnium vulnerabilities in Chrome 18

While enabling hardware accelerated 2D rendering
By Lawrence Latif
Fri Mar 30 2012, 15:31
SOFTWARE DEVELOPER Google has released Chrome 18 into the stable channel, bringing a number of security fixes for vulnerabilities that were highlighted at the Pwnium competition.
Google's Chrome web browser was well and truly beaten into submission at the Pwnium competition earlier this month, with Google handing over large amounts of cash to talented security researchers. Now the firm has incorporated fixes for those security vulnerabilities among others and improved performance for Canvas2D and WebGL.
Google outlined some of the cash bounties it paid for particular fixes, with two vulnerabilities netting $1,000 apiece for two researchers. The firm also thanked four researchers for stopping security regressions from entering Chrome's stable channel, and it handed out $8,000 in additional rewards for this.
Aside from security fixes, Google has enabled GPU accelerated Canvas2D on those machines running Windows and Mac OS X that are up to the task. The firm has also enabled a Swiftshader, a software rasteriser, for users that do not have hardware that can accelerate WebGL.
Google's Chrome web browser has achieved significant market share growth in the past three years with the firm aggressively updating it. With the company pushing Chrome 18 into the stable channel, it has already announced Chrome 19 is in the beta channel, though there is no date yet for moving that over to the stable channel

http://www.theinquirer.net/inquirer/news/2165056/g...

--
Was this reply relevant?
+0
-0
mogs CClip 155
Expert Contributor 31st Mar, 2012 15:14
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Expert Shows How Hackers Can Use CSRF Browser Vulnerability

Egor Homakov, the hacker that’s famous for hacking GitHub to demonstrate a vulnerability, warns that cross-site request forgery (CSRF), a security hole that affects all browsers, must be addressed immediately because it poses a great risk for unsuspecting users.

Homakov claims that CSRF security holes are present for a long time now, but many have underestimated the dangers that hide behind them. Unlike cross-site scripting (XSS) attacks which exploit the trust of a user towards a particular site, CSRF attacks rely on the trust that a site has in a browser.

The expert explains that when users sign in to any site, dubbed by the researcher as site1.com, they are remembered by the cookie mechanism. By leveraging the vulnerability, the hacker can shorten the website’s session and social engineer the victim into signing in again.

The user signs in the second time and a malicious script is triggered. Then, when the internaut visits a second site, named site2.com, the magic starts.

Read more at :-
http://news.softpedia.com/news/Expert-Shows-How-Ha...

--
Was this reply relevant?
+0
-0
mogs CClip 156
Expert Contributor 31st Mar, 2012 15:23
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK

Anonymous threatening to kill Internet over SOPA, Lulzsec
Will Operation Global Blackout go ahead this weekend, or is it all an elaborate joke?

By Mary-Ann Russon | Computerworld UK | 31 March 12
Hacker group Anonymous has been threatening since February to "shut the Internet down" by launching a Distributed Denial of Service attack (DDOS) on Saturday (31 March). The attack will target the world's 13 DNS servers so that Internet users will be unable to perform domain name lookups , thus temporarily disabling the Internet.

Anonymous is claiming that it will showcase the full extent of their botnet capabilities by compromising machines or clients running DHN software (which was developed by Lulzsec) to generate malformed UDP packets that will cause the DNS root servers to flood themselves with DNS responses and bring them down (check out a blog that explains the technology behind the attacks here).

However this seems unlikely because Anonymous has never offered any evidence that is capable of generating enough traffic to flood the root servers, which are massively overprovided with bandwidth. In addition, Anonymous is unlikely to explain to the world how it is going to perform an attack beforehand.

More at :-
http://www.pcadvisor.co.uk/news/security/3348354/a...

--
Was this reply relevant?
+0
-0
mogs CClip 157
Expert Contributor 31st Mar, 2012 20:10
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK

Google takes CAPTCHA security to the streets
An experiment with digital images from Street View aims to stymie CAPTCHA-resistant bots

By Ted Samson | InfoWorldFollow @tsamson_IW

In a move that could make CAPTCHA challenges a bit easier for humans and more difficult for bots, Google is experimenting with using street-number images from Street View to strengthen its reCAPTCHA authentication technology.

Traditionally, CAPTCHA technology works by challenging users with one or more sets of distorted text characters, which they must key in to access areas of website. With the reCAPTCHA experiment, Google presents users with one set of distorted text characters and one random digital picture of a street-address number extracted from Street View, the popular Google map technology that provides a 360-degree view of an area. A user on the BlackHat SEO Forum posted a collection of images of the experimental reCAPTCHA challenges.

"We're currently running an experiment in which characters from Street View images are appearing in CAPTCHAs," Google said in a statement. "We often extract data such as street names and traffic signs from Street View imagery to improve Google Maps with useful information like business addresses and locations. Based on the data and results of these reCAPTCHA tests, we'll determine if using imagery might also be an effective way to further refine our tools for fighting machine and bot-related abuse online."

More at :-
http://www.infoworld.com/t/security/google-takes-c...

--
Was this reply relevant?
+0
-0
mogs CClip 158
Expert Contributor 31st Mar, 2012 20:17
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Yahoo says it will implement do-not-track worldwide later this year
Yahoo has committed to honoring user requests not to be tracked by behavioral ads across its portfolio of websites

By Peter Sayer | IDG News Service

Yahoo websites worldwide will comply with visitors' "do not track" preferences starting later this year, Yahoo announced Wednesday.

Most major browsers are now able to send a message to sites visited, indicating whether users want their surfing behavior to be tracked by cookies for the purposes of displaying personalized ads. In February the last major hold-out, Google, announced that its Chrome browser will include do-not-track support by the end of the year.

That message, an HTTP (hypertext transfer protocol) header accompanying a request to display a Web page, avoids the awkward paradox that to store a visitor's preference not to be tracked by cookies, sites had to store a cookie containing that preference, and provides a consistent way to store and indicate such preferences across all Web sites that respect the do-not-track header.

Support for the do-not-track header has been in the works since last year, Yahoo said. All Yahoo sites will respect the header, including those of Right Media and Interclick, two Yahoo subsidiaries specializing in behavioral or data-driven advertising, the company said.

More at :-
http://www.infoworld.com/d/security/yahoo-says-it-...

--
Was this reply relevant?
+0
-0
mogs CClip 159
Expert Contributor 31st Mar, 2012 22:53
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK

Chrome 19.0.1084.1 Dev Available, Paves the Way for Chrome 19 Beta With Chrome 18 stable out the door and onto people's computers, Google is working on getting Chrome 19 from the dev channel to the beta channel. The latest dev channel release, Chrome 19.0.1084.1 is probably the first step towards that and a beta should be landing soon enough.

In the meantime, the latest dev releases fixes several issues. Users are now able to add the Gmail app to Chrome, something that was broken in the previous version. The Gmail app comes built into Chrome, of course.

Theme and bookmarks bar notifications have also been fixed in the latest update. Finally, the popup prompt for Flash plugin installs is now working as it should.

Given that Google is trying to graduate Chrome 19 to the beta channel, you can expect nothing but fixes to the dev channel for the next few releases, which should be coming more frequently than usual now.

http://news.softpedia.com/news/Chrome-19-0-1084-1-...

--
Was this reply relevant?
+0
-0
mogs CClip 160
Expert Contributor 31st Mar, 2012 23:08
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Scan a computer for viruses using the Microsoft Safety Scanner tool
Every PC should have reliable, up-to-date, anti-virus software installed. We show you how a free Microsoft tool can check the security of any computer instantly


Read more: http://www.computeractive.co.uk/ca/step-by-step/21...


--
Was this reply relevant?
+0
-0
CaptainMunch RE: Daily CYBERCLIPS March
Member 1st Apr, 2012 11:06
Score: 0
Posts: 2
User Since: 31st Mar 2012
System Score: 100%
Location: US
HI, Good info i to have heard about this,but don't you think the United States is over stepping there authority when they interfere with other country's legal matters.....That's just my own opinion.

--
Beat me with truth....Don't turture me with lies!
Was this reply relevant?
+0
-0
mogs RE: Daily CYBERCLIPS March
Expert Contributor 1st Apr, 2012 11:45
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Last edited on 2nd Apr, 2012 19:43
@CaptainMunch

Hello....not exactly sure what above post you're referring to; or if it's your opinion based 'pon a general observation....but the contentions of inter-State legalities is something I try to avoid.
The CYBERCLIPS thread may be likened to an oasis where only figs have flourished without an ancient tree......free of dispute. Personally, I have no gripe about how the US uses it's cyberfingers from within it's own borders....Regards.


This thread is now closed.
Please see April's CYBERCLIPS thread at :-
http://secunia.com/community/forum/thread/show/124...

--
Was this reply relevant?
+0
-0

This thread has been marked as locked.


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 VARS
MSSP
Technology Partners
References
 Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


 
© 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability