Forum Thread: Daily CYBERCLIPS January

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
Open Discussions

This thread has been marked as locked.
mogs Daily CYBERCLIPS January
Member 1st Jan, 2011 07:59
Ranking:
Posts: 6,279
User Since: 22nd Apr, 2009
System Score: N/A
Location: UK


Sixth Edition

Thankyou for your continuing support. A CYBERCLIPS INDEX thread is running for reference purposes ! The INDEX will be updated every two days...hopefully !
Security is still the emphasis of the thread with some related and varied topics.
Please note....the most recent posts are those at the end of a downward scroll !!
I should reiterate that no entry/post should be taken as a personal recommendation, unless otherwise stated.
Please continue to keep CYBERCLIPS free of junk and unattractive to any contentious individuals; whilst, at the same time feeling disposed towards posting suitable content, and one-off helpful comment, yourself.
* Keep patching : up to date : be Cybersafe ! *


--

mogs CClip 1
Member 1st Jan, 2011 08:22
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Analyst says Google's Chrome OS will bury Windows

On netbooks
By Edward Berridge
Fri Dec 31 2010, 10:13
TELECOMS ANALYST Steve Sechrist has shuffled his tarot cards to foresee what the future has in store for Google's Chrome operating system.
He predicts that the free Chrome OS will displace the Vole's Windows OS on netbooks. This implies that Microsoft will be forced to give away its flagship desktop operating system for free in order to support sales of its other products, like Office.
Sechrist said that Google's Chrome OS is not just a stand-alone netbook OS but a piece in a large ecosystem puzzle that is looking to topple Apple and Microsoft. He claimed that Google's stripped down operating system will make money because it is not burdened with legacy drivers and resource draining middleware code.


Read more: http://www.theinquirer.net/inquirer/news/1934490/a...


--
Was this reply relevant?
+0
-0
mogs CClip 2
Member 1st Jan, 2011 09:04
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Why does my computer keep freezing?
A problem with a motherboard battery causes a computer to stall
Computeractive staff PC help Desktops 31/12/2010


I recently read a letter in Computeractive from a reader complaining of their six-year-old computer freezing regularly.
Mine (of a similar age) started doing the same, so I tested the motherboard battery using a small voltage meter. I discovered it was only working at 1.4V when it said that it works at 3V on the top. I replaced the battery and the freezing problem went away.
Andrew Currie
Watch our video on replacing a motherboard battery


Read more: http://www.computeractive.co.uk/ca/pc-help/1931372...


--
Was this reply relevant?
+0
-0
mogs CClip 3
Member 1st Jan, 2011 09:08
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 4
Member 1st Jan, 2011 09:12
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Show world clocks on the Windows Taskbar
Find out how to view global time zones in Windows
Computeractive staff Step by step Operating systems 24/12/2010



Read more: http://www.computeractive.co.uk/ca/step-by-step/19...


--
Was this reply relevant?
+0
-0
mogs CClip 5
Member 1st Jan, 2011 12:30
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 6
Member 1st Jan, 2011 13:07
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
New Year's Resolution......
Keep the maintenance schedule I had in 2010 !

Run CCleaner and Revo ( Junk file cleaner ) on a daily basis...check Disc Cleanup once a week.
http://www.revouninstaller.com/revo_uninstaller_fr...
http://www.piriform.com/ccleaner/update?v=3.02.134...

Run Auslogics Registry Scanner at least once a week.
http://www.auslogics.com/en/software/registry-clea...

Run Revo Evidence Remover every seven days and reclaim space from previously deleted items.

Run two manual defrags and a Boot-Time defrag on a Saturday ( or a Sunday! Ha!)
http://www.puransoftware.com/Puran-Defrag.html

Scan with psi 2.0 twice weekly.

Run laptop battery down and run CHKDSK once a month !

File back-up fits in there somewhere too !

My two year old Tosh is like something half it's age !!!

--
Was this reply relevant?
+0
-0
mogs CClip 7
Member 1st Jan, 2011 16:22
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 8
Member 1st Jan, 2011 21:05
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Avoid Security Software Overlap
By Rick Broida, PCWorld

Reader LK wants to know if Microsoft Security Essentials (which I've championed in these pages many times) can be installed alongside other anti-virus and/or anti-malware programs.

Short answer: no.

Longer answer: Definitely, definitely, definitely no.

You might think that where security software is concerned, more is better. But you'd be wrong--especially if you're talking about programs that do the same thing, like fight viruses or spyware.

For example, if you were to install MSE on a system that already had Norton Internet Security, the latter might think the former was a kind of spyware--or vice-versa. What's more, one security might not slow down your system that much, but two almost certainly will.

My advice: if you're planning to switch security tools, do exactly that. Uninstall one, reboot, and then install the other.

http://www.pcworld.com/article/209441/avoid_securi...

--
Was this reply relevant?
+0
-0
mogs CClip 9
Member 1st Jan, 2011 21:10
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK

Could Malware Render Your PC Unbootable?
By Lincoln Spector, PCWorld

A lot of people see a PC that won't boot, and assume that it's infected. That's the least likely cause.

I'm not answering a particular reader question this time around, although a recent forum discussion inspired me to write this post.

I hear a lot from people with unbootable computers. Maybe they get a Blue Screen of Death (BSoD) with every boot. Or the PC shuts down before Windows finishes loading. Sometimes an error message tells them that there's no operating system on their hard drive, or no hard drive at all. A great many of these users assume that a "virus" is to blame.

This belief is a cultural leftover from the 1990s, when viruses like Leonardo might render your PC unbootable and your data inaccessible. If your PC was infected by Leonardo (which spread via floppy disks), booting on March 6 appeared to wipe everything off of your hard drive (although someone with reasonable technical skills could retrieve most of it).

Back then, writing malware was a cruel hobby. Today, it's an evil profession. The perpetrators want to use your computer to send out spam, take part in distributed denial-of-service (DDoS) attacks, practice extortion, and infect other computers. And as long as they secretly control your PC, they might as well steal your passwords and credit card numbers, too.

If your PC can't boot, it's useless to them. Therefore, no one writes malware that intentionally causes a catastrophic failure.

Read more at :-
http://www.pcworld.com/article/214666/could_malwar...

--
Was this reply relevant?
+0
-0
mogs CClip 10
Member 2nd Jan, 2011 10:03
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
1 January 2011
Hotmail e-mails 'missing' from accounts

Some Hotmail users are reporting that their e-mails are missing from their accounts
A number of people with Hotmail accounts have posted complaints on Microsoft forums complaining that their e-mails have been deleted.

Users around the world say e-mails are missing from their inbox and from other folders within their Hotmail accounts.

A spokeswoman for Microsoft said that the issue of missing e-mails was not a widespread problem.

The company said it is working to rectify the problem and apologised to customers for any inconvenience.

http://www.bbc.co.uk/news/uk-12103707


--
Was this reply relevant?
+0
-0
mogs CClip 11
Member 2nd Jan, 2011 10:08
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Spam volume slumped at the end of the year

Not that you would notice
By Nick Farrell
Fri Dec 31 2010, 11:07
THE NUMBER of spam emails slumped at the end of the year, according to people who spend their time watching it.
Commtouch said that there was an 18 per cent drop in global spam levels between September and October. It attributed the drop to the closure of Spamit, which was behind a fair amount of the world's pharmacy spam.
While spammers are usually pretty quick to pick up the slack of one of their number falling, Commtouch said that there was a further drop in spam numbers in December.
December's daily average was around 30 per cent less than September's, which means that the average spam level for the quarter was 83 per cent, down from 88 per cent in the third quarter of 2010.


Read more: http://www.theinquirer.net/inquirer/news/1934497/s...


--
Was this reply relevant?
+0
-0
mogs CClip 12
Member 2nd Jan, 2011 13:22
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK

XP-AntiSpy 3.97-10
Disable spyware functionality within Windows
Written by Chris Wiles
V3.co.uk, 01 Jan 2011
Type: freeware Platform: Windows XP, Windows Vista Manufacturer:Christian Taubenheim Size: 427KB
Many of us are very wary of the information our computer is sending back to software suppliers over the internet, security issues with the software installed on our computer and scares regarding the Windows operating system.

XP-AntiSpy is a tool that enables you to configure Windows so that it doesn't use the internet to either submit feedback or download information without your knowledge.

For instance, Windows Media Player will look to the internet for information regarding song titles and will automatically download codecs when required.

It has been reported that it might submit usage information to Microsoft, and will save usage information to your system and much more.

Read more at :-
http://www.v3.co.uk/vnunet/downloads/2159358/xp-an...

--
Was this reply relevant?
+0
-0
mogs CClip 13
Member 2nd Jan, 2011 16:18
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK

Facebook generation suffer information withdrawal syndrome
Turning off mobile phones, avoiding the internet and tuning out of the television and radio can leave people suffering from symptoms similar to those seen in drug addicts trying to go cold turkey, researchers have found.

The volunteers who stayed away from all emails, text messages, Facebook and Twitter updates for 24 hours began to develop symptoms typically seen in smokers attempting to give.
The scientists asked volunteers to stay away from all emails, text messages, Facebook and Twitter updates for 24 hours. They found that the participants began to develop symptoms typically seen in smokers attempting to give up

Another fix at :-
http://www.telegraph.co.uk/technology/news/8235302...

--
Was this reply relevant?
+0
-0
mogs CClip 14
Member 2nd Jan, 2011 20:38
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 15
Member 3rd Jan, 2011 08:09
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK

Stuxnet Leads the Top 10 Most Interesting Malware Threats List for 2010
By Lucian Constantin

According to researchers from antivirus vendor Trend Micro, the most remarkable threat for last year was by far the Stuxnet industrial espionage worm, which managed to get ahead other more long-running threats.

Stuxnet was discovered this summer, but it is believed to have existed since mid-2009. It is widely considered in the malware research community as the most sophisticated computer threat created to date.

At the time of its discovery, Stuxnet exploited four previously unknown vulnerabilities in Windows, at a time when exploiting a single one is a big deal.

Also, its complex code base, which was built for sabotaging industrial control systems, in particular those in uranium enrichment plants, makes this threat a game changer.

More at :-
http://news.softpedia.com/news/Stuxnet-Leads-this-...

--
Was this reply relevant?
+0
-0
mogs CClip 16
Member 3rd Jan, 2011 11:06
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK

Microsoft warns of Office-related malware
by Edward Moye

Microsoft's Malware Protection Center issued a warning this week that it has spotted malicious code on the Internet that can take advantage of a flaw in Word and infect computers after a user does nothing more than read an e-mail.

The flaw was addressed in November in a fix issued on Patch Tuesday, but with malicious code now spotted in the wild, the protection center apparently wants to be sure the update wasn't overlooked.
Symantec underlined the seriousness of the flaw to CNET's Elinor Mills in November:
"One of the most dangerous aspects of this vulnerability is that a user doesn't have to open a malicious e-mail to be infected," Joshua Talbot, security intelligence manager at Symantec Security Response, said at the time. "All that is required is for the content of the e-mail to appear in Outlook's Reading Pane. If a user highlights a ... Read full post & comments


Read more: http://news.cnet.com/security/#ixzz19xuVI4ul

--
Was this reply relevant?
+0
-0
mogs CCip 17
Member 3rd Jan, 2011 13:30
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK

Internet Explorer Possibly Hit by New Zero-Day Vulnerability

January 3rd, 2011, 10:01 GMT| By Lucian Constantin

2011 is already shaping up to be a busy year for Microsoft from a security standpoint, as a reputed researcher warns that Internet Explorer might be suffering from a critical vulnerability already known to third parties.

On January 1, Michal Zalewski aka "lcamtuf," a well known browser security researcher who currently works for Google, published a stack trace for a potentially exploitable Internet Explorer crash.

The trace was obtained with a self-developed fuzzing tool called cross_fuzz, which was shared with Microsoft and other vendors privately in mid-2010.

According to the researcher, on July 26, 2010, he notified Microsoft of multiple crashes and GDI corruption issues in Internet Explorer.

Read more at :-
http://news.softpedia.com/news/Internet-Explorer-P...

--
Was this reply relevant?
+0
-0
mogs CClip 18
Member 3rd Jan, 2011 15:23
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 19
Member 3rd Jan, 2011 19:49
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Internet Explorer 9 (IE9) Release Candidate (RC) by the End of January 2011, Reportedly

January 3rd, 2011, 15:15 GMT| By Marius Oiaga

Microsoft is reportedly gearing up to release the Release Candidate of Internet Explorer 9 by the end of January 2011.

The Redmond company has yet to confirm or deny third-party reports that claim to already have the IE9 RC availability deadline, or to comment in any way on the matter at hand.

Various sources are indicating that IE9 RC will actually drop on January 28th, 2011 (via LiveSide and sp3ciali5t), but the reports need to be taken with a grain of salt, until the software giant will offer official confirmation of the release date.

More at :-
http://news.softpedia.com/news/Internet-Explorer-9...

--
Was this reply relevant?
+0
-0
mogs CClip 20
Member 3rd Jan, 2011 20:00
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Chinese hackers dig into new IE bug, says Google researcher
Microsoft asked Google security engineer to delay release of fuzzer, other information because of 'PR concerns'

By Gregg Keizer
January 3, 2011 06:35 AM ETComments (6)Recommended (11)
Computerworld - An accidental leak may have confirmed Chinese hackers' suspicions that Internet Explorer has a critical unpatched vulnerability, a security researcher said Saturday.

Sunday, Microsoft said it was analyzing the vulnerability.

The bug was one of about 100 found by noted browser vulnerability researcher and Google security engineer Michal Zalewski using a new "fuzzing" tool. The vulnerabilities were in IE, Firefox, Chrome, Safari and Opera.

More at :-
http://www.computerworld.com/s/article/9202959/Chi...

--
Was this reply relevant?
+0
-0
mogs CClip 21
Member 3rd Jan, 2011 20:57
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
FireEye Researcher Warns of PDF Security Flaws
January 3, 2011
By eSecurityPlanet Staff

At the 27th Chaos Communication Congress in Berlin, FireEye security researcher Julia Wolf recently described several security flaws in Adobe's PDF standard.

"For instance, a PDF can reportedly contain a database scanner that becomes active and scans a network when the document is printed on a network printer," writes The H Security's Stefan Krempl.

"Wolf said that the document format is also full of other surprises," Krempl writes. "For example, it is reportedly possible to write PDFs which display different content in different operating systems, browsers or PDF readers -- or even depending on a computer's language settings."

More at :-
http://www.esecurityplanet.com/headlines/article.p...

--
Was this reply relevant?
+0
-0
mogs CClip 22
Member 4th Jan, 2011 08:42
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Recent Spam Campaign Points to New Storm Botnet By Lucian Constantin

While analyzing a recent spam campaign, security researchers found what seems to be a new version of the Storm or Waledac botnets.

Storm was one of the first and most successful botnets of all times. At its peak, in 2007, it was composed of millions of infected computers and could take entire countries off the Internet.

Microsoft scored a major hit against Storm after adding detection for it to its monthly Malicious Software Removal Tool (MSRT).

The botnet slowly faded away to be replaced by Waledac, a trojan that displays much of the same functionality and particularities. This is why Waledac is considered by some as Storm version 2.

According to the Shadowserver Foundation, a volunteer organization that tracls and fights botnets, a recent junk email campaign distributed links that led to a new Waledac or Storm variant.

The emails come with a subject announcing a holiday e-card, while their body message direct users to links to view the alleged greeting.

More at :-
http://news.softpedia.com/news/Recent-Spam-Campaig...

--
Was this reply relevant?
+0
-0
mogs CClip 23
Member 4th Jan, 2011 08:59
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Microsoft 'sorry' as Hotmail bug hits 17,000

Load balancing without a safety net
By Gavin Clarke in San Francisco
Posted in Software, 4th January 2011 00:28 GMT
Microsoft has apologized, but not explained why nearly 20,000 Hotmail accounts were mysteriously emptied of their contents during the Christmas holiday.

Corporate vice president for Windows Live Chris Jones blogged on Monday that 17,355 Windows Live Hotmail accounts had lost all their email messages during the course of what he called "mailbox load balancing between servers."

Inboxes and folders starting emptying on December 30, with accounts appearing to be new and people receiving a "Welcome to Hotmail" email from Microsoft. Some affected accounts went back 10 years.

Users took to Hotmail forums pleading for Microsoft to restore their cherished accounts while other took to Facebook, launching a group to share their anguish and frustration with world+dog.

http://www.theregister.co.uk/2011/01/04/microsoft_...

--
Was this reply relevant?
+0
-0
mogs CClip 24
Member 4th Jan, 2011 12:19
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK

Outlook 2010 Downgrades Can Kill Outlook 2007 Access to Email for Outlook Profiles

January 4th, 2011, 08:14 GMT| By Marius Oiaga

Downgrading from Office Outlook 2010 to its predecessor might require a tad more effort from users in order for them to actually be able to open Outlook 2007 and access their emails.

Microsoft has confirmed an issue in which customers uninstalling Outlook 2010 and reinstalling Outlook 2007 have found that they are no longer able to open the email client.
http://news.softpedia.com/news/Outlook-2010-Downgr...

--
Was this reply relevant?
+0
-0
mogs CClip 25
Member 4th Jan, 2011 13:22
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Critical Vulnerability Identified in VLC Media Player

January 4th, 2011, 10:25 GMT| By Lucian Constantin

The VideoLAN Project warns about a critical buffer overflow vulnerability in VLC media player which can be exploited to execute arbitrary code remotely.

The vulnerability was confirmed in VLC media player 1.1.5, the latest stable version, but previous releases could also be affected.

The bug is located in the Real demuxer plugin which handles the playback of multimedia files in the Real Media format.

http://news.softpedia.com/news/Critical-Vulnerabil...

--
Was this reply relevant?
+0
-0
mogs CClip 26
Member 4th Jan, 2011 21:02
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK

Fake Windows Security Update Emails Spread Worm

January 4th, 2011, 16:57 GMT| By Lucian Constantin

Security researchers from Sophos warn of a new malware distribution campaign that tries to pass an AutoRun worm as a critical Windows security update.

The spam emails bear a subject of "Update your Windows" and their header is forged to appear as if they originate from a no-reply@microsft.com [intentional domain typo] address.

The rather lengthy message contained within claims that a security update was recently released for all Windows versions, including Windows 2000 which is no longer supported.

http://news.softpedia.com/news/Fake-Windows-Securi...

--
Was this reply relevant?
+0
-0
mogs CClip 27
Member 4th Jan, 2011 21:08
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 28
Member 4th Jan, 2011 21:12
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 29
Member 4th Jan, 2011 21:15
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 30
Member 5th Jan, 2011 08:02
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Chrome Beta Channel Update
Tuesday, January 4, 2011 | 17:09
Labels: Beta updates
The Beta channel has been updated to 9.0.597.42 for Windows, Mac, Linux and Chrome Frame.

More details about additional changes are available in the svn log of all revision.

If you find new issues, please let us know by filing a bug at http://code.google.com/p/chromium/issues/entry

Anthony Laforge
Google Chrome

http://googlechromereleases.blogspot.com/

--
Was this reply relevant?
+0
-0
mogs CClip 31
Member 5th Jan, 2011 19:39
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK

Microsoft Warns of Publicly Disclosed Critical Windows Vulnerability

January 5th, 2011, 10:17 GMT| By Lucian Constantin

Microsoft has published a security advisory to warn users about a new zero-day vulnerability in the Windows Graphics Rendering Engine that could allow attackers to execute arbitrary code remotely.

The problem stems from an error in the way the Graphics Rendering Engine processes thumbnail images and can trigger a stack overflow.

The attack vector is similar to the one for the LNK vulnerability (CVE-2010-2568) exploited by Stuxnet, and requires the victim to open a location containing a malformed thumbnail image.

http://news.softpedia.com/news/Microsoft-Warns-of-...

--
Was this reply relevant?
+0
-0
mogs CClip 32
Member 5th Jan, 2011 21:27
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK

Principal developers of the PHP language expect to release within hours a fix to a newly reported issue that can prevent 32-bit systems running PHP from serving pages, a key developer of PHP said on Wednesday morning.

PHP is a popular language for use in Web development. The problem opens up PHP systems to a remotely exploitable DOS attack. It affects Linux and Windows and is related to a floating point issue, said Andi Gutmans, a key developer of PHP and CEO of Zend Technologies, which offers PHP development tools. Systems could get tied up in an infinite loop.

http://www.infoworld.com/d/security-central/php-fl...

--
Was this reply relevant?
+0
-0
mogs CClip 33
Member 6th Jan, 2011 08:45
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Last edited on 6th Jan, 2011 08:46


--
Was this reply relevant?
+0
-0
mogs CClip 34
Member 6th Jan, 2011 10:37
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Security Researchers Verify IE Bug
By Gregg Keizer, Computerworld Jan 6, 2011 2:34 am

French security researchers today confirmed the presence of a bug in Internet Explorer (IE) that's at the center of a spat between Microsoft and a Google security engineer.

According to Vupen, IE8 harbors a vulnerability that can be exploited to hijack a Windows system.

"A vulnerability has been identified in Microsoft Internet Explorer, which could be exploited by remote attackers to take complete control of a vulnerable system," said the French firm in an advisory published Wednesday.

Vupen said it confirmed the vulnerability and its exploitability in IE8 running on Windows XP Service Pack 3 (SP3), but believed it could also be leveraged on Windows Vista, Windows 7, Server 2003, Server 2008, and Server 2008 R2.

The security company rated the bug as "critical," its highest threat warning. In a follow-up tweet , Vupen said, "Reproducing was/is hard."

http://www.pcworld.com/article/215676/security_res...

--
Was this reply relevant?
+0
-0
mogs CClip 35
Member 6th Jan, 2011 22:10
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK

Microsoft plans to patch critical Windows bug next week
But it's not ready to fix newest IE and Windows flaws

By Gregg Keizer
January 6, 2011 02:57 PM ETComments (0)Recommended (0)
Computerworld - Microsoft today announced it would release just two security updates next week to patch three vulnerabilities in Windows.

One of the two was tagged with the "critical" label, Microsoft's highest threat ranking, while the other was marked "important." Microsoft typically assigns a critical rating to vulnerabilities that can be exploited with little or no action on the part of a user.

Both updates will patch flaws in Windows.

What Microsoft pegged as "Bulletin 1" in the advance notification it published today will affect only Windows Vista, while "Bulletin 2" will affect all still-supported versions of the OS, with the client editions -- XP, Vista and Windows 7 -- labeled critical and the server software rated important.

"The Vista one is confusing," said Andrew Storms, director of security operations at nCircle Security. "It's either something introduced in Vista but doesn't exist in Windows 7, or the component was rewritten for Windows 7."

Storms speculated that the flaw might be in a part of operating system that's little used, such as the task scheduler.

http://www.computerworld.com/s/article/9203743/Mic...

--
Was this reply relevant?
+0
-0
mogs CClip 36
Member 7th Jan, 2011 08:51
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Google Apps Customers Get Email Authentication for Free

January 6th, 2011, 17:49 GMT| By Lucian Constantin

Google is ramping up its anti-spam efforts by offering customers of its Google Apps cloud-service the possibility of signing their outgoing emails via DKIM.

DKIM, or DomainKeys Identified Mail, is an email authentication method in which an email is associated with a domain name in order to ensure its origin.

http://news.softpedia.com/news/Google-Apps-Custome...

--
Was this reply relevant?
+0
-0
mogs CClip 37
Member 7th Jan, 2011 08:54
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 38
Member 7th Jan, 2011 09:11
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Chrome Beta Update
Thursday, January 6, 2011 | 16:38
Labels: Beta updates
The Beta channel has been updated to 9.0.597.45 for Windows, Linux and Chrome Frame.

Flash Player sandboxing has been restored, and accelerated composting and WebGL have been moved behind flags temporarily: --enable-accelerated-compositing and --enable-webgl respectively.

If you find new issues, please let us know by filing a bug at http://code.google.com/p/chromium/issues/entry

Anthony Laforge
Google Chrome
3 comments | Links to this post | Email Post

--
Was this reply relevant?
+0
-0
mogs CClip 39
Member 7th Jan, 2011 09:14
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 40
Member 7th Jan, 2011 10:33
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 41
Member 7th Jan, 2011 21:18
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Microsoft Postpones Patching of Two Critical 0-Day Vulnerabilities

January 7th, 2011, 08:23 GMT| By Lucian Constantin

Microsoft announced that it doesn't plan to patch two publicly known 0-day vulnerabilities in Internet Explorer and Windows during this month's Patch Tuesday.

Next week, on January 11, the Redmond software giant is scheduled to release its monthly batch of security bulletins, however, it will leave out some of the most serious issues.

One of the two bulletins announced for next Tuesday affects only Windows Vista and is rated as Important, while the other affects all supported Windows versions and has a severity rating of critical.

http://news.softpedia.com/news/Microsoft-Postpones...

--
Was this reply relevant?
+2
-2
mogs CClip 42
Member 7th Jan, 2011 21:21
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK

Firefox 4.0 Beta 9 Drops Next Week

January 7th, 2011, 15:25 GMT| By Marius Oiaga

Mozilla is gearing up to release the ninth Beta of the next iteration of its open source browser.

According to the open source browser maker, the current plan is to have Firefox 4.0 offered to testers next week.

Following a range of delays which impacted the Firefox 4.0 project, the Beta 9 development milestone was pushed into early 2011.

The upcoming test release of the open source browser is intended as a date-driven Beta, and Mozilla hopes to have it right this time around.

http://news.softpedia.com/news/Firefox-4-0-Beta-9-...

--
Was this reply relevant?
+0
-0
mogs CClip 43
Member 8th Jan, 2011 10:18
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Malware Possibly Distributed Through OpenX.org
January 7th, 2011, 18:56 GMT| By Lucian Constantin



According to notifications from Google's Safe Browsing service, openx.org, home to a leading open source ad server package, might be used as an intermediary for malware.

The problem was observed by researchers from Web security company Sucuri, which provides a website integrity monitoring solution.

"We are tracking a few sites that are currently blacklisted and showing a warning from Google that openx.org (home of a popular open source ad server) is the site responsible for the infection," warns Sucuriresearcher David Dede.

Indeed, the Google Safe Browsing diagnostic page for openx.org claims that "over the past 90 days, openx.org appeared to function as an intermediary for the infection of 82 site(s)."

This doesn't mean that openx.org is hosting the malware itself, only that it is serving as a doorway. This could point to malicious ads being served via the OpenX network.

http://news.softpedia.com/news/Malware-Possibly-Di...

--
Was this reply relevant?
+0
-0
mogs CClip 44
Member 8th Jan, 2011 10:23
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 45
Member 8th Jan, 2011 21:53
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Switch off visual effects to speed up Windows
Fine-tuning the way Windows uses visual effects can improve performance in XP, Vista and 7
Computeractive staff Step by step Windows 06/01/2011



Read more: http://www.computeractive.co.uk/ca/step-by-step/19...


--
Was this reply relevant?
+0
-0
mogs CClip 46
Member 9th Jan, 2011 10:46
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 47
Member 9th Jan, 2011 10:49
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Q Following Computeractive's advice on defragmenting a hard disk, I tried to do this. However, I was thwarted by a lack of space. The hard disk capacity is reported as 28.63GB with 3.76GB storage space left.
According to Disk Defragmenter, 15 per cent of my hard disk must be available for the defragmentation to proceed. However, my disk has just 13 per cent of its space free.
I have a fear of deleting applications and files, not least because everything looks like it is required. What can I do?


Read more: http://www.computeractive.co.uk/ca/pc-help/1931344...


--
Was this reply relevant?
+0
-0
mogs CClip 48
Member 9th Jan, 2011 11:05
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 49
Member 9th Jan, 2011 20:55
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Improve dual booting in Windows 7 and Vista with EasyBCD
Adjust Windows Vista's boot process
Tim Smith Download review Utilities 05/01/2011


Running more than one operating system on a computer can give you the best of both worlds, but Windows does not always want to co-operate. EasyBCD is a clever utility that makes it easy to set up the boot menu just how you want it, and can even be used to book from CD images and make bootable USB memory keys.
Installation is simple and the interface is well designed. It is easy to change the default operating system and how long the menu shows before it selects the default option.
The iReboot utility sits in the Notification Area and lets you select which operating system to use when the computer is restarted. We know from experience that it is easy to miss the boot menu and have to start the process all over again.
One use for this software is for installing Windows XP on a computer with Windows Vista. EasyBCD can be used to add Windows XP to the Vista boot menu.
It supports other operating systems and so can be used to dual-boot Vista with Linux as well.


Read more: http://www.computeractive.co.uk/ca/download-review...


--
Was this reply relevant?
+0
-0
mogs CClip 50
Member 10th Jan, 2011 19:23
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK

Serious DOM Vulnerabilities Found in Many Well-Funded WebSites
January 10th, 2011, 10:14 GMT| By Lucian Constantin

A study performed by security researchers from IBM revealed that around one in seven websites belonging to the world's wealthiest companies is plagued by DOM-based cross-site scripting vulnerabilities or open redirects.

The research was performed on a set of 675 websites, those of all Fortune 500 companies plus an additional 175 handpicked ones, belonging to security vendors, reputable IT firms or social networks.

Researchers used a crawler to retrieve 200 random pages from each website with complete HTML, JavaScript and CSS code and then scanned them in a controlled environment with an internally-developed tool called JavaScript Security Analyzer (JSA).
More at :-
http://news.softpedia.com/news/Serious-DOM-Vulnera...

--
Was this reply relevant?
+0
-0
mogs CClip 51
Member 10th Jan, 2011 19:36
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Security experts warn of PayPal phishing scam
Email alerts designed to steal personal details
David Neal
V3.co.uk, 10 Jan 2011
Security experts at Sophos have warned PayPal users to look out for fraudulent emails about 'account limitations' that attempt to harvest log-in details.

Graham Cluley, senior technology consultant at the vandor, said in a blog post that the bogus emails claim that accounts have been temporarily limited, and ask for user log-in details to remedy the 'problem'.

"Plenty of people have been targeted by an attack which uses the subject line 'Your account has



Read more: http://www.v3.co.uk/v3/news/2274158/paypal-securit...



--
Was this reply relevant?
+0
-0
mogs CClip 52
Member 11th Jan, 2011 08:59
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK

More Google Blogs
Visit our directory for more information about Google blogs.

Chrome Beta Channel Update
Monday, January 10, 2011 | 16:13
Labels: Beta updates
The Beta channel has been updated to 9.0.597.47 for Windows.

Flash Player sandboxing has been restored for all platforms but XP as has accelerated composting and WebGL.

If you find new issues, please let us know by filing a bug at http://code.google.com/p/chromium/issues/entry

Anthony Laforge
Google Chrome
http://googlechromereleases.blogspot.com/

--
Was this reply relevant?
+0
-0
mogs CClip 53
Member 11th Jan, 2011 09:35
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Top 10 Tech Scares of the Decade
The past ten years saw some terrifying technology--and we haven't even faced the Death Star yet.
By Sarah Jacobsson Purewal, PCWorld Jan 11, 2011 2:00 am

The dawn of the new millennium prompted fears about the future, but so far reality has not quite matched the predictions of catastrophe. The first ten years passed uneventfully--well, aside from Y2K and a bunch of intelligent computer viruses. Here's a look back at the past decade, and ten of the most terrifying tech scares.

More at :-
http://www.pcworld.com/article/214403/top_10_tech_...

--
Was this reply relevant?
+0
-0
mogs CClip 54
Member 11th Jan, 2011 09:50
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Last edited on 11th Jan, 2011 09:51
Download Google Chrome 9.0.597.45 Beta

January 10th, 2011, 15:00 GMT| By Marius Oiaga

Google has made available for download and testing the third update to the Chrome Beta Channel in 2011.

Users running Windows and Linux can now grab Google Chrome Beta Build 9.0.597.45, with Anthony Laforge, Google Chrome PM noting that Chrome Frame Beta was also refreshed.

Build 9.0.597.45 supersedes the Chrome Beta release made available for download the past week.

When it updated the Beta channel to 9.0.597.44 for Windows on January 5th, the Mountain View-based search giant also disabled sandboxing for Flash.

As early adopters testing Chrome 9.0 already know, the browser includes the Adobe Flash Player by default in an effort to make it simpler for users to enjoy Flash content on the web, without being required to download, install and update the plug-in separately from the browser.
More at :-
http://news.softpedia.com/news/Download-Google-Chr...


--
Was this reply relevant?
+0
-0
mogs CClip 55
Member 11th Jan, 2011 13:26
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 56
Member 11th Jan, 2011 18:26
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
US dominates spam sending tables

Oh say can you phish...
By David Neal
Tue Jan 11 2011, 14:50
THE UNITED STATES leads insecurity firm Sophos' Dirty Dozen list of spam sending countries.
According to the company, the US has extended its lead over the, um, competition, and is responsible for almost one in five of all junk mails sent.
In fact just under 19 per cent of all spam messages come from across the Atlantic, because, Sophos added, of the sheer number of hacked and compromised computers in the country.
The UK has decreased the amount of junk mail that it sends out, albeit slightly. According to the list it cut the amount of junk mail leaving its shores by around half a per cent, from 5 per cent to 4.5 per cent, which if nothing else is worthy of some typically British light applause.
While the US is sending out spam, it also appears to be suckered by it too, as Sophos added that around 36 million of its residents had admitted to buying pharmaceuticals from unlicensed online stores.


Read more: http://www.theinquirer.net/inquirer/news/1936245/d...


--
Was this reply relevant?
+0
-0
mogs CClip 57
Member 11th Jan, 2011 21:34
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK

Fake Coca-Cola Survey Emails Lead to Phishing Page
January 11th, 2011, 15:42 GMT| By Lucian Constantin

Security researchers from email security vendor AppRiver warn of a new phishing campaign which produces emails offering a reward taking part in a Coca-Cola opinion poll.

The fake emails began hitting people's inboxes yesterday and bear a subject of "Happy New Year." Their header has been spoofed to appear as if they come from a customers@cocacola.us email address.

The message contained within is a bit confusing, as it portrays the well known company as a polling organization interested in peoples opinion about current events.

"You have been selected to participate in a public opinion poll conducted by Coca Cola, a non-partisan polling organization.
More at :-
http://news.softpedia.com/news/Fake-Coca-Cola-Surv...

--
Was this reply relevant?
+0
-0
mogs CClip 58
Member 11th Jan, 2011 21:39
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 59
Member 12th Jan, 2011 18:27
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK

Microsoft Issues Workaround for Actively Exploited 0-Day IE Vulnerability
January 12th, 2011, 12:34 GMT| By Lucian Constantin

Microsoft is investigating reports of a zero-day Internet Explorer vulnerability being exploited in the wild and has released a workaround for customers to protect themselves until a permanent patch is ready.

The vulnerability, identified as CVE-2010-3971, was originally reported on the Full Disclosure mailing list on December 8 as a denial of service condition.

However, vulnerability researchers who later analyzed it, discovered that it can also be exploited to execute arbitrary code.

The flaw stems from a use-after-free memory error within the "mshtml.dll" library and affects all versions of Internet Explorer running on all supported Windows variants.

A group called Abysssec Security Research developed a working exploit capable of bypassing the DEP and ASLR protection mechanisms and added it to the Metasploit open source penetration testing framework.

Under these conditions it was only a matter of time until malware authors began targeting the vulnerability and postponing a patch increases the chances of more attacks being launched.

Microsoft did, however, release a workaround yesterday, in the form of a "Fix It" tool that companies can deploy throughout their networks.

Read more at :-
http://news.softpedia.com/news/Microsoft-Publishes...

--
Was this reply relevant?
+0
-0
mogs CCClip 60
Member 12th Jan, 2011 18:30
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Chrome Dev Channel Update
Tuesday, January 11, 2011 | 12:38
The Dev channel has been updated to 10.0.634.0 for Linux, Mac, Windows and Chrome Frame

This release fixes several crashes and small issues:

All
Updated V8 - 3.0.6.1
Chrome no longer says "restart required" when there's no update (Issue 67478)
Known Issues
Clear browsing data settings in DOMUI options does not work (Issue 69163)

More details about additional changes are available in the log of all revisions.

You can find out about getting on the Dev channel here: http://dev.chromium.org/getting-involved/dev-chann...

If you find new issues, please let us know by filing a bug at http://code.google.com/p/chromium/issues/entry

Karen Grunberg
Google Chrome
http://googlechromereleases.blogspot.com/

--
Was this reply relevant?
+0
-0
mogs CClip 61
Member 12th Jan, 2011 18:35
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 62
Member 12th Jan, 2011 18:38
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 63
Member 13th Jan, 2011 09:45
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 64
Member 13th Jan, 2011 09:50
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK

Microsoft to offer beginner dev tool dubbed WebMatrix
By Paul Krill
January 12, 2011 07:10 PM ETComments (0)Recommended (1)
InfoWorld - Making multiple moves in the Web development space, Microsoft is introducing this week both a website building tool for neophytes and the third major version of its MVC (Model View Controller) technology.

Due Thursday, WebMatrix is "a new tool to make it easier for people to build Web sites," said Microsoft's Brian Goldfarb, director of Web platform and tools. Geared for students and new developers, WebMatrix is a text-based tool for writing code. The free tool supports ASP.Net and PHP development. Users could write applications like a Facebook Like button or a Twitter search capability, or start an application from scratch.

Read more at :-
http://www.computerworld.com/s/article/9204845/Mic...

--
Was this reply relevant?
+0
-0
mogs CClip 65
Member 13th Jan, 2011 09:54
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 66
Member 13th Jan, 2011 14:00
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 67
Member 14th Jan, 2011 11:11
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 68
Member 14th Jan, 2011 17:37
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Complete internet protection at no cost with Comodo Internet Security
Anti-virus protection with a firewall to prevent unauthorised access to your PC
Tim Smith Download review Antivirus 12/01/2011


Comodo Internet Security has a good selection of tools to keep your computer safe online. There are anti-virus and anti-spyware scanners and a firewall that regulates access to your computer. The Auto Sandbox technology lets you install software without giving it access to important settings or your files.
Installation is easy. There is the opportunity to register your email address for updates, but it is not manditory. There is also a 60-day trial of Geek Buddy, a remote access program for technical support. A restart is requierd after the installation has finished but that's not unusual for security software.
Comodo also offers a replacement DNS service. Using a different DNS server can speed up your browsing and offers protection from phishing and malicious web sites. Again this is optional.
When a connection to a network is detected Comodo will ask you to name it and then choose whether other computers on the network should be able to see it.
The interface is clean and easy to use with a summary page showing important information and a clear icon that alerts if anything needs attention.
This is the 32-bit version of Comodo Internet Security. The 64-bit version can be found on the Internet Security Download page here.


Read more: http://www.computeractive.co.uk/ca/download-review...


--
Was this reply relevant?
+0
-0
mogs CClip 69
Member 14th Jan, 2011 19:35
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK

Oracle plans to release 66 patches on Tuesday
By Chris Kanaracus
January 14, 2011 12:16 PM ET
IDG News Service - Oracle is planning on Tuesday to release 66 security patches affecting hundreds of products, according to a notice on its Web site.

A number of the patches are for vulnerabilities that meet the most serious risk level under the Common Vulnerability Scoring System, Oracle said. Products affected include Oracle Audit Vault, JRockit, Solaris and WebLogic Server.

Six of the patches fix vulnerabilities in Oracle's flagship database. Two of the bugs can be exploited remotely without a user name or password.

Sixteen patches target Oracle middleware products. Twelve of those vulnerabilities allow for remote exploitation without authentication, Oracle said.

Other fixes are aimed at Oracle's Enterprise Manager, PeopleSoft, JD Edwards, Glassfish and OpenOffice.

Oracle is also set to release patches for Java SE and Java for Business in February.

http://www.computerworld.com/s/article/9205121/Ora...

--
Was this reply relevant?
+0
-0
mogs CClip 70
Member 14th Jan, 2011 21:48
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 71
Member 15th Jan, 2011 08:04
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 72
Member 15th Jan, 2011 11:30
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK

Fake Anti-Virus Keygen Steals Software Keys

January 14th, 2011, 18:38 GMT| By Lucian Constantin

Security researchers from Kaspersky Lab have come across a keygen for the company's products which has two information stealing trojans bundled with it.

The keygen was recently spotted on file sharing websites and promises to generate serial keys for Kaspersky Anti-Virus 2010, Kaspersky Internet Security 2010 and Kaspersky Simple Scan 2010.

Kaspersky Lab's Vyacheslav Zakorzhevsky warns that its interface is just a facade for a trojan dropper.

"While the freebie lover is waiting for the result, two pieces of malware that were stealthily installed and launched by the dropper make themselves at home on the PC," he notes.

More at :-
http://news.softpedia.com/news/Fake-Anti-Virus-Key...

--
Was this reply relevant?
+0
-0
mogs CClip 73
Member 15th Jan, 2011 19:49
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 74
Member 15th Jan, 2011 19:54
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
2011 01:25 PM ET
Computerworld - Nearly a month after it yanked an Outlook 2007 update over connection and performance problems, Microsoft this week re-released the patch to correct its mistakes.

Microsoft re-issued the Outlook 2007 update on Tuesday, saying it had addressed the problems with connecting to mail servers, sluggish folders and automatic archiving that surfaced almost immediately after the original fix was offered to users Dec. 14.

The company pulled the update from its patch service two days later and apologized for the gaffe.

In a post to the Office team's blog, Microsoft urged users to retrieve the reworked update via Windows Update, or by manually downloading the new version from its site.

More at :-
http://www.computerworld.com/s/article/9205139/Mic...

--
Was this reply relevant?
+0
-0
mogs CClip 75
Member 15th Jan, 2011 20:02
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Microsoft releases Windows 7 SP1 to OEMs

Updated Finally nears public release
By Lawrence Latif

PERENNIAL SOFTWARE PATCHER Microsoft has finally released Service Pack 1 (SP1) for Windows 7 and Windows Server 2008 R2 to original equipment manufacturers (OEMs).
Microsoft made the announcement on its Russian Technet website by virtue of an "About Windows" screen-grab showing Windows Server 2008 R2 running build 7601. It proceeded to confirm that the final SP1 build for Windows 7 will be 7601.17514.win7sp1_rtm.101119-1850 and that OEMs were in possession of the Vole's latest consolidated security and glitch update.
Although Microsoft's Technet posting claims SP1 will be released to end users today, the Vole usually releases major patches such as this on a Tuesday, leading Redmond watchers to think that the public download is a few days off at the earliest.


Read more: http://www.theinquirer.net/inquirer/news/1937288/m...


--
Was this reply relevant?
+0
-0
mogs CClip 76
Member 16th Jan, 2011 09:33
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK

Wikipedia is too complicated for many people to modify despite billing itself as "the free encyclopedia that anyone can edit", its founder has said.

Jimmy Wales told BBC News the site wants a new generation of contributors, including more women.

The online encyclopedia, which is 10 years old on 15 January, is the world's fifth most popular site.

It aims to increase its users from 400m to 1bn by 2015. But growth requires a new interface, said Mr Wales.

"We have to support our old power users because they build the site," he said. "But we also need to have a ramp for new users."

He said a lot of people were "afraid" to contribute to the site by the sometimes complicated code - known as Wiki mark-up - needed to format entries.

"If you click edit and you see some Wiki syntax and some bizarre table structure - a lot of people are literally afraid.

http://www.bbc.co.uk/news/technology-12171977

--
Was this reply relevant?
+0
-0
mogs CClip 77
Member 16th Jan, 2011 10:04
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Generators

These tools were created as it can be hard to create a meaningless shared secret or a passwords on the spot.
Password generator - Random number generator
See at :-
http://www.techzoom.net/tools/password-generator.e...


--
Was this reply relevant?
+0
-0
mogs CClip 78
Member 16th Jan, 2011 13:15
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Hate mobs thrive in Asia's booming social media
by Rachel O'Brien

A man looking at a Thai Internet page displaying a photo of a teenage girl leaning on a road barrier and using her phone moments after she was involved in a car crash that killed nine people. The girl deserves "no happiness forever" according to one of the 300,000 people who "like" a Facebook page set up to condemn her.
A teenager involved in a car crash that killed nine people in Thailand deserves "no happiness forever", according to just one of more than 300,000 Facebook users who support a page set up to condemn her.
Read more at :-
http://www.physorg.com/news/2011-01-mobs-asia-boom...

--
Was this reply relevant?
+0
-0
mogs CClip 79
Member 16th Jan, 2011 20:32
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Google, Facebook and Yahoo to test new net addresses

A global trial of the net's new addressing system is being planned for 8 June.

The test is being held to raise awareness about the imminent change from version 4 of the addressing scheme to version 6.

Net giants Google, Facebook, Akamai and Yahoo have committed to taking part in the "test flight" of IPv6.

Net firms are being encouraged to switch to IPv6 as addresses in the old scheme will run out by November 2011.

http://www.bbc.co.uk/news/technology-12183098

--
Was this reply relevant?
+0
-0
mogs CClip 80
Member 17th Jan, 2011 08:38
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
New Trojan Abuses Popular Remote Control Software

January 17th, 2011, 06:00 GMT| By Lucian Constantin

Security researchers have identified a new trojan which incorporates the popular TeamViewer remote control software to allow fraudsters to perform unauthorized online banking transactions from infected computers.

The piece of malware was discovered by experts from Group-IB while performing a forensic investigation on the systems of a defrauded Russian company.

It was subsequently analyzed by security researchers from antivirus vendor ESET who call it Win32/Sheldor.NAD. Around half of antivirus engines on Virus Total currently detect the threat.

The malware drops a backdoor component in the the Windows directory along with a TeamViewer 5 server that it runs in console mone.

TeamViewer (TV) is a free program commonly used for remote assistance and remote control of computers over the Internet.

More at :-
http://news.softpedia.com/news/New-Trojan-Abuses-P...

--
Was this reply relevant?
+0
-0
mogs CClip 81
Member 17th Jan, 2011 08:56
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 82
Member 17th Jan, 2011 22:57
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 83
Member 18th Jan, 2011 09:28
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK

ICQ Vulnerable to Update Poisoning Attacks

January 17th, 2011, 18:25 GMT| By Lucian Constantin

An important security issue has been identified in the popular ICQ instant messaging application, potentially allowing attackers to trick installations to download and execute fake updates.

The problem arises from the fact that ICQ updates are not downloaded from the developer's servers via a secure SSL connection and have no form of authentication except for a metadata file.

The vulnerability was discovered by a security researcher named Daniel Seither and affects all versions of ICQ 7 for Windows, up to version 7.2, build 3525.

More at :-
http://news.softpedia.com/news/ICQ-Vulnerable-to-U...

--
Was this reply relevant?
+0
-0
mogs CClip 84
Member 18th Jan, 2011 09:31
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Mandatory Windows Live Messenger and Essentials Refresh for Windows XP

January 18th, 2011, 07:41 GMT| By Marius Oiaga

Microsoft is gearing up to serve a mandatory update to users running Windows Live Messenger as well as additional Windows Live Essentials components, but the company is not talking about the latest iteration of the instant messaging client or the Essentials suite.

Instead, the software giant will refresh only what it calls the pre-2011 releases of Windows Live Essentials, including Messenger.

This update is focused on customers still running Windows XP instead of one of the two platform versions that succeeded it, Windows Vista or Windows 7.

More at :-
http://news.softpedia.com/news/Mandatory-Windows-L...

--
Was this reply relevant?
+0
-0
mogs CClip 85
Member 18th Jan, 2011 10:05
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Risks of cyber war 'over-hyped' says OECD study

The vast majority of hi-tech attacks described as acts of cyber war do not deserve the name, says a report.

The Organisation for Economic Cooperation and Development study is part of a series considering incidents that could cause global disruption.

While pandemics and financial instability could cause problems, cyber attacks are unlikely to, it says.

Instead, trouble caused by cyber attacks is likely to be localised and short-lived.

However, it warns that governments need to plan for how it could mitigate the effects of both accidental and deliberate events.

Read more at :-
http://www.bbc.co.uk/news/technology-12205169


--
Was this reply relevant?
+0
-0
mogs CClip 86
Member 18th Jan, 2011 18:36
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK

Trapster User Credentials Possibly Compromised

January 18th, 2011, 13:57 GMT| By Lucian Constantin

Trapster, an online service which uses crowdsourcing to warn drivers about police speed traps, enforcement cameras and other road hazards, has notified its users that their email addresses and passwords might have been compromised.

Trapster allows its users to report and confirm speed traps from a variety of mobile devices including smartphones, GPS devices and iPods.

People who don't have a supported device can still opt to keep themselves informed via SMS notifications.

More at :-
http://news.softpedia.com/news/Trapster-User-Crede...

--
Was this reply relevant?
+0
-0
mogs CClip 87
Member 18th Jan, 2011 18:40
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Security
Oracle Prepares Monster Patch Update for Tomorrow

January 18th, 2011, 09:58 GMT| By Lucian Constantin

Oracle's Critical Patch Update scheduled to land tomorrow will address a total number of 66 security vulnerability affecting numerous versions of its products.

Several vulnerabilities carry the maximum Common Vulnerability Scoring System (CVSS) 2.0 base score of 10.0. They affect Audit Vault, JRockit, Solaris and the WebLogic Server.

Six vulnerabilities that will be patched affect components of the Oracle Database Server. Two of them are remotely exploitable and the most critical one has a CVSS score of 7.5.

The Oracle Secure Backup product is affected by one remotely exploitable vulnerability that will be fixed. It has a 6.4 CVSS base score and is located in mod_ssl.

Oracle Audit Vault is also affected by a single vulnerability that can be attacked remotely without authentication and, as previously mentioned, carries a score of 10.0.

Sixteen flaws will be addressed in applications that are part of the Oracle Fusion Middleware software pack. Twelve of them are remotely exploitable.

Oracle Enterprise Manager Grid Control will also get fixes for two vulnerabilities exhibiting remote attack vectors, the most severe of which carries a 7.5 score.

Two remotely exploitable vulnerabilities will be patched in the Oracle Applications, but their highest CVSS base score is only 4.3.

Three flaws will be addressed in programs from the Oracle Supply Chain Products Suite. None of them can be exploited from a remote location and their maximum score is 3.5.

The Oracle PeopleSoft and JDEdwards Suite contain 10 vulnerabilities that will receive patches. Two are remotely exploitable and carry a score of 5.5.

The Oracle Industry Applications will get security fixes for two flaws, only one of which allows for remote attacks and is rated with a score of 7.5.

Two remotely exploitable vulnerabilities, with a high score of 9.3, will be addressed in the popular Oracle Open Office Suite, which includes Open Office, StarOffice and StarSuite.

However, the largest number of patches, 21, will be delivered for vulnerabilities in the Oracle Sun Products Suite, which includes the Solaris operating system and the VirtualBox virtualization software. Nine of them are remotely exploitable and the maximum CVSS base score is 10.0.

"Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply Critical Patch Update fixes as soon as possible," the company says.

http://news.softpedia.com/news/Oracle-Prepares-Mon...

--
Was this reply relevant?
+0
-0
mogs CClip 88
Member 18th Jan, 2011 18:51
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK

MPack, NeoSploit, and Zeus top list of most notorious Web attack toolkits
Two-thirds of the recent tremendous growth of malware can be traced back to botnets and exploit code built using these popular attack toolkits
By Ellen Messmer

About two-thirds of malicious Web activity can be traced back to botnets and exploit code built using popular attack toolkits sold in the underground economy, according to a new Symantec report.

The top three attack toolkits in terms of malicious Web activity are MPack (48 percent), NeoSploit (31 percent) and ZeuS (19 percent), the notorious software used in botnet form to steal financial data and execute fraudulent transactions, according to the report, which covers June 2009 through July 2010.

More at :-
http://www.infoworld.com/d/security-central/mpack-...

--
Was this reply relevant?
+0
-0
mogs CClip 89
Member 19th Jan, 2011 06:54
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Chrome Beta Channel Update
Tuesday, January 18, 2011 | 14:33
Labels: Beta updates
The Beta channel has been updated to 9.0.597.67 for Windows, Mac, Linux, and Chrome Frame.

Due to stability issues Flash Player sandboxing has been put behind a flag for 9.0. Accelerated composting and WebGL will remain on. The remaining set of changes for this release constituted bug and stability fixes.

If you find new issues, please let us know by filing a bug at http://code.google.com/p/chromium/issues/entry

Anthony Laforge
Google Chrome

http://googlechromereleases.blogspot.com/

--
Was this reply relevant?
+0
-0
mogs CClip 90
Member 19th Jan, 2011 07:50
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK

Attack Toolkits Rule the Web Threat Landscape

January 18th, 2011, 18:58 GMT| By Lucian Constantin

According to a recently released report from Symantec, attack toolkits are directly responsible for over sixty percent of malicious activity on the Web and their popularity is ever increasing.

The report [pdf] attributes the increased prevalence of attack kits, also known as exploit packs or drive-by download toolkits, to their ease of use and effectiveness.

Researchers warn that recent advancements brought to these threats, like the ability to quickly update them with new exploits or the switch to a subscription-based model, have contributed to their success.

By removing the need of the programming skills required to put together a successful Web exploit attack, the toolkits allow for more cybercriminals to engage in such activities.

More at :-
http://news.softpedia.com/news/Attack-Toolkits-Rul...

--
Was this reply relevant?
+0
-0
mogs CClip 91
Member 19th Jan, 2011 09:16
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Secunia: Third-party apps remains security weak point
The lack of a common update mechanism complicates security for businesses and consumers
By Jeremy Kirk | IDG News Service

Microsoft is still burdened with a bad reputation among users for security, although figures show its products are more secure than most on a person's computer, according to new data from the Danish security vendor Secunia.

The number of vulnerabilities in software commonly found on PCs shot up by an astounding 71 percent between 2009 and 2010, mostly due to problems in third-party applications rather than in the Windows OS or Microsoft apps, said Stefan Frei, research analyst director for Secunia. The company released its annual vulnerability report on Tuesday.

[ The Web browser is your portal to the world -- as well as the conduit that lets in many security threats. InfoWorld's expert contributors show you how to secure your Web browsers in this "Web Browser Security Deep Dive" PDF guide.

Read more at :-
http://www.infoworld.com/d/security-central/secuni...

--
Was this reply relevant?
+0
-0
mogs CClip 92
Member 19th Jan, 2011 22:40
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Researcher releases attack code for just-patched Windows bug
Microsoft fixed flaw nine months after it was revealed at last year's Pwn2Own hacking contest

By Gregg Keizer
January 19, 2011 12:47 PM
Computerworld - Attack code for a Windows vulnerability that Microsoft patched last week was released by a researcher one day after the company fixed the flaw.

The bug, which Microsoft rated "critical" -- its highest threat ranking -- was first reported more than nine months earlier when its discoverer used it in a one-two punch against Internet Explorer 8 (IE8) that won him $10,000 in a hacking challenge.

More at :-
http://www.computerworld.com/s/article/9205522/Res...

--
Was this reply relevant?
+0
-0
mogs CClip 93
Member 19th Jan, 2011 22:44
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Yahoo accepts Google and Facebook account logins

Move signals a changing of the guard
By Lawrence Latif
Wed Jan 19 2011, 12:24
WEB PORTAL Yahoo will allow users to login to its services using Google and Facebook accounts.
Yahoo, which last year palmed off its search operation to Microsoft's Bing, announced that it will start accepting Google and Facebook account logins via the OpenID authentication protocol. The move is the latest in the firm's acceptance that its influence over web users is waning.


Read more: http://www.theinquirer.net/inquirer/news/1938182/y...


--
Was this reply relevant?
+0
-0
mogs CClip 94
Member 20th Jan, 2011 09:07
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 95
Member 20th Jan, 2011 19:08
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 96
Member 20th Jan, 2011 22:48
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 97
Member 21st Jan, 2011 09:55
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 98
Member 22nd Jan, 2011 02:44
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Fake McDonald's Survey Hides Phishing Attack
By Lucian Constantin

Security researchers from security vendor AppRiver warn about phishing emails purporting to be part of an opinion poll from McDonald's.

The rogue emails bear a subject of "Survey" and have spoofed headers to appear as if they originate from a consult@McDonalds.com address.

The message contained within suggests the user was selected to take part in a poll rewarded with $250. It reads:

"You have been selected to participate in a public opinion poll conducted by McDonald's, a non-partisan polling organization.

More at :-
http://news.softpedia.com/news/Fake-McDonald-s-Sur...

--
Was this reply relevant?
+0
-0
mogs CClip 99
Member 22nd Jan, 2011 02:49
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 100
Member 22nd Jan, 2011 02:53
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Google on Friday said it has made it harder for spam-packed websites to rank high in results at the world's top Internet search engine.
While the amount of "webspam" in query results is less than half of what it was five years ago, the California-based Internet firm has seen a "slight uptick" in recent months, according to Google principal engineer Matt Cutts.
"Webspam is junk you see in search results when websites try to cheat their way into higher positions in search results or otherwise violate search engine quality guidelines," Cutts explained in a blog post.
"We recently launched a redesigned document-level classifier that makes it harder for spammy on-page content to rank highly."
The new classifier better detects words or phrases typical of "junky, automated, self-promoting" comments repeated on pages at spam websites, according to the engineer.
Google also "radically improved" its ability to detect when legitimate websites have been tainted by hackers in the kinds of attacks that were a major source of spam last year, according to Cutts.

http://www.physorg.com/news/2011-01-google-spam-la...

--
Was this reply relevant?
+0
-0
mogs CClip 101
Member 22nd Jan, 2011 08:53
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK

Up-and-Coming Banking Trojan Gets Revamped

January 21st, 2011, 17:42 GMT| By Lucian Constantin

Security researchers warn that Carberp, a relatively new banking trojan with features similar to the notorious ZeuS, has received an update which encrypts the traffic with the command and control servers.

Carberp appeared around May last year, but originally it was mostly used as a trojan downloader to install other malware on computers.

It has since evolved into trojan capable of stealing financial data and online banking credentials by injecting rogue HTML code into Web pages when victims visit the websites of financial institutions.

It does this by hooking the Internet Explorer and Firefox processes so it can constantly monitor Web traffic.

More at :-
http://news.softpedia.com/news/Up-and-Coming-Banki...

--
Was this reply relevant?
+0
-0
mogs CClip 102
Member 22nd Jan, 2011 11:15
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
ZeuS Starts Targeting Online Payment Service Providers By Lucian Constantin

Security researchers have found evidence that fraudsters using the ZeuS banking trojan are increasingly targeting services that facilitate online payments in real or virtual currencies.

Malware analysts from Trusteer, a provider of secure browsing solutions, have detected moneybookers.com in the configuration of 26 different ZeuS samples.

Moneybookers is an UK-based online payment services provider similar to PayPal, which is relatively popular on the European market.

Trusteer's chief technology officer, Amit Klein, says the number of ZeuS configurations specifying Moneybookers as a target is not too different than of those mentioning popular banks.

"This usually indicates that fraudsters have a solid business around this target," the security researcher notes.

More at :-
http://news.softpedia.com/news/ZeuS-Starts-Targeti...

--
Was this reply relevant?
+0
-0
mogs CClip 103
Member 22nd Jan, 2011 16:31
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 104
Member 23rd Jan, 2011 07:53
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Are Widgets Wicked?

By Sean Michael Kerner

Widgets are widely uses across the Web as a means to deliver both content and advertising. They could also be used by attackers to deliver malware.

That's the message that Neil Daswani CTO and co-founder security firm Dasient delivered at the Black Hat DC security conference this week. Daswani warns that website owners need to be aware of the risks that widgets can potentially represent.

"Ad widgets when compromised, can be used to spread mass malware infections across the most highly trafficked websites on the Internet," Daswani told InternetNews.com.

Daswani is no stranger to the topic of widget-based malware. At the Black Hat USA conference in the summer of 2010, Daswani warned of the risks stemming from the usage of third-party JavaScript. His company Dasient, also is in the business of protecting against such risks with its Web Anti-Malware service.
According to Daswani, widget based malware has been evolving in recent months.

More at :-
http://www.esecurityplanet.com/features/article.ph...

--
Was this reply relevant?
+0
-0
mogs CClip 105
Member 23rd Jan, 2011 07:58
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 106
Member 23rd Jan, 2011 08:11
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 107
Member 23rd Jan, 2011 11:39
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 108
Member 23rd Jan, 2011 21:51
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 109
Member 24th Jan, 2011 07:45
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK

Mobile phone to blast into orbit
By Jonathan Amos
Science correspondent, BBC News

British engineers are planning to put a mobile phone in space.



The team at Surrey Satellite Technology Limited (SSTL) in Guildford want to see if the sophisticated capabilities in today's phones will function in the most challenging environment known.

More at :-
http://www.bbc.co.uk/news/science-environment-1225...

--
Was this reply relevant?
+0
-0
mogs CClip 110
Member 24th Jan, 2011 21:26
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 111
Member 24th Jan, 2011 21:29
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Opera Hit by Critical 0-Day Vulnerability
January 24th, 2011, 15:48 GMT| By Lucian Constantin

The latest version of the Opera browser is affected by a publicly disclosed vulnerability that allows potential attackers to execute arbitrary code remotely.

The flaw was discovered by French security researcher Jordi Chancel who disclosed it on his blog on January 7 and described it as an integer truncation error.

Mr. Chacel noted at the time that even though the crashes are easy to replicate, the address of the memory violation is unpredictable, making exploitation a lot more complicated.

However, on Friday, French vulnerability research vendor VUPEN Security announced that its researchers managed to develop a reliable arbitrary code execution exploit for the vulnerability.

"This issue is caused by an integer truncation error within the Opera Internet Browser module 'opera.dll' when handling a HTML 'select' element containing an overly large number of children," VUPEN writes in its advisory.

The flaw has been confirmed in Opera 11.0 and 10.63 on both Windows 7 and XP, and can be exploited remotely by tricking users to visit a specially crafted Web page.

More at :-
http://news.softpedia.com/news/Opera-Hit-by-Critic...

--
Was this reply relevant?
+1
-1
mogs CClip 112
Member 24th Jan, 2011 21:33
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 113
Member 24th Jan, 2011 21:37
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK

IDG News Service - Mozilla, the developer of the Firefox browser, is working a feature that will allow users to opt-out of online behavioral advertising.

The goal is to give users "a deeper understanding of and control over personal information online," Mozilla's head of privacy said in a blog posted on Sunday.

The feature will allow users to configure their Firefox browser to tell websites and advertisers that they would like to opt-out of any advertising based on their behavior, Alex Fowler [cq] wrote in his blog post. The user's preference is communicated to websites and third party ad servers using a new "Do Not Track HTTP header", which is sent with every click or page view in Firefox.

The feature wouldn't block advertising altogether, only personalized ads.
More at :-
http://www.computerworld.com/s/article/9205961/Moz...

--
Was this reply relevant?
+0
-0
mogs CClip 114
Member 24th Jan, 2011 21:41
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Google jumps into 'Do Not Track' debate with Chrome add-on
Expert applauds Mozilla, Google for following Microsoft in adding browser privacy tools

By Gregg Keizer
January 24, 2011 02:05 PM
Computerworld - A day after Mozilla said it was exploring a "Do Not Track" feature for Firefox, Google today announced a Chrome add-on that lets users opt out of tracking cookies that monitor their movement and behavior online.

More at :-
http://www.computerworld.com/s/article/9206061/Goo...

--
Was this reply relevant?
+0
-0
mogs CClip 115
Member 25th Jan, 2011 09:05
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK

Upcoming Version of avast! Free Antivirus Will Feature Auto Sandboxing

January 24th, 2011, 18:11 GMT| By Lucian Constantin

The next version of avast! Antivirus will feature sandboxing virtualization technology that will allow users to open suspicious programs securely and will be the first implementation of this kind in a free anti-malware solution.

With its free product having a user base of over 130 million, Czech-based AVAST Software is one of the biggest providers of antivirus solutions on the market.

Avast! Free Antivirus already scores among the most top anti-malware applications in independent comparative tests when it comes to detection, low false positive rate and scanning performance.

It is one of the most complete free antivirus solutions, having implemented many technologies for free for the first time. One example of this is behavioral detection.

The company plans to follow in that trend and bring even more innovations to the freemium model with the new AutoSandbox virtualization technology.

Read more at :-
http://news.softpedia.com/news/Upcoming-Version-of...

--
Was this reply relevant?
+0
-0
mogs CClip 116
Member 25th Jan, 2011 09:11
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
New Buzus Distribution Campaign Generates Wave of Fake Emails

January 24th, 2011, 17:59 GMT| By Lucian Constantin

Security researchers from antivirus vendor Sophos warn of a new wave of emails distributing a new variant of the Buzus malware, which masquerade as official communications from major websites.

Some of the rogue emails pose as a job application response from Google and purport to come from a resume-thanks@google.com address.

The message contained within reads: "We just received your resume and would like to thank you for your interest in working at Google. This email confirms that your application has been submitted for an open position."

It goes on to instruct recipients to open the attached file which is allegedly a review of the submitted application.

The file, called CV-20100120-112.zip, contains an installer for the Buzus worm which spreads by sending the emails through an external SMTP server and copying itself to removable USB devices.

More at :-
http://news.softpedia.com/news/New-Buzus-Worm-Dist...

--
Was this reply relevant?
+0
-0
mogs CClip 117
Member 25th Jan, 2011 10:01
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK

Pure takes Kaspersky's security to the next level
by Seth Rosenblatt


A laundry list of features new to Kaspersky debuts today in a new home security suite, Pure Total Security. Originally announced earlier this month at CES 2011, Kaspersky Pure Total Security takes the highly regarded set of features offered in Kaspersky Internet Security and mixes in some extras that are designed to appeal to people who have more complicated, multi-machine setups at home.


Read more: http://news.cnet.com/security/#ixzz1C2HUHdbP

--
Was this reply relevant?
+0
-0
mogs CClip 118
Member 25th Jan, 2011 22:05
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 119
Member 26th Jan, 2011 18:15
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Chrome Beta Channel Update
Tuesday, January 25, 2011 | 19:00
Labels: Beta updates
The Beta channel has been updated to 9.0.597.83 for Windows, Mac, Linux, and Chrome Frame.

This is primarily a stability/ minor bug fix release and the set of changes can be found here.

If you find new issues, please let us know by filing a bug at http://code.google.com/p/chromium/issues/entry

Anthony Laforge
Google Chrome
8 comments | Links to this post | Email Post
http://googlechromereleases.blogspot.com/

--
Was this reply relevant?
+0
-0
mogs CClip 120
Member 26th Jan, 2011 18:40
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
McAfee Names MyDoom 'Exploit' of the Decade
January 26th, 2011, 09:52 GMT| By Lucian Constantin

In a newly published report about the evolution of cybercrime during the past decade, McAfee named the MyDoom worm as the most damaging malware threat.

Dubbed "A Good Decade for Cybercrime," McAfee's report [pdf] looks at how the threat landscape evolved from a battleground of rival hackers seeking notoriety to an underground economy fuelled by a desire for illegal profits.

The company also makes predictions for the future saying that social networking scams and mobile threats are going to increase in prevalence this year.

McAfee begins its "top 5 exploits of the decade" list with the MyDoom worm, which is estimated to have caused damages of $38 billion.

More at :-
http://news.softpedia.com/news/MyDoom-Was-the-Most...

--
Was this reply relevant?
+0
-0
mogs CClip 121
Member 26th Jan, 2011 18:50
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Intel Developing Zero-Day Proof Security System
By Sharon Gaudin, Computerworld Jan 26, 2011 2:01 pm

Intel's chief technology officer says the chip maker is developing a technology that will be a security game changer.

Justin Rattner told Computerworld on Tuesday that scientists at Intel are working on security technology that will stop all zero-day attacks. And, while he would give few details about it, he said he hopes the new technology will be ready to be released this year.

"I think we have some real breakthrough ideas about changing the game in terms of malware," Rattner said. "We're going to see a quantum jump in the ability of future devices, be them PCs or phones or tablets or smart TVs, to defend themselves against attacks."

Read more at :-
http://www.pcworld.com/article/217772/intel_develo...

--
Was this reply relevant?
+0
-0
mogs CClip 122
Member 26th Jan, 2011 19:39
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Conficker Working Group talks up successes
But millions of PCs are still infected
David Neal
V3.co.uk, 26 Jan 2011
The working group set up to tackle the Conficker worm has produced its final report on its achievements, calling for greater collaboration among public and private sectors in future and warning that the worm remains at large.

Conficker led to the largest computer infection of its time, affecting a wide range of organisations including governments, businesses and home computers. All told, the worm managed to infect an estimated seven million machines.

The Conficker Working Group included representatives from Microsoft and Icann, along with domain registry operators, anti-virus vendors, and academic researchers.

The Lessons Learned (PDF) report from the group said that the main aim was to register and block domains before the Conficker author could get to them and update the botnet. Although there were some errors, the report claims that the group was successful in this aim.

However, it was unable to fix infected computers and remove all traces of the botnet. The report explained that there are millions of infected computers still out there.



Read more: http://www.v3.co.uk/v3/news/2274433/conficker-worm...


--
Was this reply relevant?
+0
-0
mogs CClip 123
Member 27th Jan, 2011 08:19
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Chrome Dev Channel Update
Wednesday, January 26, 2011 | 18:02
Labels: Dev updates

The Chrome Dev channel has been updated to 10.0.648.6 for all platforms. This build primarily contains stability fixes from the previous dev channel release. Full details about the Chrome changes are available in the SVN revision log. If you find new issues, please let us know by filing a bug. Want to change to another Chrome release channel? Find out how.

Jason Kersey

http://googlechromereleases.blogspot.com/

--
Was this reply relevant?
+0
-0
mogs CClip 124
Member 27th Jan, 2011 08:38
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 125
Member 27th Jan, 2011 10:24
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 126
Member 27th Jan, 2011 12:36
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 127
Member 27th Jan, 2011 19:53
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Piracy Terms Removed from Google Search Suggestions Deemed Overly Broad

January 27th, 2011, 11:34 GMT| By Lucian Constantin

Google is facing strong criticism for removing search suggestions and instant results for terms like BitTorrent, uTorrent, RapidShare and others as part of its commitment to fighting piracy.

At the beginning of December, the Web search giant revealed via its general counsel that it plans on making improvements to the way it tackles copyright infringement issues.

Among several announced changes, the company said it will prevent terms "closely associated with piracy" from appearing in Autocomplete.

TorrentFreak now reports that Google has kept its promise, but the implementation leaves a lot to be desired and can actually hurt legitimate businesses.

More at :-
http://news.softpedia.com/news/Piracy-Terms-Remove...

--
Was this reply relevant?
+0
-0
mogs CClip 128
Member 27th Jan, 2011 21:33
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 129
Member 28th Jan, 2011 23:17
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK

Kaspersky Anti-Virus Source Code Leaks Online
January 28th, 2011, 14:19 GMT| By Lucian Constantin

It seems that the source code for one of Kaspersky's security suite products has been leaked online and is available for download from torrent and file hosting websites.

According to a description accompanying the release, the sources were stolen from Kaspersky Lab in 2008 and the last changes made to them date from December 2007.

The code is written in C++ and Delphi and covers the anti-virus engine, as well as the anti-phishing, anti-dialer, anti-spam, parental control, and other modules.

We don't know yet to what version of Kaspersky's security suite the sources actually correspond to, but 8.0 is the most likely candidate at this point.

The Russian vendor's line of products is now at version 11.0, which is publicly marketed as 2011 and PURE, for the most complete offering.

We have contacted the company at several different email addresses to ask for clarifications regarding this major intellectual property theft incident, but we have yet to receive a response.

Read more at :-
http://news.softpedia.com/news/Kaspersky-Anti-Viru...

--
Was this reply relevant?
+0
-0
mogs CClip 130
Member 28th Jan, 2011 23:22
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 131
Member 28th Jan, 2011 23:26
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Last edited on 28th Jan, 2011 23:27


--
Was this reply relevant?
+0
-0
mogs CClip 132
Member 29th Jan, 2011 12:01
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
SourceForge Resets All Passwords Following Security Breach
January 29th, 2011, 06:16 GMT| By Lucian Constantin

SourceForge, the world's largest open source software repository, has reset the password for all of its users following a successful attack against its infrastructure.

The SourceForge team discovered the security breach on Thursday when exploits were found uploaded on several servers.

A preliminary investigation revealed the attack originated on the CVS hosting server, but the actual attack vector has not been identified yet.

As a result of the incident, some functionality was immediately suspended, including CVS hosting, web-based source code browsing (ViewVC), the capability to upload new releases and the Interactive Shell services.

A subsequent update posted on the site's official blog did not reveal any more information except that the team now better understands what happened and how it can prevent it in the future.

Read more at :-
http://news.softpedia.com/news/Sourceforge-Servers...

--
Was this reply relevant?
+0
-0
mogs CClip 133
Member 29th Jan, 2011 12:07
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Net approaches address exhaustion
By Mark Ward
Technology correspondent, BBC News

The last big blocks of the net's dwindling stock of addresses are about to be handed out.

The event that triggers their distribution is widely expected to take place in the next few days.

When that happens each of the five regional agencies that hand out net addresses will get one of the remaining blocks of 16 million addresses.

The addresses in those last five blocks are expected to be completely exhausted by September 2011.

http://www.bbc.co.uk/news/technology-12306573

--
Was this reply relevant?
+0
-0
mogs CClip 134
Member 29th Jan, 2011 12:13
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Google updates Chrome OS beta

Concentrates on squashing networking bugs
By Lawrence Latif
Fri Jan 28 2011, 12:39
SOFTWARE DEVELOPER Google has announced an update to its Chrome OS beta that includes security and stability fixes.
Google's Chrome OS has now reached version 0.9.130.14 and includes the Chrome 8.0.522.344 web browser. In this release, Google has updated the kernel to fix a security vulnerability along with stability fixes for wireless networking and improvements to the audio architecture.


Read more: http://www.theinquirer.net/inquirer/news/1940394/g...


--
Was this reply relevant?
+0
-0
mogs CClip 135
Member 29th Jan, 2011 12:16
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 136
Member 29th Jan, 2011 15:04
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK

Former Kaspersky Employee Responsible for Leaked Source Code

January 29th, 2011, 09:56 GMT| By Lucian Constantin



The Kaspersky source code that recently made its way onto public websites was leaked by a former employee of the antivirus vendor, who is already serving a prison sentence for intellectual property theft.

More at :-
http://news.softpedia.com/news/Former-Kaspersky-Em...

--
Was this reply relevant?
+0
-0
mogs CClip 137
Member 31st Jan, 2011 07:48
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Attack Code Published for New Windows 0-Day Vulnerability

January 31st, 2011, 05:11 GMT| By Lucian Constantin

A new zero-day script injection vulnerability has been confirmed in Windows and proof-of-concept attack code has already been published on public websites.

The flaw, identified as CVE-2011-0096, is located in the MHTML (MIME Encapsulation of Aggregate HTML) protocol handler and affects all supported version of Windows.

"The vulnerability exists due to the way MHTML interprets MIME-formatted requests for content blocks within a document.

"It is possible under certain conditions for this vulnerability to allow an attacker to inject a client-side script in the response of a Web request run in the context of the victim's Internet Explorer," Microsoft wrote in a newly published advisory.

More at :-
http://news.softpedia.com/news/Attack-Code-Publish...

--
Was this reply relevant?
+0
-0
mogs CClip 138
Member 31st Jan, 2011 07:53
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 139
Member 31st Jan, 2011 10:35
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 140
Member 31st Jan, 2011 11:21
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Kaspersky Confirms Source Code Leak, Threatens Legal Action Against Downloaders
January 31st, 2011, 07:34 GMT| By Lucian Constantin



Russian antivirus vendor Kaspersky Lab has confirmed the unauthorized online availability of its intellectual property in the form of source code and warned that it will launch legal action against people who downloaded and shared it.

In a statement sent to Softpedia, the company says that partial source code for its 2008 range of consumer products was stolen almost three years ago by a former employee.

The person responsible was quickly arrested and received a three-year suspended prison sentence for violations under Article 183 of the Russian Federation Criminal Code.

Kaspersky further confirms that it had knowledge of the source code being distributed on underground forums since as early as November 2010 and that the same files made their way onto more public websites recently.

More at :-
http://news.softpedia.com/news/Kaspersky-Confirms-...

--
Was this reply relevant?
+0
-0
mogs CClip 141
Member 31st Jan, 2011 11:50
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Security is Only as Strong as the Weakest Link

By Paul Rubens

A devastating security breach at Trapster.com, home of a mobile app that helps drivers avoid getting speeding tickets, perfectly illustrates the old adage that security is only as strong as the weakest link.

The website's 10 million registered users were informed this month that "our website has been the target of a hacking attempt, and it is possible that your email address and password were compromised."

A website should never, ever, store your password unencrypted. What it should do is pass your password through a hashing function which converts it into an apparently random string of characters. It's this password "hash" that it should store. Every subsequent time you enter your password to log in, the site should hash it and ensure that the result matches the hash of your password it has stored. That means that if hackers break in they can't get their hands on a list of passwords - they can only get a list of hashes, which in themselves aren't very useful. That's because getting a password back from a hash is hard, and probably impossible if the original password is long and complicated.

But Rob Cotton, CEO of security outfit NCC Group, reckons that Trapster wasn't protecting its users' password in this way. "Website owners should declare if they store your passwords using strong hashing. This is a simple process and not any more expensive to implement, however, unfortunately, websites not using this method of cryptography is something we see all too often and this can only be down to developers' laziness or ignorance. In the case of Trapster, it would appear that they didn't encrypt or hash so the hackers got the crown jewels."

More at :-
http://www.esecurityplanet.com/features/article.ph...

--
Was this reply relevant?
+0
-0
mogs CClip 142
Member 31st Jan, 2011 21:39
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs RE: Daily CYBERCLIPS January
Member 1st Feb, 2011 08:20
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
This thread is now closed....please see the February edition for further posts :-
http://secunia.com/community/forum/thread/show/741...
Thankyou.


--
Was this reply relevant?
+0
-0

This thread has been marked as locked.