Forum Thread: Daily CYBERCLIPS March

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
Open Discussions

This thread has been marked as locked.
mogs Daily CYBERCLIPS March
Member 1st Mar, 2011 07:10
Ranking:
Posts: 6,279
User Since: 22nd Apr, 2009
System Score: N/A
Location: UK
Last edited on 1st Mar, 2011 07:11

Eighth Edition

Thankyou for your continuing support. Hope you find something of value/interest in the new thread. The new INDEX thread will follow shortly.
Please refrain from scoring on both threads.
Security remains the main theme of the thread with some related and varied topics.
Please note....the most recent posts are those at the end of a downward scroll !!
I should reiterate that no entry/post should be taken as a personal recommendation, unless otherwise stated.
Please continue to keep CYBERCLIPS free of junk and unattractive to any contentious individuals; whilst, at the same time feeling disposed towards posting suitable content, and one-off helpful comment, yourself.
* Keep patching : up to date : be Cybersafe ! *

--

mogs CClip 1
Member 1st Mar, 2011 07:19
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Last edited on 1st Mar, 2011 07:20


--
Was this reply relevant?
+0
-0
mogs CClip 2
Member 1st Mar, 2011 18:03
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
LastPass Fixes Serious Cross-Site Scripting Vulnerability

March 1st, 2011, 07:19 GMT| By Lucian Constantin

Password management service LastPass has fixed a serious cross-site scripting vulnerability on its website which could have been exploited to obtain sensitive information about other people's accounts.

LastPass allows users to generate secure passwords for each of their accounts and store them inside an encrypted container controlled by a master password.

The company offers extensions for all major browsers, which help with auto-fill and other operations, but the login details can also be accessed via its website.

The flaw on lastpass.com was discovered by a UK independent security researcher named Mike Cardwell who notified the company about it.

More at :-
http://news.softpedia.com/news/LastPass-Fixes-Seri...

--
Was this reply relevant?
+0
-0
mogs CClip 3
Member 1st Mar, 2011 18:07
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Download Firefox 3.6.14 and Firefox 3.5.17

March 1st, 2011, 18:27 GMT| By Marius Oiaga

Here are some Firefox downloads to hold you over while you wait for Firefox 4.0 Release Candidate (RC).

Mozilla has just made available for download Firefox 3.6.14 and Firefox 3.5.17, the latest updates to the currently supported stable versions of its open source browser.

Fact is that Mozilla noted as much as a week ago that it was going to provide users with the latest Firefox 3.6.x and Firefox 3.5.x releases today, March 1st, 2011, and the company managed to live up to its promise.

Firefox 3.6.14 and Firefox 3.5.17 can be downloaded via the links at the bottom of this article, but users will need to exercise their patience a bit longer when it comes down to additional details, such as release notes.

Read more at :-
http://news.softpedia.com/news/Download-Firefox-3-...

--
Was this reply relevant?
+0
-0
mogs CClip 4
Member 1st Mar, 2011 18:12
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK

Google 'finds' missing G-mails on tape


Google has apologised to customers who found their Gmail inboxes empty after accounts were accidentally wiped clean.

It said that the e-mails were "never lost" and that "things should be back to normal for everyone soon".

Many of the missing e-mails are backed up on tape, hence the delay in restoring them, the search giant said.

More at :-
http://www.bbc.co.uk/news/technology-12607364

--
Was this reply relevant?
+0
-0
mogs CClip 5
Member 1st Mar, 2011 18:24
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 6
Member 1st Mar, 2011 21:23
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 7
Member 2nd Mar, 2011 20:45
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Security Updates Available for Mozilla Firefox and Thunderbird

March 2nd, 2011, 08:30 GMT| By Lucian Constantin



Mozilla has released security updates for its Firefox browser and Thunderbird email client addressing a significant number of critical vulnerabilities that can lead to arbitrary code execution.

There were a total of ten vulnerabilities fixed in the new Firefox 3.6.14 and 3.5.17, while Thunderbird 3.1.8 contains patches for three.


More info and downloads :-
http://news.softpedia.com/news/Security-Updates-Av...

--
Was this reply relevant?
+0
-0
mogs CClip 8
Member 2nd Mar, 2011 20:49
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 9
Member 2nd Mar, 2011 20:55
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK

Britons caught out by booby-trapped web ads


Tens of thousands of people could have been caught out by cyber criminals who put booby-trapped adverts on popular webpages.

The criminals racked up the victims by compromising the computers used by ad firm Unanimis to display adverts to popular websites.

The ads appeared on the websites of the London Stock Exchange, Autotrader, the Vue cinema chain and six other sites.

Unanimis said it moved quickly to pull the adverts once they were discovered.

More at :-
http://www.bbc.co.uk/news/technology-12608651

--
Was this reply relevant?
+0
-0
mogs CClip 10
Member 2nd Mar, 2011 21:00
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
IE9 has been downloaded 36 million times

Microsoft cheers for its fans
By David Neal
Wed Mar 02 2011, 16:10
INTERNET EXPLORER 9 (IE9) has been downloaded some 36 million times according to Microsoft, which added that IE9 has a whopping 0.66 per cent of all worldwide browser users.
Since it was thrust onto an unexpectant world on 10 February, the Vole's latest creaky browser has slowly built up its download total with the IE9 beta and then the release candidate, which drew 11 million downloads.


Read more: http://www.theinquirer.net/inquirer/news/2030185/i...
The Inquirer

--
Was this reply relevant?
+0
-0
mogs CClip 11
Member 2nd Mar, 2011 21:03
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


Dev Channel Update
Monday, February 28, 2011 | 18:30
Labels: Dev updates
Note: We've updated the Dev channel to 11.0.686.1 for All platforms. This new build fixes the HTML5 issue noted below (Issue 74451).

The Dev channel has been updated to 11.0.686.0 for All platforms
All
Updated V8 - 3.1.6.1
Accelerated compositing turned on by default (use --disable-accelerated-layers to disable).
Fixed a bug affecting the bookmark manager and other extensions. (Issue 43448)
FTP: fixed a compatibility issue. (Issue 72060)
Windows
GPU acceleration and WebGL disabled for Windows XP
Windows Restart Manager restores Chrome on update-triggered restarts. (Vista/2008+).
Mac
Fix bugs related to the new infobar UI (Issue 73357) and Issue 73590))
Known Issues
HTML5 videos don't play on Vimeo.com (Issue 74451)
Gmail renders with narrower lines.

More details about additional changes are available in the log of all revisions.

You can find out about getting on the Dev channel here: http://dev.chromium.org/getting-involved/dev-chann...

--
Was this reply relevant?
+0
-0
mogs CClip 12
Member 3rd Mar, 2011 08:36
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Banking Trojan Hijacks SSL Connections

March 3rd, 2011, 05:06 GMT| By Lucian Constantin

Security researchers from Symantec warn of a new banking trojan capable of hijacking the SSL connections between browsers and online banking sites in a way that is hard to spot.

Variants of this malware, which Symantec detects as Trojan.Tatanarg, have been in circulation since last October, but its code is believed to be based on an older threat called W32.Spamuzle.

The trojan has a modular architecture, with separate components handling different tasks, and the functionality of most banking malware.

It can inject rogue HTML code into pages (man-in-the-browser attacks), disrupt antivirus software, uninstall other banking trojans and enable Windows remote access.

It also features a backdoor component through which attackers can issue commands to control the infected computers

More at :-
http://news.softpedia.com/news/Banking-Trojan-Hija...

--
Was this reply relevant?
+0
-0
mogs CClip 13
Member 3rd Mar, 2011 08:44
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 14
Member 3rd Mar, 2011 08:47
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Beta Channel Update
Wednesday, March 2, 2011 | 17:56
Labels: Beta updates
The Chrome Beta channel has been updated to 10.0.648.126 for all platforms. This release contains stability improvements and UI tweaks. There is one known issue:

[Bug 74709] Clicking "Disable individual plug-ins" in Options causes crash

Full details about the Chrome changes are available in the SVN revision log. If you find new issues, please let us know by filing a bug. Want to change to another Chrome release channel? Find out how.

Jason Kersey
Google Chrome
http://googlechromereleases.blogspot.com/

--
Was this reply relevant?
+0
-0
mogs CClip 15
Member 3rd Mar, 2011 10:44
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 16
Member 3rd Mar, 2011 23:14
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Beta Channel Update
Thursday, March 3, 2011 | 11:03
Labels: Beta updates

The Chrome Beta channel has been updated to 10.0.648.127 for all platforms. This release fixes the following issue:
[Bug 74709] Clicking "Disable individual plug-ins" in Options causes crash
Full details about the Chrome changes are available in the SVN revision log. If you find new issues, please let us know by filing a bug. Want to change to another Chrome release channel? Find out how.

Jason Kersey
Google Chrome

http://googlechromereleases.blogspot.com/

--
Was this reply relevant?
+0
-0
mogs CClip 17
Member 3rd Mar, 2011 23:19
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 18
Member 3rd Mar, 2011 23:24
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 19
Member 3rd Mar, 2011 23:27
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Microsoft pushes anti-AutoRun update at XP, Vista users
Changes update offer from optional to automatic

By Gregg Keizer
March 3, 2011 01:06 PM ETComments (0)Recommended (2)
Computerworld - Microsoft last week changed how it delivers an update that disables AutoRun, a Windows feature that big name worms, including Conficker and Stuxnet, have used to infect millions of PCs.

The company is now pushing the update to Windows XP and Vista users automatically.

More at :-
http://www.computerworld.com/s/article/9212938/Mic...

--
Was this reply relevant?
+0
-0
mogs CClip 20
Member 3rd Mar, 2011 23:30
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Microsoft won't patch IE before Pwn2Own
Will address four vulnerabilities in next week's Patch Tuesday, including first fix for Windows 7 SP1

By Gregg Keizer
March 3, 2011 04:15 PM ETComments (0)Recommended (0)
Computerworld - Microsoft today revealed that it will not update Internet Explorer (IE) before the Pwn2Own hacking contest begins next week.

Instead, Microsoft plans to ship three security updates on Tuesday to patch four vulnerabilities in Windows and its Office Groove 2007 collaboration software, the company announced today.

More at :-
http://www.computerworld.com/s/article/9213078/Mic...

--
Was this reply relevant?
+0
-0
mogs CClip 21
Member 4th Mar, 2011 08:16
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Chrome OS Beta Channel Update
Thursday, March 3, 2011 | 14:31
Labels: Chrome OS

The Chrome OS Beta channel has been updated to R10 release 0.10.156.46 including the new Chrome 10 Beta, new trackpad and several stability and functional improvements over the previous release. This release contains the following security fixes:
Scratchpad application security vulnerability fix
In addition to all Chrome 10 new features (see Chrome 10 blogpost), there are several Chrome OS great improvements including:
3G modem activation fixes
3G connection to the carrier fixes
Wi-Fi connectivity/Out of the Box fixes
New trackpad and sensitivity setting adjusted
Auto update engine and debugging improvements
Power optimizations
GTalk video/chat optimizations
Audio CPU utilization improvements
Improved on screen indicators: brightness, network status, update icon
There is one known issue:
[Bug 12085] Audio does not pick up until browser refresh upon lid re-open
You can find full list of fixes that are in Chrome OS R10 in the chromium-os bug tracker . If you find new issues, please let us know by visiting our help site or filing a bug.
Josafat Garcia
http://googlechromereleases.blogspot.com/

--
Was this reply relevant?
+0
-0
mogs CClip 22
Member 4th Mar, 2011 10:32
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Dev Channel Update......Note
Monday, February 28, 2011 | 18:30
Labels: Dev updates
Note: We've updated the Dev channel to 11.0.686.3 for All platforms. This new build fixes the autofill related crash (Issue 74511).

Note: We've updated the Dev channel to 11.0.686.1 for All platforms. This new build fixes the HTML5 issue noted below (Issue 74451).

The Dev channel has been updated to 11.0.686.0 for All platforms
All
Updated V8 - 3.1.6.1
Accelerated compositing turned on by default (use --disable-accelerated-layers to disable).
Fixed a bug affecting the bookmark manager and other extensions. (Issue 43448)
FTP: fixed a compatibility issue. (Issue 72060)
Windows

--
Was this reply relevant?
+0
-0
mogs CClip 23
Member 4th Mar, 2011 10:36
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Download Opera 11.10 Barracuda Alpha Build 2018 Now with Zoomable Speed Dial

March 4th, 2011, 09:19 GMT| By Marius Oiaga

The latest development snapshot of Opera 11.10 codenamed Barracuda takes Speed Dial to a whole new level, with the feature having already been kicked up a notch in an earlier Alpha preview.

Opera Software made it very clear early on in the development of codenamed Barracuda , that Opera 11.10 would be synonymous with a consistent boost to how users navigate to their favorite online destinations immediately after firing up the browser, or after opening a new Tab / window.

As of Opera 11.10 Barracuda Alpha Build 2018, early adopters can take advantage of zoomable Speed Dial.

Read more at :-
http://news.softpedia.com/news/Download-Opera-11-1...

--
Was this reply relevant?
+0
-0
mogs CClip 24
Member 4th Mar, 2011 10:40
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Apple to patch Safari before Pwn2Own, say researchers
Clues point to impending update that will beef up browser before next week's hacking contest

By Gregg Keizer
March 3, 2011 03:07 PM ETComments (0)Recommended (7)
Computerworld - Apple will patch its Safari browser before the Pwn2Own hacking contest kicks off next week, security researchers hinted today.

If accurate, Apple will join both Google and Mozilla, which earlier this week issued security updates for Chrome and Firefox as preparation for Pwn2Own

More at :-
http://www.computerworld.com/s/article/9213018/App...




--
Was this reply relevant?
+0
-0
mogs CClip 25
Member 4th Mar, 2011 23:29
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 26
Member 4th Mar, 2011 23:32
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 27
Member 5th Mar, 2011 11:38
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
WordPress' Automattic dashboard shows the outage caused by a DDoS attack this morning.
(Credit: WordPress)
The popular blogging-site hoster WordPress was hit with another distributed denial-of-service attack this morning, the second in two days.
"Unfortunately, the DDoS attack from yesterday returned in a different form this morning and affected sitewide performance," the company said in a notice on its Automattic site, which serves as a dashboard for the service. "The good news is that we were able to mitigate it quickly and performance returned to normal around 11:15 UTC. We are continuing to monitor the situation closely."
Stats on Automattic.com show that the site was affected for about an hour or so starting around 3:15 a.m. PST. One day earlier, WordPress was hit with an attack that reached "multiple Gigabits per second and tens of millions of packets per second," hampering the company's three ... Read full post & comments


Read more: http://news.cnet.com/security/#ixzz1FiiigFTB

--
Was this reply relevant?
+0
-0
mogs CClip 28
Member 5th Mar, 2011 11:42
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Rate of Malicious Email Spikes: MessageLabs
March 2, 2011
By Stuart J. Johnston

Malware accounted for one in every 290 emails in February, according to the latest report from MessageLabs, and the study's authors say it's getting worse, not better.

The most popular vehicle for delivering malicious software in February was to conceal the threat within a PDF file.

MessageLabs estimated that 65 percent of targeted attacks in 2010 used a PDF exploit, up 12.4 percent from the 2009 market of 52.6 percent.

More at :-
http://www.esecurityplanet.com/features/article.ph...

--
Was this reply relevant?
+0
-0
mogs CClip 29
Member 5th Mar, 2011 11:45
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Germany provides a secure way to deal with spam
By demanding real-world identification from email senders, a new government-backed service may stop spam

By Peter Sayer | IDG News Service


In theory, stopping spam is easy: just make it uneconomic to send millions of messages by charging for each one sent, or make senders authenticate their identity to stop address spoofing and simplify blocking.

In practice, that would involve building a secure, parallel email infrastructure linking electronic authentication with real-world identities: a daunting task. Yet that's just what Germany is about to do.

Read more at :-
http://www.infoworld.com/d/security/germany-provid...

--
Was this reply relevant?
+0
-0
mogs CClip 30
Member 5th Mar, 2011 19:33
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Giveaway: Ashampoo Photo Commander
March 5th, 2011, 11:57 GMT| By Ionut Ilascu

Photo Commander from Ashampoo: some of you know it, some may have only heard of its abilities others. Regardless of the case, our deal is fairly simple: we have 10 licenses to give away for this application, and to get one you have to show us you can put the program to good use.

To achieve this, you can drop several lines in the comments section of our review. The text has to be relevant to the software. In other words, anything relating to Ashampoo Photo Commander, be it good or bad, makes for a perfect fit.

If you want to express your opinion in a video, feel free to do so, but remember to let us know of your project in the comments. Winners will be those who come up with the most pertinent content.

Read more at :-
http://news.softpedia.com/news/Giveaway-Ashampoo-P...

--
Was this reply relevant?
+1
-1
mogs CClip 31
Member 5th Mar, 2011 20:20
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
What does an error message from anti-virus software AVG mean?
A conflict between AVG and Zonealarm software causes an error message to pop up on computers running Windows XP, but there are a couple of things you can do


Read more: http://m.computeractive.co.uk/ca/pc-help/1937033/e...


--
Was this reply relevant?
+0
-0
mogs CClip 32
Member 5th Mar, 2011 20:26
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 33
Member 6th Mar, 2011 03:13
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 34
Member 6th Mar, 2011 11:28
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 35
Member 6th Mar, 2011 11:32
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 36
Member 7th Mar, 2011 09:08
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 37
Member 7th Mar, 2011 09:13
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Denial of Service Attacks: A Hall of Shame
By Tim Greene, NetworkWorld Mar 6, 2011 5:27 pm

Distributed denial of service (DDoS) attacks like the ones that nailed WordPress blogs in early March have been around for decades, but it's only in the last dozen years that they've had enough impact to grab public attention.

With the rise and commercial availability of botnets that provide a distributed platform from which to launch these attacks the means to carry them out are accessible.

BEYOND DDOS: PayPal CISO says DDoS attacks just one of many threats

Due to the cost, though, they have to be carried out by a motivated adversary bent on harm since there is little way to reap monetary profit from them aside from blackmailing potential victims with threats of crippling their servers.

More at :-
http://www.pcworld.com/article/221460/denial_of_se...

--
Was this reply relevant?
+0
-0
mogs CClip 38
Member 7th Mar, 2011 10:35
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 39
Member 7th Mar, 2011 11:19
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 40
Member 7th Mar, 2011 19:40
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 41
Member 7th Mar, 2011 19:52
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+1
-1
mogs CClip 42
Member 8th Mar, 2011 08:22
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 43
Member 8th Mar, 2011 08:39
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK

Mozilla urges users to update graphics drivers for Firefox 4
Tells users to download newest Windows graphics drivers for hardware acceleration

By Gregg Keizer

Computerworld - Mozilla has urged users to update their graphics cards' drivers if they want to take advantage of Firefox 4's hardware acceleration.

Last Friday, Benoit Jacob, who works on Mozilla's platform engineering team, spelled out why users should verify that their computers, especially PCs powered by Windows, have the latest graphics drivers.

"When we turned these features on by default in nightly builds around September last year, and then in [Firefox 4] Beta 7, crash statistics and bug reports quickly showed that bugs in graphics drivers were often making these features misbehave," Jacob said in a blog post. "We reacted by selectively disabling these new features on buggy drivers, based on the large amounts of information collected by beta testers."

More at :-
http://www.computerworld.com/s/article/9213648/Moz...

--
Was this reply relevant?
+0
-0
mogs CClip 44
Member 8th Mar, 2011 21:04
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Microsoft Detects Spikes in SWF Malware Attacks Using Embedded JavaScript

March 8th, 2011, 11:09 GMT| By Lucian Constantin

Microsoft has seen spikes in the number of attacks using SWF malware that embeds malicious JavaScript and warns that this technique might become more prevalent in the near future.

SWF-based malware is not new. It is commonly used to exploit vulnerabilities in Adobe Flash Player in order to install further threats on computers.

The new trojan identified by Microsoft and dubbed Trojan:SWF/Jaswi.A targets CVE-2010-0806, an arbitrary code execution vulnerability in Internet Explorer 6 and 7.

More at :-
http://news.softpedia.com/news/Microsoft-Sees-Spik...

--
Was this reply relevant?
+0
-0
mogs CClip 45
Member 8th Mar, 2011 21:11
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 46
Member 8th Mar, 2011 21:14
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Chrome Stable Release
Tuesday, March 8, 2011 | 08:00
Labels: Stable updates
The Google Chrome team is excited to announce the arrival of Chrome 10.0.648.127 to the Stable Channel for Windows, Mac, Linux, and Chrome Frame. Chrome 10 contains some really great improvements including:
New version of V8 - Crankshaft - which greatly improves javascript performance
New settings pages that open in a tab, rather than a dialog box
Improved security with malware reporting and disabling outdated plugins by default
Sandboxed Adobe Flash on Windows
Password sync as part of Chrome Sync now enabled by default
GPU Accelerated Video
Background WebApps
webNavigation extension API

Security fixes and rewards:
Please see the Chromium security page for more detail. Note that the referenced bugs may be kept private until a majority of our users are up to date with the fix.

http://googlechromereleases.blogspot.com/

--
Was this reply relevant?
+0
-0
mogs CClip 47
Member 8th Mar, 2011 21:19
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
The average website is vulnerable more than 270 days a year

Faulty code is often the problem
By Asavin Wattanajantra
Tue Mar 08 2011, 11:43
THE AVERAGE WEBSITE is vulnerable most days of the year, according to a report.
Insecurity firm Whitehat examined more than 3,000 websites across 400 organisations during 2010. It looked at each website's window of exposure, combining research about vulnerability prevalence, time to took to fix problems, and the percentage that were cleaned up.
It found that the average website fell into the category of "always" or "frequently" vulnerable, exposed more than 270 days of the year.
"It's inevitable that websites will contain some faulty code - especially in sites that are continually updated," said Whitehat Security founder Jeremiah Grossman.
The research also found that 64 per cent of websites had at least one information leakage flaw, overtaking cross-site scripting as the top bugbear from the year before. This is a vulnerability where a website will reveal sensitive information, like user or technical data for example.


Read more: http://www.theinquirer.net/inquirer/news/2032118/a...
The Inquirer

--
Was this reply relevant?
+0
-0

jannypan

RE: Daily CYBERCLIPS March
[+]
This reply has been deleted
mogs CClip 48
Member 9th Mar, 2011 08:18
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 49
Member 9th Mar, 2011 09:31
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
New Browser Plug-In Provides Real-Time URL Scanning in Search Results

March 8th, 2011, 17:49 GMT| By Lucian Constantin

A new Firefox and Internet Explorer plug-in called M86 SecureBrowsing offers real-time malware scanning for URLs displayed in search results and on social media websites.

The plug-in was developed by M86 Security, a provider of gateway Web and messaging security solutions, and is free to use.

Once installed, M86 SecureBrowsing anonymously sends all URLs displayed in search results on Google, Yahoo! and Bing, back to the company's cloud systems.

The cloud scanners check those pages using the company's Real-Time Code Analysis (RTCA) technology and report back with the status.

Read more at :-
http://news.softpedia.com/news/New-Browser-Plug-In...

--
Was this reply relevant?
+0
-0
mogs CClip 50
Member 9th Mar, 2011 09:35
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Windows 7 SP1 RTM Blue Screens of Death Due to Language Packs

March 8th, 2011, 16:20 GMT| By Marius Oiaga

Microsoft has confirmed an issue with the deployment of Windows 7 Service Pack 1 RTM in which, following the installation process, some customers can experience a Blue Screen of Death crash accompanied by "Error C000009A."

According to the Redmond company, at fault are language packs that the users have already integrated with the operating system prior to starting to install SP1.

Customers do have a solution, but it requires quite a lot of time and effort on their part, as they will need to perform all steps manually.

Read more at :-
http://news.softpedia.com/news/Windows-7-SP1-RTM-B...

--
Was this reply relevant?
+0
-0
mogs CClip 51
Member 9th Mar, 2011 18:50
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 52
Member 9th Mar, 2011 18:55
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Confusion Mounts as EU Cookie Law Implementation Deadline Draws Near
March 9th, 2011, 09:33 GMT| By Lucian Constantin

As the deadline to implement the controversial EU Telecoms Reform Directive (TRD) draws near there is still confusion as to how its tracking cookie requirements will be put into practice.

The proposed regulation is sometimes referred to as the "Cookie Directive," because of one of the most important amendments it brings to the Privacy and Electronic Communications Directive (PECD), concerns browser cookies.

The new regulation would require websites to ask for explicit consent from users before storing tracking cookies like those used for behavioral advertising purposes.

But despite member states having until May 25 to implement this regulation, there are still questions about how the consent should be obtained.

Read more at :-
http://news.softpedia.com/news/Confusion-Mounts-as...

--
Was this reply relevant?
+0
-0
mogs CClip 53
Member 9th Mar, 2011 19:03
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
PWN2OWN Goes Deep to Exploit Browsers

By Sean Michael Kerner
The Pwn2own hacking challenge, sponsored by HP TippingPoint has emerged as one of the pre-eminent security events in any given calendar year. Security researchers compete to see who can hack web browsers and mobile platforms with cash and prizes up for grabs.

This year more money than ever will be on this line for researchers that specifically target Chrome, though Firefox, IE and Safari are still in researchers' crosshairs. Google is putting up $20,000 for Chrome vulnerabilities, while the total contest prize pool is approximately $125,000. Mobile platforms are also set to be targeted as researchers go beyond just the operating system to take aim at the underlying hardware as well. Researchers will also be going after the most secure aspects of browser security in an effort to demonstrate vulnerabilities.

More at :-
http://www.esecurityplanet.com/features/article.ph...

--
Was this reply relevant?
+0
-0
mogs CClip 54
Member 9th Mar, 2011 19:08
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
MARCH 09, 2011
Anti-virus tests find security programs fooled by attack vector
Malware that is blocked one time may be allowed through via another route, such as through a local network fileshare or USB drive

A new round of anti-virus testing has found some products fail to detect malware that tries to infect a computer via a different attack vector, such as through a local network fileshare or a USB drive.

The tests, conducted by NSS Labs, sought to find out how effective security products are at detecting malware from various attack vectors. Malware can be delivered to a computer via rigged websites, email attachments, and USB flash drives, among other ways.

More at :-
http://www.infoworld.com/d/security/anti-virus-tes...

--
Was this reply relevant?
+0
-0
mogs CClip 55
Member 10th Mar, 2011 19:37
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
IE8 Hacked at Pwn2Own with Three Chained Exploits

March 10th, 2011, 09:57 GMT| By Lucian Constantin

Internet Explorer 8 was the second browser to fall at the Pwn2Own hacking contest, but the security researcher responsible for the hack had to chain together three exploits.

Pwn2Own 2011 kicked off yesterday at the CanSecWest conference in Vancouver, Canada, with Safari being compromised in five seconds by researchers from VUPEN Security.

Internet Explorer 8 followed shortly, but unlike the Safari exploit which was executed via a transparent drive-by-download attack, the IE hack required the user to interact with the page and click on a link.

The compromise was the achievement of Irish security researcher and Metasploit developer Stephen Fewer, who had to exploit three vulnerabilities in order to get the job done.

In addition to proving arbitrary code execution by launching calc.exe, Fewer's attack also bypassed the IE Protected Mode and write to a file.

The researcher told ZDNet he needed six weeks to find the three vulnerabilities and write a reliable exploit, the Protected Mode bypass being the hardest part.

Read more at :-
http://news.softpedia.com/news/IE8-Compromised-at-...

--
Was this reply relevant?
+0
-0
mogs CClip 56
Member 10th Mar, 2011 19:46
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Google's Chrome untouched at Pwn2Own hack match
Scheduled attackers don't show, or pass on exploiting sandboxed browser

By Gregg Keizer
March 10, 2011 06:34 AM ETComments (13)Recommended (33)
Computerworld - Google's $20,000 was as safe at Pwn2Own Wednesday as if it had been in the bank.

The search giant had promised to pay $20,000 to the first researcher who broke into Chrome on the hacking contest's opening day.

But no one took up Google's offer.

More at :-
http://www.computerworld.com/s/article/9214022/Goo...

--
Was this reply relevant?
+0
-0
mogs CClip 57
Member 10th Mar, 2011 19:58
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Mozilla puts out a Firefox 4 release candidate

The wait is almost over
By Lawrence Latif
Thu Mar 10 2011, 09:52
SOFTWARE DEVELOPER Mozilla has announced that its Firefox 4 web browser has finally made it out of beta and is now available as a release candidate.
Mozilla released 12 betas of Firefox 4 before reaching the release candidate stage and says that those who are currently on the beta release will be automatically updated to the release candidate, which is available in 70 languages. Those who update will be "validating the new features, enhanced performance and stability and HTML5 capabilities in Firefox 4", says Mozilla.


Read more: http://www.theinquirer.net/inquirer/news/2032904/m...
The Inquirer

--
Was this reply relevant?
+0
-0
mogs CClip 58
Member 11th Mar, 2011 06:49
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
New Fake DHL Notifications Spread Trojans

March 10th, 2011, 16:22 GMT| By Lucian Constantin

Security researchers warn about a new wave of fake DHL email notifications that try to trick people into installing the SpyEye banking trojan on their computers.

The rogue emails bear a subject of "DHL Noticifaction" [sic.] and have forged headers to appear as originating from a infoom@dhl.com email address.

The body message tells recipients to expect a parcel in seven days and instructs them to read more information in the attached document.

"Dear customer. The parcel was send your home address. And it will arrice [sic.] within 7 bussness [sic.] day. More information and the tracking number are attached in document below. Thank you," it reads.

The attachment is called DHL_Document.zip and contains an executable with the same name. There appears to be two different pieces of malware being distributed by this campaign.

One is a almost certainly a trojan dropper, but according to a Virus Total scan, detection is all over the place. Some antivirus programs detect it as Oficla, others as a backdoor called Bitfrose, while a few as the Zbot banking trojan.

More at :-
http://news.softpedia.com/news/New-Fake-DHL-Notifi...

--
Was this reply relevant?
+0
-0
mogs CClip 59
Member 11th Mar, 2011 07:00
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Dev Channel Update
Thursday, March 10, 2011 | 18:21
The Dev channel has been updated to 11.0.696.3 for All platforms

The following bugs were fixed
Can not select omnibox auto suggested entries by clicking at it (Issue 75366).
Linux: "Behavior " string is not externalized on the Exceptions page(Issue 74080).
Chromium not loading some plugins (Issue 75351).
POST omits body after NTLM authentication (Issue 62687).

Known Issues
Crash when opening tab/startup @ SkBitmap::lockPixels (Issue 75531).

You can find out about getting on the Dev channel here: http://dev.chromium.org/getting-involved/dev-chann...

If you find new issues, please let us know by filing a bug at http://code.google.com/p/chromium/issues/entry

--
Was this reply relevant?
+0
-0
mogs CClip 60
Member 12th Mar, 2011 08:10
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 61
Member 12th Mar, 2011 08:18
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 62
Member 12th Mar, 2011 08:21
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Stable and Beta Channel Updates
Friday, March 11, 2011 | 10:26
Labels: Beta updates, Stable updates
The Chrome Stable and Beta channels have been updated to 10.0.648.133 for Windows, Mac, Linux and Chrome Frame. This release fixes the following security issue:

Security fixes and rewards:
Please see the Chromium security page for more detail. Note that the referenced bugs may be kept private until a majority of our users are up to date with the fix.
[$1337] CVE-2011-1290 [75712] High Memory corruption in style handling. Credit to Vincenzo Iozzo, Ralf Philipp Weinmann and Willem Pinckaers reported through ZDI.
If you find new issues, please let us know by filing a bug. Want to change to another Chrome release channel? Find out how.

Jason Kersey
Google Chrome
http://googlechromereleases.blogspot.com/

--
Was this reply relevant?
+0
-0
mogs CClip 63
Member 12th Mar, 2011 19:34
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 64
Member 13th Mar, 2011 09:53
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Denmark to swap stamps for texts

Run out of stamps? In Denmark you will be able to use a mobile instead.
People stuck for a stamp in Denmark will soon be able to send a text message to pay the postage on a letter.

From 1 April, the Danish post office is introducing The Mobile Postage service that does away with stamps for standard sized letters.

Instead, people will send a text to the post office and get back a code they write on the envelope.
More at :-
http://www.bbc.co.uk/news/technology-12703744

--
Was this reply relevant?
+0
-0
mogs CClip 65
Member 13th Mar, 2011 09:57
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Last edited on 13th Mar, 2011 09:58
I get errors when Windows starts - what's wrong?
We show how to disable troublesome programs using a Windows tool
Tom Royal PC help Windows 12/03/2011


If you get errors every time Windows starts up, there's probably a program running when Windows starts that's causing the error.
The MSCONFIG tool allows you to see which programs run every time Windows starts and disable any that you do not want.
Our video shows how to run MSCONFIG and disable a program. Remember to only ever disable one program at a time, and take great care when choosing - disabling the wrong one could prevent Windows from starting altogether.


Read more and watch the video at: http://www.computeractive.co.uk/ca/pc-help/2030339...


--
Was this reply relevant?
+0
-0
mogs CClip 66
Member 13th Mar, 2011 10:13
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
New Attacks Leverage Unpatched IE Flaw, Microsoft Warns
By Robert McMillan, IDG News Mar 12, 2011 6:50 am

Editor's Note: An earlier version of this story confused two similar Windows flaws, both of which were disclosed in January, by two different parties. The bug being used in the new attacks was disclosed anonymously on the Full Disclosure mailing list.

An Internet Explorer flaw made public two months ago is now being used in online attacks.

The flaw, which has not yet been patched, has been used in "limited, targeted attacks," Microsoft said Friday in an update to its security advisory on the issue.

More at :-
http://www.pcworld.com/article/221978/new_attacks_...

--
Was this reply relevant?
+0
-0
mogs CClip 67
Member 14th Mar, 2011 07:43
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Major Security Hole Found on the German Finance Agency's Website
By Lucian Constantin

The Chaos Computer Club (CCC) hacker collective has notified the German Federal Finance Agency (Bundesfinanzagentur) of a serious security hole present on its website for years.

The vulnerability allowed any user to modify the content of the website through a Web-based file manager that was left unprotected.

The German Finance Agency is a state owned financial services company responsible for managing federal debt, as well as issuing Federal securities.

By leveraging the security hole, attackers could have added their own transaction quotes and could have changed the destination of the site's "Internet banking" link.


http://news.softpedia.com/news/Security-Security-H...

--
Was this reply relevant?
+0
-0
mogs CClip 68
Member 14th Mar, 2011 17:24
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 69
Member 14th Mar, 2011 18:23
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Microsoft IE9 set for release today
by Daniel Robinson
14 Mar 2011

Microsoft is preparing to release IE9 later today, as its browser faces greater competition in the marketplace than ever before.
The company has confirmed that the release version of IE9 will be available to download at 9pm Pacific time in the US, which equates to 4am Tuesday in the UK.

Microsoft has already hinted that the final code will contain some previously unseen features, but is playing its cards close to its chest until the official announcement at the South by South West (SXSW) Interactive festival in Austin, Texas.


Read more: http://www.v3.co.uk/v3-uk/news/2033852/microsoft-i...


--
Was this reply relevant?
+0
-0
mogs CClip 70
Member 15th Mar, 2011 07:55
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 71
Member 15th Mar, 2011 22:52
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 72
Member 15th Mar, 2011 22:56
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 73
Member 15th Mar, 2011 23:50
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Stable and Beta Channel Updates
Tuesday, March 15, 2011 | 13:19
Labels: Beta updates, Stable updates

The Chrome Stable and Beta channels have been updated to 10.0.648.134 for Windows, Mac, Linux and Chrome Frame. This release contains an updated version of the Adobe Flash player. If you find new issues, please let us know by filing a bug. Want to change to another Chrome release channel? Find out how.

Jason Kersey
Google Chrome
http://googlechromereleases.blogspot.com/

--
Was this reply relevant?
+0
-0
mogs CClip 74
Member 16th Mar, 2011 07:51
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 75
Member 16th Mar, 2011 07:54
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Oracle kills Sun.com after starvation diet

Goodbye to one of the web's oldest domains
By Gavin Clarke in San Francisco
Posted in Music and Media, 16th March 2011 04:00 GMT
Oracle is killing Sun.com, the online home of Sun Microsystems and one of the oldest dot-com domain names.

An entry on the Oracle's OTN Garage says that sun.com will be decommissioned on June 1.

The closure comes after Sun's new owner, Oracle, moved most of the content on BigAdmin, OpenSolaris.com, and some sections of Sun Developer Network to the Systems Admin and Developer Community of OTN.

That apparently leaves just a hardware compatibly list, which OTN Garage said engineers are "working on a solution" for. Once that's been relocated to the happy fields of Redwood Shores, Sun's domain will be turned off.

More at :-
http://www.theregister.co.uk/2011/03/16/oracle_clo...

--
Was this reply relevant?
+0
-0
mogs CClip 76
Member 16th Mar, 2011 08:00
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Last edited on 16th Mar, 2011 08:01
Dev Channel Update
Tuesday, March 15, 2011 | 17:34
The Dev channel has been updated to 11.0.696.12 for Macintosh, Windows, Linux and Chrome Frame platforms

The following bugs were fixed
New York Times Chrome app crashes on the Chorme Dev Channel (Issue 75563).
Sync login dlg is truncated (Issue 72490 ).
Status bar / target URL not shown when hovering over links(Issue 75268).
Several known crashes (Issues 75171 and 75443 and 75828).
Bookmark focus is not lost when moved away from the bookmark bar (Issue 75367).
Tooltips from browser tabs are persisting for too long (Issue 75334 ).
Content settings updates don't reflect the current Incognito session(Issue 74466).
NewTabPage is not updating when a new theme is applied (Issue 74311).
fixed download requests in chrome frame which occur in response to top level POSTs (Issue 73985 ).
Chrome locks up on form submit, constantly duplicating autofill settings to blame(Issue 74911).

You can find out about getting on the Dev channel here: http://dev.chromium.org/getting-involved/dev-chann...

If you find new issues, please let us know by filing a bug at http://code.google.com/p/chromium/issues/entry

--
Was this reply relevant?
+0
-0
mogs CClip 77
Member 16th Mar, 2011 10:34
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 78
Member 16th Mar, 2011 20:22
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 79
Member 17th Mar, 2011 09:22
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 80
Member 17th Mar, 2011 10:52
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Download Opera 11.10 Barracuda Beta
March 17th, 2011, 09:38 GMT| By Marius Oiaga

The first Beta development snapshot of Opera 11.10 codenamed Barracuda is now available for download.

Softpedia readers have been able to read about the imminent release of Opera 11.10 Barracuda Beta yesterday, and since that announcement Opera Software released two pre-Beta Builds designed to deal with various bugs.

Early adopters can now download Build 2048 and start testing the Beta immediately.

The Norway-based browser maker emphasizes that Opera 11.10 codenamed Barracuda Beta is still pre-release software, and that users should only test it and not deploy it into production environments.

Opera 11.10 Barracuda Beta features UI improvements, better standard support, including CSS3 gradients and multiple columns, and enhancements to plug-in integration.

However, the most consistent evolution that user will notice is in terms of the Speed Dial feature.

More at :-
http://news.softpedia.com/news/Download-Opera-11-1...

--
Was this reply relevant?
+0
-0
mogs CClip 81
Member 17th Mar, 2011 11:59
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Malware is showing high growth

Trojans reign supreme
By Dean Wilson
Thu Mar 17 2011, 10:21
MALWARE HAS INCREASED by 26 per cent in the first quarter of 2011, according to a report by insecurity research firm Pandalabs.
The worrying increase means that over 73,000 samples of new malware are being detected on a daily basis so far in 2011, an extra 10,000 per day compared to 2010.
Most of the malware are Trojans, accounting for 70 per cent of all threats. Viruses are at just under 17 per cent, while worms are at just under eight per cent. Adware, spyware and backdoor malware took a much smaller chunk of the pie, but still present a valid threat.


Read more: http://www.theinquirer.net/inquirer/news/2034905/m...
The Inquirer

--
Was this reply relevant?
+0
-0
mogs CClip 82
Member 17th Mar, 2011 16:10
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Fix IE9 Printing on Canon Printers
March 17th, 2011, 14:37 GMT| By Marius Oiaga

Microsoft has confirmed the existence of some issues related to Internet Explorer 9 RTW and Cannon printers, which can prevent users from printing a webpage.

The problem impacts IE9 RTW running on all supported operating systems, namely, Windows Vista SP2, Windows Server 2008 SP2, Windows 7 and Windows Server 2008 R2.

According to the software giant, the glitch involves failed print jobs of a webpage opened in IE9.

More at :-
http://news.softpedia.com/news/Fix-IE9-Printing-on...

--
Was this reply relevant?
+0
-0
mogs CClip 83
Member 17th Mar, 2011 16:14
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
The EU is looking at enforcing new privacy rules to give web users the "right to be forgotten."
By Justyna Pawlak, Reuters, 17 Mar 2011 at 08:16

New EU data privacy rules could mean tech giants like Google and Facebook will have to rethink their data rules, European Union (EU) justice chief Viviane Reding said yesterday.

More at :-
http://www.itpro.co.uk/631966/eu-data-protection-t...

--
Was this reply relevant?
+0
-0
mogs CClip 84
Member 17th Mar, 2011 16:19
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Firefox 4 will be released on 22 March, and Mozilla's Web o' Wonder will help to show if your graphics card drivers are out of date for the browser's hardware acceleration. Credit: Seth Rosenblatt/CNET News

The current Firefox 4 release candidate is available for Windows, Mac, and Linux. Firefox 4 was originally projected to arrive around October or November 2010, but was delayed as work on new features and integrating graphics card-powered hardware acceleration took longer than expected. GPU hardware acceleration is the short-term Holy Grail for modern browsers because it allows them to leverage high-powered graphics cards to give the browser an edge in rendering complicated in-site graphics faster.

The current stable release of Chrome 10 only offers partial hardware acceleration, while Internet Explorer 9 won't work on Windows XP precisely because of the hardware acceleration hang-up.

For more on this ZDNet UK-selected story, see Mozilla sets a date for Firefox 4 on CNET News.

Read more at :-
http://www.zdnet.co.uk/news/desktop-apps/2011/03/1...

--
Was this reply relevant?
+0
-0
mogs CClip 85
Member 18th Mar, 2011 06:12
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK

Dev Channel Update
Thursday, March 17, 2011 | 16:35
The Dev channel has been updated to 11.0.696.14 for Macintosh, Windows, Linux and Chrome Frame platforms

The following bugs were fixed
about:gpu can still launch GPU process even though GPU is blocked by software rendering list (Issue 76115).
REGRESSION: After crash, Restore infobar shows up everytime you open a link from external app (Issue 75654 ).
App context-menu doesn't disappear even after uninstalling the extension, causes crash when selected (Issue 75662).
A known crash (Issue 74777).
Fails SPDY-related check (Issue 77893).

You can find out about getting on the Dev channel here: http://dev.chromium.org/getting-involved/dev-chann...

If you find new issues, please let us know by filing a bug at http://code.google.com/p/chromium/issues/entry

Karen Grunberg
Google Chrome

Stable and Beta Channel Updates
| 13:00
Labels: Beta updates, Stable updates

The Chrome Stable and Beta channels have been updated to 10.0.648.151 for Windows, Mac, Linux and Chrome Frame. This release blacklists a small number of HTTPS certificates. If you find new issues, please let us know by filing a bug. Want to change to another Chrome release channel? Find out how.

Jason Kersey
Google Chrome
http://googlechromereleases.blogspot.com/

--
Was this reply relevant?
+0
-0
mogs CClip 86
Member 18th Mar, 2011 22:08
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK

Computerworld - Microsoft yesterday urged users of older Office suites to install and run a complicated tool to protect themselves against ongoing attacks exploiting an unpatched bug in Adobe's Flash Player.

"For users of Office prior to 2010, the Enhanced Mitigation Experience Toolkit (EMET) can help," said Andrew Roths and Chengyun Chu, a manager and security engineer, respectively, with the Microsoft Security Response Center (MSRC). "Turning on EMET for the core Office applications will enable a number of security protections called 'security mitigations'," the pair wrote in a Thursday post to the company's Security Research & Defense blog.

Read more at :-
http://www.computerworld.com/s/article/9214795/Mic...

--
Was this reply relevant?
+0
-0
mogs CClip 87
Member 18th Mar, 2011 22:20
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 88
Member 18th Mar, 2011 22:32
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
ZDNet UK

Study finds 'flaw' in IE9 privacy feature
By Ben Woods (@BenWoodsZD), ZDNet UK, 17 March, 2011 17:38

NEWS
A new privacy feature in Internet Explorer 9 could be allowing websites to see data that users thought they had blocked, research carried out by the independent consumer body Which? has shown.

Read more at :-
http://www.zdnet.co.uk/news/desktop-apps/2011/03/1...

--
Was this reply relevant?
+0
-0
mogs CClip 89
Member 19th Mar, 2011 08:18
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 90
Member 19th Mar, 2011 18:32
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 91
Member 19th Mar, 2011 18:35
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 92
Member 19th Mar, 2011 23:11
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
US-Cert warns of new phishing attacks
by Shaun Nichols
The US Computer Emergency Response Team is (US-Cert) warning users and administrators following the discovery of a potent new phishing operation.
US-Cert said that the operation is targeting a number of institutions, including Bank of America, Lloyds, PayPal and TSB. The attacks appear as unsolicited e-mails carrying HTML attachments.
The attack is particularly dangerous in that it utilises techniques to get around security filters designed to catch phishing sites.
"This attack is unlike common phishing attacks because it locally stores the malicious webpage rather than directing user to a phishing site via a URL," the agency said.


Read more: http://www.v3.co.uk/v3-uk/news/2035559/-cert-warns...


--
Was this reply relevant?
+0
-0
mogs CClip 93
Member 19th Mar, 2011 23:17
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
PHP flaws fixed in latest software update
by Phil Muncaster
19 Mar 2011

PHP developer the PHP Group has released an updated version of the near-ubiquitous web scripting language designed to fix security flaws and offer other server and application-based security enhancements.
Sophos Canada senior security advisor Chester Wisniewski explained in a blog post that at least two of the five flaws addressed in PHP version 5.3.6 have been rated high severity by the US National Vulnerability Database, while the others remain as yet unclassified.


Read more: http://www.v3.co.uk/v3-uk/news/2035567/php-flaws-f...


--
Was this reply relevant?
+0
-0
mogs CClip 94
Member 20th Mar, 2011 08:55
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Next Version of Microsoft Office to Ship With Facebook IM
By MARSHALL KIRKPATRICK of ReadWriteWeb

Times are changing: while corporate management all around the world worries about the distractibility and entitlement of the next generation of workers, Microsoft appears set to embrace the future warmly. The next version of Microsoft Word and the rest of the Office 15 suite will include some features very familiar to the kids these days.

"For Office 15 we're building new products to deliver integration of instant messaging/presence with social networks such as Facebook," the company wrote in a job posting put online today. Stephen Chapman first reported on the news at ZDNet and said he found it bewildering. Not everyone feels that way, though; to some observers it makes perfect sense.

More at :-
http://www.nytimes.com/external/readwriteweb/2011/...

--
Was this reply relevant?
+0
-0
mogs CClip 95
Member 20th Mar, 2011 09:01
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
ISPs defend plans for two-tier net
By Jane Wakefield
Technology reporter

ISPs have defended their right to operate a two-speed internet, at a key debate into the future of the web.

The debate was organised by the government, which is keen to see the principles of a free and equal net maintained.

ISPs are increasingly looking to prioritise some traffic on their networks and block some.

After the meeting the BBC called for the creation of a broadband content group to represent content providers.

It, along with content providers such as Google, Yahoo, Facebook and Skype, is growing increasingly concerned about how the issue of net neutrality is being dealt with.

More at :-
http://www.bbc.co.uk/news/technology-12791376

--
Was this reply relevant?
+0
-0
mogs CClip 96
Member 21st Mar, 2011 07:40
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 97
Member 21st Mar, 2011 21:37
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Microsoft launched IE9 on March 15th, 2011 providing a modern browser designed as a valid alternative to rivals.

The software giant is allowing third-parties to build custom installation packages of IE9 RTW, similar in nature to the copy optimized for Softpedia that you can download.

For this, the company is offering the Internet Explorer Administration Kit (IEAK) 9. Customers that want to take advantage of IEAK 9 will first need to download and install IE9 RTW. Documentation on just how to leverage IEAK 9 is available for free via TechNet.

Download Internet Explorer 9 (IE9) RTW Optimized for Softpedia via this link.

The Internet Explorer Administration Kit (IEAK) 9 is available for download here.

Windows Internet Explorer 9 RTW for Windows 7 and Windows 7 SP1 is available for download here.

Windows Internet Explorer 9 RTW for Windows Vista SP2 and Windows Server 2008 SP2 is available for download here.

Windows Internet Explorer 9 RTW for Windows Vista SP2 64-bit edition and Windows Server 2008 SP2 64-bit edition is available for download here.

Windows Internet Explorer 9 RTW for Windows 7 64-bit edition, Windows 7 SP1 64-bit edition, Windows Server 2008 R2 64-bit edition and Windows Server 2008 R2 SP1 64-bit edition is available for download here.

Full article here :-
http://news.softpedia.com/news/Download-IE9-RTW-Op...

--
Was this reply relevant?
+0
-0
mogs CClip 98
Member 21st Mar, 2011 21:41
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 99
Member 21st Mar, 2011 21:46
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Computerworld - Adobe Monday patched a critical vulnerability in Adobe Reader, making good on a promise last week to plug the hole.

The company promised to ship a fix for Flash Player later today.

Last Monday Adobe announced that attackers were exploiting an unpatched, or "zero-day," vulnerability in Flash Player using malicious Microsoft Excel documents attached to e-mail messages. At the time, Adobe said it would patch Flash, Reader and Acrobat sometime this week, but did not set a specific date.

Reader and Acrobat were also vulnerable because the same Flash flaw existed in the "authplay.dll" component of those two programs. Authplay is the interpreter included in Reader and Acrobat that renders Flash content inside PDF files.

Adobe rolled out a patch for Reader and Acrobat around 3 p.m. EDT, but said that the same fix for Flash would not appear until later in the afternoon.

More at :-
http://www.computerworld.com/s/article/9214874/Ado...

--
Was this reply relevant?
+0
-0
mogs CClip 100
Member 22nd Mar, 2011 08:08
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Dev Channel Update
Monday, March 21, 2011 | 16:05
The Dev channel has been updated to 11.0.696.16 for Macintosh, Windows, Linux and Chrome Frame platforms

The following bugs were fixed
clicking on the labels of checkboxes / radio buttons closes content settings dialog box (Issue 76115).
Unlock Keyring makes chrome unusable (Issue 72499 ).
Sample extension for chrome.experimental.proxy API (Issue 62700 ).
Several known crashes (Issue 76401 and Issue 75264 ).

You can find out about getting on the Dev channel here: http://dev.chromium.org/getting-involved/dev-chann...

If you find new issues, please let us know by filing a bug at http://code.google.com/p/chromium/issues/entry

Karen Grunberg
Google Chrome

--
Was this reply relevant?
+0
-0
mogs CClip 101
Member 22nd Mar, 2011 18:06
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Adobe Patches Flash Player 0-Day
March 22nd, 2011, 08:18 GMT| By Lucian Constantin

Adobe has released a new version of Flash Player in order to address a critical vulnerability actively exploited in the wild since the beginning of last week.

Last Monday, Adobe issued a security advisory warning users of attacks targeting a previously unknown vulnerability in Flash Player.

The attacks used maliciously crafted SWF files embedded into Excel documents in order to install a backdoor on people's computers.

The rigged XLS files were delivered via email, but the vulnerability can also be potentially exploited over the Web.

More at :-
http://news.softpedia.com/news/Adobe-Patches-Flash...

--
Was this reply relevant?
+0
-0
mogs CClip 102
Member 22nd Mar, 2011 18:12
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 103
Member 22nd Mar, 2011 18:16
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 104
Member 22nd Mar, 2011 18:23
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Young should help older net users

Five million older people in the UK regard the TV as their main company

A campaign is urging the six million older people in the UK who have never been online to get connected as a way to help stave off loneliness.

The charity Age UK is calling on net-savvy friends and relatives to help the older generation take their first steps in the digital world.

A survey suggests that less than half of the UK's over-55s use the internet.

By contrast, 58% of older citizens in Norway and Luxembourg are online.

The statistics, collated by Eurostat, show that 43% of UK citizens aged 55-74 are web users. The average across Europe is 28%.

http://www.bbc.co.uk/news/technology-12813311

--
Was this reply relevant?
+0
-0
mogs CClip 105
Member 22nd Mar, 2011 18:27
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
The latest version of the Firefox web browser, Firefox 4, is now available to download as a 'release candidate' version.
Firefox 4 will run on Windows, Mac and Linux operating systems. Changes to the browser include an updated interface, improvements to performance and HTML5 support. The release candidate version is the final test version of the browser before a final launch.
Competition to be the best browser is fierce, with Microsoft's Internet Explorer 9 already available for download. Google has also released a beta update for its Chrome browser.
To find out how Internet Explorer 9 and Firefox 4 performed in our speed tests, check out the Computeractive Blog.


Read more: http://www.computeractive.co.uk/ca/news/2036015/mo...

--
Was this reply relevant?
+0
-0
mogs CClip 106
Member 22nd Mar, 2011 20:08
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 107
Member 23rd Mar, 2011 08:17
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK

Chrome OS Beta Channel Update
Tuesday, March 22, 2011 | 16:55
Labels: Chrome OS
The Chrome OS Beta channel has been updated to the latest R10 release 0.10.156.54 including Chrome update (10.0.648.151) and trackpad dead zone width adjustment.
Full details of the Chrome 10 beta update is available in the blogpost. If you find new issues, please let us know by visiting our help site or filing a bug.

Josafat Garcia
Google Chrome

2 comments | Links to this post | Email Post

Chrome Beta Release
| 16:35
Labels: Beta updates
The Chrome team is happy to announce the arrival of Chrome 11.0.696.16 to the Beta channel for Windows, Mac, and Linux.

Chrome 11 contains some really great improvements including:
HTML5 speech input API
GPU-accelerated 3D CSS
The brand new shiny Chrome icon

More on what's new at the Official Chrome Blog.

You can find full details about the changes that are in Chrome 11 in the SVN revision log. If you find new issues, please let us know by filing a bug. Want to change to another Chrome release channel? Find out how.

Karen Grunberg

--
Was this reply relevant?
+0
-0
mogs CClip 108
Member 23rd Mar, 2011 08:44
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Massive Security Update Released for Mac OS X

March 22nd, 2011, 14:55 GMT| By Lucian Constantin

Apple has released the first major security update for Max OS X in 2011, patching crtical vulnerabilities in various components and bundled software.

The new Security Update 2011-001 is available for Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.6 and Mac OS X Server v10.6 through v10.6.6.

In total, there were 54 vulnerabilities patched, including one reported by Charlie Miller and Dion Blazakis, the team that hacked the iPhone 4 at Pwn2Own.

More at :-
http://news.softpedia.com/news/Massive-Security-Up...

--
Was this reply relevant?
+0
-0
mogs CClip 109
Member 23rd Mar, 2011 08:47
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Spam Received by Play.com Customers Possibly Tied to Silverpop Breach

March 22nd, 2011, 17:59 GMT| By Lucian Constantin

Play.com, one of the largest online UK retailers of video games, books and DVDs, has apologized for a wave of malicious spam received by its customers and said that it's possibly connected to a breach at an email marketing company called Silverpop.

According to The Register, Play.com customers began receiving rogue email messages on Monday which advertised Adobe Reader upgrades but actually led to malware.

Affected individuals were able to track down the problem to Play.com, because they only registered their email addresses with the website.

After being notified of the problem, the company alerted all customers of the threat and apologized for the incident.

More at :-
http://news.softpedia.com/news/Spam-Received-by-Pl...

--
Was this reply relevant?
+0
-0
mogs CClip 110
Member 23rd Mar, 2011 08:51
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Computerworld - Firefox 4 got off to a strong start today, with 1 million copies of the new browser downloaded in the first three hours.

If it keeps up the early pace, Firefox 4 will easily beat Microsoft's claim that users downloaded 2.4 million copies of its Internet Explorer 9 (IE9) in the first 24 hours of availability last week.

More at :-
http://www.computerworld.com/s/article/9214914/Moz...

--
Was this reply relevant?
+0
-0
mogs CClip 111
Member 23rd Mar, 2011 21:43
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Easter Search Results Poisoning Has Already Begun

March 23rd, 2011, 10:20 GMT| By Lucian Constantin

Security researchers from GFI Software warn that black hat SEO attacks poisoning search results related to Easter have already begun, even though the holiday is still a month away.

The rogue links were spotted when searching for Easter printable cards and most of them pointed to domains in the .pl zone.

Black hat SEO attacks leverage the PageRank of compromised legit websites by using them to host so called doorway pages.

A doorway page appears filled with relevant content and keywords to search engine crawlers, but redirect real users to malicious sites.

In this case, like with most black hat SEO campaigns, the rogue search results lead users to scareware distribution pages.

More at :-
http://news.softpedia.com/news/Easter-Search-Resul...

--
Was this reply relevant?
+0
-0
mogs CClip 112
Member 23rd Mar, 2011 21:48
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Firm points finger at Iran for SSL certificate theft
Bogus certificates obtained for Google, Microsoft, Skype and Yahoo sites

By Gregg Keizer
March 23, 2011
Computerworld - Iran may have been involved in an attack that resulted in hackers acquiring bogus digital certificates for some of the Web's biggest sites, including Google and Gmail, Microsoft, Skype and Yahoo, a certificate issuing firm said today.

The bogus certificates -- which are used to prove that a site is legitimate -- were acquired by attackers last week when they used a valid username and password to access an affiliate of Comodo, which issues SSL certificates through its UserTrust arm.

Today, Comodo's CEO said his company believes the attack was state-sponsored and pointed a finger at Iran.

More at :-
http://www.computerworld.com/s/article/9214998/Fir...

--
Was this reply relevant?
+0
-0
mogs CClip 113
Member 23rd Mar, 2011 21:52
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Mozilla confirms over 5 million Firefox 4 downloads in 24 hours

Exclusive More than doubles Microsoft's IE9 record
By Lawrence Latif
Wed Mar 23 2011, 15:06
OPEN SOURCE browser developer Mozilla has confirmed to The INQUIRER that Firefox 4 has smashed the download 'record' recently set by Microsoft's Internet Explorer 9.
Last week Microsoft proudly proclaimed that its Internet Explorer 9 web browser had been downloaded over 2.3 million times within 24 hours, however by this morning Mozilla's Firefox 4 download counter had passed the 4 million mark and Mozilla has just confirmed to The INQUIRER that over 5 million downloads have been logged within 24 hours.


Read more: http://www.theinquirer.net/inquirer/news/2036733/m...

--
Was this reply relevant?
+0
-0
mogs CClip 114
Member 24th Mar, 2011 07:35
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Browsers Rush to Block Fake SSL Certificates for High-Value Websites

March 23rd, 2011, 14:34 GMT| By Lucian Constantin

An attacker has managed to obtain nine SSL certificates for high-value domains from Comodo, prompting Chrome and Firefox to release updates to blacklist them.

The incident was the result of a compromise at a Comodo affiliate registration authority (RA) in Southern Europe which resulted in hackers stealing its username and password.

Rogue certificates were requested for mail.google.com, www.google.com, login.yahoo.com (multiple ones), login.skype.com, addons.mozilla.org, login.live.com and a global trustee.

One certificate for login.yahoo.com has already been seen in the wild being associated with a server in Iran. Soon after it was revoked by Comodo, the server stopped working.

The fact that the main IP used in the attack was also from Iran makes Comodo believe that this was likely a state-driven attack intended for surveillance.

More at :-
http://news.softpedia.com/news/Browsers-Rush-to-Bl...

--
Was this reply relevant?
+0
-0
mogs CClip 115
Member 24th Mar, 2011 12:39
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK

Java updates may include annoying McAfee scanner
By Robert McMillan
March 24, 2011 04:12 AM ETComments (0)Recommended (0)
IDG News Service - Windows users who install the latest Java security patches may end up with a little more security than they bargained for, at least that's the risk they take if they don't pay close attention to the installation process.

Starting last month, Oracle began bundling a security scanning tool called the McAfee Security Scan Plus with its Java updates for the Windows operating system. The software is installed by default with the Java update, so unless users notice and uncheck the McAfee installation box as they're updating Java, they'll end up downloading McAfee's software too.

Security Scan Plus checks the PC to see if has antivirus and firewall software and if they're both up-to-date. The program comes with pop-up windows and is a bit more noticeable than the previous software that was bundled with Java in the U.S., such as the Yahoo Toolbar. Oracle bundles different products with Java in different regions, so not all Windows users may get Security Scan Plus with their Java updates.

More at :-
http://www.computerworld.com/s/article/9215021/Jav...

--
Was this reply relevant?
+0
-0
mogs CClip 116
Member 24th Mar, 2011 14:32
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
0-Day Vulnerability Announced for RealPlayer

March 24th, 2011, 08:54 GMT| By Lucian Constantin

A critical RealPlayer vulnerability that could be exploited in drive-by download attacks has been disclosed as a zero-day.

According to Luigi Auriemma, the independent security researcher who discovered it, the flaw is a classic heap overflow in rvrender.dll that occurs when handing Internet Video Recording (IVR) files.

It is "caused by the allocation of a certain amount of data (frame size) decided by the attacker and the copying of another arbitrary amount on the same buffer," the researcher explains.

RealPlayer 14.0.2.633 for Windows is confirmed as being vulnerable, but older versions of the player, as well as those for other supported platforms, are likely vulnerable.

More at :-
http://news.softpedia.com/news/0-Day-Vulnerability...

--
Was this reply relevant?
+0
-0
mogs CClip 117
Member 24th Mar, 2011 14:37
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Comodo admits hackers issued fraudulent SSL certificates

Microsoft issues a patch for Live users
By Lawrence Latif
Thu Mar 24 2011, 13:13
WEB SECURITY OUTFIT Comodo has admitted that an affiliate registration authority (RA) was compromised leading to the issuance of fraudulent secure sockets layer (SSL) certificates.
Although Comodo's RA was compromised, the firm confirmed that its root keys and intermediate certification authorities were unaffected in the attack. Nevertheless, the compromised RA allowed several bogus SSL certificates to be issued, which have now been revoked.
While Comodo has revoked the SSL certificates, Microsoft has taken more direct action on this issue, releasing a patch that is a "mitigation update", as one of the fraudulent certificates could potentially affect Windows Live ID users when they try to login at login.live.com.
Comodo claims the breach at its RA was due to the attacker getting hold of a username and password of one of its Trusted Partners in southern Europe. Perhaps more worrying is that at this point Comodo says it is "not yet clear about the nature or the details of the breach suffered by that partner".


Read more: http://www.theinquirer.net/inquirer/news/2037113/c...


--
Was this reply relevant?
+0
-0
mogs CClip 118
Member 24th Mar, 2011 14:48
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


Which Web browser is guaranteed to make your Internet browsing experience perfectly safe? The answer is none, of course. If you have the need for high security on a computer you manage, then you shouldn't allow it to surf on the public Web. It's that simple. But if your need for security is not extreme, there are a number of things you can do to make your Web browser more secure and your Web surfing safer. Let this Deep Dive be your guide.

Internet browsers are highly complex pieces of software that interact with highly complex programming code, much of it not so friendly. There is no "super secure" browser. The number of known exploits against a particular browser exactly tracks to its popularity. No surprise there. Even secure alternatives to Internet Explorer, which all new browsers seem to claim to be, generally have been targeted by dozens of exploits. (Even the newest of these, Google Chrome, already has a dozen.)

Today, a significant portion of computer attacks comes from legitimate websites that have been maliciously modified. In short, limiting your surfing to only well-known, legitimate websites does not ensure a safe Internet browsing experience. And the problem will only get worse, not better, for the near-term future.

More at :-
http://www.infoworld.com/d/security-central/the-in...

--
Was this reply relevant?
+0
-0
mogs CClip 119
Member 24th Mar, 2011 16:27
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
BitDefender Launches Free Web Antivirus

March 24th, 2011, 09:59 GMT| By Lucian Constantin

Romanian antivirus vendor BitDefender has opened public beta testing for a free security solution designed specifically to protect users when browsing the Web.

Called TrafficLight, the product is capable of scanning Web traffic in real time and blocking malicious code and other threats.

It also taps BitDefender's cloud network to check if accessed URLs are associated with phishing or black hat SEO attacks.

Since search engines and social networks are popular distribution platforms for malicious URLs, TrafficLight adds visual safety indicators to all links listed in search results or popular social media sites.

These icons can be green for safe, yellow for suspicious and red for harmful. Users will have the option to force the loading of harmful pages with the known malicious elements stripped out.

The antivirus vendor takes pride in the browser-agnostic design of the product and work is being done to make it OS-independent too.

TrafficLight does not install any browser extensions which means that it functions at the protocol level, probably as a network filter driver.

This implementation approach is not new. In fact, it is used for the Web protection components in most full-blown antivirus solutions, including BitDefender's own commercial products.

Read more at :-
http://news.softpedia.com/news/BitDefender-Launche...

--
Was this reply relevant?
+0
-0
mogs CClip 120
Member 24th Mar, 2011 21:45
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 121
Member 25th Mar, 2011 06:13
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK

Google Chrome Releases

Dev Channel Update

Thursday, March 24, 2011 | 16:58
Labels: Dev updates
The Dev channel has been updated to 12.0.712.0 for Windows, Mac, Linux, Chrome Frame.

This release contains lots of behind the scenes work (code cleanup and refactorings) in addition to numerous crash and regresson fixes.

All
Updated V8 - 3.2.3.1
Tab Multi-Select - The ability to select multiple tabs, using the ctrl key, and applying actions (e.g. reload) to them all.
Mac
New and improved bookmark bar animations
More details about additional changes are available in the svn log of all revision.

You can find out about getting on the Dev channel here: http://dev.chromium.org/getting-involved/dev-chann...

If you find new issues, please let us know by filing a bug at http://code.google.com/p/chromium/issues/entry

Anthony Laforge
Google Chrome

26 comments | Links to this post | Email Post

Stable Channel Update
| 14:32
Labels: Stable updates
The Chrome Stable and Beta channels have been updated to 10.0.648.204 for Windows, Mac, Linux and Chrome Frame. Included in this release is support for the password manager on Linux, performance and stability fixes, as well as the security fixes listed below.

Security fixes and rewards:
Please see the Chromium security page for more detail. Note that the referenced bugs may be kept private until a majority of our users are up to date with the fix.
[$500] [72517] High CVE-2011-1291: Buffer error in base string handling. Credit to Alex Turpin.
[$1000] [73216] High CVE-2011-1292: Use-after-free in the frame loader. Credit to Sławomir Błażek.
[$2000] [73595] High CVE-2011-1293: Use-after-free in HTMLCollection. Credit to Sergey Glazunov.
[$1500] [74562] High CVE-2011-1294: Stale pointer in CSS handling. Credit to Sergey Glazunov.
[$2000] [74991] High CVE-2011-1295: DOM tree corruption with broken node parentage. Credit to Sergey Glazunov.
[$1500] [75170] High CVE-2011-1296: Stale pointer in SVG text handling. Credit to Sergey Glazunov.
The full list of changes is available from the SVN revision log. If you find new issues, please let us know by filing a bug. Want to change to another Chrome release channel? Find out how.

Jason Kersey
Google Chrome


--
Was this reply relevant?
+0
-0
mogs CClip 122
Member 25th Mar, 2011 16:48
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Yahoo 'enhances' Internet Explorer 9

Browser receives the Yahoo treatment
By Dean Wilson
Fri Mar 25 2011, 10:15
ONCE RIVALS, NOW BEST MATES Yahoo and Microsoft are teaming up further to offer Yahoo themed 'enhancement' for Internet Explorer 9.
Yahoo has revealed that it has been working closely with Microsoft to customise the latest iteration of the Vole's web browser to suit a bunch of Yahoos.
The "Yahoo-enhanced experience" - yes, you read that right - is basically Internet Explorer 9 with easy access to Yahoo Search, the Yahoo homepage and the Yahoo toolbar. Users could have just bookmarked the websites and downloaded the toolbar, but Yahoo has saved us all a few minutes, the generous souls, in an attempt to lock us into using its portal predominantly if not exclusively.


Read more: http://www.theinquirer.net/inquirer/news/2037356/y...


--
Was this reply relevant?
+0
-0
mogs CClip 123
Member 25th Mar, 2011 16:52
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 124
Member 25th Mar, 2011 16:55
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 125
Member 25th Mar, 2011 17:00
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
T-Online Free Hosting Abused by Scareware Pushers

March 25th, 2011, 08:30 GMT| By Lucian Constantin

Security researchers from Commtouch warn that T-Online's free hosting packages are being abused by scareware pushers to host redirect scripts.

Deutsche Telekom-owned T-Online is the largest Internet service provider in Germany with also a strong presence in Hungary, Austria, Switzerland and France.

In addition to DSL and mobile services, the company offers a variety of web hosting packages for clients, the most basic of which is free.

Called "Inklusiv Homepage" the offering allows customers to use an automatioc tool to create a five-page website on a subdomain of the form [name].homepage.t-online.de.

According to Commtouch's Avi Turiel, spammers have began registering accounts in order host redirect scripts that lead to scareware pages.

More at :-
http://news.softpedia.com/news/T-Online-Free-Hosti...

--
Was this reply relevant?
+0
-0
mogs CClip 126
Member 25th Mar, 2011 17:44
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Top 5 Online 2011 Tax Scams
In the run-up to the 2011 tax deadline, online scammers are out in force with new tax-related tricks and traps to rip you off.
By Ian Paul, PCWorld Mar 25, 2011 1:00 am

You may not want to think about your taxes until Tax Day on April 18, but online scammers are already plotting to separate you from your tax refund and your identity. Scams for the 2011 tax season include promises of tax credits for charitable donations to disaster relief in Japan, malware-laden Websites optimized for search engines, dangerous e-mail, and so-called 'likejacking' techniques found on the social network Facebook.

About 19 million people have already filed their taxes at home in 2011, an increase of almost 6 percent from the year previous, according to the Internal Revenue Service. Consequently, this time of year is ripe for tax-related online scams. Crooks know that taxpayers are looking for information on deductions and tax laws. They know that this is the time of year when taxpayers submit personal information online and store sensitive financial documents on their hard drives.

Read more at :-
http://www.pcworld.com/article/223261/top_5_online...

--
Was this reply relevant?
+0
-0
mogs CClip 127
Member 26th Mar, 2011 08:10
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Critical Vulnerability Patched in Google Picasa

March 25th, 2011, 16:31 GMT| By Lucian Constantin

Google has released a new version of its Picasa image organizing software in order to address a vulnerability that could be exploited to execute arbitrary code remotely.

According to vulnerability research vendor Secunia, which rates it as highly critical, the flaw allows for attacks known as DLL hijacking or binary planting.

More at :-
http://news.softpedia.com/news/Critical-Vulnerabil...

--
Was this reply relevant?
+0
-0
mogs CClip 128
Member 26th Mar, 2011 11:17
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Mozilla regrets keeping quiet on SSL certificate theft
'We should have informed Web users,' says Firefox maker of Comodo hack

By Gregg Keizer
March 25,
Computerworld - Mozilla today said that it regretted staying silent when it found out last week that hackers had stolen digital certificates for some of the Web's biggest sites, including Google, Skype, Microsoft, Yahoo and its own add-on site.

On March 15, attackers used a valid username and password to obtain nine SSL certificates -- which essentially prove that a site is what it says it is -- from an Comodo certificate reseller. The certificates were for six Web sites, including the log-on sites for Microsoft's Hotmail, Google's Gmail, the Internet phone and chat service Skype, and Yahoo Mail. A certificate for Mozilla's Firefox add-on site was also acquired.

More at :-
http://www.computerworld.com/s/article/9215077/Moz...

--
Was this reply relevant?
+0
-0
mogs CClip 129
Member 26th Mar, 2011 11:22
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Hackers step up attacks on security firms
As attacks on the security infrastructure increase, we must ask if the firms responsible for our safety can protect themselves, much less us

By Robert Lemos | InfoWorld

The Internet's security infrastructure is under attack. Two major incidents against Comodo and RSA have raised the question of not just whether the enterprise can withstand hacker attacks but if the security firms we all count on to guard the infrastructure can protect themselves.

Earlier this week, Internet security firm Comodo revealed it had been tricked into minting nine high-value digital certificates that could allow the attackers to create fraudulent sites that fool users into thinking they are visiting Google, Yahoo, Skype or Microsoft's Live service. The sting on Comodo follows a more serious attack on RSA, which netted the infiltrators unspecified information that could compromise the security of the company's one-time password product SecurID.

More at :-
http://www.infoworld.com/t/security-management/hac...

--
Was this reply relevant?
+0
-0
mogs CClip 130
Member 26th Mar, 2011 11:28
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Uninstall programs properly
We explain the good and bad ways to uninstall programs from Windows
Rob Beattie PC help Windows 26/03/2011


Windows' Add or Remove tool can be used to get rid of programs
Uninstalling Windows programs isn't as straightforward as it should be.
Programs seem to have a way of leaving bits of themselves all over the place, clogging up the PC and eventually slowing it down.
In this Back to Basics article we will look at why this happens and explain the most effective methods for removing unwanted programs.
The problem with uninstalling files
The way Windows is built does not encourage tidy installations. By the same token, getting rid of old or otherwise unwanted programs requires a certain amount of clearing. The majority of Windows programs, for example, create a folder for themselves inside C:\Program Files\ and then one or more sub-folders inside that.
So far, so good. Unfortunately, at the same time they spray bits of themselves into other folders where Windows keeps the different libraries and other supporting components it needs to make everything work together properly.
As well as this new programs will also usually make changes to the Windows Registry, a kind of database where all kinds of important settings are stored.
The upshot of all this is that while it is possible to right-click a folder where a program was installed and choose Delete, this will leave lots of stuff behind. So how do you get rid of a program you don't need any more?


Read more: http://www.computeractive.co.uk/ca/pc-help/2026155...


--
Was this reply relevant?
+0
-0
mogs CClip 131
Member 26th Mar, 2011 20:30
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Microsoft Disables Always-On HTTPS Option in Hotmail for Many Countries

March 26th, 2011, 08:57 GMT| By Lucian Constantin

The Electronic Frontier Foundation (EFF) warns that Microsoft has, for some reason, disabled the ability of users in over a dozen countries to enable the always-on HTTPS setting in Hotmail.

The option was introduced in November last year and allows Hotmail users to have HTTPS enabled automatically for their entire session after authentication.

The EFF reports that users from Bahrain, Morocco, Algeria, Syria, Sudan, Iran, Lebanon, Jordan, Congo, Myanmar, Nigeria, Kazakhstan, Uzbekistan, Turkmenistan, Tajikistan, and Kyrgyzstan no longer have this ability.

Read more at :-
http://news.softpedia.com/news/Microsofts-Disables...

--
Was this reply relevant?
+0
-0
mogs CClip 132
Member 26th Mar, 2011 20:33
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Fake USPS Emails in Circulation

March 26th, 2011, 09:30 GMT| By Lucian Constantin

A wave of fake United States Postal Service (USPS) emails currently making the rounds are trying to pass a trojan downloader for a shipping label.

The spam emails pose as failed delivery notifications and bear a subject of "Post Express Information. Your package is available for pick up."

The contained message claimed that an error in the shipping address caused the package to be returned to the post office, from where it can be retrieved.

"Your package has been returned to the Post Express office. The reason of the return is 'Error in the delivery address' Important message!

"Attached to the letter mailing label contains the details of the package delivery. You have to print mailing label, and come in the Post Express office in order to receive the packages!" the emails read.

The attachment is called Post_Express_Label_ID_[number].zip and contains a malicious executable of the same name.

More at :-
http://news.softpedia.com/news/Fake-USPS-Emails-in...

--
Was this reply relevant?
+0
-0
mogs CClip 133
Member 27th Mar, 2011 11:05
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 134
Member 27th Mar, 2011 11:23
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 135
Member 27th Mar, 2011 21:34
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Q Windows XP used to offer an option to clean up the hard disk that would also delete old Restore Points created by System Restore to free up disk space.
I upgraded to a Windows 7 PC but cannot find a way to achieve the same result. How do I do it?
Also, is it possible to delete all the Restore Points apart from the most recent?
David Johnson, Northumberland


Read more: http://www.computeractive.co.uk/ca/pc-help/2026170...


--
Was this reply relevant?
+0
-0
mogs CClip 136
Member 28th Mar, 2011 16:29
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Spotify turns off ads on free version after malware attacks

Malvertising hits music streamers
By Asavin Wattanajantra
Mon Mar 28 2011, 12:09
MUSIC STREAMING OUTFIT Spotify is investigating malware attacks hitting users of its free service, turning off advertisements while it tries to sort out the problem.
Internet services firm Netcraft said that users of the Spotify free service have been targeted by drive-by malware launched through third-party ads. It said that at least one attack was using a Java exploit to drop malicious executable code.
In a tweet, Spotify wrote, "We've turned off all third party display ads that could have caused it until we find the exact one." And in a later tweet it said, "We're still investigating but we take this very seriously and will take every step possible to ensure it doesn't happen again."


Read more: http://www.theinquirer.net/inquirer/news/2037732/s...


--
Was this reply relevant?
+0
-0
mogs CClip 137
Member 28th Mar, 2011 16:32
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Sun.com and Mysql.com succumb to SQL injection attack

Two letter passwords stolen
By Lawrence Latif
Mon Mar 28 2011, 12:25
DATABASE VENDOR Oracle has suffered an attack on two of its highest profile websites, Mysql.com and Sun.com.
Oracle, which obtained the two domains after purchasing Sun Microsystems, is faced with the embarrassment of having two of its most widely known websites hacked through an SQL injection attack. The result was that parts of the websites' databases were dumped to a third party website.
At present it seems that both Mysql.com and Sun.com did not fall victim to database vulnerabilities, but rather to poor coding and testing practices. SQL injection attacks are fairly common and the finger of blame would be on the web developers behind the two websites, as testing for large websites like these usually includes taking measures to prevent such attacks.


Read more: http://www.theinquirer.net/inquirer/news/2037717/s...


--
Was this reply relevant?
+0
-0
mogs CClip 138
Member 28th Mar, 2011 16:37
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK

Hackers target business secrets

Many net-savvy thieves are scouring corporate networks for saleable secrets

Intellectual property and business secrets are fast becoming a target for cyber thieves, a study suggests.

Compiled by security firm McAfee, the research found that some hackers are starting to specialise in data stolen from corporate networks.

McAfee said deals were being done for trade secrets, marketing plans, R&D reports and source code.

More at :-
http://www.bbc.co.uk/news/technology-12864666

--
Was this reply relevant?
+0
-0
mogs CClip 139
Member 28th Mar, 2011 16:42
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
New Variant of Destructive Ransomware Identified
March 28th, 2011, 05:21 GMT| By Lucian Constantin

Security researchers from Kaspersky Lab have identified a new variant of a destructive ransomware program that encrypts personal files with an uncrackable algorithm.

Ransomware applications block critical system functionality or lock access to important documents and ask for money to restore normal operations.

It's a form of online blackmail and is considered the next step in the evolution of scareware, programs that scare users into paying money by making false claims.

Many ransomware programs, especially those that block access to the system, can be cleaned safely from Safe Mode with the right tools.

However, those that encrypt personal files are more dangerous if the algorithm is not crackable and can lead to data loss.

This is the case of programs in the Gpcode ransomware family, which make use of the secure RSA public-key algorithm with an 1024-bit key.

Once installed, these applications start encrypting files with predefined extensions, including documents and images, and post a warning message on the desktop advising users to read an instructions file that tells them to send money if they want the special encryption key.

More at :-
http://news.softpedia.com/news/New-Variant-of-Dest...

--
Was this reply relevant?
+0
-0
mogs CClip 140
Member 28th Mar, 2011 16:55
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Serious Doubts Cast Over Comodo's State-Sponsored Attack Hypothesis

March 28th, 2011, 07:57 GMT| By Lucian Constantin

The Comodo digital certificate theft plot thickens as lone Iranian hacker claims to be responsible for the compromise and offers evidence.

The security world was taken by storm last week when it was revealed that someone managed to obtain fake digital certificates for high-profile domains from Comodo.

The company, which is a Certification Authority (CA) trusted by default by all browsers and operating systems, said the hackers abused credentials stolen from one of its resellers.

It also pointed the finger at the Iranian government for being behind the attack, based on the fact that one rogue certificate was temporarily spotted on a server in Iran and the attackers connected from an Iranian IP address.

However, on Saturday, someone posted a message on pastebin.com claiming to be the hacker behind the compromise and blasting Comodo and the media for advancing the government-sponsored attack hypothesis.

The hacker describes himself as a 21-year-old Iranian student and judging by his message he is very patriotic, but more in the spiritual sense rather than political.

He does, however, issue threats in his open letter, calling Microsoft, Google and Mozilla his new enemies for updating their software "as soon as instructions came from CIA" and warning that "I'll do it again, but this time nobody will notice it."

More at :-
http://news.softpedia.com/news/Hacker-Claims-He-Ac...

--
Was this reply relevant?
+0
-0
mogs CClip 141
Member 29th Mar, 2011 07:32
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Beta Channel Update
Monday, March 28, 2011 | 16:13
Labels: Beta updates
The Beta channel has been updated to 11.0.696.25 for Macintosh, Windows, Linux and Chrome Frame platforms

The following bugs were fixed
cloud print: Error running service on the headless machine (Issue 76991).
sync: Not registering for NIGORI data types (Issue 76268).
A known crash (Issue 76998 ).
REGRESSION: img of extensions not displayed in chrome://extensions within an incognito window (Issue 74905).
Cloud policy fetch loop upon POLICY_NOT_FOUND answer from the server (Issue 77232).
Token fetcher doesn't correctly enter unmanaged state (Issue 77185).
Memory Leak in ChromeFrame in the AutomationResourceMessageFilter::SetCookiesForUrl function (Issue 77421).
REGRESSION: Arrows not showing up on tabstrip while dropping links (Issue 74764).
Java: Direct users to the right download page (Issue 76634).
add es-419, fr-Foo and en-Foo and zh_HK/zh_Hant_HK to Accept-Language list(Issue 62715).
You can find full details about the changes that are in this version of Chrome 11 in the SVN revision log.

If you find new issues, please let us know by filing a bug.

Want to change to another Chrome release channel? Find out how.
http://googlechromereleases.blogspot.com/

--
Was this reply relevant?
+0
-0
mogs CClip 142
Member 29th Mar, 2011 07:51
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Microsoft Fixes Hotmail Always-On HTTPS Problem

March 28th, 2011, 15:03 GMT| By Lucian Constantin





Microsoft has fixed the error that prevented Hotmail users in many countries from enabling the always-on HTTPS setting under their accounts.
More at :-
http://news.softpedia.com/news/Microsoft-Fixes-Hot...

--
Was this reply relevant?
+0
-0
mogs CClip 143
Member 29th Mar, 2011 07:55
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Vulnerabilities Disclosed on Sun Websites

March 28th, 2011, 12:23 GMT| By Lucian Constantin

The hackers who disclosed vulnerabilities in MySQL.com also published details about SQL injection flaws in older Sun Microsystems websites.

Sun Microsystems was acquired by Oracle at the beginning of 2010 and its products were integrated into the latter's portfolio.

However, given the sheer size of Sun many of its web properties still need to be moved under Oracle's brand and some have been neglected security-wise.

Such is the case of reman.sun.com and ibb.sun.com, two sites dedicated to remanufactured systems and spare parts.

Although some might think that hacking such sites has little value, Romanian hacker TinKode's proof-of-concept attack shows their databases can still contain sensitive information.

More at :-
http://news.softpedia.com/news/Vulnerabilities-Dis...

--
Was this reply relevant?
+0
-0
mogs CClip 144
Member 29th Mar, 2011 16:16
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK

McAfee's website full of security holes, researcher says
The portion of the site that could be used for cross-site scripting attacks host some of McAfee's files for downloading software

By Julie Bort | Network World

The McAfee.com website is full of security mistakes that could lead to cross-site scripting and other attacks, researchers said in a post on the Full Disclosure site on Monday. The holes with the site were found by the YGN Ethical Hacker Group, and reported to McAfee on Feb. 10, YGN says, before they were publicly disclosed to the security/hacking mailing list.

In addition to cross-site scripting, YGN discovered numerous information disclosure holes with the site including seeing an internal hostname and finding 18 source code disclosures. The portion of the site that could be used for cross-site scripting attack hosts some of McAfee's files for downloading software, YGN says on its Full Disclosure post.

More at :-
http://www.infoworld.com/d/security/mcafees-websit...

--
Was this reply relevant?
+0
-0
mogs CClip 145
Member 29th Mar, 2011 16:20
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
McAfee confirms security bugs on its web site
by David Neal
29 Mar 2011

Security firm McAfee has confirmed that its site contains vulnerabilities, but has promised that the problems do not affect customer security.
Reports about the vulnerabilities spread on Monday after researchers posted details on the Seclists.org disclosure site.
Further reading
McAfee EMEA chief talks malware and endpoint security
McAfee steps up smartphone and tablet security
Intel wraps up McAfee acquisition
The YGN ethical hacker group said that it had found a number of problems on the McAfee web pages, including some that could lead to cross site scripting attacks and information disclosure.
However, McAfee played down the reports, and said that the company is fixing the problems and that customers are not at risk.


Read more: http://www.v3.co.uk/v3-uk/news/2038134/mcafee-conf...


--
Was this reply relevant?
+0
-0
mogs CClip 146
Member 29th Mar, 2011 17:00
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 147
Member 29th Mar, 2011 17:09
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 148
Member 29th Mar, 2011 21:33
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
McAfee is fixing security bugs on its website

Insecurity firm is sweeping its own doorstep
By David Neal
Tue Mar 29 2011
INSECURITY OUTFIT McAfee has reacted to a publicly disclosed vulnerability on its website and promised that it has had no impact on the integrity of its services or customers.
The firm issued a statement about the problems in which it said that it was reacting to the vulnerabilities, but omitted that it was first told about the problems weeks ago.
"Early on Monday March 28, 2011, various online news outlets reported on vulnerabilities in McAfee Web sites," it said.
"McAfee is aware of these vulnerabilities and we are working to fix them. It is important to note that these vulnerabilities do not expose any of McAfee's customer, partner or corporate information. Additionally, we have not seen any malicious exploitation of the vulnerabilities."


Read more: http://www.theinquirer.net/inquirer/news/2038175/m...


--
Was this reply relevant?
+0
-0
mogs CClip 149
Member 29th Mar, 2011 21:42
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
What is a Microsoft Teredo Tunneling Adapter error?
This common Windows error message can usually be ignored
Computeractive staff PC help Desktops 29/03/2011


The Device Manager in Windows can show harmless error warnings
Q I have a new Fujitsu PC running Windows 7. I was checking various things in Device Manager when I noticed a yellow warning marker alongside the Network adapters group.
I clicked this to investigate the problem and saw errors alongside two entries - Microsoft ISATAP Adapter and Microsoft Teredo Tunneling Adapter.
I visited Microsoft's website for answers but could not find a solution. I do not seem to have any problems with my PC or any computing activities and I have no knowledge when this happened.
Indeed, I would have remained blissfully unaware had I not been checking something else. Is it anything to worry about?
Brian Johnson
A It is nothing to worry about, especially if everything is working as you want.
Microsoft's own advice on the ISATAP Adapter error message is that it can generally be safely ignored, because it doesn't actually indicate a problem with the adapter (you would have to ask Microsoft's programmers why this device gets flagged with an error).
If it adds reassurance, this is a common occurrence. And, if you want, you can prevent the error message from appearing. It has several possible causes, though, so finding the perpetrator may be tricky.
From the screenshot sent with your email, your PC seems to be built around a Nvidia motherboard. So, if you are keen to eradicate the warning triangles from Device Manager, we would start by updating the motherboard drivers.
Download and use a tool such as System Information for Windows to determine the precise motherboard model and download and install the latest drivers - you will find the Nvidia download web page here.


Read more: http://www.computeractive.co.uk/ca/pc-help/2026173...


--
Was this reply relevant?
+0
-0
mogs CClip 150
Member 30th Mar, 2011 08:45
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Last edited on 30th Mar, 2011 08:46
Websense warns of massive SQL attack on iTunes and others
by Iain Thomson

30 Mar 2010
Internet monitoring firm Websense is warning of a huge SQL attack that has succeeded in infecting over 28,000 legitimate internet sites.
Dubbed LizaMoon after the originating domain lizamoon.com, the current attack has been injecting a single line of code into web sites that would link the viewer to a well-known fake security software site: hxxp://defender-uqko.in.

So far both the attacking domain and the linking site are offline, but Websense said that could change at any time at the whims of the attacker. The lizamoon.com domain was set up three days ago using data which appears to be faked.
The company also said that it had spotted some of the code in iTunes URLs, but said that Apple's security policies would have blocked any attack.


Read more: http://www.v3.co.uk/v3-uk/news/2038349/websense-wa...


--
Was this reply relevant?
+0
-0
mogs CClip 151
Member 30th Mar, 2011 13:33
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Co-operative Group data breach leaks 83,000 customer details online
by Dan Worth

30 Mar 2011

A division of the Co-operative Group, which organises funeral planning and wills, has admitted that data on 83,000 of its customers was accidentally posted online.
A spokesperson for Co-operative Life Planning (CLP) explained that the information was lost by a third-party company used by CLP, but stressed that the data was not of a sensitive nature.
Further reading
ICO in pre-election warning to political parties over privacy laws
Leicester City Council informs ICO of data loss
ICO raps council for dumping documents in a skip
"As a result of an error at a company which provides technical support services to CLP, the security of some data was lowered. The data related only to funeral planning products, not wills, held by Co-operative," the spokesperson said.
"The data is classified as non-sensitive under the Data Protection Act. It did not contain any bank account details, National Insurance numbers, health details, telephone numbers or emails."


Read more: http://www.v3.co.uk/v3-uk/news/2038490/-op-breach-...


--
Was this reply relevant?
+0
-0
mogs CClip 152
Member 30th Mar, 2011 16:53
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 153
Member 30th Mar, 2011 17:05
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 154
Member 30th Mar, 2011 19:22
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Hotmail will allow emails to run Javascript

To make content more interactive
By Lawrence Latif
Wed Mar 30 2011, 15:06
EMAIL SERVICE PROVIDER Microsoft will allow companies to run Javascript code within Hotmail users' mailboxes.
Microsoft has said that its Hotmail service will analyse email and present certain forms of content in a way that it believes is the "most common things people do when they receive the email". This means that groups of images will automatically be put into a slideshow or videos will be embedded directly in emails from simple Youtube links.
In a bid to keep users on Hotmail's website, Microsoft has launched a sandboxed environment that it says will allow partners to "insert dynamic content that is up to date and interactive with common tasks through the use of Javascript". And here we thought HTML emails were bad enough.


Read more: http://www.theinquirer.net/inquirer/news/2038675/h...


--
Was this reply relevant?
+0
-0
mogs CClip 155
Member 31st Mar, 2011 08:55
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
News
Comodo hacker claims another certificate authority

By Robert McMillan
March 30, 2011
IDG News Service - The hacker who claimed credit for breaking into systems belonging to digital certificate vendor Comodo said he has compromised another certificate authority, along with two more Comodo partners, a move that could further undermine trust in the system used to secure websites on the Internet.


http://www.computerworld.com/s/article/9215360/Com...

--
Was this reply relevant?
+0
-0
mogs CClip 156
Member 31st Mar, 2011 08:57
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Samsung investigating report of keylogger on its laptops
By Robert McMillan
March 30, 2011
IDG News Service - Samsung Electronics is investigating allegations that some models of its R Series laptops contain keylogging software that could be used to record anything typed on the laptop computers.


http://www.computerworld.com/s/article/9215367/Sam...

--
Was this reply relevant?
+0
-0
mogs CClip 157
Member 31st Mar, 2011 10:47
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK

How to detect and remove StarLogger
by Seth Rosenblat


A security researcher revealed today that he had purchased two new laptops from Samsung, and discovered both of them to be infected with the StarLogger (download) keystroke-recording program. While there's very little that can be done about keystrokes already recorded, checking your own laptop for such software is actually quite simple--if you're familiar with mucking about in your system directories and Registry.
Note that the researcher only reported StarLogger on two models, a Samsung R525 and a Samsung R540. CNET examined another new Samsung laptop, the Samsung Series 9, and did not find a keylogger installed.
Because it's a keylogger, most often used for spying on employees and children, StarLogger cannot be accessed from your Start menu. (Or at least, it shouldn't be accessible there. If it is, whoever installed it did a poor job.)
The easiest way to find StarLogger is to look for its Registry key, which is used to load it when Windows is started. To see if this has occurred, open a command prompt and type "Run Regedit". Then go to the Menu bar, select Edit and then Find. You want to search for "winsl", without the quotes. If it's installed, you should see a Registry key that looks like this:
HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run\winsl


Read more: http://news.cnet.com/security/#ixzz1IAIPRqTs

--
Was this reply relevant?
+0
-0
mogs CClip 158
Member 31st Mar, 2011 16:12
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Samsung Cleared of Laptop Keylogger Accusation
It turns out an antivirus suite mistakenly classified a Microsoft folder as a keylogger
By Jeremy Kirk, IDG News Mar 31, 2011 2:19 pm

Samsung Electronics' laptops do not contain a secret program that logs keystrokes, security researchers have found, chalking the problem up to a mistake by an antivirus program.

An IT consultant based in Toronto, Mohamed Hassan, said on Wednesday he bought a Samsung R525 and later a R540 laptop and found the StarLogger program made by a company called de Willebois Consulting. StarLogger can log all keystrokes and capture screenshots.

But Samsung and the security company F-Secure did further research and found that the VIPRE antivirus software mistakenly associated a Windows root directory folder called "SL" with StarLogger.

More at :-
http://www.pcworld.com/article/223859/samsung_clea...

--
Was this reply relevant?
+0
-0
mogs CClip 159
Member 31st Mar, 2011 17:46
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Last edited on 1st Apr, 2011 07:32
Websense warns LizaMoon SQL injection attack has hit 380,000 domains
by Phil Muncaster

31 Mar 2011

Security firm Websense is warning that that the mass LizaMoon SQL injection attack discovered earlier this week is much bigger than previously thought, and that over 380,000 URLs have been affected.
The firm first warned of the attack on Tuesday, claiming that hackers had injected a single line of code into thousands of web sites, linking the viewer to a well-known fake anti-virus site at defender-uqko.in.
Among the pages infected were several iTunes URLs, although Websense explained that Apple's security measures would have blocked any attack.
Initially it was thought that the mass SQL injection attack affected some 28,000 domains, but that number has now increased more than 10-fold.
Carl Leonard, senior manager at Websense Security Labs, argued that LizaMoon is now one of the largest mass injection campaigns ever seen.


Read more: http://www.v3.co.uk/v3-uk/news/2039083/websense-wa...

This thread is now closed....thankyou for your support.
The new April edition can be found at :-

http://secunia.com/community/forum/thread/show/798...



--
Was this reply relevant?
+0
-0

This thread has been marked as locked.