navigation bar left navigation bar right

Secunia CSI7
navigation left tab Advisories navigation right tab
navigation left tab Research navigation right tab
navigation left tab Forums navigation right tab
navigation left tab Create Profile navigation right tab
navigation left tab Our Commitment navigation right tab
PSI
PSI API
CSI
OSI
xSI
Vulnerabilities
Programs
Open Discussions
My Threads
Create Thread
Statistics
About

Forum Thread: Daily CYBERCLIPS April

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
Open Discussions

This thread has been marked as locked.
mogs Daily CYBERCLIPS April
Expert Contributor 1st Apr, 2011 07:27
Ranking: 2265
Posts: 6,268
User Since: 22nd Apr, 2009
System Score: 100%
Location: UK
Last edited on 1st Apr, 2011 07:28

Ninth Edition

Thankyou for your continuing support. Hope you find something of value/interest in the new thread. The new INDEX thread will follow shortly.
Please refrain from scoring on both threads.
Security remains the main theme of the thread with some related and varied topics.
Please note....the most recent posts are those at the end of a downward scroll !!
I should reiterate that no entry/post should be taken as a personal recommendation, unless otherwise stated.
Please continue to keep CYBERCLIPS free of junk and unattractive to any contentious individuals..
* Keep patching : up to date : be Cybersafe ! *


--

mogs CClip 1
Expert Contributor 1st Apr, 2011 07:43
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Microsoft: IE9 not yet 'broadly' available


By Gavin Clarke in San Francisco •
Posted in Applications,
With Internet Explorer 9 having lost the early download PR war to Firefox 4.0, Microsoft now claims the numbers are unimportant and that it's the "long game" that counts.

Senior director of IE business and marketing Ryan Gavin has blogged that IE9 will be "broadly rolled out" through Windows Update at the "end of June" – that'll be three months after IE9 became available for download.

More at :-
http://www.theregister.co.uk/2011/03/30/ie9_broadl...

--
Was this reply relevant?
+0
-0
mogs CClip 2
Expert Contributor 1st Apr, 2011 08:04
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Last edited on 1st Apr, 2011 08:05
by Shaun Nichols

With tax season in full swing, cyber criminals are returning with a fresh crop of taxation-related phishing attacks.
Researchers with McAfee Labs are reporting a new round of phishing emails seeking to defraud UK taxpayers. The attacks claim to be from HM Revenue and Customs (HMRC), posing as notifications to users of unclaimed tax funds. Users are asked to follow a link within the message to an external site.

Upon visiting the site, users are presented with a site that includes both valid links to external pages from HMRC as well as several links to supposed banking sites which are in fact phishing pages designed to harvest account credentials.


Read more: http://www.v3.co.uk/v3-uk/news/2039277/phishers-re...


--
Was this reply relevant?
+0
-0
mogs CClip 3
Expert Contributor 1st Apr, 2011 08:50
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Q I have encountered a problem with my external hard disk after following an attempt to convert it from the Fat 32 file system to NTFS.
The change went smoothly but when I now run a full backup of my main drive to this external drive, it stalls at about 75 per cent of the way through. An error message appears to say that the backup was unsuccessful, with an error code of 0x81000037.
I now wish I had left the drive unchanged as Fat 32. Can you help me sort this out? I really don't want to have to reformat the hard disk, as I would lose a lot of valuable data.
Philip Wade
A We see how this problem may seem to relate to your decision to upgrade the drive from Fat 32 to NTFS, but we believe this is just a coincidence........................


Read more: http://www.computeractive.co.uk/ca/pc-help/2026176...


--
Was this reply relevant?
+0
-0
mogs CClip 4
Expert Contributor 1st Apr, 2011 09:12
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
LizaMoon Mass Injection Attack Spreads Rapidly
By Lucian Constantin

A recently announced mass injection attack dubbed LizaMoon is spreading rapidly and managed to infect over 1.5 million web pages in just a few days.

The mass compromise was announced by Websense on Tuesday, at which time it had already affected some 28,000 pages and made its way onto iTunes.

One interesting aspect of the attack was that by the time researchers spotted the infection, the domain hosting rogue code, lizamoon.com, was already inactive.

While this has not changed, the infection took massive proportions and started using new domains, including worid-of-books.com, alexblane.com, alisa-carter.com and t6ryt56.info.

"We’re seeing compromised websites that were previously inserted with a script leading to lizamoon(dot)com/ur.php already modified to connect to tadygus(dot)com/ur.php. The said URL also resolves to the same IP server as the 4 previously mentioned URLs," Trend Micro researchers warn.

The attack uses SQL injection techniques to insert rogue code into the databases of PHP and ASP websites alike. There is most likely a great deal of automation behind this.

The infections lead to a scareware distribution site that displays fake antivirus alerts in order to convince users to download a rogue application called Windows Stability Center.

More at :-
http://news.softpedia.com/news/LizaMoon-Mass-Injec...

--
Was this reply relevant?
+0
-0
mogs CClip 5
Expert Contributor 1st Apr, 2011 11:07
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Microsoft adds Hotmail desktop notifications in IE9

By Dean Wilson
Fri Apr 01 2011, 09:50
SOFTWARE OUTFIT Microsoft is enhancing Internet Explorer 9 to give desktop notifications for Hotmail.
While Hotmail is not an application, it can be pinned to the Windows taskbar in the latest version of the Vole's web browser, effectively giving it a range of useful features previously only seen in Windows programs.
It works by signing into Hotmail from Internet Explorer 9 and then dragging the Hotmail tab to the taskbar. Once done this acts like a direct bookmark to Hotmail, instantly opening the webpage within Internet Explorer 9 without having to open the browser first.
Another handy feature is the context menu that appears when users right-click the Hotmail icon on their taskbar. This gives options to compose new emails, view the calendar, check the contacts list and so forth, saving the time of going through the long route.
The best feature to date, however, is desktop notifications, with the Hotmail icon displaying the number of new emails received. This saves the user from having to constantly check email on a regular basis to see if anything new has arrived, as the taskbar itself will keep them up to date.
Now if only we could pin Gmail too. µ

http://www.theinquirer.net/inquirer/news/2039317/m...


--
Was this reply relevant?
+0
-0
mogs CClip 6
Expert Contributor 1st Apr, 2011 16:26
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Malicious PDFs Distributed by Fake Warner Music and Cell Phone Orders

April 1st, 2011, 07:51 GMT| By Lucian Constantin
A new malware distribution campaign generates emails posing as Warner Music orders that come with malicious PDF documents attached.

The rogue emails have subjects of the form "Your Order No ###### – Warner Music Inc." or "Your Order No ###### – Cell Phone Inc."

The contained message informs recipients that an order was made in their name and a large sum of money is to be charged on their credit card. It reads:

"Thank you for ordering from Warner Music Inc. This message is to inform you that your order has been received and is currently being processed.

Your order reference is Warner Music Inc. You will need this in all correspondence. This receipt is NOT proof of purchase. We will send a printed invoice by mail to your billing address.

You have chosen to pay by credit card. Your card will be charged for the amount of 629.00 USB and "Warner Music Inc." will appear next to the charge on your statement. Your purchase information appears below in the file."

The files are called Order_N#####.pdf (where # is a digit) and, according to security researchers from M86 Security, they are rigged with an exploit for an older Adobe Reader vulnerability (CVE-2009-0927).

If exploitation is successful, a file called 1.php is downloaded from an external server. Despite its .php extension this is actually an executable. The purpose of the fake extension is to hide the download from network firewalls or intrusion prevention systems.

This executable is responsible for downloading another piece of malware that currently has a very low detection rate on Virus Total and whose purpose is to send spam.

"These days, PDF files arriving in unexpected emails should be treated with extreme suspicion. And please be sure to keep your PDF reader meticulously up to date to avoid getting exploited by old vulnerabilities such as this," the M86 Security researchers advise.


http://news.softpedia.com/news/Malicious-PDFs-Dist...

--
Was this reply relevant?
+0
-0
mogs CClip 7
Expert Contributor 1st Apr, 2011 16:30
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
New Notification Feature for Windows Live Hotmail on Windows 7 via IE9

April 1st, 2011, 13:45 GMT| By Marius Oiaga

Internet Explorer 9 enables users to pin sites on the Taskbar just as they would any other application, but only as long as they are running Windows 7.

Windows Live Hotmail makes no exception to this rule, and the Redmond company seems committed to investing continually in pushing the Hotmail user experience on Windows 7 to the next level, for customers leveraging IE9.

In this regard, the software giant has introduced a new app-like feature to its email service, allowing Hotmail to deliver notifications directly on the Windows 7 Taskbar, provided that it was pinned.

More at :-
http://news.softpedia.com/news/New-Notification-Fe...

--
Was this reply relevant?
+0
-0
mogs CClip 8
Expert Contributor 1st Apr, 2011 16:34
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Mozilla surpasses 50 million Firefox 4 downloads

Steady on-going demand
By Lawrence Latif
Fri Apr 01 2011, 13:12
OPEN SOURCE SOFTWARE HOUSE Mozilla is serving about 2,000 downloads of Firefox 4 per minute at the moment, and has passed the 51 million mark according to its nifty download counter.


Read more: http://www.theinquirer.net/inquirer/news/2039498/m...


--
Was this reply relevant?
+0
-0
mogs CClip 9
Expert Contributor 1st Apr, 2011 20:15
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Verisign deploys DNSSEC on .com TLD

Plugs DNS security hole
By Lawrence Latif
Fri Apr 01 2011, 16:50
INTERNET INFRASTRUCTURE OUTFIT Verisign has rolled out DNSSEC on the .com top level domain (TLD).
Verisign, which runs two of the Internet's 13 root domain name service (DNS) servers and the .com and .net TLDs, announced that it has deployed DNSSEC on the .com TLD. The firm announced that this was a "critical milestone to improve the integrity" of the Internet.
One of the main advantages of using DNSSEC is that DNS records can be verified because they are digitally signed using public-key cryptography. This should, in theory, mitigate the possibility of DNS hijacking attacks, where users are unwittingly sent to the wrong website by having a domain name resolved to an incorrect quad-dot numerical Internet address.


Read more: http://www.theinquirer.net/inquirer/news/2039648/v...


--
Was this reply relevant?
+0
-0
mogs CClip 10
Expert Contributor 1st Apr, 2011 20:19
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Google uses Gmail for April Fools' Day prank
Company pulls Gmail Motion gag -- controlling Gmail with your body (see video below)

By Sharon Gaudin
April 1, 2011 01:27 PM
Computerworld - Have you started looking forward to controlling your Google Gmail account with body movements?

If you have, you probably shouldn't admit it.

Those pranksters at Google are having some April Fools' Day fun with users again this year.

More at :-
http://www.computerworld.com/s/article/9215425/Goo...

--
Was this reply relevant?
+0
-0
taffy078 RE: Daily CYBERCLIPS April
Contributor 1st Apr, 2011 21:55
Score: 408
Posts: 1,352
User Since: 26th Feb 2009
System Score: 100%
Location: UK
Hey Mogs! Thank you for some interesting & informative heads-up, and for the time that you spend on this. I'm too busy at the moment to keep my eye on all the balls so this has helped me a lot.

PS This is a genuine 'thank you' - it's not an April Fool!

--
taffy078, West Yorkshire, UK

Desktop: Compaq Presario (OEM) 32 bit / AMD Athlon / 2 GB RAM
XP Home - SP3/ IE8/ Norton IS - Secunia PSI v2.0.0.3003

Laptop: Win 7 / IE11 / PSI v2.0.0.3003
Was this reply relevant?
+0
-0
mogs RE: Daily CYBERCLIPS April
Expert Contributor 1st Apr, 2011 22:18
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Hi...evening taffy ! And wishes for a lack of rainfall and a warm April breeze for you too !
Glad you are finding the thread useful.....it stays quite neat d'ya reckon (?)....without overmuch use of the scissors, shears and escalation to nuclear lawnmower ?! Ha!

--
Was this reply relevant?
+0
-0
mogs CClip 11
Expert Contributor 2nd Apr, 2011 09:47
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Google Plans to Improve SSL Cetificate Validation in Chrome

April 1st, 2011, 16:52 GMT| By Lucian Constantin

Google is working on implementing more strict digital certificate verification mechanisms in Chrome based on a technology it already has.

The security industry is still actively discussing the recent compromise of a Registration Authority (RA) that resulted in rogue digital certificates for high-profile domains being issued by Comodo.

Following the incident, browser vendors and security specialists have begun working together to find methods of improving the public key infrastructure (PKI), which is used to establish trust online.

More at :-
http://news.softpedia.com/news/Google-Plans-to-Imp...

--
Was this reply relevant?
+0
-0
mogs CClip 12
Expert Contributor 2nd Apr, 2011 09:51
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Firefox 'Do Not Track' header wins first convert

Ad biz, er, mulls things over
By Cade Metz in San Francisco • Get more from this author
Posted in ID, 1st April 2011 23:11 GMT
Mozilla has announced that the Associated Press has become the first organization to adopt the "Do Not Track" http header introduced by Firefox 4.

According to a blog post from Mozilla privacy man Alex Fowler, the AP News Registry is now using the header across 800 news sites reaching 175 million unique users a month.

He also says that the Digital Advertising Alliance (DAA) – an collection of big name media and advertising agencies that seeks to self regulate the behavior advertising biz – is "initiating a process to explore" the use of Mozilla's Do Not Track header.

More at :-
http://www.theregister.co.uk/2011/04/01/ap_adopts_...

--
Was this reply relevant?
+0
-0
mogs CClip 13
Expert Contributor 2nd Apr, 2011 09:57
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Bank customers warned after breach at Epsilon marketing firm
By Robert McMillan
April 2, 2011 01:02 AM
IDG News Service - Citibank, JP Morgan Chase and the Kroger supermarket chain are warning customers that their names and e-mail addresses may have fallen into the wrong hands after someone broke into computer systems at e-mail marketing giant Epsilon.

Epsilon, whose other customers include Visa, Kraft, and Marriott International, acknowledged the incident in a brief statement Friday. "On March 30th, an incident was detected where a subset of Epsilon clients' customer data were exposed by an unauthorized entry into Epsilon's email system," Epsilon said. "The information that was obtained was limited to email addresses and/or customer names only."

More at :-
http://www.computerworld.com/s/article/9215443/Ban...

--
Was this reply relevant?
+0
-0
mogs CClip 14
Expert Contributor 2nd Apr, 2011 09:59
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Thieves are stealing children's identities
By Tim Greene
April 1, 2011 08:26 PM
Network World - Identity theft has saddled thousands of children with debt, sometimes for years before they ever discover their personal information has been stolen, a study says.

Within a database of 42,232 children that was compiled by an identity-protection business, 4,311 -- 10.2% -- had someone else using their Social Security numbers, according to "Child Identity Theft," a report by Richard Power, a distinguished fellow at Carnegie Mellon Cylab.

More at :-
http://www.computerworld.com/s/article/9215442/Thi...

--
Was this reply relevant?
+0
-0
mogs CClip 15
Expert Contributor 2nd Apr, 2011 20:38
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK

Chrome's Out-of-Date Plugin Blocking Feature Was a 20% Time Project

By Lucian Constantin

The new out-of-date plugin blocking feature in Chrome 10 started as an extension developed by Google security engineers in the 20% of time the company allows them to use for personal projects.

The Web has long become the primary malware distribution vector and one of the most effective methods is drive-by download attacks that exploit vulnerabilities in browser plugins like Flash, Adobe Reader, Java and so on.

When we spoke with Ondrej Vlcek, CTO at AVAST Software, last month, he told us that browsers are actually some of the most secure pieces of software one can find on computers.

This is because they've been heavily scrutinized by security researchers already. However, the same cannot be said about plugins and that's what makes them attractive targets for attackers.

Keeping plugins up-to-date is no easy task and it requires users realizing they are outdated in the first place.

Locating the new version for each one by going to their corresponding website and then installing it is not very convenient either and this is what motivated Panayiotis Mavrommatis and Noé Lutz of the Google Security Team.

"Keeping all of your plugins up-to-date with the latest security fixes can be a hassle, so a while ago we started using our 20% time to develop a solution.

"The initial implementation was a Chrome extension called 'SecBrowsing,' which kept track of the latest plugin versions and encouraged users to update accordingly," the two explain.

That extension helped the engineers better understand plugins and soon enough they began working with the Chrome development team to implement the feature natively.

The latest version of the browser automatically disables outdated plugins and advises users to update them. It even goes further and helps with locating the new versions. Of course, the option to override the block, but we don't recommend people using it.

http://news.softpedia.com/news/Chrome-s-Out-of-Dat...

--
Was this reply relevant?
+0
-0
mogs CClip 16
Expert Contributor 3rd Apr, 2011 09:39
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
IE9 RTW Evolved Compatibility View List
By Marius Oiaga

Just as its predecessor, Internet Explorer 9 comes with Compatibility View, a feature illustrative of Microsoft’s commitment to not breaking the web with new iterations of IE.

Compatibility View, along with the multiple rendering options in IE8’s successors, make sure that customers can still get a great experience on older websites in IE9 RTW, even if said sites were tailored to IE7 or IE6.

Not only did the Compatibility Feature make it into IE9, but also the associated Compatibility View List.

With the Compatibility View List, Microsoft maintains a collection of sites that are, to some degree, incompatible with IE9 in terms of rendering.

The CVL tells IE9 to render a specific website as if it was IE6, IE7 or IE8, if that would provide the best user experience possible.

According to the Redmond company, a number of enhancements have been introduced to Compatibility View Lists in IE9, including:

More at :-
http://news.softpedia.com/news/IE9-RTW-Evolved-Com...

--
Was this reply relevant?
+0
-0
mogs CClip 17
Expert Contributor 3rd Apr, 2011 11:19
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK

CCleaner v3.05
We've been closely following the release schedule of the latest browsers to keep CCleaner fully compatible. With both Firefox 4.0 and Microsoft's Internet Explorer 9 being released this month, we've updated CCleaner in version 3.05 to be fully compatible with both!
Additionally we've improved the registry cleaner to trim out old Firewall entries and added a lot more third-party cleaning rules.
Change Log:
Added support for Internet Explorer 9.
Added support for Firefox 4.0.
Added Internet Explorer Cached Feeds cleaning.
Added Internet Explorer Add-ons Statistics cleaning.
Added iTunes cookie management.
Added Opera cleaning for saved/opened directories paths.
Improved Firefox/Mozilla Saved Password cleaning.
Improved Intelligent cookie keeping functionality.
Improved Registry cleaning for Obsolete Software.
Improved Registry cleaning for Unused File Extensions.
Added Registry cleaner for Windows Services.
Added cleaning for obsolete Firewall Rules.
Added detection of invalid Browser Helper Objects.
Added new environment variables for user documents. (i.e. %CommonDocuments%, %CommonMusic%, %CommonPictures%, %CommonVideo%, %MyDocuments%, %Documents%, %MyMusic%, %Music%, %MyPictures%, %Pictures%, %MyVideo%, %Video%).
Added cleaning for Adobe Air, Advanced Searchbar, Steam, Xfire, Skype, AOL Instant Messenger, Camfrog Video Chat, Miranda Instant Messenger, Pidgin, Yahoo Messenger, ooVoo, TeamSpeak, Ventrilo Client, Ventrilo Server, FrostWire, uTorrent, Shareaza, iMesh, BearShare, DC++ and Ares.

www.piriform.com/ccleaner

--
Was this reply relevant?
+0
-0
mogs CClip 18
Expert Contributor 4th Apr, 2011 09:42
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Mozilla to Block Offline Add-on Installation in Upcoming Firefox Version

April 4th, 2011, 05:22 GMT| By Lucian Constantin

In an attempt to resolve performance issues Mozilla plans to block the offline installation of add-ons, a measure that will also impact security in a good way.

Mozilla intends to make a series of add-on-related changes that involve the introduction of automatic performance testing, slow performance warnings, and most importantly, from a security perspective, mandatory opt-in installation.

This means that no third-party program will be able to install extensions, toolbars or plug-ins by placing files directly in the Firefox directory.

This is actually an attack vector that has been discussed and criticized before by the security community.

More at :-
http://news.softpedia.com/news/Mozilla-to-Block-Of...

--
Was this reply relevant?
+0
-0
mogs CClip 19
Expert Contributor 4th Apr, 2011 09:46
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
RSA Hackers Exploited Zero-Day Flash Vulnerability

April 4th, 2011, 03:57 GMT| By Lucian Constantin

Reputed security company RSA said the intrusion incident it suffered last month was the result of a spear phishing attack leveraging a recently patched Adobe Flash vulnerability.

In mid-March, RSA Security, a division of EMC Corp., admitted being the victim of an Advanced Persistent Threat (APT) attack which resulted in sensitive information being stolen from its systems.

The data was related to the company's popular SecurID two-factor authentication product which is used to secure numerous private and governmental networks.

The company noted that while the stolen information can't be used to attack SecurID directly, it can be leveraged to decrease its efficiency.

After the initial public disclosure, the company pretty much kept quiet and refused to answer questions more questions, which attracted a some criticism from the security community.

More at :-
http://news.softpedia.com/news/RSA-Hackers-Exploit...

--
Was this reply relevant?
+0
-0
mogs CClip 20
Expert Contributor 4th Apr, 2011 16:34
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Microsoft Security Essentials Site Overhauled

April 4th, 2011, 13:16 GMT| By Marius Oiaga

Microsoft has overhauled the website it uses to serve its free security solution to Windows 7, Windows XP and Windows Vista customers.

The redesign of the Microsoft Security Essentials websites comes a bit out of the blue, but then again, so did the actual release of the latest version of MSE 2.0.

Just head over to the Security Essentials corner on Microsoft.com to witness the new design introduced by the software giant.

To me at least, it looks like the Redmond company strived to make the MSE site more attractive to small businesses, and not necessarily to end users.

More at :-
http://news.softpedia.com/news/Microsoft-Security-...

--
Was this reply relevant?
+0
-0
mogs CClip 21
Expert Contributor 4th Apr, 2011 16:37
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Microsoft Will Answer Whether Windows XP Is Good Enough or Not

April 4th, 2011, 14:01 GMT| By Marius Oiaga

If you ever asked yourself whether Windows XP is still good enough or not, then Microsoft might have an answer.

The Redmond company has just announced a new Springboard Series Virtual Roundtable for April 14, 2011 – 9:00 AM Pacific Time, designed to discuss the following topic: “Is Windows XP Good Enough? Really??”

Fact is that even if the software giant hadn’t placed those “??” after “Really,” I would have been ready to bet that the answer to that question was a firm “No.”

“Join us for a lively roundtable discussion on how the technology landscape has changed since Windows XP was first released, and learn how to address today's challenges around security and manageability,” Microsoft stated.

“Host Stephen Rose, IT Pro Community Manager with the Windows Client team, will be joined by a panel of IT professionals and Microsoft subject matter experts to dive into the differences between Windows 7 and Windows XP, Windows Internet Explorer 6 and Internet Explorer 8 and Internet Explorer 9, and the various technologies in the client PC management stack.”

The software giant has said time and again that Windows XP is obsolete. Sure, customers continue to enjoy support, which is planned to last until 2014, but it has already been 10 years since XP hit store shelves.

More at :-
http://news.softpedia.com/news/Microsoft-Will-Answ...

--
Was this reply relevant?
+0
-0
mogs CClip 22
Expert Contributor 4th Apr, 2011 19:38
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Net boffins plot password alternatives

CAPTCHAS, split slogans and authenticated tokens
By John Leyden • Get more from this author
Posted in ID, 4th April 2011 15:59 GMT
Computer scientists are looking to develop a more secure alternative to passwords for website sign-ons and other functions.

Most users have scores of online accounts and, human nature being human nature, often choose easy-to-remember passwords. Using the same password on multiple sites is also a common problem. Most sites are sensible enough to store passwords as hashes. But if these hashes are exposed via a website vulnerability, then the use of rainbow tables readily exposed passwords based on dictionary words. That's bad enough on its own but gets even worse if a user utilities the same password for social networking as he or she does on more sensitive profiles, such as webmail or e-banking accounts.

Security researchers have long known that consumers can't be trusted to maintain multiple secure password sign-ons. The recent HBGary hack, which partly took advantage of shared passwords, underlined that weak password security is also a problem in business.

More at :-
http://www.theregister.co.uk/2011/04/04/password_a...

--
Was this reply relevant?
+0
-0
mogs CClip 23
Expert Contributor 4th Apr, 2011 19:42
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Microsoft is testing a ribbon interface in Windows 8

A controversial inclusion in an early beta
By Lawrence Latif
Mon Apr 04 2011, 13:32
SOFTWARE FLOGGER Microsoft is planning to bring its controversial ribbon interface to Windows 8.
Microsoft's ribbon user interface made its debut in Office 2007 and has polarised user opinion ever since. Microsoft has used the ribbon interface in a growing number of applications and judging from leaked Windows 8 screenshots, it is going to integrate the ribbon motif in Internet Explorer.


Read more: http://www.theinquirer.net/inquirer/news/2040057/m...


--
Was this reply relevant?
+0
-0
mogs CClip 24
Expert Contributor 4th Apr, 2011 19:44
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
HP reports huge increase in automated malware toolkits
by Iain Thomson

04 Apr 2011

The annual HP TippingPoint DVLabs security survey has shown a huge increase in the number of automated toolkits aimed at web exploits.
The 2010 report found that web exploits accounted for 49 per cent of all reported vulnerabilities, against a 10 per cent increase in overall flaws found last year. Attackers are focusing on this area with new automated tools the company said.


Read more: http://www.v3.co.uk/v3-uk/news/2039773/hp-report-h...


--
Was this reply relevant?
+0
-0
mogs CClip 25
Expert Contributor 4th Apr, 2011 22:20
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Last edited on 4th Apr, 2011 22:24
Get a fast, free web browser
Google Chrome runs web pages and applications with lightning speed.

Download Google Chrome Canary Build
It installs and runs side by side with other Google Chrome installations.
For Windows XP, Vista, and 7
Fast start-up
Google Chrome launches in a snap.
Fast loading
Google Chrome loads web pages quickly.
Fast search
Search the web right from the address bar.

http://tools.google.com/dlpage/chromesxs

"I thought IE9 was smooth and Chrome Dev quick....but this Canary is really sweet " Mogs.

--
Was this reply relevant?
+0
-0
mogs CClip 26
Expert Contributor 5th Apr, 2011 08:26
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
PKI Improvements Discussed at IETF 80 Meeting
April 4th, 2011, 13:57 GMT| By Lucian Constantin

The security of the public key infrastructure (PKI), which is used to establish trust on the Internet via digital certificates, was the main focus of the 80th Internet Engineering Task Force (IETF) meeting.

The Internet Engineering Task Force (IETF) is an open standards organization composed of working groups and discussion groups dedicated to developing Internet standards.

The organization holds two meetings every year and the latest took place between March 27 and April 1 in Prague, the Czech Republic.

PKI security became a central discussion topic following last month's compromise of several Comodo Registration Authorities (RAs) which resulted in rogue certificates being wrongfully issued for high-profile domains.

More at :-
http://news.softpedia.com/news/PKI-Improvements-Di...

--
Was this reply relevant?
+0
-0
mogs CClip 27
Expert Contributor 5th Apr, 2011 08:30
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Microsoft Answers for Over 500,000 Questions per Day

April 4th, 2011, 14:42 GMT| By Marius Oiaga

Back in 2008 Microsoft launched a new initiative designed to provide a channel of communication enabling questions to be sent directly to the company.

Designed to bridge users with Microsoft Employees and a community of the software giant’s MVPs as well as technical users, Microsoft Answers has grown tremendously in just a few years.

According to statistics from the software giant, Microsoft Answer now provides, well, answers to over half a million questions each day.

Consumers can engage directly with Microsoft support engineers and technical enthusiasts, and this is the direction in which the software giant wants the site to evolve, focusing on the power of the community that was formed around it.

More at :-
http://news.softpedia.com/news/Microsoft-Answers-f...

--
Was this reply relevant?
+0
-0
mogs CClip 28
Expert Contributor 5th Apr, 2011 08:36
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
by Phil Muncaster
05 Apr 2011

There were 286 million new threats in 2010, with web-based attacks up 93 per cent thanks to attack toolkits and the spread of malicious links on social networking sites, according to the latest Symantec Internet Security Threat report.
The security giant found threats continuing to get more sophisticated, as cyber criminals seek to overcome the growing internet security saviness of many web users today.
To this end, there have been large numbers of targeted attacks launched at SMBs seeking to harvest valuable customer data or IP, the firm said.


Read more: http://www.v3.co.uk/v3-uk/news/2040283/symantec-wa...


--
Was this reply relevant?
+0
-0
mogs CClip 29
Expert Contributor 5th Apr, 2011 10:49
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK


Beta Channel Update
Monday, April 4, 2011 | 16:44
Labels: Beta updates
The Beta channel has been updated to 11.0.696.34 for Macintosh, Windows, Linux and Chrome Frame platforms

The following bugs were fixed
Duplicate desktop icon is created using First Run UI even if it's present (Issue 5073).
FLACEncoder::Encode has mismatched free (Issue 77653).
Switch from using Speex to FLAC for speech input requests (Issue 61677).
Chrome hangs on form submit with lots of stored Autofill profiles (Issue 75862).
Browser crash if tab is closed while page is being downloaded (Issue 76963).
You can find full details about the changes that are in this version of Chrome 11 in the SVN revision log.

If you find new issues, please let us know by filing a bug.

Want to change to another Chrome release channel? Find out how.

Karen Grunberg
Google Chrome
5 comments | Links to this post | Email Post

Chrome OS Beta Channel Update
| 13:37
Labels: Chrome OS
The Chrome OS Beta channel has been updated to R11 release 0.11.257.44 including the new Chrome 11 Beta, new trackpad and several stability and functional improvements over the previous release. This release contains the following fixes:
We are now running Flash Player on a new platform known as Pepper/PPAPI by default, which we hope will improve stability and performance. It is also running inside a full sandbox which further protects users from malware and security exploits.
An NPAPI version of Flash Player is still included, but not used by default. If you experience significant problems or incompatibilities with the (default) PPAPI version, you can switch to the NPAPI version using chrome://plugins.
Several WiFi bug fixes are in
Enabled GSM support for 3G via commands in crosh
AutoUpdate now supports Proxy AutoConfiguration (PAC) files and automatic proxy detection
New window switcher UI

You can find full list of fixes that are in Chrome OS R11 in the chromium-os bug tracker . If you find new issues, please let us know by visiting our help site or filing a bug.

Orit Mazor
Google Chrome
http://googlechromereleases.blogspot.com/
8 comments | Links to this post | Email Post

--
Was this reply relevant?
+0
-0
mogs CClip 30
Expert Contributor 5th Apr, 2011 18:51
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Sony Sites Downed by Anonymous DDoS
April 5th, 2011, 08:26 GMT| By Lucian Constantin

Several Sony websites have experienced downtime during the last 24 hours as a result of distributed denial-of-service attacks mounted by the Anonymous collective.

The hacktivist group announced that it will target Sony in an open letter posted online yesterday, which accused the company of breaching the privacy of numerous individuals and acting against freedom of information principles.

"You have victimized your own customers merely for possessing and sharing information, and continue to target those who seek this information. In doing so you have violated the privacy of thousands of innocent people who only sought the free distribution of information.

"Your suppression of this information is motivated by corporate greed and the desire for complete control over the actions of individuals who purchase and use your products, at least when those actions threaten to undermine the corrupt stranglehold you seek to maintain over copywrong, oops, 'copyright'," the group said.

According to The Register, the UK PlayStation 3 website as well as the European PlayStation Store server were offline earlier today. Other websites belonging to the company might also have been targeted.

More at :-
http://news.softpedia.com/news/Sony-Sites-Downed-b...

--
Was this reply relevant?
+0
-0
mogs CClip 31
Expert Contributor 5th Apr, 2011 22:03
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
New DHL-Themed Malware Distribution Campaign in the Wild
April 5th, 2011, 09:58 GMT| By Lucian Constantin

Security researchers warn of a new malware distribution campaign which produces emails with malicious attachments that pose as delivery notifications from DHL.

The rogue emails have a subject "DHL Express Services" and their headers have been forged to appear as originating from a @dhl.com address.

They inform recipients that their package is on its way and tells them to read the attached document for more information and to obtain the tracking number. The enclosed message reads:

"Dear customer. The parcel was sent to your home address. And it will arrive within 3 business day. More information and the tracking number are attached in document below. Thank you."

The attached document is called dhl.zip and contains an executable file of the same name which is a trojan downloader.

This threat is responsible for downloading additional malware including a fake antivirus called XP Home Security, according to Vietnamese security vendor Bkis.

Judging from dates of scans and comments on Virus Total for the malicious files involved in this attack, the campaign began sometime over the weekend.

More at :-
http://news.softpedia.com/news/New-DHL-Themed-Malw...

--
Was this reply relevant?
+0
-0
mogs CClip 32
Expert Contributor 6th Apr, 2011 09:14
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Google Chrome to warn of malicious Windows executables

Social engineering put on notice
By Dan Goodin in San Francisco • Get more from this author
Posted in Malware, 5th April 2011 21:21 GMT
Google says it's expanding its blacklist of malicious websites to include those that use deceptive claims to push harmful Windows programs.

The addition to Google's Safe Browsing API will warn people when they are about to visit websites that offer Windows-based trojans that are disguised as screen savers or other innocuous applications. The search behemoth introduced the service five years ago to alert users when they try to browse sites that perform drive-by downloads that exploit security vulnerabilities in the operating system or browsing software.

The underlying programming interface is already being used by browsers including Google Chrome, Mozilla Firefox, and Apple Safari. It's also available to any webmaster who wants to use the wealth of information available from Google to prevent malicious links from being posted to their sites.

More at :-
http://www.theregister.co.uk/2011/04/05/google_mal...

--
Was this reply relevant?
+0
-0
mogs CClip 33
Expert Contributor 6th Apr, 2011 09:46
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Last edited on 7th Apr, 2011 10:30
Chrome Dev Channel Update
Tuesday, April 5, 2011 | 17:30
Labels: Dev updates
The Dev channel has been updated to 12.0.725.0 for Windows, Mac, Linux and Chrome Frame

All
Updated V8 - 3.2.6.0
Spring cleaning in the code, lots of code cleanup and refactoring under the covers
Windows
Continued work on tab multi-select
Known Issues
78475 Regression: Bidi Chrome UI lost directional diplay in menu and DOMUI and about: page functions
78501 Regression: NACL apps are no longer working
78509 Regression: Autofill fails on certain forms
78073 Regression: Autocomplete sometimes pops up in the upper left corner
More details about additional changes are available in the svn log of all revision.

You can find out about getting on the Dev channel here: http://dev.chromium.org/getting-involved/dev-chann...

If you find new issues, please let us know by filing a bug at http://code.google.com/p/chromium/issues/entry

--
Was this reply relevant?
+0
-0
mogs CClip 34
Expert Contributor 7th Apr, 2011 10:32
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Former Newsletter Subscribers Also Affected by Epsilon Breach
April 6th, 2011, 16:55 GMT| By Lucian Constantin

The security breach at email marketing provider Epsilon Data Management has affected millions of consumers including those that unsubscribed from the stolen mailing lists.

Late last month Epsilon discovered an intrusion into its email systems and determined that attackers walked away with the costumer email lists of many of its clients.

The company stressed that only 2 percent of its client base was affected and that the lists did not contain any personal information except for names and email addresses.

Nevertheless, those 2% account for around 50 companies, many of which are major retail chains, banks and other services providers.

They include.S. Bank, JP Morgan Chase, Capital One, Brookstone, McKinsey Quarterly, New York & Co, the Home Shopping Network, TiVo, City Market, Dillons, Jay C, Food 4 Less, Fred Meyer, Fry’s, King Soopers, Marriott Rewards, QFC, Ralphs, Ritz Carlton, Smith Brands, Walgreens, Kroger and many others.

This means that tens of millions of email addresses were exposed and since they are coupled with real names, security experts expect targeted attacks such as phishing or malware distribution.

More at :-
http://news.softpedia.com/news/Former-Newsletter-S...

--
Was this reply relevant?
+0
-0
mogs CClip 35
Expert Contributor 7th Apr, 2011 10:37
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Popular open source DHCP program open to hack attacks

Beware of rogue meta-characters
By Dan Goodin in San Francisco • Get more from this author
Posted in Enterprise Security, 7th April 2011 00:21 GMT
The makers of the internet's most popular open source DHCP program have warned that it's vulnerable to hacks that allow attackers to remotely execute malicious code on underlying machines.

The flaw, which is present in Internet Systems Consortium's DHCP versions prior to 3.1-ESV-R1, 4.1-ESV-R2, and 4.2.1-P1, stems from the program's failure to block commands that contain certain meta-characters. The vulnerability makes it possible for rogue servers on a targeted network to remotely execute malicious code on the client, the non-profit ISC warned on Tuesday.

ISC advises users to upgrade. Users can in some cases follow workarounds, which include disabling hostname updates or configuring their systems to access only legitimate DHCP servers in settings where access control lists are in place.

Short for Dynamic Host Configuration Protocol, DHCP is a system for automatically assigning computers IP addresses on a given network and helping administrators to keep track of those assignments. ISC says its DHCP program is the most widely used open source DHCP implementation on the Internet.

More at :-
http://www.theregister.co.uk/2011/04/07/dhcp_remot...

--
Was this reply relevant?
+0
-0
mogs CClip 36
Expert Contributor 7th Apr, 2011 10:44
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Google Chrome is making the web a safer place

Drive by attacks stopped in their tracks
By David Neal
Wed Apr 06 2011, 15:15
INTERNET GIANT Google is experimenting with a real-time alert system that should prevent users of its Chrome web browser from stumbling down bad Internet alleys and downloading malicious materials.
The firm is using data from its Safe Browsing API to produce a database of web badness that it will use to leap out in front of web surfers, wave its arms, and scream 'Nooooooooooooo!'.
Moheeb Abu Rajab of the Google security team said, "Safe Browsing has done a lot of good for the web, yet the Internet remains rife with deceptive and harmful content."
According to Rajab, and anyone else that has held a mouse and explored the Internet, it is easy to find websites that promise one thing but deliver another. Although some websites might not be a security risk in themselves, many often encourage users to download something that is, he added.
"It's easy to find sites hosting free downloads that promise one thing but actually behave quite differently," he said. "Such sites usually don't attempt to exploit vulnerabilities on the user's computer system. Instead, they use social engineering to entice users to download and run the malicious content."
In order to protect its users against these attacks Google has added a feature to the Chrome web browser that will display a warning if they attempt to download a suspected executable. Google is starting with Windows executables, as those comprise the majority of malicious files on the web.


Read more: http://www.theinquirer.net/inquirer/news/2041224/g...


--
Was this reply relevant?
+0
-0
mogs CClip 37
Expert Contributor 7th Apr, 2011 11:38
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Last edited on 7th Apr, 2011 11:41
IE9 exploit puts Windows 7 SP1 at risk
Even fully patched Windows 7 systems are vulnerable, researchers say

By Jasper Bakker | Webwereld Netherlands


A new exploit for IE9 bypasses all security measures in even the latest fully patched version of Windows 7, according to a French security company Vupen.

The exploit uses an unpatched zero-day vulnerability in Internet Explorer 9 and bypasses all the extra security measures of Windows 7. The latest version of Microsoft's operating system, fully up-to-date with service pack 1 (SP1), is vulnerable. The security hole was reported by the French security company Vupen, that previously discovered an IE8 vulnerability in December of last year.

Vupen classifies the exploit for IE9 as reliable, which means it's an effective way for cyber attackers to run malicious code of their choosing on Windows 7 PCs. The exploit manages to break through Windows' additional security layers, such as ASLR, DEP and the sandbox (Protected Mode) in IE9.

"The exploit uses two distinct vulnerabilities. The first one allows execution of arbitrary code within the IE9 sandbox. The second one allows the bypass of the sandbox to achieve full code execution," Vupen's CEO Chaouki Bekra told Dutch IDG news site Webwereld.

Read more at :-
http://www.infoworld.com/d/security/ie9-exploit-pu...



--
Was this reply relevant?
+0
-0
mogs CClip 38
Expert Contributor 7th Apr, 2011 13:07
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Last edited on 7th Apr, 2011 13:12
Off the hook! Who gets phished and why


Communication researchers at four major universities have found that if you receive a lot of email, habitually respond to a good portion of it, maintain a lot of online relationships and conduct a large number of transactions online, you are more susceptible to email phishing expeditions than those who limit their online activity.
The study, "Why Do People Get Phished?" forthcoming in the journal Decision Support Systems and Electronic Commerce, uses an integrated information processing model to test individual differences in vulnerability to phishing.
The study is particularly pertinent, given the rash of phishing expeditions that have become public of late, the most recent involving the online marketing firm Epsilon, whose database was breached last week by hackers, potentially affecting millions of banking and retail customers.

More at :-
http://www.physorg.com/news/2011-04-phished.html

--
Was this reply relevant?
+0
-0
mogs CClip 39
Expert Contributor 7th Apr, 2011 13:14
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK

Opera 11.10 codenamed Barracuda is extremely close to finalization. Illustrative of this is the latest development snapshot made available for download by Opera Software.

Build 2081 is the first Release Candidate of Opera 11.10, which of course signals the fact that the Norway-based browser vendor is getting extremely close to the point of wrapping up the next generation of Opera.

A specific availability deadline has not been announced yet, but of course, this is not how Opera Software operates.

Throughout the Alpha and Beta development stages of codenamed Barracuda, early adopters got to test the evolved Speed Dial, but also help Opera Software resolve a range of bugs and issues.

“This RC adds additional fixes to make Barracuda even more stable and streamlined. Several more crash bugs have been fixed, we have continued to polish Speed Dial, and there are numerous other fixes in there as well,” reveals a member of the Opera Desktop team.

More at :-
http://news.softpedia.com/news/Download-Opera-11-1...

--
Was this reply relevant?
+0
-0
mogs CClip 40
Expert Contributor 7th Apr, 2011 17:33
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
The Electronic Frontier Foundation warns that certification authorities (CAs) have signed tens of thousands of digital certificates for unqualified names, some of which even passed extended validation.

The EFF, one of the leading digital rights watchdogs, has reached this conclusion after analyzing data from its SSL Observatory project that looks for weaknesses in the public key infrastructure (PKI).

Digital certificates are used to establish encrypted connections and trust on the Internet, which makes them a vital part of its security.

It's, therefore, no wonder that a recent security incident where a hacker managed to obtain rogue certificates for high-profile domains like google.com, mail.live.com, mail.yahoo.com and others from Comodo has put the practices of certification authorities under the microscope.

The EFF warns that aside from hardcoding usernames and passwords in tools used by resellers and failing to perform proper checks for certificate requests received from them, CAs also sign unqualified names.

In practice, there should be a single certificate per domain or subdomain. However, it turns out that some CAs have signed certificates for names like "exchange", "mail" or "wiki," which cannot be accessed over the Internet and are sometimes used on local networks.

"In fact, the most common unqualified name is 'localhost,' which always refers to your own computer! It simply makes no sense for a public CA to sign a certificate for this private name," writes Chris Palmer, EFF's technology director.

More at :-
http://news.softpedia.com/news/EFF-Reveals-More-Ba...

--
Was this reply relevant?
+0
-0
mogs CClip 41
Expert Contributor 7th Apr, 2011 17:37
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Customers running Windows 7 and Windows Vista are starting to see automatic upgrades to Internet Explorer 9 RTW being offered to them through Windows Update.

The Redmond company had already started offering IE9 RTW to early adopters involved in the testing process for the Beta or Release Candidate (RC) development milestones.

However, the software giant is also starting to upgrade customers that were not among the IE9 Beta and RC testers to the latest iteration on Internet Explorer, according to Mary-Jo Foley.

There have been incorrect interpretations of some statements made by Ryan Gavin, Senior Director, Internet Explorer Business and Marketing at the end of March 2011, revealing that IE9 RTW would only be distributed via WU in June 2011.

This is not true. “Internet Explorer 9 will not be broadly rolled out on Windows Update until the end of June,” is what Gavin had stated at the time.

More at :-
http://news.softpedia.com/news/IE9-RTW-Automatic-U...

--
Was this reply relevant?
+0
-0
mogs CClip 42
Expert Contributor 7th Apr, 2011 20:54
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Firefox 6.0 and Firefox 7.0 First Taste in mid-April and mid-May, Respectively
April 7th, 2011, 16:16 GMT| By Marius Oiaga

Mozilla is hard at work on overhauling the existing release process for Firefox with a strong focus on accelerating the pace at which major new iterations are served to the public.

Christian Legnitto, Mozilla release manager has posted a new draft detailing the development specifics of future versions of Firefox.

According to the proposed development and release timetable, early adopters will be able to get the first taste of Firefox 6.0 and Firefox 7.0 quite soon.

Read more at :-
http://news.softpedia.com/news/Firefox-6-0-and-Fir...

--
Was this reply relevant?
+0
-0
mogs CClip 43
Expert Contributor 8th Apr, 2011 07:59
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Last edited on 8th Apr, 2011 08:00
Microsoft planning 17 security bulletins for April
by Shaun Nichols

08 Apr 2011
Microsoft is planning to release security fixes for security flaws in Windows, Office and Internet Explorer next week.
The company said that the 12 April monthly release would be comprised of a total of 17 bulletins addressing 64 flaws. Nine of the bulletins will be rated 'critical,' while the remaining eight have been given a less severe 'important' risk rating.

Of the 17 bulletins slated for release, 15 address vulnerabilities which if exploited could allow an attacker to remotely execute code on a targeted system. The remaining two bulletins address an elevation of privilege vulnerability and an information disclosure flaw.


Read more: http://www.v3.co.uk/v3-uk/news/2041967/microsoft-p...


--
Was this reply relevant?
+0
-0
mogs CClip 44
Expert Contributor 8th Apr, 2011 08:10
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Users find IE9 upgrade in Windows Update
Microsoft swears it hasn't switched on the automatic offer

By Gregg Keizer

Computerworld - Although Microsoft has denied pulling the trigger on Internet Explorer 9 (IE9) upgrade offers, some users have reported that the browser is showing up on their Windows Vista and Windows 7 machines' Windows Update lists.

Several systems at Computerworld and elsewhere have offered the IE9 upgrade as an "Important" item on Windows Update, the default update service for consumers and many small businesses.

On the PatchManagement.org mailing list, Susan Bradley, a blogger who covers Microsoft's Small Business Server and who also writes for the Windows Secrets newsletter, noted that the IE9 offer had appeared in Windows Update.

More at :-
http://www.computerworld.com/s/article/9215614/Use...

--
Was this reply relevant?
+0
-0
mogs CClip 45
Expert Contributor 8th Apr, 2011 21:19
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK

Drive-By Download Attack Launched from USPS.gov Website

April 8th, 2011, 10:40 GMT| By Lucian Constantin

Malicious code that led to a powerful exploit kit was injected into a compromised USPS.gov website in order to infect visitors with malware.

The infection was spotted by cloud security provider Zscaler on the United States Postal Service's Rapid Information Bulletin Board System (RIBBS) website, ribbs.usps.gov.

The RIBBS website provides information for Intelligent Mail package barcode (IMpb), a new system designed to provide price-level intelligence.

The injected code consisted of obfuscated JavaScript which, when parsed, generated a rogue iframe that loaded a script from an external domain.

Like in most drive-by download attacks, the script in question was used for redirection and led users to another page designed to look as a 404 error.

That page was part of a Blackhole exploit kit installation which checked visitors' browser and operating system in order to launch one of several Java and PDF exploits.

Blackhole is a popular commercial drive-by attack toolkit sold on the underground market and as Virus Total scans show, it comes with well obfuscated exploits that evade the detection of many antivirus products.

More at :-
http://news.softpedia.com/news/Drive-By-Download-A...

--
Was this reply relevant?
+0
-0
mogs CClip 46
Expert Contributor 8th Apr, 2011 21:23
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Microsoft’s next Patch Tuesday will bring with it a massive collection of security bulletins designed to resolve a record number of vulnerabilities.

According to details shared by Pete Voss, a senior response communications manager with Microsoft Trustworthy Computing, the software giant will patch no less than 64 security vulnerabilities across a range of its products.

Customers running supported versions of Windows, Office, Internet Explorer, Visual Studio, .NET Framework and GDI+ will have to deploy updates out of the 17 security bulletins scheduled for release on April 12th, 2011.

Nine of the security bulletins to be releases next week have been rated Critical, with the rest deemed just Important.

“This month we'll be closing some issues that Microsoft has already previously spoken to, including the SMB Browser (Critical) issue publicly disclosed Feb. 15,” Voss said.

“Microsoft assessed the situation and reported that although the vulnerability could theoretically allow Remote Code Execution, that was extremely unlikely. To this day, we have seen no evidence of attacks.”

“We are also planning a fix for the MHTML vulnerability in Windows, rated Important. We alerted people to this issue with Security Advisory 2501696 (including a Fix-It that fully protected customers once downloaded) back in late January.

“In March, we updated the advisory to let people know we were aware of limited, targeted attacks.”

Customers running the recently released Windows 7 Service Pack 1 (SP1) RTM will have to deploy no less than eight Critical security bulletins, including one designed to resolve issues in Internet Explorer 8.

According to Microsoft, customers that upgraded to Internet Explorer 9 (IE9) RTW, launched globally in mid-March 2011, will not have to deploy any updates for their browser, since only IE8 and earlier versions are impacted by the Critical IE security bulletin.

http://news.softpedia.com/news/8-Critical-Security...

--
Was this reply relevant?
+0
-0
mogs CClip 47
Expert Contributor 9th Apr, 2011 08:58
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
VLC Media Player Affected by Zero-Day Vulnerability

April 8th, 2011, 11:59 GMT| By Lucian Constantin

A critical zero-day vulnerability has been discovered in VLC media player and can potentially be exploited to execute arbitrary code on a user's system.

The flaw is located in libmodplug, a third-party library used to load and render music module files in multiple formats including .669, .amf, .ams, .dbm, .dmf, .dsm, .far, .it, .j2b, .mdl, .med, .mod, .mt2, .mtm, .okt, .psm, .ptm, .s3m, .stm, .ult, .umx, and .xmSound.

The libmodplug package is present by default in many Linux distributions, including Debian, Fedora, Ubuntu, Gentoo, as well as some media players.

"The vulnerability is caused due to a boundary error within the "CSoundFile::ReadS3M()" function in src/load_s3m.cpp, which can be exploited to cause a stack-based buffer overflow by e.g. tricking a user into opening a specially crafted S3M file," vulnerability research vendor Secunia explains.

The flaw was discovered by M. Lucinskij and P. Tumenas of the SEC Consult Vulnerability Lab and was patched in libmodplug 0.8.8.2, released at the beginning of April.

However, the latest VLC binary packages, such as those for Windows and Mac OS X, still contain an outdated version of the library.

Because there is still no patch for VLC and proof-of-concept exploit code is publicly available, Secunia rates the vulnerability for the media player as highly critical.

More at :-
http://news.softpedia.com/news/VLC-Media-Player-Af...

--
Was this reply relevant?
+0
-0
mogs CClip 48
Expert Contributor 9th Apr, 2011 09:02
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
by Iain Thomson

09 Apr 2011

The Russian internal security service has complained that Gmail, Hotmail and Skype make it too difficult to monitor its citizens.
A senior official with Federal Security Service of the Russian Federation (FSB), the renamed KGB, told a Russian government commission on technology that the encryption protocols used by the online services were too hard to break and should be banned as a threat to national security.


Read more: http://www.v3.co.uk/v3-uk/news/2042281/russian-sec...


--
Was this reply relevant?
+0
-0
mogs CClip 49
Expert Contributor 9th Apr, 2011 09:05
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Home Office claims success for e-Borders monitoring system
by Khidr Suleman

The government's controversial e-Borders monitoring system led to the arrest of thousands of criminals who attempted to cross the UK border, the Home Office has revealed.

Some 2,800 arrests were made during 2010 and 2011 after the electronic information of 126 million passengers was monitored by the UK Border Agency, police, the Serious Organised Crime Agency and HM Revenue & Customs.

Out of the thousands arrested, 18 were linked to murder and 27 were arrested on suspicion of rape. Another 29 were apprehended in connection with sex offences and 25 for other violent crimes, the Home Office said in a statement.


Read more: http://www.v3.co.uk/v3-uk/news/2042060/home-office...


--
Was this reply relevant?
+0
-0
mogs CClip 50
Expert Contributor 9th Apr, 2011 09:08
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
New fake antivirus accepts SMS payments
by Elinor Mills
6 comments


New fake AV programs offer a variety of payment methods.
(Credit: CyberDefender)
There's a new twist with some fake antivirus scareware that has cropped up. It accepts payment via SMS, according to antivirus firm CyberDefender.
Typical rogue security programs infect the system first, then display pop ups warning that the computer is infected, and request payment to clean it up. The new programs are seemingly more genteel, asking for the money before the program is installed and infects the system, said Achal Khetarpal, threat research director at CyberDefender. Of course, a payment does nothing to "fix" a system and means criminals now have your money and possibly your credit card information.
When a potential victim happens upon a Web site hosting the malware, a dialog box pops up that looks very much like an installer window for a legitimate antivirus product, according to screenshots from CyberDefender. It says "Welcome ... Read full post & comments


Read more: http://news.cnet.com/security/#ixzz1J0WL8NDi

--
Was this reply relevant?
+0
-0
mogs CClip 51
Expert Contributor 9th Apr, 2011 12:12
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Last edited on 9th Apr, 2011 12:13

April 9th, 2011, 07:23 GMT| By Lucian Constantin
Members of the House Subcommittee on Commerce, Manufacturing and Trade have sent a letter to Dallas-based Alliance Data Systems, questioning the company about the recent data breach at its subsidiary, Epsilon Data Management.

At the beginning of the month Epsilon announced that hackers broke into its email server and stole customer email lists containing the email addresses and names.

The customers of around 50 large companies activating in various fields including financial services, retail, computer manufacturing and others, were affected.

Firms like U.S. Bank, JP Morgan Chase, Capital One, Brookstone, McKinsey Quarterly, New York & Co, the Home Shopping Network, TiVo, City Market, Dillons, Jay C, Food 4 Less, Fred Meyer, Fry’s, King Soopers, Marriott Rewards, QFC, Ralphs, Ritz Carlton, Smith Brands, Walgreens, and Dell are amongst the victims.

The breach has generated fears of targeted phishing and malware attacks against affected users and according to some reports, some malicious campaigns have been spotted already.

More at :-
http://news.softpedia.com/news/House-Lawmakers-Que...

--
Was this reply relevant?
+0
-0
mogs CClip 52
Expert Contributor 9th Apr, 2011 19:18
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
By Lucian Constantin

Russia's President Dmitry Medvedev has condemned the recent distributed denial-of-service (DDoS) attacks against blog publishing platform LiveJournal, calling them outrageous and illegal.

President Medvedev maintains a personal blog on LiveJournal since April 2009, a few months after the entire site's development moved to Russia.

LiveJournal is very popular with Russian bloggers, much more so than WordPress.com or Google's Blogger, services favored in the rest of the world.

Since the second half of last month, LiveJournal has been hit repeatedly by DDoS attacks for reasons not yet entirely clear.

More at :-
http://news.softpedia.com/news/Russian-President-C...

--
Was this reply relevant?
+0
-0
mogs CClip53
Expert Contributor 9th Apr, 2011 19:26
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Top 5 Cloud Computing Security Concerns

April 8, 2011
By Geoff Webb

Cloud computing: If you haven't heard this term by now then you are definitely not in IT. But, since you are even reading this far, I'm going to assume that consuming IT services via the cloud is something you and your business are contemplating. Like everything else these days, security considerations have to be part of the Top 3 checklist items when making the decision to off load part of your IT department to a third party (which is exactly what a "cloud" services provider is) or, even, to move your internal IT service onto a cloud platform.
So with that in mind, I've come up with a five "talking points" to get you started seriously thinking about where and how security fits into the cloud decision-making process:

More at :-
http://www.esecurityplanet.com/features/article.ph...

--
Was this reply relevant?
+0
-0
mogs CClip 54
Expert Contributor 10th Apr, 2011 09:09
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Opera uncloaks Gmail challenger from Down Under

A beta nine years in the making
By Cade Metz in San Francisco • Get more from this author
Posted in Music and Media, 10th April 2011 03:48 GMT
Opera has unveiled a free web-based email service along the lines of Gmail or Hotmail.

Announced with a blog post but little other fanfare, the service is currently in beta, and it's available to anyone with a My Opera account.

"Our goal is to make a fast and friendly mail service that is efficient and easy to use on any device, whether you prefer to access your e-mail from Opera Mini on a mobile phone (dedicated mobile interface), a tablet with touch interface (large, comfortable buttons), or a desktop computer (extensive keyboard shortcuts)," reads the inaugural blog post from the Opera Mail Team.

The team and the new beta service grew out of FastMail.FM, an Australian email provider Opera acquired last year. "Those who have already used FastMail.FM will recognize a few bits and pieces," Opera says. But "major parts" of the service have been rewritten with AJAX. In other words, parts of the service are AJAX but others are not.

More at :-
http://www.theregister.co.uk/2011/04/10/opera_mail...

--
Was this reply relevant?
+0
-0
mogs CClip 55
Expert Contributor 11th Apr, 2011 19:18
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
How is SSL hopelessly broken? Let us count the ways

Blunders expose huge cracks in net's trust foundation
By Dan Goodin in San Francisco • Get more from this author
Posted in Security, 11th April 2011 03:00 GMT
Analysis Every year or so, a crisis or three exposes deep fractures in the system that's supposed to serve as the internet's foundation of trust. In 2008, it was the devastating weakness in SSL, or secure sockets layer, certificates issued by a subsidiary of VeriSign. The following year, it was the minting of a PayPal credential that continued to fool Internet Explorer, Chrome and Safari browsers more than two months after the underlying weakness was exposed.

And in 2010, it was the mystery of a root certificate included in Mac OS X and Mozilla software that went unsolved for four days until RSA Security finally acknowledged it fathered the orphan credential.

This year, it was last month's revelation that unknown hackers broke into the servers of a reseller of Comodo, one of the world's most widely used certificate authorities, and forged documents for Google Mail and other sensitive websites. It took two, seven and eight days for the counterfeits to be blacklisted by Google Chrome, Mozilla Firefox and IE respectively, meaning users of those browsers were vulnerable to unauthorized monitoring of some of their most intimate web conversations during that time.

SSL made its debut in 1994 as a way to cryptographically secure e-commerce and other sensitive internet communications. A private key at the heart of the system allows website operators to prove that they are the rightful owners of the domains visitors are accessing, rather than impostors who have hacked the users' connections. Countless websites also use SSL to encrypt passwords, emails and other data to thwart anyone who may be monitoring the traffic passing between the two parties.

It's hard to overstate the reliance that websites operated by Google, PayPal, Microsoft, Bank of America and millions of other companies place in SSL. And yet, the repeated failures suggest that the system in its current state is hopelessly broken.

More at :-
http://www.theregister.co.uk/2011/04/11/state_of_s...

--
Was this reply relevant?
+0
-0
mogs CClip 56
Expert Contributor 11th Apr, 2011 20:28
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Firefox 5 is set for a June release

Latest browser will exit beta on June 21
By David Neal
Mon Apr 11 2011, 16:13
OPEN SOURCE SOFTWARE OUTFIT Mozilla will release version five of its Firefox browser on June 21, according to a developer road map.
The organisation will have a steady rollout schedule for the updated Firefox browser, which will see it released as a beta on May 17 and enter the final release stage approximately five weeks later. The rapid releases signal something of a change at Mozilla and sees it launch the next version just a couple of weeks after it released the well received Firefox 4. Downloads of Firefox 4 have already topped 75 million, as displayed on Mozilla's download counter website.


Read more: http://www.theinquirer.net/inquirer/news/2042562/f...


--
Was this reply relevant?
+0
-0
mogs CClip 57
Expert Contributor 12th Apr, 2011 08:02
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Adobe warns of attacks exploiting critical Flash flaw

Patch coming, but you'll have to wait
By Dan Goodin in San Francisco • Get more from this author
Posted in Security, 12th April 2011 00:37 GMT
Adobe has promised to update its Flash media player to patch a critical vulnerability that is being exploited in targeted attacks to install malware on end user machines.

The attacks are being launched using emails that attach a Microsoft Word document that contains a booby-trapped Flash file, according to a blog post published on Monday by independent security researcher Mila Parkour. Clicking on the document causes Windows-based machines to install a backdoor known as Zolpiq, separate researchers from antivirus provider Kaspersky said.

More at :-
http://www.theregister.co.uk/2011/04/12/attacks_ex...

--
Was this reply relevant?
+0
-0
mogs CClip 58
Expert Contributor 12th Apr, 2011 18:30
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Ransom Trojan takes PC files hostage using unbreakable encryption

Your money or your files blow up
By Asavin Wattanajantra
Tue Apr 12 2011, 13:16
THE LATEST ransom Trojan malware uses 'unbreakable' forms of public key encryption to take your computer files hostage and extort money as ransom for them.
Ransom Trojans on your computer encrypt your files and ask for payment in different ways, sometimes with an overt threat to destroy the files if money isn't paid. In the past, computers could generally be unencrypted without people having to pay the ransom.
But Mikko Hyponnen, chief security researcher at F-Secure, warned about the latest version of a ransom Trojan called GPcode. It uses public key encryption in the form of AES with an RSA key to lock the files on your computer. And instead of telling you to wire transfer money, it tells you to use prepaid credit cards, transferring the money that way.
He said, "We aren't aware of any mechanism of breaking that. If you have backups it's no problem. The next solution is to pay. And we know of people to have paid to get the key and information back."


Read more: http://www.theinquirer.net/inquirer/news/2042812/r...


--
Was this reply relevant?
+0
-0
mogs CClip 59
Expert Contributor 12th Apr, 2011 18:33
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Dutch government plans to ban filesharing websites

Once lenient government puts its clog down
By Dave Neal
Tue Apr 12 2011, 15:50
THE USUALLY PROGRESSIVE Netherlands government looks close to approving a change in law that it will outlaw filesharing websites.
According to the Torrentfreak website, the Dutch government is looking to crack down on what are viewed as 'pirate' websites, and sees dropping a clog firmly on top of them as the best solution.
The government plans were announced in a statement by State Secretary of Security and Justice Fred Teeven, who explained that media consumption had changed and as such, so should the laws that surround it.


Read more: http://www.theinquirer.net/inquirer/news/2042889/d...


--
Was this reply relevant?
+0
-0
mogs CClip 60
Expert Contributor 12th Apr, 2011 18:37
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Avast alert finds WHOLE WEB malign

Evil is everywhere!
By John Leyden • Get more from this author
Posted in Malware, 12th April 2011 12:23 GMT
Major freebie anti-virus scanner Avast has apologised for a cock-up defining the vast majority of the web as malign.

Rather than a Howard Beale-style insight into the state of the modern interwebs, the finding of any sites with scripts or frames - including Avast's own support forums - as malign was the result of a rogue virus definition update.

The Czech Republic-based firm quickly realised its mistake, and released a revised definition file within a hour of discovering the problem on Tuesday morning.

More at :-
http://www.theregister.co.uk/2011/04/12/avast_upda...

--
Was this reply relevant?
+0
-0
mogs CClip 61
Expert Contributor 12th Apr, 2011 18:40
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
VLC Media Player Affected by New Critical Vulnerability

April 12th, 2011, 06:12 GMT| By Lucian Constantin

The VideoLAN Organization has published patches to address a critical vulnerability in VLC media player that can be exploited to execute arbitrary code.

The flaw is located in the MP4 demultiplexer and is caused by an error in the "MP4_ReadBox_skcr()" function.

The vulnerability can be exploited by tricking users to open a specially crafted MP4 file which would a cause a heap-based buffer overflow and allow code execution.

The bug was reported by Aliz Hammond in VLC media player 1.1.8, but older versions might also be affected.

Vulnerability research vendor Secunia rates the flaw as highly critical because it can be exploited remotely through the VLC ActiveX control or Firefox plug-in.

More at :-
http://news.softpedia.com/news/VLC-Media-Player-Af...

--
Was this reply relevant?
+0
-0
mogs CClip 62
Expert Contributor 12th Apr, 2011 18:48
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Texas Security Gaffe Dwarfs Epsilon Data Breach
3.5 million records, including data more personal than an email address
By Kevin Fogarty, ITworld Apr 11, 2011 11:06 pm

I hate to minimize the data breach at Epsilon, a service company that sends out 40 billion emails a year for its corporate customers and got cracked by a group that stole data that could equal millions of consumer email addresses.

Big customers whose data was taken included Citibank, Disney, Hilton, JP Morgan Chase, Target, Tivo, Barclays Bank.

It's hard to be more high profile than that, even if you're the kind of company the actual customers are never supposed to see.

Texas did it bigger, though. A lot bigger.

The unencrypted personal records of 3.5 million Texans were exposed for more than a year after they were copied onto a server accessible by the public over the web.

The problem was discovered by staffers from the office of State Comptroller Susan Combs, who were doing a routine security scan and found records that not only should not have been on a public server, but should have been encrypted as required by Texas state law.

More at :-
http://www.pcworld.com/article/224899/texas_securi...

--
Was this reply relevant?
+0
-0
mogs CClip 63
Expert Contributor 12th Apr, 2011 23:29
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK

Download Internet Explorer 10 (IE10) Platform Preview 1 (PP1)

April 12th, 2011, 17:03 GMT| By Marius Oiaga

The first development milestone of Internet Explorer 10 is now available for download from Microsoft, although barely four weeks have passed since Internet Explorer 9 was released to web (RTW).

Early adopters can head over to the IE Test Drive website and download IE10 Platform Preview 1 (PP1) immediately.

Just as it was the case with IE9 PP releases, IE10’s Platform Previews are offered mainly to web developers, and designed to let them assess the evolution of Internet Explorer, while focusing on under-the-hood components, features, etc.

“We’re about three weeks into development of IE10, and based on the progress we’ve made, we want to start engaging the development community now,” revealed Dean Hachamovitch, corporate vice president of Internet Explorer.

Devs are bound to be quite interested in the new enhancements IE10 PP1 introduces in terms of modern web standards support, including HTML5 and CSS3.

“At the MIX conference today, we showed the new browsing engine along with several new browser test drives that anyone on the Web can try out,” Hachamovitch added.

More at :-
http://news.softpedia.com/news/Download-Internet-E...

--
Was this reply relevant?
+0
-0
mogs CClip 64
Expert Contributor 13th Apr, 2011 07:32
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK

Microsoft breaks record with massive security patch for April
by Iain Thomson
13 Apr 2011

Microsoft has broken its own record for flaw fixes with a huge security patch update, covering Microsoft Windows, Office, Internet Explorer, Visual Studio, .NET Framework and GDI+.
In all nine of the patches are rated as critical by the copany and eight as important. Microsoft's advice is that three patches - MS11-020 (SMB Server), MS11-019 (SMB Client) and MS11-018 (Internet Explorer) - are of the highest priority for IT managers. All three allow for remote code execution, and attacks using one of the flaws have been seen in the wild.
"With these MS11-018 already has a zero-day exploit out there being used to compromise consumers machines - it was disclosed at the Pwn2Own contest at CanSecWest," Amol Sarwate, vulnerabilities lab manager for Qualys told V3.co.uk.
"Meanwhile MS11-020 is dangerous because it's an old school attack and doesn't require any user interaction, and uses in SMB service that runs on all computers."
Microsoft's senior response communications manager for Trustworthy Computing Pete Voss said that the unusual size of today's patch release (breaking December 2010's record) was largely down to a single patch, MS11-034, which fixes 30 flaws which share a common root.
Voss also praised the response of non-Microsoft researchers in contributing flaws to the release. In all 21 outside researchers contributed data to the patch released by the Microsoft Security Response Center (MSRC) today.
"This was a great month for industry collaboration," Voss wrote on the MRSC blog.


Read more: http://www.v3.co.uk/v3-uk/news/2042951/microsoft-b...


--
Was this reply relevant?
+0
-0
mogs CClip 65
Expert Contributor 13th Apr, 2011 07:46
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK

Chrome Dev Channel Update
Tuesday, April 12, 2011 | 17:07
Labels: Dev updates
The Chrome Dev channel has been updated to 12.0.733.0 for all platforms. This release contains updates focused on stability and UI tweaks. The full list of changes is available from the SVN revision log. If you find new issues, please let us know by filing a bug. Want to change to another Chrome release channel? Find out how.


Jason Kersey
Google Chrome
5 comments | Links to this post | Email Post

Beta Channel Update
| 12:50
Labels: Beta updates
The Beta channel has been updated to 11.0.696.43 for Macintosh, Windows, Linux and Chrome Frame platforms

The following bugs were fixed
Passwords sync: passwords sync commits after EVERY browser restart (Issue 78548).
Autofill fails to fill forms (Issue 78509).
a few known crashes (Issue 78688, Issue 68350, Issue 77665, Issue 74585, Issue 76092, Issue 77219 and Issue 77447).
Redirect to my site without CFInstall.js (Issue 60018).
Update Silverlight v3 version metadata (Issue 78005).
Blocked plug-in dialog: make sure "Run this time" button is the first one (Issue 78120).
Policy: Proxy configuration over policy does not work. (Issue 78016).
Editing style adds the word "initial" for any property value that uses a paren (Issue 75302).
Google Chrome Helper doesn't quit, killing it relaunches a new helper process (Issue 74983).
You can find full details about the changes that are in this version of Chrome 11 in the SVN revision log.

If you find new issues, please let us know by filing a bug.

Want to change to another Chrome release channel? Find out how.

Karen Grunberg
Google Chrome
http://googlechromereleases.blogspot.com/

--
Was this reply relevant?
+0
-0
mogs CClip 66
Expert Contributor 13th Apr, 2011 08:04
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK

Web Security Company's Website Hacked
April 12th, 2011, 14:21 GMT| By Lucian Constantin

A group of hackers has managed to break into the website of Web security firm Barracuda Networks and extract confidential information from its database.

California-based Barracuda Networks specializes in email, Web and messaging security solutions. It sells firewall, filtering, archiving, backup, load balancing and other appliances and services.

The attack against its website was performed by a group of Malaysian grey hat hackers called HMSec, who also published the extracted data online.

The attack method used was SQL injection, which exploits a common, but dangerous type of Web vulnerability giving attackers access to the underlying database.

The hackers published the database schema, as well as the email addresses and hashed passwords of the company's employees and partners.

The password hashes appear to have been generated with MD5, a crackable algorithm, however, a method known as "salting" was used to secure them.

The company acknowledged the compromise and said the attack was performed during a short period of firewall inactivity.

More at :-
http://news.softpedia.com/news/Web-Application-Sec...

--
Was this reply relevant?
+0
-0
mogs CClip 67
Expert Contributor 13th Apr, 2011 11:05
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Adobe Flash zero-day shows a Chinese connection
The latest Flash zero-day security hole -- the one hitched to a Word document -- literally has 'China' written all over it

By Woody Leonhard | InfoWorld

Permit me to start with a truism: In the world of computer forensics, you never really know anything for sure. With that as a given, the case of the new Flash zero-day exploit keeps getting curiouser and curiouser, and "China" keeps popping up.

Yesterday Adobe confirmed the critical Flash zero-day bug. This previously unknown security hole was discovered as an embedded Flash .swf file object inside a Word document sent via email. In her Contagio Malware Dump blog, researcher Mila Parkour gives extensive details about the .swf file and the infected .doc file that's making the rounds.

More at :-
http://www.infoworld.com/t/data-security/adobe-fla...

--
Was this reply relevant?
+0
-0
mogs CClip 68
Expert Contributor 13th Apr, 2011 13:37
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
VLC player updated to fix major security loophole

MP4 heap corruption now addressed
By Dean Wilson
Wed Apr 13 2011, 11:40
VIDEO SOFTWARE FIRM Videolan has released an update to its VLC player that addresses a major security loophole and a number of other issues.
The company become aware of a heap corruption problem in the media player last week, which could be caused by insufficient buffer size while parsing some MP4 files.
This could potentially be exploited by a third party to execute arbitrary code, which could crash VLC and potentially open the door to installation of malware on a victim's computer.
The bug affects versions 1.0.0 to 1.1.8 of the VLC media player, but the recently released VLC 1.1.9 fixes this loophole. This update follows only two weeks after the previous update to 1.1.8.
A number of other fixes are included in the update, many of which address interface and other issues for Mac OS X. Growl is also now bundled with VLC on Macs.
Additionally, the libmodplug plug-in has been updated to improve security on both Windows and Mac OS. µ


Read more: http://www.theinquirer.net/inquirer/news/2043164/v...


--
Was this reply relevant?
+0
-0
mogs CClip 69
Expert Contributor 13th Apr, 2011 13:43
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Microsoft fixes Pwn2own Internet Explorer hole

Along with 63 other software vulnerablities
By Asavin Wattanajantra
Wed Apr 13 2011, 11:14
THIS MONTH'S Microsoft Patch Tuesday fixed a vulnerability in Internet Explorer used by hackers to win last month's Pwn2own hacking contest, along with 63 other flaws in Microsoft software.
A patch for the MS11-018 vulnerability was vital, as there were reports of attacks in the wild targeting the flaw in Internet Explorer 6, 7 and 8, which could allow criminals to take over machines. This time Microsoft was fortunate that IE 9 was unaffected, as the flaw had been found during the browser's development.
Microsoft fixed the primary use-after-free vulnerability used to gain code execution, but there remain two other flaws discovered at Pwn2own. However these don't pose a direct threat to users as they are only useful if the original flaw is present.


Read more: http://www.theinquirer.net/inquirer/news/2043134/m...


--
Was this reply relevant?
+0
-0
mogs CClip 70
Expert Contributor 13th Apr, 2011 14:16
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
UK still to ratify Euro Cybercrime pact ten years on

A decade of European cybercrime sort-of cooperation
By John Oates • Get more from this author
Posted in Crime, 13th April 2011 11:27 GMT
The European Commissioner for Home Affairs Cecilia Malmström is celebrating the ten year birthday of the Budapest Convention against cybercrime.

Speaking in Hungary, she said much had been achieved, but cyber attacks were still increasing. She noted recent attacks against carbon trading systems, and a wider attack on EC email systems which left her without email on a trip to Cairo.

Malmström said she expects the Computer Emergency Response Team to be ready by the end of May. She said Europol was playing an increasing role in supporting member states.

More at :-
http://www.theregister.co.uk/2011/04/13/security_c...

--
Was this reply relevant?
+0
-0
mogs CClip 71
Expert Contributor 13th Apr, 2011 15:30
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Last edited on 13th Apr, 2011 15:37
Zynga will shutter the Flock web browser

Pulls the plug
By Dean Wilson
Wed Apr 13 2011, 12:31
THE CHROMIUM BASED web browser Flock will be discontinued later this month.
The browser was bought by social gaming firm Zynga in January and, according to the Flock team, its staff are now working with Zynga's team on "the most, fun, social games", such as the Facebook success FarmVille.
The web browser will remain available for those currently using it, but a number of key features, such as social networking integration, will be deactivated on 26 April. Since the browser will no longer be maintained or updated it will become a security risk for those who choose to continue using it.


Read more: http://www.theinquirer.net/inquirer/news/2043212/z...


--
Was this reply relevant?
+0
-0
mogs CClip 72
Expert Contributor 13th Apr, 2011 15:44
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Malaysia's Top News Website Hit by DDoS Attack
April 13th, 2011, 06:55 GMT| By Lucian Constantin

Malaysia's top news website, Malaysiakini.com, was the victim of a distributed denial-of-service (DDoS) attack yesterday which rendered it unreachable.

It's unclear who instrumented the attack or what was their intention, but it coincided with the start of elections in Sarawak, the largest Malaysian state located on the island of Borneo.

Malaysiakini provides news in English, Malay, Chinese and Tamil and has over 1.6 million monthly unique visitors. Since mid-2008, the website is the most popular online news source in the Asian country.

More at :-
http://news.softpedia.com/news/Malaysia-s-Top-News...

--
Was this reply relevant?
+0
-0
mogs CClip 73
Expert Contributor 13th Apr, 2011 18:01
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
TrustDefender debuts web-page fingerprinting in bank fraud fight

First dabs
By John Leyden • Get more from this author
Posted in Crime, 13th April 2011 12:33 GMT
Australian security firm TrustDefender is expanding into fraud detection with the release of software designed to spot banking Trojans that manipulate web sessions.

Variants of the ZeuS Trojan and other strains of malware use tricks such as installing phoney dialogue boxes when users log into online banking sites from malware-infected machines.

These so-called man-in-the browser attacks are designed to fool marks into handing over confidential data to fraudsters, such as bank card PINs or one-time login codes. Traditional antivirus software often struggles to quickly identify and block such tactics, which fraudsters employ as a means to get around two-factor authentication for bank logins.

TrustDefender Zero detects these attacks by comparing the content served from a server to the content as seen by a client to detect whether other components of a web page have been added along the way, a probable sign of malfeasance. Andreas Baumhof, CTO and co-founder of TrustDefender, told El Reg that the benefit of the approach is that it is device independent and works without the need to run blacklists or updating.

More at :-
http://www.theregister.co.uk/2011/04/13/trustdefen...

--
Was this reply relevant?
+0
-0
mogs CClip 74
Expert Contributor 14th Apr, 2011 09:04
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
New Zealand Government Aggressively Pushes Three-Strikes Anti-Piracy Law

By Lucian Constantin

A controversial anti-piracy bill according to which repeat copyright infringers will be disconnected from the Internet is being rushed by the New Zealand government.

Dubbed the Copyright (Infringing File Sharing) Amendment Bill, the proposed legislation is scheduled to undergo its second reading in Parliament today.

This came as a surprise to some MPs because today's urgent session was intended for discussing measures to help Christchurch recover after the devastating earthquake.

The anti-piracy bill will allow copyright owners who believe their rights have been infringed to request that ISPs send warning letters the the alleged offenders.

In cases of repeat infringement, the matter will be analyzed by the New Zealand Copyright Tribunal which can hand down fines of up to NZ$15,000.

If despite fines, the behavior does not stop, the offender can be disconnected from the Internet for a period of six months, a provision commonly referred to as the three-strikes rule.

More at :-
http://news.softpedia.com/news/New-Zealand-Aggresi...

--
Was this reply relevant?
+0
-0
mogs CClip 75
Expert Contributor 14th Apr, 2011 09:07
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Ransomware Spoofs Windows Activation Screen

By Lucian Constantin

Security researchers warn of a new piece of ransomware that spoofs the Windows license activation screen to trick users to call premium rate numbers.

Unlike scareware programs, which try to scare users into paying money for fixing fictitious computer problems, ransomware applications take a more aggressive approach and block access to critical features until payment is made.

A new piece of ransomware spotted by security experts from F-Secure is no different in that respect as it prevents victims from reaching their Desktop.

It displays a screen that looks like the Windows XP Activation one and claims that the Windows license needs activating.



"This copy of Windows is locked. You may be a victim of a fraud or there may be an internal system error. To continue using Windows you should complete activation," a message displayed on the rogue screen reads.

Users are told the process is absolutely free and they don't need to provide any personal information, claims that are obviously false.

More at :-
http://news.softpedia.com/news/Ransomware-Spoofs-W...

--
Was this reply relevant?
+0
-0
mogs CClip 76
Expert Contributor 14th Apr, 2011 09:38
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Nordic and Asian nations connected for growth, says WEF

The WEF says becoming totally wired through ICT structures can help nations' economies.
Sweden and Singapore are the most competitive countries in the digital economy, according to a study by the World Economic Forum (WEF).

Nordic and Asian economies are best at using information and communications technologies (ICT) to boost their growth, the WEF said.

Finland is in third place, Switzerland fourth and the United States fifth.

More at :-
http://www.bbc.co.uk/news/business-13053999

--
Was this reply relevant?
+0
-0
mogs CClip 77
Expert Contributor 14th Apr, 2011 09:45
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
"Request rejected" spam campaign leads to fake AV
Posted on 13.04.2011A spam email campaign carrying a malicious attachment designed to download and run a fake AV solution on the recipient's computer is currently hitting inboxes around the world.

The subject of the email is "Request rejected" and contains the following text:
Dear Sirs,
Thank you for your letter!
Unfortunately we can not confirm your request!
More information attached in document below.
Thank you
Best regards.
The message does not contain any hint on what the rejected request might be, and since the purported sender and its email address don't offer much information either, it's easy to see how a lot of people might be tricked into downloading the attached EX-38463.pdf.zip file to check out what this is all about.

According to CA researchers, the zipped attachment contains a file by the name of EX-38463.pdf.exe, which is a downloader Trojan that connects the computer to hdjfskh.net, from where it downloads and executes a fake AV variant.


http://www.net-security.org/malware_news.php?id=16...

--
Was this reply relevant?
+0
-0
mogs CClip 78
Expert Contributor 14th Apr, 2011 09:50
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
WordPress.com hack could put premium users at risk
WordPress.com maker Automattic reveals that hackers may have made off with sensitive bits of source code

By Ted Samson | InfoWorld

Malicious hackers have successfully breached WordPress.com servers and potentially made off with sensitive bits of the publishing platform's underlying code. The breach could impact premium customers using WordPress for their websites, such as Flickr, NASA, Yahoo, and the New York Times.

More at :-
http://www.infoworld.com/t/hacking/wordpresscom-ha...

--
Was this reply relevant?
+0
-0
mogs CClip 79
Expert Contributor 14th Apr, 2011 09:54
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
by Iain Thomson
More from this author
14 Apr 2011

The FBI and US Department of Justice (DoJ) have just completed their biggest computer crime action, with the seizure of servers and domain names behind the Coreflood botnet.
So far five command and control servers have been identified and removed by law enforcement, as well as 29 domain names used by the command and control system behind the botnet. The servers have been replaced by systems which shut down the malware when infected PCs update themselves, and security firms will be updated on the latest Coreflood signature files.


Read more: http://www.v3.co.uk/v3-uk/news/2043377/fbi-doj-rai...


--
Was this reply relevant?
+0
-0
mogs CClip 80
Expert Contributor 14th Apr, 2011 18:44
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK

Patch Schedule Announced for Flash Player and Adobe Reader
April 14th, 2011, 06:51 GMT| By Lucian Constantin

Adobe plans to release a security patch for Flash Player tomorrow and one for Adobe Reader and Acrobat two weeks from now in order to address a critical vulnerability actively exploited in the wild.

The security issue was discovered earlier this month in targeted email attacks that distributed Word documents rigged with a SWF exploit.

According to an analysis by independent security researcher Mila Parkour, there were several different rogue emails and judging by their content and name of distributed files they targeted corporate users, probably in a cyber espionage attempt.

Identified as CVE-2011-0611, the flaw affects Flash Player 10.2.153.1 and earlier for Windows, Mac, Linux and Solaris, as well as Flash Player 10.2.156.12 and earlier for Android.

Adobe Reader and Acrobat are also affected because of the authplay.dll component which is responsible for Flash playback support inside PDF documents.

"We are in the process of finalizing a fix for the issue and expect to make available an update for Flash Player 10.2.x for Windows, Macintosh, Linux and Solaris on Friday, April 15, 2011," Adobe's Product Security Incident Response Team (PSIRT) wrote on its blog.

Furthermore, it announced that affected Adobe Reader and Acrobat versions, with the exception of Adobe Reader X (10.0.1) for Windows, will be updated on April 25.

Adobe Reader X for Windows is also vulnerable, but its new sandboxing technology protects it from exploits that might try to exploit the flaw in order to execute arbitrary code.

Therefore Adobe Reader and Acrobat X for Windows will follow the regular quarterly security update cycle and will receive a patch on June 14.

Users who want to protect themselves from the Word-based or PDF-based attacks can uninstall the ActiveX version of Flash Player and delete the authplay.dll component from the Adobe Reader folder.


http://news.softpedia.com/news/Patch-Schedule-Anno...

--
Was this reply relevant?
+0
-0
mogs CClip 81
Expert Contributor 14th Apr, 2011 18:52
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Google will stop users from sending Gmail to the wrong people

Hopes to reduce confusion
By Dave Neal
Thu Apr 14 2011, 14:10
WEBMAIL HOST Google has added fresh features to its Gmail client meant to stop users from sending messages to the wrong people.
The features have been released from Google Labs and are called "Don't forget Bob" and "Got the wrong Bob?". Google said that they should prevent users from making some common email mistakes, which are, of course, either forgetting to email someone or emailing the wrong person in the first place.
"We've received quite a bit of positive feedback from people who avoided some embarrassing situations thanks to these features. And today, we're excited to graduate them from Gmail Labs and start turning them on for everyone," wrote the Internet giant in a blog post.
"Once that happens, as you type in your recipients, Gmail will automatically make suggestions based on the groups of people you email most often. When you see a suggestion to add a person you've forgotten, all you have to do is click on their name to add them."


Read more: http://www.theinquirer.net/inquirer/news/2043608/g...


--
Was this reply relevant?
+0
-0
mogs CClip 82
Expert Contributor 14th Apr, 2011 18:58
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Safari is the latest of the top four most popular browsers to receive a do-not-track privacy tool.

So far, the feature is still being tested by developers, but if everything goes according to plan, it will be included in the next version of Mac OS X (Lion) due to be released in the summer.

Of the top four most used browsers - Microsoft's Internet Explorer, Mozilla's Firefox, Google's Chrome and Apple's Safari - Google is the only company that has yet to decide to add a do-not-track tool in its browser.

According to the Wall Street Journal Google says it will still be closely involved in the discussion about whether do-not-track tools should be offered with browsers, which is actually understandable since Google has a major stake in the market of online advertising.

Google's spokesman also pointed out that the company offers an add-on for Chrome called "Keep My Opt-Outs", which lets users request that their data not be used for targeted advertising.

More at :-
http://www.net-security.org/secworld.php?id=10901

--
Was this reply relevant?
+0
-0
mogs CClip 83
Expert Contributor 14th Apr, 2011 22:20
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Stable Channel Update
Thursday, April 14, 2011 | 12:29
Labels: Stable updates


The Chrome Stable and Beta channels have been updated to 10.0.648.205 for Windows, Mac, Linux and Chrome Frame. This release contains a new version of Adobe Flash which includes a fix for a security vulnerability, as well as the security fixes listed below.

Security fixes and rewards:
Please see the Chromium security page for more detail. Note that the referenced bugs may be kept private until a majority of our users are up to date with the fix.

[$500] [Windows only] [70070] Critical CVE-2011-1300: Off-by-three in GPU process. Credit to yuri.ko616.
[75629] Critical CVE-2011-1301: Use-after-free in the GPU process. Credit to Google Chrome Security Team (Inferno).
[$1000] [78524] Critical CVE-2011-1302: Heap overflow in the GPU process. Credit to Christoph Diehl.

The full list of changes is available from the SVN revision log. If you find new issues, please let us know by filing a bug. Want to change to another Chrome release channel? Find out how.

http://googlechromereleases.blogspot.com/
Jason Kersey
Google Chrome

--
Was this reply relevant?
+0
-0
mogs CClip 84
Expert Contributor 15th Apr, 2011 08:28
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Beta Channel Update
Thursday, April 14, 2011 | 14:04
Note: Chrome Beta Channel has been updated to 11.0.696.48 for Linux with the same changes as below.

The Chrome Beta channel has been updated to 11.0.696.44 for Windows, Mac and Chrome Frame.

This release contains a new version of Adobe Flash which includes a fix for security vulnerability.

If you find new issues, please let us know by filing a bug.

Want to change to another Chrome release channel? Find out how.

Karen Grunberg
Google Chrome
4 comments | Links to this post | Email Post

--
Was this reply relevant?
+0
-0
mogs CClip 85
Expert Contributor 15th Apr, 2011 09:13
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Yuri Gagarin Google Images Search Results Poisoned
April 14th, 2011, 13:31 GMT| By Lucian Constantin

Security researchers warn that searching for pictures of Russian space pioneer Yuri Gagarin on Google Images can lead to scareware pages.

Apparently cyber criminals have been engaging in a so-called black hat SEO campaign since April 12, when the world celebrated Yuri's Night to commemorate space exploration.

The celebration is named after Russian cosmonaut Yuri Gagarin, who on April 12, 1961, became the first human being to journey into outer space aboard the Vostok 1 spacecraft.

Interest into the event's commemoration was enhanced by Google replacing its logo with a doodle designed especially for the occasion.

More at :-
http://news.softpedia.com/news/Google-Images-Searc...

--
Was this reply relevant?
+0
-0
mogs CClip 86
Expert Contributor 15th Apr, 2011 09:17
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Firefox 5 - June 21, Firefox 6 - August 8, Firefox 7 - September 27 - Release Channel Dates

April 14th, 2011, 20:59 GMT| By Marius Oiaga

As Mozilla launched the first Firefox 5 Aurora testing Build, the company also made public the release deadlines of Firefox 4.0’s successor as well as of future iterations of the open source browser.

Firefox 5 is now available for download through the Aurora Channel, and is the first version of Firefox to make its debut through this new Channel introduced as Mozilla moved to accelerate dramatically the release pace of new iterations.

According to the open source browser vendor, Firefox 5, Firefox 6 and Firefox 7 will all be wrapped up and offered to end users in 2011.

More at :-
http://news.softpedia.com/news/Firefox-5-June-21-F...

--
Was this reply relevant?
+0
-0
mogs CClip 87
Expert Contributor 15th Apr, 2011 10:14
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Apple delivers security updates for iOS and Safari
by Shaun Nichols

Apple has released a series of security updates for its iOS mobile operating system, as well as its Safari browser and Macintosh operating system.
Among the security fixes delivered in the update are patches to address a vulnerability in the SSL system caused by the security breach at Comodo. A hacker used stolen data from the company to craft a series of fraudulent SSL certificates.
Apple said that the update would change its trust policy to recognise and block the fraudulent SSL certificates. The update will be rolled out to iPhone, iPad and iPod Touch users running iOS 4.2 and 4.3, as well as OS X and both the Mac and Windows versions of Safari.
Additionally, Apple is issuing fixes for a pair of flaws in the WebKit browser platform. Safari and iOS users will both receive updates to fix a pair of flaws in WebKit, which could be exploited by an attacker to perform a remote code execution attack.


Read more: http://www.v3.co.uk/v3-uk/news/2043734/apple-deliv...


--
Was this reply relevant?
+0
-0
mogs CClip 88
Expert Contributor 15th Apr, 2011 10:19
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK

Spotify cuts back on free music

Online music service Spotify is halving the amount of free music that users can listen to.

Users of its free service will be limited to 10 hours per month, half the time currently offered and will only be able to listen to tracks five times, from May.

New users will get six months of free content before the changes kick in.

The news has angered fans who accuse the firm of seeking to change its model from free to paid.
More at :-
http://www.bbc.co.uk/news/technology-13078302

--
Was this reply relevant?
+0
-0
mogs CClip 89
Expert Contributor 15th Apr, 2011 11:36
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Side Channel Attack Beats Skype Encryption
April 14, 2011
By Paul Rubens


What is a side channel attack you ask? Good quesiton. A side channel attack uses observations of characteristics such as the power consumption of the system carrying out encryption computations, or the length of time that these computations take, as sources of information that can be used to defeat an encryption system. It turns out that the security of encrypted Skype conversations is vulnerable to a particularly slap-your-head obvious side channel attack that exploits the fact that the service uses variable bit rate compression.

More at :-
http://www.esecurityplanet.com/news/article.php/39...

--
Was this reply relevant?
+0
-0
mogs CClip 90
Expert Contributor 15th Apr, 2011 14:11
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
EU and US agree to run joint cyberwar exercise in 2011

Global thermo-botnet warfare
By John Leyden • Get more from this author

Posted in Enterprise Security, 15th April 2011 10:39 GMT
The EU and the US have agreed to work more closely on the fight against cyber-crime and in the promotion of cyber-security.

A meeting between EU home affairs commissioner Cecilia Malmström, responsible for the fight against cybercrime, and US Homeland Security secretary Janet Napolitano agreed to run a joint EU-US cyber-incident exercise by the end of 2011.

More at :-
http://www.theregister.co.uk/2011/04/15/global_cyb...

--
Was this reply relevant?
+0
-0
mogs CClip 91
Expert Contributor 15th Apr, 2011 14:22
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Oracle to fix 73 security bugs next week
But Java SE and Java for Business are not set to be updated

By Robert McMillan | IDG News Service


Oracle plans to release a large number of security patches for its various software products next week, including six bug-fixes for its flagship database software.

All told, there will be 73 security vulnerabilities fixed across Oracle's various product lines. Oracle releases patches for all of its software - except the Java virtual machine -- quarterly, in a set of patches it calls the Critical Patch Update (CPU).

[ Learn how to greatly reduce the threat of malicious attacks with InfoWorld's Insider Threat Deep Dive PDF special report. ]

Next week's CPU is due on Tuesday. There are nine fixes set for Oracle Fusion middleware, 14 for the PeopleSoft Suite and eight for the JD Edwards Suite.

Two of the database flaws are considered critical, meaning they "may be exploited over a network without the need for a username and password," Oracle said in a statement posted to its website Thursday.

The updates are set to come one week after Microsoft issued one of the largest collections of security patches it has ever issued. They also come on the tail of Apple Mac OS X, Safari, and iOS updates, released Thursday.

Oracle will patch many of its Sun products, including Solaris and some of the Java server software. However, the widely used Java SE and Java for Business client software are not scheduled to be updated in next week's release.

More at :-
http://www.infoworld.com/d/security/oracle-fix-73-...

--
Was this reply relevant?
+0
-0
mogs CClip 92
Expert Contributor 15th Apr, 2011 16:27
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Internet Explorer 10 will not support Windows Vista
By David Meyer (@superglaze), 15 April, 2011 10:16

Microsoft has confirmed that the next version of its Internet Explorer browser will not run on any version of the company's operating system below Windows 7.

When the company showed off the first IE10 platform preview on Tuesday, it said the early version of the browser would only run on Windows 7. However, on Thursday the company confirmed that it would never allow Windows Vista support in IE10, much as it did not allow Windows XP support in IE9.

"Windows Vista customers have a great browsing experience with IE9, but in building IE10 we are focused on continuing to drive the kind of innovation that only happens when you take advantage of the ongoing improvements in modern operating systems and modern hardware," the company said in a statement.

Internet Explorer 10 will ship with Windows 8 in 2012, with improvements including new HTML 5 features and enhanced JavaScript support.


http://www.zdnet.co.uk/blogs/communication-breakdo...

--
Was this reply relevant?
+0
-0
mogs CClip 93
Expert Contributor 15th Apr, 2011 16:59
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Last edited on 15th Apr, 2011 17:01
Mozilla plans changes to web certification policy
By Darren Pauli, ZDNet Australia, 15 April, 2011 10:40

Mozilla is reviewing a final draft of its baseline policies to address problems in the way that web certificates are issued.

Mozilla wants Certificate Authorities (CAs) that issue web certificates to adopt a standard that has been dubbed Baseline Requirements for the Issuance and Management of Publicly-Trusted Certificates (PDF), published by the Certificate and Browser Forum and still in a final draft.

Mozilla consultant Kathleen Wilson said on a development forum that from 30 June, Mozilla software will refuse certificates signed with the troubled MD5 hash algorithm for intermediate and end-entity CAs, and "will take this action earlier and at its sole discretion if necessary to keep our users safe".

More at :-
http://www.zdnet.co.uk/news/security-management/20...

--
Was this reply relevant?
+0
-0
mogs CClip 94
Expert Contributor 16th Apr, 2011 11:06
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
New IM Worm Blocks Access to AV Sites
By Lucian Constantin

Security researchers warn that a malicious component distributed by an IM worm cripples antivirus systems and blocks access to many security-related websites.

The attack begins with malicious links spammed on Windows Live Messenger leading users to rogue pages distributing the trojan dropper.

According to BitDefender's Bogdan Botezatu "the payload is presented as multiple sections of Base-16 Unicode data.

"Conversion to ANSI reveals a set of buffers split by a separator. Ignoring the separators and dumping the data reveals an encrypted file packed with UPX."

The trojan attempts to cripple antivirus programs, but not in the traditional way by using a rootkit. Instead, it closes some of the processes which makes user's interaction with the security programs impossible.

Read more at :-
http://news.softpedia.com/news/New-IM-Worm-Blocks-...

--
Was this reply relevant?
+0
-0
mogs CClip 95
Expert Contributor 16th Apr, 2011 11:11
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Ellison's Oracle washes hands of OpenOffice

Community return promised, Oracle cloud suite MIA
By Gavin Clarke in San Francisco • Get more from this author
Posted in Applications, 15th April 2011 19:36 GMT
Oracle is turning OpenOffice into a purely community project, and no longer plans to offer a commercial version of the collaboration suite loved by many.

The database giant said on Friday that it believed OpenOffice would be best managed by an organization focused on serving the broad constituency on a non-commercial basis.

More at :-
http://www.theregister.co.uk/2011/04/15/oracle_let...

--
Was this reply relevant?
+0
-0
mogs CClip 96
Expert Contributor 16th Apr, 2011 22:40
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK

Microsoft Patch Disables TDL4 Rootkit on 64-Bit Windows
April 16th, 2011, 07:25 GMT| By Lucian Constantin
Modifications made as part of a Windows update released by Microsoft this week effectively kill the notorious TDL4 rootkit on 64-bit Windows Vista and 7.

Since 64-bit Windows only accepts digitally-signed drivers, there are very few rootkits that manage to infect such systems.

One of them is TDL4, the latest version from the TDSS family of rootkits. It installs itself in the master boot record, making it possible to modify the operating system since the first moment it starts.

On 64-bit systems, it leverages a BCD (Boot Configuration Data) option called BcdOSLoaderBoolean_WinPEMode to disable the code integrity checks in the OS.

On Tuesday, Microsoft released KB2506014, an update which according to the corresponding advisory "addresses a method by which unsigned drivers could be loaded by winload.exe."

Security researchers from ESET note that this update removes the BcdOSLoaderBoolean_WinPEMode option abused by the TDL4 rootkit. In addition, the update intentionally modifies the size of a file called kdcom.dll by adding a KdReserved0 exported symbol.

Under normal circumstances TDL4 checks the size of this file's export directory and replace it with its own malicious version. According to the ESET researchers the change made to kdcom.dll serves no other purpose than to prevent the rootkit from replacing it.

More at :-
http://news.softpedia.com/news/Microsoft-Patch-Dis...

--
Was this reply relevant?
+0
-0
mogs CClip 97
Expert Contributor 16th Apr, 2011 22:43
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Futuremark Sets Launch Date for PCMark 7

By Ionut Ilascu

Futuremark confirmed yesterday the already announced PCMark 7 will soon be available to the general public. The release date has been pinned to May 3, 2011 and the application is set to be launched in three editions: Basic (free), Advanced and Professional.

PCMark 7 is designed to continue on the same line as its more than five years old predecessor, PCMark05, and sport a suite of system benchmarking tests. In the case of the soon to be released version the tests combine more than 25 individual workloads that assess storage, computation, image and video manipulation, gaming and web browsing.

As expected, the Basic edition, being free of charge, is the most limited as far as benchmarking is concerned, as it will encompass only the PCMark test.

More at :-
http://news.softpedia.com/news/Futuremark-Sets-Lau...

--
Was this reply relevant?
+0
-0
mogs CClip 98
Expert Contributor 16th Apr, 2011 22:48
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Apple finally updates Safari to deal with fake Comodo SSL certificates
by Phil Muncaster

16 Apr 2011

Apple has finally updated its Safari browser to deal with the SSL Certificates that were erroneously signed by certificate authority (CA) Comodo after a hacker managed to break into its IT systems and request them.
Over three weeks ago, a hacker, believed to be of Iranian descent or affiliated in some way with the Iranian government, broke into one of Comodo's Italian registration authorities (RAs) and requested nine fake certificates for sites such as Google and Yahoo.
Scandal ensued as commentators lined up to point out Comodo and its RA's security failings and to question the entire underlying SSL Certificate system on which users' trust in the web relies.
Microsoft, Google and Mozilla were all quick to update their respective browsers to deal with the fake certs that were issued, so that anyone trying to visit a site associated with the stolen certificates will be blocked.
Now Apple has followed suit, although Cupertino gave no hint in the OS X Security Update 2011-12 of why it has taken this long to take action.
Apple has also issued Safari 5.0.5, which applies to Windows and OS X versions of the browser.


Read more: http://www.v3.co.uk/v3-uk/news/2044100/apple-final...


--
Was this reply relevant?
+0
-0
mogs CClip 99
Expert Contributor 17th Apr, 2011 06:10
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Q I bought a Microsoft Wireless Mobile Mouse 4000 that came with a CD-Rom containing drivers but my laptop doesn’t have a CD or DVD drive, so I can’t install them.
The shop that sold me the mouse said that if I plugged in the mouse’s transmitter then Windows 7 would recognise it and it would work right away. This was true, but only up to a point.
The mouse’s side button doesn’t work and, while the scroll wheel moves left and right, it seems to have no effect in my applications. Is there anything I can do to activate these features?
Terry Batchelor
A Yes, just download and install the drivers from the Microsoft website. The tool you need is called Intellipoint.
The simplest way to find the latest version for your PC is to visit the Microsoft drivers download page, click the ‘Software for Microsoft keyboard, mouse, and fingerprint reader products’ link and then follow the prompts.


Read more: http://www.computeractive.co.uk/ca/pc-help/2028663...


--
Was this reply relevant?
+0
-0
mogs CClip 100
Expert Contributor 17th Apr, 2011 06:26
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
ZeuS Bot Herder Taunts Security Researchers Through Fake Digital Certificate
By Lucian Constantin

A recently identified ZeuS trojan sample is digitally signed with a fake certificate whose purpose is to make the piece of malware harder to detect.

According to security experts from Avira who discovered the sample, the digital certificate is signed by an entity called "DetectMe :)" and dates since the end of February.

"We see hints like these regularly – malware authors proposing names for their malicious creations or suggesting a place where a signature based detection would be suitable. Of course, such hints are ignored by us for detection [...]," the Avira researchers note.

Although the ability to digitally sign code has been around since Windows NT, the practice has only seen more adoption starting with Vista where the difference between signed and unsigned executables is clearly noticeable in UAC (User Access Control) alerts.

Digitally signed malware, as in malicious programs that actually use a valid certificate signed by a trusted CA, are quite rare because the benefits of doing it are hardly worth the trouble.

More at :-
http://news.softpedia.com/news/ZeuS-Botnet-Master-...

--
Was this reply relevant?
+0
-0
mogs CClip 101
Expert Contributor 17th Apr, 2011 07:44
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Norton 2012 betas tweaks already well-regarded suite
by Seth Rosenblatt

New Norton betas include the ability to rate a download's stability based on the file behavior on the computers of other Norton users and full Google Chrome support, setting the tone for the premium security suite updates due later this year.
Released today by Symantec, Norton Internet Security 2012 beta (download) and Norton AntiVirus 2012 beta (download) also include a new start-up manager that debuted earlier this year in Norton 360, changes to Symantec's SONAR technology, and a new autofix feature for curing installation woes quickly.

Read more at :-
http://download.cnet.com/8301-2007_4-20054384-12.h...

--
Was this reply relevant?
+0
-0
mogs CClip 102
Expert Contributor 17th Apr, 2011 15:18
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK

By Ben Rooney

We all knew it was going to happen, but it has come about rather faster than most would have predicted. The Asia Pacific Network Information Centre has just released the last block of Internet Protocol version 4 addresses in its available pool.

In a statement, ASPNIC announced that, “This event is a key turning point in IPv4 exhaustion for the Asia Pacific, as the remaining IPv4 space will be ‘rationed’ to network operators to be used as essential connectivity with next-generation IPv6 addresses (PDF Link). All new and existing APNIC Members who meet the current allocation criteria will be entitled to a maximum delegation of a /22 (1,024 addresses) of IPv4 space. ”

So what happened? APNIC Director General Paul Wilson explained the Asia Pacific region is the first to reach the point of being unable to meet IPv4 demand. This is due to the unprecedented fixed and mobile network growth the region is experiencing. “Considering the ongoing demand for IP addresses, this date effectively represents IPv4 exhaustion for many of the current operators in the Asia Pacific region,” Wilson said. “From this day onwards, IPv6 is mandatory for building new Internet networks and services.”

It was APNIC that received the last two blocks of IP addresses available from the Internet


http://blogs.wsj.com/tech-europe/2011/04/15/asia-r...

--
Was this reply relevant?
+0
-0
mogs CClip 103
Expert Contributor 17th Apr, 2011 15:23
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
The Stars Are Ours, Inside NASA's Online Image Treasure Chest
By Mark Hachman0digg

A treasure trove of images from space is now available, as NASA has released the some of data and images collected by the Wide-Field Infrared Survey Explorer (WISE).
WISE began scanning the sky on Dec. 14, 2009, traversing it 1.5 times in a polar orbit while collecting data across four infrared wavelengths of light. All told, it collected more than 2.7 million images, which will eventually all be made available to the public.
For now, the archive is available in two forms: a version for the public, with images collected by WISE, is at this U.C. Berkley Web site. A second archive for astronomers can be found here, on a CalTech server.
The mission's nearby discoveries included 20 comets, more than 33,000 asteroids between Mars and Jupiter, and 133 near-Earth objects (NEOs), which are those asteroids and comets with orbits that come within 28 million miles (about 45 million kilometers) of Earth's path around the sun, NASA said. The satellite went into hibernation in early February of this year.

More at :-
http://www.pcmag.com/article2/0,2817,2383671,00.as...

--
Was this reply relevant?
+0
-0
mogs CClip 104
Expert Contributor 19th Apr, 2011 07:34
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Beta Channel Update
Monday, April 18, 2011 | 16:26
Labels: Beta updates
The Beta channel has been updated to 11.0.696.50 for Macintosh, Windows, Linux and Chrome Frame platforms

The following bugs were fixed
Flash does not load until the tab gets activated. (Issue 71591).
Going to settings from notification popup crashes Chrome (Issue 78938).
Disable speech input for readonly and disabled input fields (Issue 58540 ).
Renamed Blob.slice to Blob.webkitSlice and changed it to take start and end parameters. Also renamed BlobBuilder to WebKitBlobBuilder (Click for more detail).

You can find full details about the changes that are in this version of Chrome 11 in the SVN revision log.

If you find new issues, please let us know by filing a bug.

Want to change to another Chrome release channel? Find out how.

Karen Grunberg

--
Was this reply relevant?
+0
-0
mogs CClip 105
Expert Contributor 19th Apr, 2011 08:13
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Drive-By Download Attack Launched from Amnesty International UK Website.
By Lucian Constantin

A drive-by download attack launched from the compromised Amnesty International UK website exploited the latest Flash Player zero-day vulnerability to infect visitors.

According to security researchers from Armorize, the attack uses a technique dubbed drive-by caching to deliver the malware and execute it.

In a typical drive-by download attack, the user opens an infected page which loads an exploit, which then executes shellcode, which downloads and runs the final malware payload.

In a drive-by cache attack, however, after the user opens the infected page, the browser is tricked into caching the payload, then the exploit is loaded and the shellcode executes the already stored malware.

More at :-
http://news.softpedia.com/news/Drive-By-Download-A...

--
Was this reply relevant?
+0
-0
mogs CClip 106
Expert Contributor 19th Apr, 2011 08:18
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK

Installing Windows 8 on a USB Flash Drive – Video Demo
April 18th, 2011, 15:41 GMT| By Marius Oiaga

It’s already clear that Windows 8 will support a range of next generation form factors beyond traditional PCs, but at the same time, customers will be able to install the platform even on devices that are not computers at all.

Thanks to Portable Workspace, an upcoming feature introduced in the successor of Windows 7, Windows 8 will enable deployment scenarios involving nothing more than USB flash drives.

Essentially, Microsoft has expanded Windows 8 installation options not only to HDDs (hard disk drives) and SSDs (solid-state drives), but also to USB storage devices.

“Portable Workspace is a Windows feature that allows you to run Windows from a USB storage device,” the software giant reveals.

More at
http://news.softpedia.com/news/Installing-Windows-...

--
Was this reply relevant?
+0
-0
mogs CClip 107
Expert Contributor 19th Apr, 2011 08:22
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Internet-based attacks on critical systems rise

Most countries said they expected a cyber attack to disrupt energy supplies within the next two years

Internet-based attacks on critical systems such as gas, power and water have increased around the world, a report suggests.

Security firm McAfee surveyed 200 IT executives working for utility companies in 14 countries.

Eight out of 10 said their networks had been targeted by hackers during the past year.

China was seen as the most likely source of attacks, followed by Russia and the United States.

The number of reported incidents was higher than in 2009 when just over half of those asked said they had fallen victim.

Denial of service
Most of the reported security breaches took the form of distributed denial of service (DDOS) attacks.

These typically involve a network of computers, under the control of criminals, overwhelming a company's internet-connected systems.

More at
http://www.bbc.co.uk/news/technology-13122339

--
Was this reply relevant?
+0
-0
mogs CClip 108
Expert Contributor 19th Apr, 2011 10:56
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Children on social networks unaware of privacy risks
Posted on 18 April 2011.77% of 13-16 year olds and 38% of 9-12 year olds in the EU have a profile on a social networking site, according to a pan-European survey carried out for the European Commission. Yet, a quarter of children who use social networking sites like Facebook say their profile is set to "public" meaning that everyone can see it, and many of these display their address and/or phone number.

More at
http://www.net-security.org/secworld.php?id=10916

--
Was this reply relevant?
+0
-0
mogs CClip 109
Expert Contributor 19th Apr, 2011 23:57
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Microsoft imposes security disclosure policy on all workers

Redmond joins security advisory mill
By Dan Goodin in San Francisco • Get more from this author
Posted in Malware, 19th April 2011 21:18 GMT
Microsoft has implemented a new company policy requiring all employees to follow a detailed set of procedures when reporting security vulnerabilities in third-party products.

The practices are an evolution of the coordinated vulnerability disclosure doctrine it proposed in July. They're intended to simplify communication among affected parties and reduce the chances that vulnerability reports will result in it being exploited in the wild. Among other things, they require employees to send private notifications to the organization responsible for the vulnerable software, hardware or service and only later publish a public advisory.

More at
http://www.theregister.co.uk/2011/04/19/microsoft_...

--
Was this reply relevant?
+0
-0
mogs CClip 110
Expert Contributor 20th Apr, 2011 00:01
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Lloyds TSB Customers Targeted in New Phishing Attack
April 19th, 2011, 09:57 GMT| By Lucian Constantin

A new phishing campaign is targeting customers of Lloyds TSB with fake emails carrying rogue attachments that claim to come from the bank's security team.

The emails try to lure in victims by suggesting they have to receive money through their subject that reads "You have an incoming payment."

The body text is lacking in details and only says that: "This massage [sic.] was sent by LloydsTSB Security team Proceed Security Via Attachment."

Judging by the poor spelling the scam's creators used a short message because they didn't handle the English language very well.

This phishing attack follows the recent trend of using HTML attachments instead of linking to external websites directly.
More at
http://news.softpedia.com/news/Lloyds-TSB-Customer...

--
Was this reply relevant?
+0
-0
mogs CClip 111
Expert Contributor 20th Apr, 2011 00:06
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Microsoft kicks off third-party bug warnings with two for Chrome
Google patched the bugs in September and December 2010

By Gregg Keizer
April 19, 2011 04:00 PM
Computerworld - Microsoft today released a pair of security advisories for Chrome, the browser built by rival Google.

One of the advisories also called out a vulnerability in Opera.

The change is part of an expansion of the vulnerability disclosure policy Microsoft launched last summer, said Mike Reavey, the director of the Microsoft Security Response Center (MSRC).

The bugs were discovered by Microsoft researchers, and reported to the security teams responsible for Chrome and Opera. Google patched the two Chrome vulnerabilities last September and December; Opera fixed its browser flaw in October 2010.
More at
http://www.computerworld.com/s/article/9215956/Mic...

--
Was this reply relevant?
+0
-0
mogs CClip 112
Expert Contributor 20th Apr, 2011 00:11
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Landrush looms for thousands of short .uk domains
By David Meyer (@superglaze), 19 April, 2011 16:43

More than two-and-a-half thousand short .uk domain names will become available in May, the UK internet registry Nominet has said.

On Tuesday, Nominet said the 'Landrush phase' for the 2,640 mostly two-letter .co.uk, .net.uk, .me.uk and .org.uk domain names (PDF) would open at midday on 23 May and close at midday on 15 June.

Those wishing to grab their short domain name, with one example being 'gm.org.uk', will be able to pay £10 plus VAT to apply for it. If no-one else applies for the same domain name, the application will be approved on 23 June.

If others do also apply, the domain name will go to the highest bidder in an auction, which will take place from 20 July. Any domain names for which there have been no landrush applications will become available on a first-come-first-served basis on 27 June.

The rules for the process are on Nominet's website.
More at
http://www.zdnet.co.uk/blogs/communication-breakdo...

--
Was this reply relevant?
+0
-0
mogs CClip 113
Expert Contributor 20th Apr, 2011 09:47
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Top-secret US lab infiltrated by spear phishers – again

IE 0day leads to theft of data
By Dan Goodin in San Francisco • Get more from this author
Posted in Malware, 19th April 2011 23:34 GMT
One of the most sensitive science labs in the US has shut down all internet access after attackers exploited a vulnerability in Microsoft's Internet Explorer browser to steal data from some of its servers, according to published news reports.

The security breach at the Oak Ridge National Laboratory is at least the second time since 2007 that computers have been hacked when employees were duped by phishing emails. The most recent compromise was initiated by messages that were manipulated so that they appeared to come from the lab's Human Resource Department, The Knoxville News Sentinel reported.

According to a follow-up post, a link included in the fraudulent email, which first entered the lab's systems on April 7, exploited a critical vulnerability in IE that Microsoft fixed last Tuesday. It was the same bug that fetched a security researcher a $15,000 prize in the recent Pwn2Own hacking contest.

More at
http://www.theregister.co.uk/2011/04/19/us_lab_sec...

--
Was this reply relevant?
+0
-0
mogs CClip 114
Expert Contributor 20th Apr, 2011 18:07
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Ashampoo Hit by Data Breach
April 20th, 2011, 06:58 GMT| By Lucian Constantin

German software developer Ashampoo has notified its customers about a data breach incident that resulted in the exposure of their names and email addresses.

According to an announcement posted on the company's website, unidentified hackers broke through its security systems and gained unauthorized access to a server.

"We discovered the break-in and interrupted it instantly. The security gap through which the hackers gained access was closed immediately," said Ashampoo's CEO Rolf Hilchner.

"At the same time we reported this incident to the police. Further investigations are underway. Unfortunately, the traces of the well-concealed hackers currently disperse abroad," he added.

Fortunately, the hackers did not obtain access to billing information as this data is not stored on the company's servers.

In addition to its software development business, which includes anti-malware, firewall and data encryption products, the Ashampoo Group offers a diverse range of services through subsidiaries.

More at :-
http://news.softpedia.com/news/Ashampoo-Hit-by-Dat...

--
Was this reply relevant?
+0
-0
mogs CClip 115
Expert Contributor 20th Apr, 2011 18:11
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Windows 7 PC Collection Site Live

April 20th, 2011, 10:13 GMT| By Marius Oiaga

Launched with the slogan “Designed for individuals,” a new Microsoft site promises to highlight Windows 7 machines tailored to user needs.

“The Collection from Windows 7 brings together a range of PCs carefully selected to suit you,” reads the message from Microsoft.

The Redmond company has divided the Windows 7 computers it’s recommending to users into a few categories, namely: Everyday, Mobile Companion, Professional, Entertainment, and Gaming.

“If you are looking for a new PC and you are not sure which one to get then you may want to check out a great new site that we have called the Windows Collection where we have a great selection to choose from that should suit all your needs,” revealed Microsoft’s Rob Margel.

Using the website is extremely simple, with customers being required to first select a general category for the new Windows 7 PC they want to buy.

They can opt for a machine which would work great for the entire family, for lightweight mobile computers, or for powerhouses designed for professionals, multimedia or gaming content

More at
http://news.softpedia.com/news/Windows-7-PC-Collec...

--
Was this reply relevant?
+0
-0
mogs CClip 116
Expert Contributor 20th Apr, 2011 18:15
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Shifty scripts on Santander site prompt security fears

Alliance & Leicester bothered by unknown Javascript
By John Leyden • Get more from this author
Posted in Enterprise Security, 20th April 2011 08:56 GMT
Updated Parent firm Santander is reassuring customers that the website of its banking subsidiary Alliance & Leicester is secure despite the presence of JavaScript on its login pages served up from recently created sites of unknown provenance.

Reg reader Matt Freeman said he was prompted with a SSL certificate warning from a domain called 'www.polycache.com' when attempting to log in to Alliance & Leicester's online banking Internet using FireFox 4.

Alarmed by the incident, Matt did some digging and discovered that the warning stemmed from a script from advanced-web-analytics.com that, in turn, downloads another script from polycache.com.

Polycache.com was only registered a few weeks ago and is hosted by virtual server hosting firm lineode.com, a legitimate firm but not one normally associated with hosting e-commerce systems for high street banks. Domain registration details for polycache are hidden. In addition, polycache.com doesn't have a home page.

All this looks rather suspicious if not necessarily malicious. Rik Ferguson, a security consultant at Trend Micro said: "This doesn't look like the infrastructure for a bank."

More at
http://www.theregister.co.uk/2011/04/20/santander_...

--
Was this reply relevant?
+0
-0
mogs CClip 117
Expert Contributor 20th Apr, 2011 18:23
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Wed Apr 20 2011, 14:25
AT THIS YEAR'S Pwn2own hacking contest Internet Explorer and Safari were hacked in quick time while Chrome and Firefox remained relatively unscathed, but the competition's sponsor made it clear that this didn't mean they were any more secure.
Simon Leech, director at Pwn2own sponsor Tipping Point, speaking during London's Infosecurity conference, said he was surprised that Chrome in particular didn't go down because Google itself offered money for a hacker to take down the web browser.
But this didn't mean that the web browsers were any more secure, with a combination of factors and 'luck' leading to only IE and Safari suffering embarrassment this year. For example, Google came out with a patch release just before the competition that Leech believed fixed a vulnerability one researcher was looking to take advantage of.
Leech said, "There are definitely vulnerabilities in Chrome - it's not the most secure browser out there. There is no evidence to suggest that Chrome is any more secure than any of the other browsers."
He added, "It also might be something to do with Google's policy towards vulnerability research. They are starting to pay people, so researchers may have felt it was better to take their vulnerabilities to Google."
When The INQUIRER asked Leech for a straight-up answer to what the most secure web browser was out there, he jokingly said Wget, a Linux text-based file transfer utility.
But he followed that by saying, "To be honest there is no most secure web browser. You can definitely help your own security by configuring it correctly - disabling stuff that could lead to a security problem."
"Be careful with what you do with Java, use some of the plugins that are available to browsers to check that you're surfing at a secure site. But it's not the browser security you have to worry about. At a certain point every browser has a vulnerability in it somewhere. It's more about the usage of your browser."


Read more: http://www.theinquirer.net/inquirer/news/2045151/c...


--
Was this reply relevant?
+0
-0
mogs CClip 118
Expert Contributor 21st Apr, 2011 07:41
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Dev Channel Update
Wednesday, April 20, 2011 | 18:32
Labels: Dev updates
The Chrome Dev channel has been updated to 12.0.742.0 for all platforms. This release contains stability and performance fixes. There is one known issue.

Sync may not work correctly

The full list of changes is available from the SVN revision log. If you find new issues, please let us know by filing a bug. Want to change to another Chrome release channel? Find out how.


Jason Kersey
Google Chrome

http://googlechromereleases.blogspot.com/

--
Was this reply relevant?
+0
-0
mogs CClip 119
Expert Contributor 21st Apr, 2011 22:11
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK

Critical Security Updates Available for Adobe Reader and Acrobat
April 21st, 2011, 17:56 GMT| By Lucian Constantin

Adobe has released new versions of Adobe Reader and Acrobat in order to address two vulnerabilities, one of which has been actively exploited in the wild since two weeks ago.

Identified as CVE-2011-0611, the flaw affects the authplay.dll Flash Player component bundled with Adobe Reader and Acrobat.

The vulnerability was first discovered as part of targeted email attacks that distributed rogue Word documents rigged with the Flash exploit.

The flaw was patched in Flash Player 10.2.159.1 last Friday, at which time the company announced the week of April 25 as the expected release interval for the Adobe Reader and Acrobat updates.

However, it seems the software developer has decided to accelerate the schedule, probably as a result of more varied attacks that exploit this vulnerability.

"CVE-2011-0611, is being actively exploited in the wild against both Adobe Flash Player, and Adobe Reader and Acrobat, as well as via a Flash (.swf) file embedded in a Microsoft Word (.doc) or Microsoft Excel (.xls) file delivered as an email attachment targeting the Windows platform," the company writes in its security bulletin.

A few days ago, security firm Armorize reported about a drive-by download attack launched from the infected website of a UK human rights group, that exploited this Flash vulnerability.

Adobe released Adobe Reader 9.4.4 for Windows and Mac, Adobe Reader X (10.0.3) for Mac, Adobe Acrobat 9.4.4 and Adobe Acrobat X (10.0.3) for Windows and Mac.

Adobe Reader X (10.0.2) for Windows remains vulnerable, but its sandbox (Protected Mode) blocks any exploits from executing arbitrary code on the system. Because of this, the product will follow the normal update cycle and will be patched on June 14, 2011.

The second vulnerability addressed by these updates, CVE-2011-0610, is located in the CoolType library, but no attacks are known to exploit it. The Polish CERT and Paul Baccas of Sophos are credited with reporting it.

More at
http://news.softpedia.com/news/Critical-Security-U...


--
Was this reply relevant?
+0
-0
mogs CClip 120
Expert Contributor 21st Apr, 2011 22:16
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Avast Releases WebRep for Google Chrome

April 21st, 2011, 14:57 GMT| By Lucian Constantin

Avast has released a long-promised WebRep extension compatible with Google Chrome as part of a new update to its antivirus program.

When it released its avast! 6 line of products back in February, the Czech antivirus vendor introduced several new technologies, some of which included in its free offering.

One of these technologies is WebRep, a web reputation service that keeps users informed about risky and malicious URLs in search results.

In order to determine which URLs are malicious and which aren't, WebRep uses real-time data from the company's cloud intelligence gathering system.

But even if a website doesn't directly try to infect computers, it doesn't mean it cannot pose other risks. To address this WebRep also relies on users to manually provide safety ratings for the sites they visit and them to one of several pre-defined categories.

Avast hopes its 120 million active users will help it create a reliable reputation service, but for this to happen it needs to support all browsers, or at least the major ones.

When it launched, avast! 6 came with WebRep add-ons for Internet Explorer and Mozilla Firefox, but lacked support for Google Chrome.

Google's browser has an estimated 15% market share and is generally preferred by power users, exactly the kind of people the AV vendor wants rating websites.

More at
http://news.softpedia.com/news/Avast-Releases-WebR...

--
Was this reply relevant?
+0
-0
mogs CClip 121
Expert Contributor 22nd Apr, 2011 08:25
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Presley Walker Image Searches Lead to Drive-By Download

April 21st, 2011, 19:20 GMT| By Lucian Constantin

Security researchers from Websense warn that searching for photos of Presley Walker on Google Images can generate results that direct users to drive-by download pages.

Drive-by downloads are a type of attack in which victims get infected only by visiting a specially crafted web page, without any interaction.

This is normally achieved by exploiting vulnerabilities in outdated software packages found on the their computers.

In the attack detected by Websense, cyber criminals are using a popular exploit kit known as Neosploit which contains exploits for multiple vulnerabilities in Java, Adobe Reader and Windows.

"We first found on Monday that all the image search results took users to a notorious exploit kit – Neosploit. Later, it changed to redirecting users to rogue AV sites.

As we publish this blog, the search results are still poisoned and are leading to Neosploit again," the Websense researchers wrote.

More at
http://news.softpedia.com/news/Presley-Walker-Imag...

--
Was this reply relevant?
+0
-0
mogs CClip 122
Expert Contributor 22nd Apr, 2011 08:30
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Download Free Windows XP End of Life Countdown Gadget

April 21st, 2011, 15:35 GMT| By Marius Oiaga

There’s not all that much life left in Windows XP, and fact is that the pressure is mounting for those still on the aging operating system to migrate to a more recent iteration of the Windows client.

Microsoft is providing constant reminders that time is running out for the platform that hit store shelves back in 2001, and this week, the Redmond company started offering a new one.

The Windows XP End Of Support Countdown Gadget is now available free of charge through the Microsoft Download Center.

The resource’s label is pretty much self-explanatory, but the software giant also noted in its official description:

“Looking to get off Windows XP? Use this handy gadget to count down the number of days until Windows XP End of Support (EOS) in 2014.”

That’s right, three more years until Windows XP expires, again, and this time around for good.

I say again, because, as additional Microsoft technologies, XP’s lifecycle is governed by two very distinct periods: Mainstream Support and Extended Support.

More at
http://news.softpedia.com/news/Download-Free-Windo...

--
Was this reply relevant?
+0
-0
mogs CClip 123
Expert Contributor 22nd Apr, 2011 08:37
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Chrome OS Beta Channel Update
Thursday, April 21, 2011 | 16:58
Labels: Chrome OS
The Chrome OS Beta channel has been updated to the latest R11 release 0.11.257.91 including Chrome update (11.0.696.54).

If you find new issues, please let us know by visiting our help site or filing a bug.

Orit Mazor
Google Chrome
2 comments | Links to this post | Email Post

http://googlechromereleases.blogspot.com/

--
Was this reply relevant?
+0
-0
mogs CClip 124
Expert Contributor 22nd Apr, 2011 08:44
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Why do governments have trouble retaining cyber warriors?
Posted on 21 April 2011.It is becoming painfully obvious that the U.S. government and the governments of European countries are having trouble recruiting enough capable "cyber warriors" in order to keep their systems secure.

The retention of skilled experts is particularly challenging - some burn out, some go over to the "dark side". Time and time again, government department or agency heads bemoan the loss of perfect candidates - and employees - to the private sector.

Computer security professionals and attackers - two sides of the same coin, really - are mostly highly intelligent individuals who thrive on challenges and might sometimes chafe under the leadership of people who they believe know less about cybersecurity problems than themselves. And it is the somewhat eccentric personality of many of these individuals what makes them difficult to manage.

More at
http://www.net-security.org/secworld.php?id=10943

--
Was this reply relevant?
+0
-0
mogs CClip 125
Expert Contributor 22nd Apr, 2011 18:31
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
EFF Launches HTTPS Awareness Campaign
April 22nd, 2011, 12:28 GMT| By Lucian Constantin

The Electronic Frontier Foundation (EFF), one of the leading digital rights watchdogs, has launched, together with the Access, a campaign called "HTTPS Now" which raises awareness about the benefits of HTTPS and encourages its adoption.

HTTPS (HTTP Secure) combines the Hypertext Transfer Protocol (HTTP) with Secure Sockets Layer (SSL)/Transport Layer Security (TLS) in order to encrypt traffic between websites and users.

"We've heard a lot about how malicious tools like Firesheep can be used to steal data, including passwords for email and social networking accounts," said EFF Activist Eva Galperin.

"HTTPS Now is aimed at protecting users from attacks like these by spreading the word about HTTPS and how to use it correctly," she explained.

The campaign will extend in three directions, providing users with tools to make HTTPS use easier, gauging the level of HTTPS adoption on the Web and helping website owners implement the technology.

Resources and a growing list of sites on which HTTPS implementation has been tested based on several criteria are available on the campaign's website at httpsnow.org.

More at :-
http://news.softpedia.com/news/EFF-Launches-HTTPS-...

--
Was this reply relevant?
+0
-0
mogs CClip 126
Expert Contributor 23rd Apr, 2011 04:36
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Chrome Dev Channel Update
Friday, April 22, 2011 | 14:48
Labels: Dev updates
The Chrome Dev channel has been updated to 12.0.742.5 for all platforms. This release fixes a regression with sync along with other bugs. The full list of changes is available from the SVN revision log. If you find new issues, please let us know by filing a bug. Want to change to another Chrome release channel? Find out how.

Jason Kersey
Google Chrome
4 comments | Links to this post | Email Post

http://googlechromereleases.blogspot.com/

--
Was this reply relevant?
+0
-0
mogs CClip 127
Expert Contributor 23rd Apr, 2011 04:41
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK

New PDF Exploit Hiding Technique Tricks Antivirus Engines
April 22nd, 2011, 16:55 GMT| By Lucian Constantin

Researchers from Czech security vendor AVAST warn of a new technique used by PDF exploits to evade antivirus detection. It relies on encoding the malicious code as an image object.

AVAST first encountered this technique in a malicious PDF file a month ago and has seen it used in limited, but also targeted, attacks since then.

"This story began when we found a new, previously unseen, PDF file a month ago. It wasn’t detected by us or by any other AV company," Jiri Sejtko, a senior antivirus analyst at AVAST, writes on the company's blog.

"[...] Its originating URL address was quite suspicious and soon we confirmed the exploitation and system infection caused by just opening this document. But our parser was unable to get any suitable content that we could define as malicious," he adds.

It turns out that there was no JavaScript stream in this file and PDF exploits normally rely on JavaScript heap-spraying.

One of the only two objects referenced by an XFA array was decoded, analyzed and quickly eliminated. Researchers then observed that the remaining one required two filters, FlateDecode and JBIG2Decode.

FlateDecode is common, but JBIG2Decode is normally used to decode monochrome image data, and this how attackers chose to store the JavaScript code.

As it turns out, JBIG2Decode can be used on any object stream, an unusual behavior the AVAST developers, and probably those from other vendors as well, didn't anticipate when coding their PDF parser.

This particular file attempted to exploit an older Adobe Reader vulnerability, CVE-2010-0188, discovered in 2010 and patched in current versions of the program.

"Based on the information from the avast! Virus Lab logs, this new trick is currently used in only a very small number of attacks [...] and that is probably the reason why no one else is able to detect it," Mr. Sejtko writes.

Since the PDF parser has been updated to decode JBIG2-encoded objects, the AV vendor spotted the technique being used in other PDF files as well. However, because those also contained regular malicious code, they had already been detected.


http://news.softpedia.com/news/New-PDF-Exploit-Hid...

--
Was this reply relevant?
+0
-0
mogs CClip 128
Expert Contributor 23rd Apr, 2011 04:45
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
First Firefox 7 Build Is a Month Away

April 22nd, 2011, 13:40 GMT| By Marius Oiaga

Users have received plenty of warnings to brace themselves for a flood of Firefox major iterations per the Google Chrome model, and to prove that it means business Mozilla revealed that the first Firefox 7 pre-release Build is only approximately a month away.

While it might be hard to believe that development will start on Firefox 7 just two months after Firefox 4.0 Final was released, this is indeed the case.

And not only will the first Alpha builds of Firefox 7 be produced by the end of May 2011, but Firefox 6 will also become available for download and testing through the Aurora channel.

Here’s what Asa Dotzler, Director of Community Development, Mozilla had to say: “The merge forward to Aurora 6 and the beginning of Firefox 7 work is only 33 days away.”

More at
http://news.softpedia.com/news/First-Firefox-7-Bui...

--
Was this reply relevant?
+0
-0
mogs CClip 129
Expert Contributor 23rd Apr, 2011 04:48
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Windows 8 Hacks Activate Leaked Build 7850

April 22nd, 2011, 20:21 GMT| By Marius Oiaga

Windows 8 is still at least over a year from RTM, with the Beta expected in the fall of 2011, but hacks have already been produced to circumvent the operating system’s antipiracy mechanism.

With Build 6.1.7850 6.1.7850.0.winmain_win8m1.100922-1508 leaked in the wild earlier this month, there have been quite a few users ignoring all evident risks, downloading the bits and installing the Milestone 1 (M1) development milestone of Windows vNext.

Those that did hit a bit of a snag. Windows 8 M1 Build 7850 was compiled in September 2010, and since it was time-bombed, what users got was a very early copy of the operating system that had expired since February 5, 2011.

However, in normal Windows leak fashion, this did little to discourage testers, and only catalyzed crackers to come up with solutions.

At the time of this article I’m aware of two different hacks designed to bypass Windows 8 M1 activation.

More at
http://news.softpedia.com/news/Windows-8-Hacks-Act...

--
Was this reply relevant?
+0
-0
mogs CClip 130
Expert Contributor 23rd Apr, 2011 05:03
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK

"We read to know we are not alone," wrote C.S. Lewis. But how do books make us feel we are not alone?
"Obviously, you can't hold a book's hand, and a book isn't going to dry your tears when you're sad," says University at Buffalo, SUNY psychologist Shira Gabriel. Yet we feel human connection, without real relationships, through reading. "Something else important must be happening."
In an upcoming study in Psychological Science, a journal of the Association for Psychological Science, Gabriel and graduate student Ariana Young show what that something is: When we read, we psychologically become part of the community described in the narrative—be they wizards or vampires. That mechanism satisfies the deeply human, evolutionarily crucial, need for belonging.
The researchers recruited 140 undergraduates for the study. First the participants were assessed on the extent to which they meet their needs for connection by identifying with groups. Then some read a passage from the novel Twilight in which the undead Edward describes what it feels like to be a vampire to his romantic interest Bella. Others read a passage from Harry Potter and the Sorcerer's Stone in which the Hogwarts students are separated into "houses" and Harry meets potions professor Severus Snape. Participants were given 30 minutes to read the passage and were instructed to simply read for their own pleasure.

Read more at :-
http://medicalxpress.com/news/2011-04-vampire-bitt...

--
Was this reply relevant?
+0
-0
mogs CClip 131
Expert Contributor 23rd Apr, 2011 10:40
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
'Real' JavaScript benchmark topped by...Microsoft

Google Chrome dead last
By Cade Metz in San Francisco • Get more from this author
Posted in Developer, 22nd April 2011 17:21 GMT
Douglas Crockford - the man who "discovered" JSON and a senior JavaScript architect at Yahoo! – has released a new benchmark designed to test the "actual" performance of the major web browsers on "real" JavaScript applications. And according to the test, the browser with the speediest JavaScript engine...is not Google Chrome.

In fact, when running the benchmark, Chrome and its new Crankshaft engine are slower than all the other major browsers. And the fastest browser, in the estimation of Crockford, isn't Firefox or Opera.

It's Internet Explorer 10, which is currently available as a preview.

More at
http://www.theregister.co.uk/2011/04/22/douglas_cr...

--
Was this reply relevant?
+0
-0
mogs CClip 132
Expert Contributor 23rd Apr, 2011 19:14
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
PlayStation Network Down Due to Intrusion
April 23rd, 2011, 09:19 GMT| By Lucian Constantin

Sony says the extended PlayStation Network (PSN) downtime is caused by an intrusion into its systems which has prompted a detailed investigation.

The PlayStation Network is used by 70 million gamers, many of whom are currently infuriated after being locked out of the service for over three days.

"An external intrusion on our system has affected our PlayStation Network and Qriocity services," Patrick Seybold, Sony's senior director of corporate communications & social media, announced.

"In order to conduct a thorough investigation and to verify the smooth and secure operation of our network services going forward, we turned off PlayStation Network & Qriocity services on the evening of Wednesday, April 20th," he explained.

It's not clear who is responsible for the intrusion, but whatever they did must be serious enough to keep the service down for so long, especially now during the Easter break.

When the PSN initially went offline, everyone directed their attention towards Anonymous, the hacktivist collective that attacked it in the past to protest Sony's legal actions against geohot and other PS3 hackers.

However, soon after lauching the attacks the group suspended them saying it doesn't want to hurt players. The people inside Anonymous coordinating this type of operations, have now released a statement entitled "For Once We Didn't Do It."

More at
http://news.softpedia.com/news/PlayStation-Network...

--
Was this reply relevant?
+0
-0
mogs CClip 133
Expert Contributor 23rd Apr, 2011 19:19
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Softpedia Giveaways 2011: 100 Free Licenses for Ad-Aware Pro

April 23rd, 2011, 11:01 GMT| By Ionut Ilascu

This year’s giveaway campaigns on Softpedia will get a strong start this weekend with free licenses for Ad-Aware Pro Internet Security.

The amount of licenses Lavasoft is putting into this campaign is a generous, round 100, so there will be plenty of winners.

All you have to do in order to be eligible is add a comment (by next Friday) that’s both sincere and relevant to the software itself, right on this page. Make sure you use a valid email address otherwise we won’t be able to contact you if you win.

See more at
http://news.softpedia.com/news/Softpedia-Giveaways...

--
Was this reply relevant?
+0
-0
mogs CClip 134
Expert Contributor 24th Apr, 2011 03:14
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
The free program Eraser permanently deletes files from your hard disk
I thought it would be helpful to remind everyone that when you empty the Recycle Bin, or use Shift-Del to delete files or folders, they are not removed from the hard disk, even though Windows asks “Are you sure you want to permanently delete this file/folder?”.
The actual data for the ‘body’ of the file is still there on your hard disk and could be found if anyone needed to use free tools from the internet such as Recuva.
If this worries you, you could use a file erase program to wipe the free space on the drive. A good example of a tool that can help you wipe progams is Eraser.
Once Eraser has been installed, double-click on the icon on the Desktop to start it. Press Ctrl and N to create a new task. Select ‘Run immediately’ and then click on the 'Add data' button. Select 'Unused disk space' and click on OK. Eraser will start wiping the unused space on the hard disk. This may take some time.
Paul Robson


Read more: http://www.computeractive.co.uk/ca/pc-help/2033258...

N.B. ( Mogs )
The following tool in Revouninstaller also does a good job :-

Evidence Remover
Deleting your files and folders does not mean that they are gone forever. When you empty Windows Recycle Bin your files and folders are just marked as deleted but they are not erased physically. There is a chance to recover deleted data from 10 years or older PC and this data may be very important and confidential. With any recovery tool or un-delete program you can easily get back your important documents and other files that you have deleted. And here comes Evidence Remove tool of Revo Uninstaller.

More details here :-
http://www.revouninstaller.com/revo_uninstaller_un...

Downloads here :-
http://www.revouninstaller.com/revo_uninstaller_fr...



--
Was this reply relevant?
+0
-0
mogs CClip 135
Expert Contributor 24th Apr, 2011 13:56
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Amazon still trying to fix computer problems
April 24, 2011

Amazon.com is still trying to restore computers used by other websites as an outage stretched into a third day.
Besides selling books and DVDs, Amazon.com Inc. rents out space on computers that run other websites and online services. One of its data centers in Virginia began having problems on Thursday morning.
Amazon said Saturday that it is making progress fixing the problem, but more slowly than it had hoped. News-sharing site Reddit appeared to be functioning again. On its website, Amazon said it removed some bottlenecks that prevented connections from its Virginia center, but an additional issue was holding up restoring all remaining connections. The company's so-called "cloud' services in Northern California are operating normally.
No one knows for sure how many people have been inconvenienced, but the services affected are used by millions of people.

More at
http://www.physorg.com/news/2011-04-amazon-problem...

--
Was this reply relevant?
+0
-0
mogs CClip 136
Expert Contributor 25th Apr, 2011 10:03
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
News
Sony 'rebuilding' PlayStation Network after attack
By Martyn Williams
April 24,
IDG News Service - The outage of Sony's PlayStation Network and Qriocity service, now in its fourth day, looks set to continue after the company said on Sunday that it is "rebuilding" its system to better guard against attacks.

Sony said on Saturday that the outage was caused by an "external intrusion" into the network, but has yet to detail the problem.

More at
http://www.computerworld.com/s/article/9216122/Son...

--
Was this reply relevant?
+0
-0
mogs CClip 137
Expert Contributor 25th Apr, 2011 12:06
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
(PhysOrg.com) -- According to a new research study, Europeans are happier when they have a day off and work less, while their American counterparts would rather be working those extra hours. Published in the Journal of Happiness Studies, the research, led by Adam Okulicz-Kozaryn from the University of Texas, looks at survey results of Europeans and Americans and how they identified being happy.
Based on the study results, Europeans who described themselves as being "very happy" went from 28 percent down to 23 percent as their work hours increased. Americans, on the other hand, remained at 43 percent regardless of how many hours they worked.
The researchers say that due to a lack of research in this field, they cannot completely say that working more hours makes people happier, though they do have a few explanations.
Their thoughts on the reasoning behind the results point toward the different aspirations and self-worth people have. Europeans tend to be more concerned with enjoying and living life to the fullest, while Americans are busy following the “American Dream” and traveling a road toward financial success.

More at
http://medicalxpress.com/news/2011-04-americans-eu...

--
Was this reply relevant?
+0
-0
mogs CClip 138
Expert Contributor 26th Apr, 2011 06:14
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Dev Channel Update
Monday, April 25, 2011 | 17:37
Labels: Dev updates
The Chrome Dev channel has been updated to 12.0.742.9 for all platforms. This release continues to address UI and performance issues, as well as updates the Sync preferences UI. The full list of changes is available from the SVN revision log. If you find new issues, please let us know by filing a bug. Want to change to another Chrome release channel? Find out how.


Jason Kersey
Google Chrome
http://googlechromereleases.blogspot.com/

--
Was this reply relevant?
+0
-0
mogs CClip 139
Expert Contributor 26th Apr, 2011 14:39
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Last edited on 26th Apr, 2011 14:40
Cloud Computing
News Analysis
What happens to data when your cloud provider evaporates?
There's no way to directly migrate data between service providers

By Lucas Mearian
April 26, 2011 06:07 AM
Computerworld - Over the past year, four cloud storage service providers have said they're shutting down and Amazon's cloud services have been problematic since Thursday.

"All of these things are coming together ... to give cloud storage providers a black eye. Anyone who was on the fence about cloud storage may be off of it by now," said Gartner research analyst Adam Couture.

More importantly, the closures and outages leave users with an important question: What happens to their data when the cloud they use evaporates?

Currently, there's no way for a cloud storage service provider to directly migrate customer data to another provider. If a service goes down, the hosting company must return the data to its customer, who then must find another provider or revert back to storing it locally, according to Arun Taneja, principal analyst at The Taneja Group.

More at
http://www.computerworld.com/s/article/9216159/Wha...

--
Was this reply relevant?
+0
-0
mogs CClip 140
Expert Contributor 26th Apr, 2011 14:50
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Firefox 4 passes 100 million downloads mark

Gaining market share
By Dean Wilson
Tue Apr 26 2011, 12:10
IT'S FULL STEAM AHEAD for Firefox as the latest version of its browser software broke the 100 million downloads milestone over the weekend.
Firefox 4, which was only released last month, has seen 100 million downloads in that short space of time, giving it a very healthy eight per cent market share.
This puts the latest iteration of Mozilla's web browser well ahead of Internet Explorer 9, Microsoft's recent attempt to regain dominance in the web browser arena.
IE9 has only a three per cent share at the moment, starting with extremely slow growth and hovering around the one per cent mark for much of March and the first week of April. It only began to pick up speed in the middle of this month.
In comparison Firefox 4 got off to a good start immediately, jumping from two to five per cent in the first couple of days of its release and growing steadily from there.
If such strong uptake wasn't enough, Mozilla plans to promote updates to Firefox 4 to Firefox 3.5 and 3.6 users in roughly a week's time. It expects to see a big increase in downloads as a result, which means we could see it pass the 200 million mark soon enough. µ


Read more: http://www.theinquirer.net/inquirer/news/2045858/f...


--
Was this reply relevant?
+0
-0
mogs CClip 141
Expert Contributor 26th Apr, 2011 14:58
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Last edited on 26th Apr, 2011 14:59
Oracle Patches Java.com Flaw
By Sean Michael Kerner

The discovery of security issues in Java is something that Oracle deals with on a routine basis by way of regular security updates. Security issues with Java.com, however, is another issue.

Security researchers with the YGN Ethical Hacker Group publicly reported this week that Java.com was at risk from an arbitrary URL redirection vulnerability. YGN made the report on the public Full-Disclosure security mailing list.

The group also provided a link to a proof-of-concept demo to validate their claim.

According to YGN, it informed Oracle of the vulnerability on April 19th. On April 23rd, Oracle replied, "Thank you for bringing this issue to our attention. We appreciate your note and wanted to let you know that we have fixed it."
Oracle did not respond by press time to a request for comment from InternetNews.com on the YGN disclosure.

A URL redirection flaw is a serious issue that could have enabled an attacker to leverage Java.com for a phishing attack. Security tracking group Mitre has labeled URL Redirection as CWE-601 (Common Weakness Enumeration).

More at
http://www.esecurityplanet.com/news/article.php/39...

--
Was this reply relevant?
+0
-0
mogs CClip 142
Expert Contributor 26th Apr, 2011 19:42
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Piracy-Enabling Security Hole Possibly Responsible for PSN Outage
April 26th, 2011, 13:43 GMT| By Lucian Constantin

Reports from the PS3 hacking scene suggest the PlayStation Network (PSN) outage, now going into its sixth day, might have been caused by a security hole that enabled piracy.

The PSN went down unexpectedly before the Easter break, on April 20, and remains offline at the time of writing this article with little information about what's going on being available.

Sony only broke the silence after two days to say that the reason for the outage was an "external intrusion."

A subsequent announcement made on Sunday stated that the system is being rebuilt to offer better security to customers.

There is currently no estimated date for when the service will be brought back online, despite PS3 owners growing increasingly impatient and angry.

Meanwhile, a PSX-Scene.com moderator who uses the online handle of Chesh, launched an interesting and plausible theory about what prompted Sony to take such a drastic measure.

According to him, at the end of March, a new version of a PS3 CFW (custom firmware) called REBUG was released.

This third-party firmware unlocks some PS3 features reserved only for developers and some people figured out how to use it to access the PSN developer network.

More at
http://news.softpedia.com/news/Piracy-Enabling-Sec...

--
Was this reply relevant?
+0
-0
mogs CClip 143
Expert Contributor 27th Apr, 2011 06:49
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Beta Channel Update
Tuesday, April 26, 2011 | 13:54
Labels: Beta updates
The Beta channel has been updated to 11.0.696.57 for Macintosh, Windows, Linux and Chrome Frame platforms

The following bugs were fixed
REGRESSION: left property broken with position:fixed elements in RTL documents. (Issue 80216).
REGRESSION: Bottom of window Border is drawn 1 Pixel Higher than it should be (Issue 79640).
REGRESSION: Chromium window goes beyond the screen for non-Aero themes (Issue 80391).

You can find full details about the changes that are in this version of Chrome 11 in the SVN revision log.

If you find new issues, please let us know by filing a bug.

Want to change to another Chrome release channel? Find out how.

Karen Grunberg
Google Chrome
http://googlechromereleases.blogspot.com/

--
Was this reply relevant?
+0
-0
mogs CClip 144
Expert Contributor 27th Apr, 2011 07:41
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK

Compared with its predecessors, Windows 7 is remarkably secure and dependable. It's far from perfect, though: An unbootable PC, a nasty piece of malware, or a single important file gone missing can make you lose days or even months of work. And you can't solve every nightmare by waking up.

Here are ways out of six common Windows 7 disasters. I'll tell you how to fix a PC that won't boot, retrieve files from an inaccessible hard drive, stop frequent blue screens of death, restore a forgotten administrator password, remove malware, and find a missing file.

More Windows 7 stories:

11 tools for Windows 7 migrations

Top 10 free Windows 7 desktop themes

Seven things to love, hate about Windows 7

Get all the details you need on deploying and using Windows 7 in the InfoWorld editors' 21-page Windows 7 Deep Dive PDF special report

More at
http://www.infoworld.com/d/microsoft-windows/six-w...

--
Was this reply relevant?
+0
-0
mogs CClip 145
Expert Contributor 27th Apr, 2011 07:48
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK

6:39am UK, Wednesday April 27, 2011
The Japanese electronics giant Sony has admitted millions of Playstation network gamers may have had their personal details stolen.


A hacker broke into the PlayStation video game online network and stole names, addresses and possibly credit card data belonging to 77 million people.
It is believed to be one of the biggest-ever internet security breaches of its kind.


http://news.sky.com/skynews/Home/Technology/Hacker...

--
Was this reply relevant?
+0
-0
mogs CClip 146
Expert Contributor 27th Apr, 2011 18:29
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Deleting Flash Cookies Now Possible from Chrome User Interface
April 27th, 2011, 13:56 GMT| By Lucian Constantin

The latest development build of Google Chrome provides users with the necessary UI controls to clear Flash Local Shared Objects (LSO) from inside the browser.

Flash LSOs allow rich Internet applications to store various settings and cache items. For example, a Flash-based music player can use this feature to remember the user's preferred volume level over multiple sessions.

LSOs are commonly referred to as Flash cookies, not because they were designed to serve a similar function, but because they could be used for this purpose.

This alternative storage location raises several problems. For one, it can be abused to track users and respawn regular browser cookies, an unethical and illegal practice.

Several lawsuits seeking class action status have already been filed against major companies like Disney, Warner Bros. Records, Ustream and others, for using the method to track users across their websites.

More at
http://news.softpedia.com/news/Deleting-Flash-Cook...

--
Was this reply relevant?
+0
-0
mogs CClip 147
Expert Contributor 27th Apr, 2011 18:37
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
SpyEye Adds Support for Chrome and Opera

April 27th, 2011, 07:49 GMT| By Lucian Constantin

According to reports from the cyber criminal underground, the latest version of the SpyEye trojan comes with form grabbing support for Google Chrome and Opera, two browsers largely untouched by malware so far.

Brian Krebs has published a screenshot taken from the trojan's latest "builder" version and it has checkboxes for the anti-Rapport and Firefox webinjects plugins, as well as for Opera and Chrome form grabbers.

These two new components are aimed at stealing information typed into web forms and while this is not as advanced as injecting code into displayed web pages, it represents a serious attack against users who believe that using alternative browsers keeps them safe.

It's not yet entirely clear how these new form grabbers work, whether the malware hooks into the browsers' DLLs or is using extensions.

The hooking approach seems more likely because the APIs available to Chrome and Opera extensions are limited. In addition, only version 11 of Opera supports extensions.

More at
http://news.softpedia.com/news/SpyEye-Adds-Support...

--
Was this reply relevant?
+0
-0
mogs CClip 148
Expert Contributor 27th Apr, 2011 18:43
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
AhnLab warns of surge in regionalised malware
by Phil Muncaster
27 Apr 2011

Korean security vendor AhnLab is warning of an increase in malicious threats targeted at specific regions, including rogue anti-virus attacks capable of displaying dynamically in the local language.
The firm's latest AhnLab Security Emergency Response Center report for Q1 2011 revealed that well-known threats such as Conficker and Bredolad are increasingly being architected to surmount language barriers which may have previously hindered their success across geographies.
Trojans remain the most common malicious code at 38.1 per cent, followed by adware at 28.7 per cent and droppers at 14.6 per cent. The number of malicious URLs increased by 14 per cent over the period to 11,089, the report found.
Fake anti-virus attacks also continue to grow in number and sophistication, AhnLab found.
"These fake malicious programs are now available in multiple languages. There are no longer restrictions in spreading malicious code and extorting money caused by language," the report noted.


Read more: http://www.v3.co.uk/v3-uk/news/2046187/ahnlabs-war...


--
Was this reply relevant?
+0
-0
mogs CClip 149
Expert Contributor 27th Apr, 2011 20:18
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Chrome Stable Update
Wednesday, April 27, 2011 | 08:03
Labels: Stable updates

The Google Chrome team is happy to announce the arrival of Chrome 11.0.696.57 to the Stable Channel for Windows, Mac, Linux, and Chrome Frame. Chrome 11 contains some really great improvements including speech input through HTML.

Security fixes and rewards:
Please see the Chromium security page for more detail. Note that the referenced bugs may be kept private until a majority of our users are up to date with the fix.

We’re pleased to associate a record $16,500 of rewards with this patch.

We would also like to thank miaubiz, kuzzcc, Sławomir Błażek, Drew Yao and Braden Thomas of Apple Product Security and Christian Hollier for working with us during the development cycle and helping prevent bugs from ever reaching the stable channel.

More on what's new at the Official Chrome Blog. You can find full details about the changes that are in Chrome 11 in the SVN revision log. If you find new issues, please let us know by filing a bug. Want to change to another Chrome release channel? Find out how.

Karen Grunberg
Google Chrome

More at
http://googlechromereleases.blogspot.com/


--
Was this reply relevant?
+0
-0
mogs CClip 150
Expert Contributor 27th Apr, 2011 21:56
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK

"You've got a postcard" spam emails lead to fake AV
Posted on 27.04.2011Easter has come and passed, but the threat of bogus e-cards is alive as it ever was.

This particular method of luring users to malicious pages or to download malicious attachments has been around for ages, and the fact that it is still used proves that it is effective enough for spammers to bother with it.

Websense warns about pretty generic spam emails bearing the "You've got a postcard" subject and urging the recipient to follow the offered link in order to view it "at anytime within the next 20 days."

"The URLs used in the emails are either compromised sites or were only created barely two weeks ago," they say. Clicking on the link takes the user to a site containing obfuscated code that creates an iframe containing another URL.

This second URL contains an obfuscated script that drops some exploit code in order to run a rogue AV on the victim's machine.

The biggest danger here is the fact that the recipient doesn't have to do anything other than follow the offered link in order for his computer to get compromised - he doesn't have to confirm the download of an executable camouflaged as an innocuous file or anything else.

http://www.net-security.org/malware_news.php?id=17...

--
Was this reply relevant?
+0
-0
mogs CClip 151
Expert Contributor 27th Apr, 2011 22:04
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Fix Windows 7 SP1 Windows Explorer Crashes
April 27th, 2011, 13:38 GMT| By Marius Oiaga

Microsoft is offering users running Windows 7 a fix designed to resolve issues related to Windows Explorer.

According to the software giant, Windows Explorer can crash in certain scenarios, a glitch which also seems to be impacting Windows Server 2008 R2, not just Windows 7.

It appears that the issue is not exactly new, since it affects the RTM versions of Windows 7 and Windows Server 2008 R2, as well as the two operating systems after their first upgrade was released.

Essentially, the release of Service Pack 1 doesn’t seem to have resolved Windows Explorer crashes.

“This issue usually occurs when you perform some operations that are related to the taskbar or to the Address bar,” the Redmond company revealed.

Microsoft did not however detail the symptoms of Windows Explorer crashes further, and it does seem that the fix provided is designed more like a general stability boost more than anything else.

At the bottom of this article users will be able to find the download links for the updates set up to enhance the reliability of Windows Explorer, including the refresh designed for Windows 7 SP1.

More at
http://news.softpedia.com/news/Fix-Windows-7-SP1-W...

--
Was this reply relevant?
+0
-0
mogs CClip 152
Expert Contributor 29th Apr, 2011 01:21
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Microsoft fixes Office flaws found in Patch Tuesday updates
'Someone should get slapped...for this crap,' fumes user

By Gregg Keizer
April 28, 2011 02:54 PM
Computerworld - Microsoft today issued a fix for a problem in its Outlook 2007 email client caused by an update that shipped two weeks ago.

It was the second time in the last six days that Microsoft patched bugs introduced in Office applications by updates it issued April 12.

"After installing the April 2011 Public Update, some Outlook 2007 users reported difficulty with print previewing messages," Microsoft acknowledged in a post to its Office Updates blog. "To correct this issue, we have issued a public hotfix which you can download and install."

Although not a security update, the original Outlook 2007 fix appeared on Patch Tuesday, Microsoft's monthly roll-out of bug updates. The April 12 update for Outlook was described as offering "stability and performance improvements."

More at
http://www.computerworld.com/s/article/9216264/Mic...

--
Was this reply relevant?
+0
-0
mogs CClip 153
Expert Contributor 29th Apr, 2011 01:50
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Beta and Stable Channel Update
Thursday, April 28, 2011 | 12:00
Labels: Beta updates, Stable updates
The Beta and Stable channels have been updated to 11.0.696.60 for the Windows platform

The following bug was fixed:
REGRESSION: Windows painting issue while switching Chrome 11 window with overlapped app. (Issue 74604).
If you find new issues, please let us know by filing a bug.

Want to change to another Chrome release channel? Find out how.

Karen Grunberg
Google Chrome
http://googlechromereleases.blogspot.com/

--
Was this reply relevant?
+0
-0
mogs CClip 154
Expert Contributor 29th Apr, 2011 01:55
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Russia Top Source of Attack Traffic
April 26, 2011
By Sean Michael Kerner

According to the fourth quarter 2010 State of the Internet report from Akamai, Russia is now the top source of Internet attack traffic in the world.

Akamai found that attack traffic flowing out of Russia represented 10 percent of all observed global attack traffic. In contrast, the U.S accounted for 7.3 percent of attack traffic. The U.S. placed fifth on Akamai's list of attack traffic, dropping from the second spot in the third quarter.

David Belson, Editor of the Akamai State of the Internet report told InternetNews.com that the study specifically looked at port level attacks and is not a measure of spam origination.

"These are things like Conficker trying to spread, port scanning and other exploits that really should have been patched years ago," Belson said. "Some of them are brute force attempts to break into systems via telnet or SSH."

While Akamai sees the attack traffic coming from a specific country, there is the possibility that there is a deeper origination point.

"From our perspective the attacks are originating in Russia but we're only seeing the IP addresses making a request to us," Belson said. "So it could be that the attacks are coming from somewhere else and are being proxied or forwarded through Russia."

More at
http://www.esecurityplanet.com/features/article.ph...

--
Was this reply relevant?
+0
-0
mogs CClip 155
Expert Contributor 29th Apr, 2011 08:22
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Obama Birth Certificate Image Search Results Poisoned

April 28th, 2011, 17:42 GMT| By Lucian Constantin

Security researchers warn that Google Image searches for president Obama's birth certificate have been poisoned with malicious links that lead users to scareware.

This new black hat SEO campaign was prompted by the White House's decision to release President Barack Obama's long-form birth certificate in order to put to rest the controversy surrounding his birthplace.

The president previously released a standard short variant of the document, which lacked some details, like the name of the exact hospital where he was born in Hawaii.

News of the extended version being released has led to a lot of Google Image searches for "Obama birth certificate," which in turn provided a good opportunity for attackers.

Security researchers from GFI Software warn that links leading users to drive-by download attacks have made their way on the first page of results returned for the aforementioned keywords.

More at
http://news.softpedia.com/news/Obama-Birth-Certifi...

--
Was this reply relevant?
+0
-0
mogs CClip 156
Expert Contributor 29th Apr, 2011 08:28
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Dev Channel Update
Thursday, April 28, 2011 | 17:42
Labels: Dev updates
The Chrome Dev channel has been updated to 12.0.742.12 for all platforms. This release continues to address UI and performance issues, as well as updates the Sync preferences UI. The full list of changes is available from the SVN revision log. If you find new issues, please let us know by filing a bug. Want to change to another Chrome release channel? Find out how.

Jason Kersey
Google Chrome
http://googlechromereleases.blogspot.com/

--
Was this reply relevant?
+0
-0
mogs CClip 157
Expert Contributor 29th Apr, 2011 21:00
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Windows 7 SP1 Application Compatibility Update Released

April 29th, 2011, 15:59 GMT| By Marius Oiaga

At a little over two months since Service Pack 1 for Windows 7 hit general availability, the first application compatibility update for the upgraded operating system is now available for download.

In all fairness, KB 2492386, namely the Redmond company’s April 2011 Application Compatibility Update is not provided only for Windows 7 SP1 and Windows Server 2008 R2 SP1, and their RTM Builds, but also for all supported versions of Windows, including: Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008.

Following the integration of KB 2492386, customers will be able to enjoy improvements in terms of compatibility for a specific list of applications.

The refresh is being served automatically through Windows Update, but at the same time is available for users that want to install it manually. Check below for the download links.

More at
http://news.softpedia.com/news/Windows-7-SP1-Appli...

--
Was this reply relevant?
+0
-0
mogs CClip 158
Expert Contributor 29th Apr, 2011 21:08
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK


Criminals have started using an obscure image filter to make malicious PDF files all but invisible to many antivirus programs, Czech security firm Avast Software said.

The trick involves hiding a common Adobe Reader exploit inside a PDF (Portable Document Format) file by encoding it with the JBIG2Decode filter, normally used to minimize file sizes when embedding monochrome TIFF (Tagged Image File Format) images inside PDFs.

Because the content appears to antivirus software as a harmless two-dimensional TIFF image, the malicious exploit goes unnoticed.

“Who would have thought that a pure image algorithm might be used as a standard filter on any object stream you want?” said Avast virus analyst, Jiri Sejtko, in a blog. “And that’s the reason why our scanner wasn’t successful in decoding the original content -- we hadn’t expected such behavior."

Part of the problem was the scope offered by the PDF specification to use filters such as JBIG2Decode in unusual ways, and even to use several of them at once in a layered fashion, he said.

The TIFF vulnerability being targeted is CVE-2010-0188 from February 2010, which affects Adobe Reader 9.3 or earlier versions running on Windows, Mac and Unix. Current versions, Reader X 10.x, are not affected although many users will still be using older versions.

More at
http://www.infoworld.com/d/security/avast-finds-pd...

--
Was this reply relevant?
+0
-0
mogs CClip 159
Expert Contributor 29th Apr, 2011 21:14
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Battle of the Web browsers
Chrome, Firefox, Internet Explorer, Opera, and Safari square off on speed, features, and HTML5 compatibility

By Peter Wayner | InfoWorld

Stop. Don't look up. Don't look outside of the box, the rectangle holding this text. Can you tell me which browser you're using? Did you choose it yourself for all the right reasons? Can you explain why you're trusting your precious HTML-encoded content to this browser, the way a major league batter can explain why maple or ash and a thin or thick barrel is absolutely the right choice for sending that ball into the bleachers? Are you sure this browser is the best choice for the tags and the metadata hurling toward your computer?

If you can't answer the questions, get out of here. If you think that this highly optimized, just-in-time, infinitely customizable technology is another mere commodity, don't even bother finishing this sentence to look for the insult you know is coming. You're not good enough to read this text. You don't deserve the information.

Read more at
http://www.infoworld.com/d/applications/battle-the...

--
Was this reply relevant?
+0
-0
mogs CClip 160
Expert Contributor 30th Apr, 2011 10:49
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Mozilla ships first security update for Firefox 4

ASLR compilation cockup uncocked
By Dan Goodin in San Francisco
Posted in Security, 29th April 2011 21:30 GMT
Mozilla has issued the first ever security update for Firefox 4.0, including a fix for two chunks of code that allowed attackers to override a key security protection baked in to recent versions of the Windows operating system.

The slip up in the two WebGLES graphics libraries, which Mozilla added to the latest version of the open-source browser, is the result of someone compiling the code without the benefit of ASLR, or address space layout randomization. The security measure, which Microsoft introduced in Windows Vista, is designed to prevent malware attacks by making it harder to locate the memory addresses of code loaded by memory-corruption exploits.

Because the library was added to Firefox 4, the bug doesn't affect earlier versions of the browser.

“Nils reported that the WebGLES libraries in the Windows version of Firefox were compiled without ASLR protection,” an advisory for the bug stated. “An attacker who found an exploitable memory corruption flaw could then use these libraries to bypass ASLR on Windows Vista and Windows 7, making the flaw as exploitable on those platforms as it would be on Windows XP or other platforms.”


http://www.theregister.co.uk/2011/04/29/firefox_se...

--
Was this reply relevant?
+0
-0
mogs CClip 161
Expert Contributor 30th Apr, 2011 10:57
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
The PlayStation Network hack is now considered to be one among the biggest data thefts of all time, and according to the claims made by the alleged hackers on underground Internet forums, it seems that some 2.2 million credit card numbers were, indeed, stolen.

Security researchers have been sifting through the hacker forums and say that there has been talk of the hackers contacting Sony in order to sell back the credit card list to the company for $100,000, but that Sony didn't respond to the offer.

Whether the claims are true or not it is impossible to tell. "The entire credit card table was encrypted and we have no evidence that credit card data was taken, said Sony. "The personal data table, which is a separate data set, was not encrypted, but was, of course, behind a very sophisticated security system that was breached in a malicious attack."

More at
http://www.net-security.org/secworld.php?id=10964

--
Was this reply relevant?
+0
-0
mogs CClip 162
Expert Contributor 30th Apr, 2011 15:23
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Sony's Hirai to brief on PlayStation hack on Sunday
By Martyn Williams
April 30, 2011 05:37 AM ET
IDG News Service - Sony is expected to provide its most detailed update yet on Sunday on a hack that hit the PlayStation Network and the status of personal information and credit card numbers of up to 77 million customers.

Kaz Hirai, the head of Sony's gaming division, will speak to journalists in Tokyo and provide the findings of an investigation into the hack of its online gaming service, said Sony. Hirai will also detail the PlayStation Network's system security measures and service restoration plan.

More at
http://www.computerworld.com/s/article/9216310/Son...

--
Was this reply relevant?
+0
-0
mogs CClip 163
Expert Contributor 30th Apr, 2011 15:28
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Legal goons threaten researcher for reporting security bug

When vuln disclosures are outlawed...
By Dan Goodin in San Francisco • Get more from this author
Posted in Security, 29th April 2011 23:12 GMT
A German software company has threatened legal action against a security researcher who privately reported a critical vulnerability in one of its programs, Dark Reading reports.

Legal goons from Magix AG sent a nasty gram to a researcher who goes by “Acidgen” after he reported the stack buffer overflow in the company's Music Maker 16. According to the report, Acidgen alerted Magix representatives to the bug in several emails that also included proof-of-concept code that forced the Windows calculator to open, indicating the flaw could be exploited to execute malicious code on a victim's computer.

More at
http://www.theregister.co.uk/2011/04/29/security_r...

--
Was this reply relevant?
+0
-0
mogs CClip 164
Expert Contributor 30th Apr, 2011 19:17
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Supercomputers crack sixty-trillionth binary digit of Pi-squared
by Linda Vu


David H. Bailey Photo courtesy of Lawrence Berkely National Lab
Australian researchers have done the impossible -- they’ve found the sixty-trillionth binary digit of Pi-squared! The calculation would have taken a single computer processor unit (CPU) 1,500 years to calculate, but scientists from IBM and the University of Newcastle managed to complete this work in just a few months on IBM's "BlueGene/P" supercomputer, which is designed to run continuously at one quadrillion calculations per second.

More at
http://www.physorg.com/news/2011-04-supercomputers...

--
Was this reply relevant?
+0
-0
mogs CClip 165
Expert Contributor 30th Apr, 2011 19:23
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Last edited on 30th Apr, 2011 19:23
Softpedia Giveaways 2011: 25 Free Licenses for Ashampoo WinOptimizer

April 30th, 2011, 11:00 GMT| By Ionut Ilascu

Another week, another giveaway at Softpedia. This time around we partnered up with Ashampoo to offer 25 licenses of their latest suite for system optimization, WinOptimizer 8.

The same rules apply, so you have a week at your disposal to try the bundle’s efficiency on your system and decide whether you’re willing to share with us your honest opinion about the product for a chance to win a free license. Make sure you provide a valid email address so we can contact you in case you’re one of the 25 lucky winners.

Read more at
http://news.softpedia.com/news/Softpedia-Giveaways...

--
Was this reply relevant?
+0
-0
mogs CClip 166
Expert Contributor 30th Apr, 2011 19:30
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
MUMBAI, India — Free speech advocates and Internet users are protesting new Indian regulations restricting Web content that, among other things, can be considered “disparaging,” “harassing,” “blasphemous” or “hateful.”

The new rules, quietly issued by the country’s Department of Information Technology earlier this month and only now attracting attention, allow officials and private citizens to demand that Internet sites and service providers remove content they consider objectionable on the basis of a long list of criteria.

Critics of the new rules say the restrictions could severely curtail debate and discussion on the Internet, whose use has been growing fast in India.

Read more at
http://www.nytimes.com/2011/04/28/technology/28int...

--
Was this reply relevant?
+0
-0
mogs RE: Daily CYBERCLIPS April
Expert Contributor 1st May, 2011 07:13
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Thankyou for your support....This thread is now closed

Please see the May Edition of CYBERCLIPS at :-
http://secunia.com/community/forum/thread/show/856...

--
Was this reply relevant?
+0
-0

This thread has been marked as locked.


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 MSSP
Technology Partners
References
 Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


Secunia is a member of FIRST Secunia is a member of EDUcause Secunia is a member of The Open Group Secunia is a member of FS-ISAC
 
Secunia © 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability - Disclaimer
follow Secunia on Facebook follow Secunia on Twitter follow Secunia on LinkedIn follow Secunia on YouTube follow Secunia Xing follow Secunias RSS feed follow Secunia on Google+