Forum Thread: Daily CYBERCLIPS April

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
Open Discussions

This thread has been marked as locked.
mogs Daily CYBERCLIPS April
Member 1st Apr, 2011 07:27
Ranking:
Posts: 6,279
User Since: 22nd Apr, 2009
System Score: N/A
Location: UK
Last edited on 1st Apr, 2011 07:28

Ninth Edition

Thankyou for your continuing support. Hope you find something of value/interest in the new thread. The new INDEX thread will follow shortly.
Please refrain from scoring on both threads.
Security remains the main theme of the thread with some related and varied topics.
Please note....the most recent posts are those at the end of a downward scroll !!
I should reiterate that no entry/post should be taken as a personal recommendation, unless otherwise stated.
Please continue to keep CYBERCLIPS free of junk and unattractive to any contentious individuals..
* Keep patching : up to date : be Cybersafe ! *


--

mogs CClip 1
Member 1st Apr, 2011 07:43
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 2
Member 1st Apr, 2011 08:04
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Last edited on 1st Apr, 2011 08:05
by Shaun Nichols

With tax season in full swing, cyber criminals are returning with a fresh crop of taxation-related phishing attacks.
Researchers with McAfee Labs are reporting a new round of phishing emails seeking to defraud UK taxpayers. The attacks claim to be from HM Revenue and Customs (HMRC), posing as notifications to users of unclaimed tax funds. Users are asked to follow a link within the message to an external site.

Upon visiting the site, users are presented with a site that includes both valid links to external pages from HMRC as well as several links to supposed banking sites which are in fact phishing pages designed to harvest account credentials.


Read more: http://www.v3.co.uk/v3-uk/news/2039277/phishers-re...


--
Was this reply relevant?
+0
-0
mogs CClip 3
Member 1st Apr, 2011 08:50
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Q I have encountered a problem with my external hard disk after following an attempt to convert it from the Fat 32 file system to NTFS.
The change went smoothly but when I now run a full backup of my main drive to this external drive, it stalls at about 75 per cent of the way through. An error message appears to say that the backup was unsuccessful, with an error code of 0x81000037.
I now wish I had left the drive unchanged as Fat 32. Can you help me sort this out? I really don't want to have to reformat the hard disk, as I would lose a lot of valuable data.
Philip Wade
A We see how this problem may seem to relate to your decision to upgrade the drive from Fat 32 to NTFS, but we believe this is just a coincidence........................


Read more: http://www.computeractive.co.uk/ca/pc-help/2026176...


--
Was this reply relevant?
+0
-0
mogs CClip 4
Member 1st Apr, 2011 09:12
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 5
Member 1st Apr, 2011 11:07
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 6
Member 1st Apr, 2011 16:26
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 7
Member 1st Apr, 2011 16:30
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
New Notification Feature for Windows Live Hotmail on Windows 7 via IE9

April 1st, 2011, 13:45 GMT| By Marius Oiaga

Internet Explorer 9 enables users to pin sites on the Taskbar just as they would any other application, but only as long as they are running Windows 7.

Windows Live Hotmail makes no exception to this rule, and the Redmond company seems committed to investing continually in pushing the Hotmail user experience on Windows 7 to the next level, for customers leveraging IE9.

In this regard, the software giant has introduced a new app-like feature to its email service, allowing Hotmail to deliver notifications directly on the Windows 7 Taskbar, provided that it was pinned.

More at :-
http://news.softpedia.com/news/New-Notification-Fe...

--
Was this reply relevant?
+0
-0
mogs CClip 8
Member 1st Apr, 2011 16:34
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Mozilla surpasses 50 million Firefox 4 downloads

Steady on-going demand
By Lawrence Latif
Fri Apr 01 2011, 13:12
OPEN SOURCE SOFTWARE HOUSE Mozilla is serving about 2,000 downloads of Firefox 4 per minute at the moment, and has passed the 51 million mark according to its nifty download counter.


Read more: http://www.theinquirer.net/inquirer/news/2039498/m...


--
Was this reply relevant?
+0
-0
mogs CClip 9
Member 1st Apr, 2011 20:15
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Verisign deploys DNSSEC on .com TLD

Plugs DNS security hole
By Lawrence Latif
Fri Apr 01 2011, 16:50
INTERNET INFRASTRUCTURE OUTFIT Verisign has rolled out DNSSEC on the .com top level domain (TLD).
Verisign, which runs two of the Internet's 13 root domain name service (DNS) servers and the .com and .net TLDs, announced that it has deployed DNSSEC on the .com TLD. The firm announced that this was a "critical milestone to improve the integrity" of the Internet.
One of the main advantages of using DNSSEC is that DNS records can be verified because they are digitally signed using public-key cryptography. This should, in theory, mitigate the possibility of DNS hijacking attacks, where users are unwittingly sent to the wrong website by having a domain name resolved to an incorrect quad-dot numerical Internet address.


Read more: http://www.theinquirer.net/inquirer/news/2039648/v...


--
Was this reply relevant?
+0
-0
mogs CClip 10
Member 1st Apr, 2011 20:19
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Google uses Gmail for April Fools' Day prank
Company pulls Gmail Motion gag -- controlling Gmail with your body (see video below)

By Sharon Gaudin
April 1, 2011 01:27 PM
Computerworld - Have you started looking forward to controlling your Google Gmail account with body movements?

If you have, you probably shouldn't admit it.

Those pranksters at Google are having some April Fools' Day fun with users again this year.

More at :-
http://www.computerworld.com/s/article/9215425/Goo...

--
Was this reply relevant?
+0
-0
taffy078 RE: Daily CYBERCLIPS April
Contributor 1st Apr, 2011 21:55
Score: 408
Posts: 1,460
User Since: 26th Feb 2009
System Score: 100%
Location: UK
Hey Mogs! Thank you for some interesting & informative heads-up, and for the time that you spend on this. I'm too busy at the moment to keep my eye on all the balls so this has helped me a lot.

PS This is a genuine 'thank you' - it's not an April Fool!

--
taffy078, West Yorkshire, UK

HP Envy Win10 PC 1511 Build 10586.71 and Compaq Presario CQ71 Win10 Upgraded 1511 build 10586.71
Was this reply relevant?
+0
-0
mogs RE: Daily CYBERCLIPS April
Member 1st Apr, 2011 22:18
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Hi...evening taffy ! And wishes for a lack of rainfall and a warm April breeze for you too !
Glad you are finding the thread useful.....it stays quite neat d'ya reckon (?)....without overmuch use of the scissors, shears and escalation to nuclear lawnmower ?! Ha!

--
Was this reply relevant?
+0
-0
mogs CClip 11
Member 2nd Apr, 2011 09:47
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Google Plans to Improve SSL Cetificate Validation in Chrome

April 1st, 2011, 16:52 GMT| By Lucian Constantin

Google is working on implementing more strict digital certificate verification mechanisms in Chrome based on a technology it already has.

The security industry is still actively discussing the recent compromise of a Registration Authority (RA) that resulted in rogue digital certificates for high-profile domains being issued by Comodo.

Following the incident, browser vendors and security specialists have begun working together to find methods of improving the public key infrastructure (PKI), which is used to establish trust online.

More at :-
http://news.softpedia.com/news/Google-Plans-to-Imp...

--
Was this reply relevant?
+0
-0
mogs CClip 12
Member 2nd Apr, 2011 09:51
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 13
Member 2nd Apr, 2011 09:57
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Bank customers warned after breach at Epsilon marketing firm
By Robert McMillan
April 2, 2011 01:02 AM
IDG News Service - Citibank, JP Morgan Chase and the Kroger supermarket chain are warning customers that their names and e-mail addresses may have fallen into the wrong hands after someone broke into computer systems at e-mail marketing giant Epsilon.

Epsilon, whose other customers include Visa, Kraft, and Marriott International, acknowledged the incident in a brief statement Friday. "On March 30th, an incident was detected where a subset of Epsilon clients' customer data were exposed by an unauthorized entry into Epsilon's email system," Epsilon said. "The information that was obtained was limited to email addresses and/or customer names only."

More at :-
http://www.computerworld.com/s/article/9215443/Ban...

--
Was this reply relevant?
+0
-0
mogs CClip 14
Member 2nd Apr, 2011 09:59
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Thieves are stealing children's identities
By Tim Greene
April 1, 2011 08:26 PM
Network World - Identity theft has saddled thousands of children with debt, sometimes for years before they ever discover their personal information has been stolen, a study says.

Within a database of 42,232 children that was compiled by an identity-protection business, 4,311 -- 10.2% -- had someone else using their Social Security numbers, according to "Child Identity Theft," a report by Richard Power, a distinguished fellow at Carnegie Mellon Cylab.

More at :-
http://www.computerworld.com/s/article/9215442/Thi...

--
Was this reply relevant?
+0
-0
mogs CClip 15
Member 2nd Apr, 2011 20:38
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 16
Member 3rd Apr, 2011 09:39
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 17
Member 3rd Apr, 2011 11:19
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK

CCleaner v3.05
We've been closely following the release schedule of the latest browsers to keep CCleaner fully compatible. With both Firefox 4.0 and Microsoft's Internet Explorer 9 being released this month, we've updated CCleaner in version 3.05 to be fully compatible with both!
Additionally we've improved the registry cleaner to trim out old Firewall entries and added a lot more third-party cleaning rules.
Change Log:
Added support for Internet Explorer 9.
Added support for Firefox 4.0.
Added Internet Explorer Cached Feeds cleaning.
Added Internet Explorer Add-ons Statistics cleaning.
Added iTunes cookie management.
Added Opera cleaning for saved/opened directories paths.
Improved Firefox/Mozilla Saved Password cleaning.
Improved Intelligent cookie keeping functionality.
Improved Registry cleaning for Obsolete Software.
Improved Registry cleaning for Unused File Extensions.
Added Registry cleaner for Windows Services.
Added cleaning for obsolete Firewall Rules.
Added detection of invalid Browser Helper Objects.
Added new environment variables for user documents. (i.e. %CommonDocuments%, %CommonMusic%, %CommonPictures%, %CommonVideo%, %MyDocuments%, %Documents%, %MyMusic%, %Music%, %MyPictures%, %Pictures%, %MyVideo%, %Video%).
Added cleaning for Adobe Air, Advanced Searchbar, Steam, Xfire, Skype, AOL Instant Messenger, Camfrog Video Chat, Miranda Instant Messenger, Pidgin, Yahoo Messenger, ooVoo, TeamSpeak, Ventrilo Client, Ventrilo Server, FrostWire, uTorrent, Shareaza, iMesh, BearShare, DC++ and Ares.

www.piriform.com/ccleaner

--
Was this reply relevant?
+0
-0
mogs CClip 18
Member 4th Apr, 2011 09:42
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Mozilla to Block Offline Add-on Installation in Upcoming Firefox Version

April 4th, 2011, 05:22 GMT| By Lucian Constantin

In an attempt to resolve performance issues Mozilla plans to block the offline installation of add-ons, a measure that will also impact security in a good way.

Mozilla intends to make a series of add-on-related changes that involve the introduction of automatic performance testing, slow performance warnings, and most importantly, from a security perspective, mandatory opt-in installation.

This means that no third-party program will be able to install extensions, toolbars or plug-ins by placing files directly in the Firefox directory.

This is actually an attack vector that has been discussed and criticized before by the security community.

More at :-
http://news.softpedia.com/news/Mozilla-to-Block-Of...

--
Was this reply relevant?
+0
-0
mogs CClip 19
Member 4th Apr, 2011 09:46
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
RSA Hackers Exploited Zero-Day Flash Vulnerability

April 4th, 2011, 03:57 GMT| By Lucian Constantin

Reputed security company RSA said the intrusion incident it suffered last month was the result of a spear phishing attack leveraging a recently patched Adobe Flash vulnerability.

In mid-March, RSA Security, a division of EMC Corp., admitted being the victim of an Advanced Persistent Threat (APT) attack which resulted in sensitive information being stolen from its systems.

The data was related to the company's popular SecurID two-factor authentication product which is used to secure numerous private and governmental networks.

The company noted that while the stolen information can't be used to attack SecurID directly, it can be leveraged to decrease its efficiency.

After the initial public disclosure, the company pretty much kept quiet and refused to answer questions more questions, which attracted a some criticism from the security community.

More at :-
http://news.softpedia.com/news/RSA-Hackers-Exploit...

--
Was this reply relevant?
+0
-0
mogs CClip 20
Member 4th Apr, 2011 16:34
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Microsoft Security Essentials Site Overhauled

April 4th, 2011, 13:16 GMT| By Marius Oiaga

Microsoft has overhauled the website it uses to serve its free security solution to Windows 7, Windows XP and Windows Vista customers.

The redesign of the Microsoft Security Essentials websites comes a bit out of the blue, but then again, so did the actual release of the latest version of MSE 2.0.

Just head over to the Security Essentials corner on Microsoft.com to witness the new design introduced by the software giant.

To me at least, it looks like the Redmond company strived to make the MSE site more attractive to small businesses, and not necessarily to end users.

More at :-
http://news.softpedia.com/news/Microsoft-Security-...

--
Was this reply relevant?
+0
-0
mogs CClip 21
Member 4th Apr, 2011 16:37
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 22
Member 4th Apr, 2011 19:38
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 23
Member 4th Apr, 2011 19:42
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Microsoft is testing a ribbon interface in Windows 8

A controversial inclusion in an early beta
By Lawrence Latif
Mon Apr 04 2011, 13:32
SOFTWARE FLOGGER Microsoft is planning to bring its controversial ribbon interface to Windows 8.
Microsoft's ribbon user interface made its debut in Office 2007 and has polarised user opinion ever since. Microsoft has used the ribbon interface in a growing number of applications and judging from leaked Windows 8 screenshots, it is going to integrate the ribbon motif in Internet Explorer.


Read more: http://www.theinquirer.net/inquirer/news/2040057/m...


--
Was this reply relevant?
+0
-0
mogs CClip 24
Member 4th Apr, 2011 19:44
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
HP reports huge increase in automated malware toolkits
by Iain Thomson

04 Apr 2011

The annual HP TippingPoint DVLabs security survey has shown a huge increase in the number of automated toolkits aimed at web exploits.
The 2010 report found that web exploits accounted for 49 per cent of all reported vulnerabilities, against a 10 per cent increase in overall flaws found last year. Attackers are focusing on this area with new automated tools the company said.


Read more: http://www.v3.co.uk/v3-uk/news/2039773/hp-report-h...


--
Was this reply relevant?
+0
-0
mogs CClip 25
Member 4th Apr, 2011 22:20
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Last edited on 4th Apr, 2011 22:24
Get a fast, free web browser
Google Chrome runs web pages and applications with lightning speed.

Download Google Chrome Canary Build
It installs and runs side by side with other Google Chrome installations.
For Windows XP, Vista, and 7
Fast start-up
Google Chrome launches in a snap.
Fast loading
Google Chrome loads web pages quickly.
Fast search
Search the web right from the address bar.

http://tools.google.com/dlpage/chromesxs

"I thought IE9 was smooth and Chrome Dev quick....but this Canary is really sweet " Mogs.

--
Was this reply relevant?
+0
-0
mogs CClip 26
Member 5th Apr, 2011 08:26
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
PKI Improvements Discussed at IETF 80 Meeting
April 4th, 2011, 13:57 GMT| By Lucian Constantin

The security of the public key infrastructure (PKI), which is used to establish trust on the Internet via digital certificates, was the main focus of the 80th Internet Engineering Task Force (IETF) meeting.

The Internet Engineering Task Force (IETF) is an open standards organization composed of working groups and discussion groups dedicated to developing Internet standards.

The organization holds two meetings every year and the latest took place between March 27 and April 1 in Prague, the Czech Republic.

PKI security became a central discussion topic following last month's compromise of several Comodo Registration Authorities (RAs) which resulted in rogue certificates being wrongfully issued for high-profile domains.

More at :-
http://news.softpedia.com/news/PKI-Improvements-Di...

--
Was this reply relevant?
+0
-0
mogs CClip 27
Member 5th Apr, 2011 08:30
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 28
Member 5th Apr, 2011 08:36
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
by Phil Muncaster
05 Apr 2011

There were 286 million new threats in 2010, with web-based attacks up 93 per cent thanks to attack toolkits and the spread of malicious links on social networking sites, according to the latest Symantec Internet Security Threat report.
The security giant found threats continuing to get more sophisticated, as cyber criminals seek to overcome the growing internet security saviness of many web users today.
To this end, there have been large numbers of targeted attacks launched at SMBs seeking to harvest valuable customer data or IP, the firm said.


Read more: http://www.v3.co.uk/v3-uk/news/2040283/symantec-wa...


--
Was this reply relevant?
+0
-0
mogs CClip 29
Member 5th Apr, 2011 10:49
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


Beta Channel Update
Monday, April 4, 2011 | 16:44
Labels: Beta updates
The Beta channel has been updated to 11.0.696.34 for Macintosh, Windows, Linux and Chrome Frame platforms

The following bugs were fixed
Duplicate desktop icon is created using First Run UI even if it's present (Issue 5073).
FLACEncoder::Encode has mismatched free (Issue 77653).
Switch from using Speex to FLAC for speech input requests (Issue 61677).
Chrome hangs on form submit with lots of stored Autofill profiles (Issue 75862).
Browser crash if tab is closed while page is being downloaded (Issue 76963).
You can find full details about the changes that are in this version of Chrome 11 in the SVN revision log.

If you find new issues, please let us know by filing a bug.

Want to change to another Chrome release channel? Find out how.

Karen Grunberg
Google Chrome
5 comments | Links to this post | Email Post

Chrome OS Beta Channel Update
| 13:37
Labels: Chrome OS
The Chrome OS Beta channel has been updated to R11 release 0.11.257.44 including the new Chrome 11 Beta, new trackpad and several stability and functional improvements over the previous release. This release contains the following fixes:
We are now running Flash Player on a new platform known as Pepper/PPAPI by default, which we hope will improve stability and performance. It is also running inside a full sandbox which further protects users from malware and security exploits.
An NPAPI version of Flash Player is still included, but not used by default. If you experience significant problems or incompatibilities with the (default) PPAPI version, you can switch to the NPAPI version using chrome://plugins.
Several WiFi bug fixes are in
Enabled GSM support for 3G via commands in crosh
AutoUpdate now supports Proxy AutoConfiguration (PAC) files and automatic proxy detection
New window switcher UI

You can find full list of fixes that are in Chrome OS R11 in the chromium-os bug tracker . If you find new issues, please let us know by visiting our help site or filing a bug.

Orit Mazor
Google Chrome
http://googlechromereleases.blogspot.com/
8 comments | Links to this post | Email Post

--
Was this reply relevant?
+0
-0
mogs CClip 30
Member 5th Apr, 2011 18:51
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Sony Sites Downed by Anonymous DDoS
April 5th, 2011, 08:26 GMT| By Lucian Constantin

Several Sony websites have experienced downtime during the last 24 hours as a result of distributed denial-of-service attacks mounted by the Anonymous collective.

The hacktivist group announced that it will target Sony in an open letter posted online yesterday, which accused the company of breaching the privacy of numerous individuals and acting against freedom of information principles.

"You have victimized your own customers merely for possessing and sharing information, and continue to target those who seek this information. In doing so you have violated the privacy of thousands of innocent people who only sought the free distribution of information.

"Your suppression of this information is motivated by corporate greed and the desire for complete control over the actions of individuals who purchase and use your products, at least when those actions threaten to undermine the corrupt stranglehold you seek to maintain over copywrong, oops, 'copyright'," the group said.

According to The Register, the UK PlayStation 3 website as well as the European PlayStation Store server were offline earlier today. Other websites belonging to the company might also have been targeted.

More at :-
http://news.softpedia.com/news/Sony-Sites-Downed-b...

--
Was this reply relevant?
+0
-0
mogs CClip 31
Member 5th Apr, 2011 22:03
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
New DHL-Themed Malware Distribution Campaign in the Wild
April 5th, 2011, 09:58 GMT| By Lucian Constantin

Security researchers warn of a new malware distribution campaign which produces emails with malicious attachments that pose as delivery notifications from DHL.

The rogue emails have a subject "DHL Express Services" and their headers have been forged to appear as originating from a @dhl.com address.

They inform recipients that their package is on its way and tells them to read the attached document for more information and to obtain the tracking number. The enclosed message reads:

"Dear customer. The parcel was sent to your home address. And it will arrive within 3 business day. More information and the tracking number are attached in document below. Thank you."

The attached document is called dhl.zip and contains an executable file of the same name which is a trojan downloader.

This threat is responsible for downloading additional malware including a fake antivirus called XP Home Security, according to Vietnamese security vendor Bkis.

Judging from dates of scans and comments on Virus Total for the malicious files involved in this attack, the campaign began sometime over the weekend.

More at :-
http://news.softpedia.com/news/New-DHL-Themed-Malw...

--
Was this reply relevant?
+0
-0
mogs CClip 32
Member 6th Apr, 2011 09:14
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 33
Member 6th Apr, 2011 09:46
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Last edited on 7th Apr, 2011 10:30
Chrome Dev Channel Update
Tuesday, April 5, 2011 | 17:30
Labels: Dev updates
The Dev channel has been updated to 12.0.725.0 for Windows, Mac, Linux and Chrome Frame

All
Updated V8 - 3.2.6.0
Spring cleaning in the code, lots of code cleanup and refactoring under the covers
Windows
Continued work on tab multi-select
Known Issues
78475 Regression: Bidi Chrome UI lost directional diplay in menu and DOMUI and about: page functions
78501 Regression: NACL apps are no longer working
78509 Regression: Autofill fails on certain forms
78073 Regression: Autocomplete sometimes pops up in the upper left corner
More details about additional changes are available in the svn log of all revision.

You can find out about getting on the Dev channel here: http://dev.chromium.org/getting-involved/dev-chann...

If you find new issues, please let us know by filing a bug at http://code.google.com/p/chromium/issues/entry

--
Was this reply relevant?
+0
-0
mogs CClip 34
Member 7th Apr, 2011 10:32
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 35
Member 7th Apr, 2011 10:37
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 36
Member 7th Apr, 2011 10:44
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Google Chrome is making the web a safer place

Drive by attacks stopped in their tracks
By David Neal
Wed Apr 06 2011, 15:15
INTERNET GIANT Google is experimenting with a real-time alert system that should prevent users of its Chrome web browser from stumbling down bad Internet alleys and downloading malicious materials.
The firm is using data from its Safe Browsing API to produce a database of web badness that it will use to leap out in front of web surfers, wave its arms, and scream 'Nooooooooooooo!'.
Moheeb Abu Rajab of the Google security team said, "Safe Browsing has done a lot of good for the web, yet the Internet remains rife with deceptive and harmful content."
According to Rajab, and anyone else that has held a mouse and explored the Internet, it is easy to find websites that promise one thing but deliver another. Although some websites might not be a security risk in themselves, many often encourage users to download something that is, he added.
"It's easy to find sites hosting free downloads that promise one thing but actually behave quite differently," he said. "Such sites usually don't attempt to exploit vulnerabilities on the user's computer system. Instead, they use social engineering to entice users to download and run the malicious content."
In order to protect its users against these attacks Google has added a feature to the Chrome web browser that will display a warning if they attempt to download a suspected executable. Google is starting with Windows executables, as those comprise the majority of malicious files on the web.


Read more: http://www.theinquirer.net/inquirer/news/2041224/g...


--
Was this reply relevant?
+0
-0
mogs CClip 37
Member 7th Apr, 2011 11:38
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Last edited on 7th Apr, 2011 11:41
IE9 exploit puts Windows 7 SP1 at risk
Even fully patched Windows 7 systems are vulnerable, researchers say

By Jasper Bakker | Webwereld Netherlands


A new exploit for IE9 bypasses all security measures in even the latest fully patched version of Windows 7, according to a French security company Vupen.

The exploit uses an unpatched zero-day vulnerability in Internet Explorer 9 and bypasses all the extra security measures of Windows 7. The latest version of Microsoft's operating system, fully up-to-date with service pack 1 (SP1), is vulnerable. The security hole was reported by the French security company Vupen, that previously discovered an IE8 vulnerability in December of last year.

Vupen classifies the exploit for IE9 as reliable, which means it's an effective way for cyber attackers to run malicious code of their choosing on Windows 7 PCs. The exploit manages to break through Windows' additional security layers, such as ASLR, DEP and the sandbox (Protected Mode) in IE9.

"The exploit uses two distinct vulnerabilities. The first one allows execution of arbitrary code within the IE9 sandbox. The second one allows the bypass of the sandbox to achieve full code execution," Vupen's CEO Chaouki Bekra told Dutch IDG news site Webwereld.

Read more at :-
http://www.infoworld.com/d/security/ie9-exploit-pu...



--
Was this reply relevant?
+0
-0
mogs CClip 38
Member 7th Apr, 2011 13:07
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Last edited on 7th Apr, 2011 13:12
Off the hook! Who gets phished and why


Communication researchers at four major universities have found that if you receive a lot of email, habitually respond to a good portion of it, maintain a lot of online relationships and conduct a large number of transactions online, you are more susceptible to email phishing expeditions than those who limit their online activity.
The study, "Why Do People Get Phished?" forthcoming in the journal Decision Support Systems and Electronic Commerce, uses an integrated information processing model to test individual differences in vulnerability to phishing.
The study is particularly pertinent, given the rash of phishing expeditions that have become public of late, the most recent involving the online marketing firm Epsilon, whose database was breached last week by hackers, potentially affecting millions of banking and retail customers.

More at :-
http://www.physorg.com/news/2011-04-phished.html

--
Was this reply relevant?
+0
-0
mogs CClip 39
Member 7th Apr, 2011 13:14
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 40
Member 7th Apr, 2011 17:33
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
The Electronic Frontier Foundation warns that certification authorities (CAs) have signed tens of thousands of digital certificates for unqualified names, some of which even passed extended validation.

The EFF, one of the leading digital rights watchdogs, has reached this conclusion after analyzing data from its SSL Observatory project that looks for weaknesses in the public key infrastructure (PKI).

Digital certificates are used to establish encrypted connections and trust on the Internet, which makes them a vital part of its security.

It's, therefore, no wonder that a recent security incident where a hacker managed to obtain rogue certificates for high-profile domains like google.com, mail.live.com, mail.yahoo.com and others from Comodo has put the practices of certification authorities under the microscope.

The EFF warns that aside from hardcoding usernames and passwords in tools used by resellers and failing to perform proper checks for certificate requests received from them, CAs also sign unqualified names.

In practice, there should be a single certificate per domain or subdomain. However, it turns out that some CAs have signed certificates for names like "exchange", "mail" or "wiki," which cannot be accessed over the Internet and are sometimes used on local networks.

"In fact, the most common unqualified name is 'localhost,' which always refers to your own computer! It simply makes no sense for a public CA to sign a certificate for this private name," writes Chris Palmer, EFF's technology director.

More at :-
http://news.softpedia.com/news/EFF-Reveals-More-Ba...

--
Was this reply relevant?
+0
-0
mogs CClip 41
Member 7th Apr, 2011 17:37
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 42
Member 7th Apr, 2011 20:54
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Firefox 6.0 and Firefox 7.0 First Taste in mid-April and mid-May, Respectively
April 7th, 2011, 16:16 GMT| By Marius Oiaga

Mozilla is hard at work on overhauling the existing release process for Firefox with a strong focus on accelerating the pace at which major new iterations are served to the public.

Christian Legnitto, Mozilla release manager has posted a new draft detailing the development specifics of future versions of Firefox.

According to the proposed development and release timetable, early adopters will be able to get the first taste of Firefox 6.0 and Firefox 7.0 quite soon.

Read more at :-
http://news.softpedia.com/news/Firefox-6-0-and-Fir...

--
Was this reply relevant?
+0
-0
mogs CClip 43
Member 8th Apr, 2011 07:59
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Last edited on 8th Apr, 2011 08:00
Microsoft planning 17 security bulletins for April
by Shaun Nichols

08 Apr 2011
Microsoft is planning to release security fixes for security flaws in Windows, Office and Internet Explorer next week.
The company said that the 12 April monthly release would be comprised of a total of 17 bulletins addressing 64 flaws. Nine of the bulletins will be rated 'critical,' while the remaining eight have been given a less severe 'important' risk rating.

Of the 17 bulletins slated for release, 15 address vulnerabilities which if exploited could allow an attacker to remotely execute code on a targeted system. The remaining two bulletins address an elevation of privilege vulnerability and an information disclosure flaw.


Read more: http://www.v3.co.uk/v3-uk/news/2041967/microsoft-p...


--
Was this reply relevant?
+0
-0
mogs CClip 44
Member 8th Apr, 2011 08:10
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Users find IE9 upgrade in Windows Update
Microsoft swears it hasn't switched on the automatic offer

By Gregg Keizer

Computerworld - Although Microsoft has denied pulling the trigger on Internet Explorer 9 (IE9) upgrade offers, some users have reported that the browser is showing up on their Windows Vista and Windows 7 machines' Windows Update lists.

Several systems at Computerworld and elsewhere have offered the IE9 upgrade as an "Important" item on Windows Update, the default update service for consumers and many small businesses.

On the PatchManagement.org mailing list, Susan Bradley, a blogger who covers Microsoft's Small Business Server and who also writes for the Windows Secrets newsletter, noted that the IE9 offer had appeared in Windows Update.

More at :-
http://www.computerworld.com/s/article/9215614/Use...

--
Was this reply relevant?
+0
-0
mogs CClip 45
Member 8th Apr, 2011 21:19
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK

Drive-By Download Attack Launched from USPS.gov Website

April 8th, 2011, 10:40 GMT| By Lucian Constantin

Malicious code that led to a powerful exploit kit was injected into a compromised USPS.gov website in order to infect visitors with malware.

The infection was spotted by cloud security provider Zscaler on the United States Postal Service's Rapid Information Bulletin Board System (RIBBS) website, ribbs.usps.gov.

The RIBBS website provides information for Intelligent Mail package barcode (IMpb), a new system designed to provide price-level intelligence.

The injected code consisted of obfuscated JavaScript which, when parsed, generated a rogue iframe that loaded a script from an external domain.

Like in most drive-by download attacks, the script in question was used for redirection and led users to another page designed to look as a 404 error.

That page was part of a Blackhole exploit kit installation which checked visitors' browser and operating system in order to launch one of several Java and PDF exploits.

Blackhole is a popular commercial drive-by attack toolkit sold on the underground market and as Virus Total scans show, it comes with well obfuscated exploits that evade the detection of many antivirus products.

More at :-
http://news.softpedia.com/news/Drive-By-Download-A...

--
Was this reply relevant?
+0
-0
mogs CClip 46
Member 8th Apr, 2011 21:23
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 47
Member 9th Apr, 2011 08:58
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
VLC Media Player Affected by Zero-Day Vulnerability

April 8th, 2011, 11:59 GMT| By Lucian Constantin

A critical zero-day vulnerability has been discovered in VLC media player and can potentially be exploited to execute arbitrary code on a user's system.

The flaw is located in libmodplug, a third-party library used to load and render music module files in multiple formats including .669, .amf, .ams, .dbm, .dmf, .dsm, .far, .it, .j2b, .mdl, .med, .mod, .mt2, .mtm, .okt, .psm, .ptm, .s3m, .stm, .ult, .umx, and .xmSound.

The libmodplug package is present by default in many Linux distributions, including Debian, Fedora, Ubuntu, Gentoo, as well as some media players.

"The vulnerability is caused due to a boundary error within the "CSoundFile::ReadS3M()" function in src/load_s3m.cpp, which can be exploited to cause a stack-based buffer overflow by e.g. tricking a user into opening a specially crafted S3M file," vulnerability research vendor Secunia explains.

The flaw was discovered by M. Lucinskij and P. Tumenas of the SEC Consult Vulnerability Lab and was patched in libmodplug 0.8.8.2, released at the beginning of April.

However, the latest VLC binary packages, such as those for Windows and Mac OS X, still contain an outdated version of the library.

Because there is still no patch for VLC and proof-of-concept exploit code is publicly available, Secunia rates the vulnerability for the media player as highly critical.

More at :-
http://news.softpedia.com/news/VLC-Media-Player-Af...

--
Was this reply relevant?
+0
-0
mogs CClip 48
Member 9th Apr, 2011 09:02
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
by Iain Thomson

09 Apr 2011

The Russian internal security service has complained that Gmail, Hotmail and Skype make it too difficult to monitor its citizens.
A senior official with Federal Security Service of the Russian Federation (FSB), the renamed KGB, told a Russian government commission on technology that the encryption protocols used by the online services were too hard to break and should be banned as a threat to national security.


Read more: http://www.v3.co.uk/v3-uk/news/2042281/russian-sec...


--
Was this reply relevant?
+0
-0
mogs CClip 49
Member 9th Apr, 2011 09:05
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Home Office claims success for e-Borders monitoring system
by Khidr Suleman

The government's controversial e-Borders monitoring system led to the arrest of thousands of criminals who attempted to cross the UK border, the Home Office has revealed.

Some 2,800 arrests were made during 2010 and 2011 after the electronic information of 126 million passengers was monitored by the UK Border Agency, police, the Serious Organised Crime Agency and HM Revenue & Customs.

Out of the thousands arrested, 18 were linked to murder and 27 were arrested on suspicion of rape. Another 29 were apprehended in connection with sex offences and 25 for other violent crimes, the Home Office said in a statement.


Read more: http://www.v3.co.uk/v3-uk/news/2042060/home-office...


--
Was this reply relevant?
+0
-0
mogs CClip 50
Member 9th Apr, 2011 09:08
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
New fake antivirus accepts SMS payments
by Elinor Mills
6 comments


New fake AV programs offer a variety of payment methods.
(Credit: CyberDefender)
There's a new twist with some fake antivirus scareware that has cropped up. It accepts payment via SMS, according to antivirus firm CyberDefender.
Typical rogue security programs infect the system first, then display pop ups warning that the computer is infected, and request payment to clean it up. The new programs are seemingly more genteel, asking for the money before the program is installed and infects the system, said Achal Khetarpal, threat research director at CyberDefender. Of course, a payment does nothing to "fix" a system and means criminals now have your money and possibly your credit card information.
When a potential victim happens upon a Web site hosting the malware, a dialog box pops up that looks very much like an installer window for a legitimate antivirus product, according to screenshots from CyberDefender. It says "Welcome ... Read full post & comments


Read more: http://news.cnet.com/security/#ixzz1J0WL8NDi

--
Was this reply relevant?
+0
-0
mogs CClip 51
Member 9th Apr, 2011 12:12
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Last edited on 9th Apr, 2011 12:13


--
Was this reply relevant?
+0
-0
mogs CClip 52
Member 9th Apr, 2011 19:18
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
By Lucian Constantin

Russia's President Dmitry Medvedev has condemned the recent distributed denial-of-service (DDoS) attacks against blog publishing platform LiveJournal, calling them outrageous and illegal.

President Medvedev maintains a personal blog on LiveJournal since April 2009, a few months after the entire site's development moved to Russia.

LiveJournal is very popular with Russian bloggers, much more so than WordPress.com or Google's Blogger, services favored in the rest of the world.

Since the second half of last month, LiveJournal has been hit repeatedly by DDoS attacks for reasons not yet entirely clear.

More at :-
http://news.softpedia.com/news/Russian-President-C...

--
Was this reply relevant?
+0
-0
mogs CClip53
Member 9th Apr, 2011 19:26
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Top 5 Cloud Computing Security Concerns

April 8, 2011
By Geoff Webb

Cloud computing: If you haven't heard this term by now then you are definitely not in IT. But, since you are even reading this far, I'm going to assume that consuming IT services via the cloud is something you and your business are contemplating. Like everything else these days, security considerations have to be part of the Top 3 checklist items when making the decision to off load part of your IT department to a third party (which is exactly what a "cloud" services provider is) or, even, to move your internal IT service onto a cloud platform.
So with that in mind, I've come up with a five "talking points" to get you started seriously thinking about where and how security fits into the cloud decision-making process:

More at :-
http://www.esecurityplanet.com/features/article.ph...

--
Was this reply relevant?
+0
-0
mogs CClip 54
Member 10th Apr, 2011 09:09
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 55
Member 11th Apr, 2011 19:18
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 56
Member 11th Apr, 2011 20:28
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Firefox 5 is set for a June release

Latest browser will exit beta on June 21
By David Neal
Mon Apr 11 2011, 16:13
OPEN SOURCE SOFTWARE OUTFIT Mozilla will release version five of its Firefox browser on June 21, according to a developer road map.
The organisation will have a steady rollout schedule for the updated Firefox browser, which will see it released as a beta on May 17 and enter the final release stage approximately five weeks later. The rapid releases signal something of a change at Mozilla and sees it launch the next version just a couple of weeks after it released the well received Firefox 4. Downloads of Firefox 4 have already topped 75 million, as displayed on Mozilla's download counter website.


Read more: http://www.theinquirer.net/inquirer/news/2042562/f...


--
Was this reply relevant?
+0
-0
mogs CClip 57
Member 12th Apr, 2011 08:02
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 58
Member 12th Apr, 2011 18:30
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Ransom Trojan takes PC files hostage using unbreakable encryption

Your money or your files blow up
By Asavin Wattanajantra
Tue Apr 12 2011, 13:16
THE LATEST ransom Trojan malware uses 'unbreakable' forms of public key encryption to take your computer files hostage and extort money as ransom for them.
Ransom Trojans on your computer encrypt your files and ask for payment in different ways, sometimes with an overt threat to destroy the files if money isn't paid. In the past, computers could generally be unencrypted without people having to pay the ransom.
But Mikko Hyponnen, chief security researcher at F-Secure, warned about the latest version of a ransom Trojan called GPcode. It uses public key encryption in the form of AES with an RSA key to lock the files on your computer. And instead of telling you to wire transfer money, it tells you to use prepaid credit cards, transferring the money that way.
He said, "We aren't aware of any mechanism of breaking that. If you have backups it's no problem. The next solution is to pay. And we know of people to have paid to get the key and information back."


Read more: http://www.theinquirer.net/inquirer/news/2042812/r...


--
Was this reply relevant?
+0
-0
mogs CClip 59
Member 12th Apr, 2011 18:33
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Dutch government plans to ban filesharing websites

Once lenient government puts its clog down
By Dave Neal
Tue Apr 12 2011, 15:50
THE USUALLY PROGRESSIVE Netherlands government looks close to approving a change in law that it will outlaw filesharing websites.
According to the Torrentfreak website, the Dutch government is looking to crack down on what are viewed as 'pirate' websites, and sees dropping a clog firmly on top of them as the best solution.
The government plans were announced in a statement by State Secretary of Security and Justice Fred Teeven, who explained that media consumption had changed and as such, so should the laws that surround it.


Read more: http://www.theinquirer.net/inquirer/news/2042889/d...


--
Was this reply relevant?
+0
-0
mogs CClip 60
Member 12th Apr, 2011 18:37
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 61
Member 12th Apr, 2011 18:40
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
VLC Media Player Affected by New Critical Vulnerability

April 12th, 2011, 06:12 GMT| By Lucian Constantin

The VideoLAN Organization has published patches to address a critical vulnerability in VLC media player that can be exploited to execute arbitrary code.

The flaw is located in the MP4 demultiplexer and is caused by an error in the "MP4_ReadBox_skcr()" function.

The vulnerability can be exploited by tricking users to open a specially crafted MP4 file which would a cause a heap-based buffer overflow and allow code execution.

The bug was reported by Aliz Hammond in VLC media player 1.1.8, but older versions might also be affected.

Vulnerability research vendor Secunia rates the flaw as highly critical because it can be exploited remotely through the VLC ActiveX control or Firefox plug-in.

More at :-
http://news.softpedia.com/news/VLC-Media-Player-Af...

--
Was this reply relevant?
+0
-0
mogs CClip 62
Member 12th Apr, 2011 18:48
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Texas Security Gaffe Dwarfs Epsilon Data Breach
3.5 million records, including data more personal than an email address
By Kevin Fogarty, ITworld Apr 11, 2011 11:06 pm

I hate to minimize the data breach at Epsilon, a service company that sends out 40 billion emails a year for its corporate customers and got cracked by a group that stole data that could equal millions of consumer email addresses.

Big customers whose data was taken included Citibank, Disney, Hilton, JP Morgan Chase, Target, Tivo, Barclays Bank.

It's hard to be more high profile than that, even if you're the kind of company the actual customers are never supposed to see.

Texas did it bigger, though. A lot bigger.

The unencrypted personal records of 3.5 million Texans were exposed for more than a year after they were copied onto a server accessible by the public over the web.

The problem was discovered by staffers from the office of State Comptroller Susan Combs, who were doing a routine security scan and found records that not only should not have been on a public server, but should have been encrypted as required by Texas state law.

More at :-
http://www.pcworld.com/article/224899/texas_securi...

--
Was this reply relevant?
+0
-0
mogs CClip 63
Member 12th Apr, 2011 23:29
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 64
Member 13th Apr, 2011 07:32
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK

Microsoft breaks record with massive security patch for April
by Iain Thomson
13 Apr 2011

Microsoft has broken its own record for flaw fixes with a huge security patch update, covering Microsoft Windows, Office, Internet Explorer, Visual Studio, .NET Framework and GDI+.
In all nine of the patches are rated as critical by the copany and eight as important. Microsoft's advice is that three patches - MS11-020 (SMB Server), MS11-019 (SMB Client) and MS11-018 (Internet Explorer) - are of the highest priority for IT managers. All three allow for remote code execution, and attacks using one of the flaws have been seen in the wild.
"With these MS11-018 already has a zero-day exploit out there being used to compromise consumers machines - it was disclosed at the Pwn2Own contest at CanSecWest," Amol Sarwate, vulnerabilities lab manager for Qualys told V3.co.uk.
"Meanwhile MS11-020 is dangerous because it's an old school attack and doesn't require any user interaction, and uses in SMB service that runs on all computers."
Microsoft's senior response communications manager for Trustworthy Computing Pete Voss said that the unusual size of today's patch release (breaking December 2010's record) was largely down to a single patch, MS11-034, which fixes 30 flaws which share a common root.
Voss also praised the response of non-Microsoft researchers in contributing flaws to the release. In all 21 outside researchers contributed data to the patch released by the Microsoft Security Response Center (MSRC) today.
"This was a great month for industry collaboration," Voss wrote on the MRSC blog.


Read more: http://www.v3.co.uk/v3-uk/news/2042951/microsoft-b...


--
Was this reply relevant?
+0
-0
mogs CClip 65
Member 13th Apr, 2011 07:46
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK

Chrome Dev Channel Update
Tuesday, April 12, 2011 | 17:07
Labels: Dev updates
The Chrome Dev channel has been updated to 12.0.733.0 for all platforms. This release contains updates focused on stability and UI tweaks. The full list of changes is available from the SVN revision log. If you find new issues, please let us know by filing a bug. Want to change to another Chrome release channel? Find out how.


Jason Kersey
Google Chrome
5 comments | Links to this post | Email Post

Beta Channel Update
| 12:50
Labels: Beta updates
The Beta channel has been updated to 11.0.696.43 for Macintosh, Windows, Linux and Chrome Frame platforms

The following bugs were fixed
Passwords sync: passwords sync commits after EVERY browser restart (Issue 78548).
Autofill fails to fill forms (Issue 78509).
a few known crashes (Issue 78688, Issue 68350, Issue 77665, Issue 74585, Issue 76092, Issue 77219 and Issue 77447).
Redirect to my site without CFInstall.js (Issue 60018).
Update Silverlight v3 version metadata (Issue 78005).
Blocked plug-in dialog: make sure "Run this time" button is the first one (Issue 78120).
Policy: Proxy configuration over policy does not work. (Issue 78016).
Editing style adds the word "initial" for any property value that uses a paren (Issue 75302).
Google Chrome Helper doesn't quit, killing it relaunches a new helper process (Issue 74983).
You can find full details about the changes that are in this version of Chrome 11 in the SVN revision log.

If you find new issues, please let us know by filing a bug.

Want to change to another Chrome release channel? Find out how.

Karen Grunberg
Google Chrome
http://googlechromereleases.blogspot.com/

--
Was this reply relevant?
+0
-0
mogs CClip 66
Member 13th Apr, 2011 08:04
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK

Web Security Company's Website Hacked
April 12th, 2011, 14:21 GMT| By Lucian Constantin

A group of hackers has managed to break into the website of Web security firm Barracuda Networks and extract confidential information from its database.

California-based Barracuda Networks specializes in email, Web and messaging security solutions. It sells firewall, filtering, archiving, backup, load balancing and other appliances and services.

The attack against its website was performed by a group of Malaysian grey hat hackers called HMSec, who also published the extracted data online.

The attack method used was SQL injection, which exploits a common, but dangerous type of Web vulnerability giving attackers access to the underlying database.

The hackers published the database schema, as well as the email addresses and hashed passwords of the company's employees and partners.

The password hashes appear to have been generated with MD5, a crackable algorithm, however, a method known as "salting" was used to secure them.

The company acknowledged the compromise and said the attack was performed during a short period of firewall inactivity.

More at :-
http://news.softpedia.com/news/Web-Application-Sec...

--
Was this reply relevant?
+0
-0
mogs CClip 67
Member 13th Apr, 2011 11:05
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Adobe Flash zero-day shows a Chinese connection
The latest Flash zero-day security hole -- the one hitched to a Word document -- literally has 'China' written all over it

By Woody Leonhard | InfoWorld

Permit me to start with a truism: In the world of computer forensics, you never really know anything for sure. With that as a given, the case of the new Flash zero-day exploit keeps getting curiouser and curiouser, and "China" keeps popping up.

Yesterday Adobe confirmed the critical Flash zero-day bug. This previously unknown security hole was discovered as an embedded Flash .swf file object inside a Word document sent via email. In her Contagio Malware Dump blog, researcher Mila Parkour gives extensive details about the .swf file and the infected .doc file that's making the rounds.

More at :-
http://www.infoworld.com/t/data-security/adobe-fla...

--
Was this reply relevant?
+0
-0
mogs CClip 68
Member 13th Apr, 2011 13:37
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 69
Member 13th Apr, 2011 13:43
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Microsoft fixes Pwn2own Internet Explorer hole

Along with 63 other software vulnerablities
By Asavin Wattanajantra
Wed Apr 13 2011, 11:14
THIS MONTH'S Microsoft Patch Tuesday fixed a vulnerability in Internet Explorer used by hackers to win last month's Pwn2own hacking contest, along with 63 other flaws in Microsoft software.
A patch for the MS11-018 vulnerability was vital, as there were reports of attacks in the wild targeting the flaw in Internet Explorer 6, 7 and 8, which could allow criminals to take over machines. This time Microsoft was fortunate that IE 9 was unaffected, as the flaw had been found during the browser's development.
Microsoft fixed the primary use-after-free vulnerability used to gain code execution, but there remain two other flaws discovered at Pwn2own. However these don't pose a direct threat to users as they are only useful if the original flaw is present.


Read more: http://www.theinquirer.net/inquirer/news/2043134/m...


--
Was this reply relevant?
+0
-0
mogs CClip 70
Member 13th Apr, 2011 14:16
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 71
Member 13th Apr, 2011 15:30
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Last edited on 13th Apr, 2011 15:37
Zynga will shutter the Flock web browser

Pulls the plug
By Dean Wilson
Wed Apr 13 2011, 12:31
THE CHROMIUM BASED web browser Flock will be discontinued later this month.
The browser was bought by social gaming firm Zynga in January and, according to the Flock team, its staff are now working with Zynga's team on "the most, fun, social games", such as the Facebook success FarmVille.
The web browser will remain available for those currently using it, but a number of key features, such as social networking integration, will be deactivated on 26 April. Since the browser will no longer be maintained or updated it will become a security risk for those who choose to continue using it.


Read more: http://www.theinquirer.net/inquirer/news/2043212/z...


--
Was this reply relevant?
+0
-0
mogs CClip 72
Member 13th Apr, 2011 15:44
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Malaysia's Top News Website Hit by DDoS Attack
April 13th, 2011, 06:55 GMT| By Lucian Constantin

Malaysia's top news website, Malaysiakini.com, was the victim of a distributed denial-of-service (DDoS) attack yesterday which rendered it unreachable.

It's unclear who instrumented the attack or what was their intention, but it coincided with the start of elections in Sarawak, the largest Malaysian state located on the island of Borneo.

Malaysiakini provides news in English, Malay, Chinese and Tamil and has over 1.6 million monthly unique visitors. Since mid-2008, the website is the most popular online news source in the Asian country.

More at :-
http://news.softpedia.com/news/Malaysia-s-Top-News...

--
Was this reply relevant?
+0
-0
mogs CClip 73
Member 13th Apr, 2011 18:01
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 74
Member 14th Apr, 2011 09:04
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
New Zealand Government Aggressively Pushes Three-Strikes Anti-Piracy Law

By Lucian Constantin

A controversial anti-piracy bill according to which repeat copyright infringers will be disconnected from the Internet is being rushed by the New Zealand government.

Dubbed the Copyright (Infringing File Sharing) Amendment Bill, the proposed legislation is scheduled to undergo its second reading in Parliament today.

This came as a surprise to some MPs because today's urgent session was intended for discussing measures to help Christchurch recover after the devastating earthquake.

The anti-piracy bill will allow copyright owners who believe their rights have been infringed to request that ISPs send warning letters the the alleged offenders.

In cases of repeat infringement, the matter will be analyzed by the New Zealand Copyright Tribunal which can hand down fines of up to NZ$15,000.

If despite fines, the behavior does not stop, the offender can be disconnected from the Internet for a period of six months, a provision commonly referred to as the three-strikes rule.

More at :-
http://news.softpedia.com/news/New-Zealand-Aggresi...

--
Was this reply relevant?
+0
-0
mogs CClip 75
Member 14th Apr, 2011 09:07
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Ransomware Spoofs Windows Activation Screen

By Lucian Constantin

Security researchers warn of a new piece of ransomware that spoofs the Windows license activation screen to trick users to call premium rate numbers.

Unlike scareware programs, which try to scare users into paying money for fixing fictitious computer problems, ransomware applications take a more aggressive approach and block access to critical features until payment is made.

A new piece of ransomware spotted by security experts from F-Secure is no different in that respect as it prevents victims from reaching their Desktop.

It displays a screen that looks like the Windows XP Activation one and claims that the Windows license needs activating.



"This copy of Windows is locked. You may be a victim of a fraud or there may be an internal system error. To continue using Windows you should complete activation," a message displayed on the rogue screen reads.

Users are told the process is absolutely free and they don't need to provide any personal information, claims that are obviously false.

More at :-
http://news.softpedia.com/news/Ransomware-Spoofs-W...

--
Was this reply relevant?
+0
-0
mogs CClip 76
Member 14th Apr, 2011 09:38
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Nordic and Asian nations connected for growth, says WEF

The WEF says becoming totally wired through ICT structures can help nations' economies.
Sweden and Singapore are the most competitive countries in the digital economy, according to a study by the World Economic Forum (WEF).

Nordic and Asian economies are best at using information and communications technologies (ICT) to boost their growth, the WEF said.

Finland is in third place, Switzerland fourth and the United States fifth.

More at :-
http://www.bbc.co.uk/news/business-13053999

--
Was this reply relevant?
+0
-0
mogs CClip 77
Member 14th Apr, 2011 09:45
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
"Request rejected" spam campaign leads to fake AV
Posted on 13.04.2011A spam email campaign carrying a malicious attachment designed to download and run a fake AV solution on the recipient's computer is currently hitting inboxes around the world.

The subject of the email is "Request rejected" and contains the following text:
Dear Sirs,
Thank you for your letter!
Unfortunately we can not confirm your request!
More information attached in document below.
Thank you
Best regards.
The message does not contain any hint on what the rejected request might be, and since the purported sender and its email address don't offer much information either, it's easy to see how a lot of people might be tricked into downloading the attached EX-38463.pdf.zip file to check out what this is all about.

According to CA researchers, the zipped attachment contains a file by the name of EX-38463.pdf.exe, which is a downloader Trojan that connects the computer to hdjfskh.net, from where it downloads and executes a fake AV variant.


http://www.net-security.org/malware_news.php?id=16...

--
Was this reply relevant?
+0
-0
mogs CClip 78
Member 14th Apr, 2011 09:50
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
WordPress.com hack could put premium users at risk
WordPress.com maker Automattic reveals that hackers may have made off with sensitive bits of source code

By Ted Samson | InfoWorld

Malicious hackers have successfully breached WordPress.com servers and potentially made off with sensitive bits of the publishing platform's underlying code. The breach could impact premium customers using WordPress for their websites, such as Flickr, NASA, Yahoo, and the New York Times.

More at :-
http://www.infoworld.com/t/hacking/wordpresscom-ha...

--
Was this reply relevant?
+0
-0
mogs CClip 79
Member 14th Apr, 2011 09:54
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
by Iain Thomson
More from this author
14 Apr 2011

The FBI and US Department of Justice (DoJ) have just completed their biggest computer crime action, with the seizure of servers and domain names behind the Coreflood botnet.
So far five command and control servers have been identified and removed by law enforcement, as well as 29 domain names used by the command and control system behind the botnet. The servers have been replaced by systems which shut down the malware when infected PCs update themselves, and security firms will be updated on the latest Coreflood signature files.


Read more: http://www.v3.co.uk/v3-uk/news/2043377/fbi-doj-rai...


--
Was this reply relevant?
+0
-0
mogs CClip 80
Member 14th Apr, 2011 18:44
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK

Patch Schedule Announced for Flash Player and Adobe Reader
April 14th, 2011, 06:51 GMT| By Lucian Constantin

Adobe plans to release a security patch for Flash Player tomorrow and one for Adobe Reader and Acrobat two weeks from now in order to address a critical vulnerability actively exploited in the wild.

The security issue was discovered earlier this month in targeted email attacks that distributed Word documents rigged with a SWF exploit.

According to an analysis by independent security researcher Mila Parkour, there were several different rogue emails and judging by their content and name of distributed files they targeted corporate users, probably in a cyber espionage attempt.

Identified as CVE-2011-0611, the flaw affects Flash Player 10.2.153.1 and earlier for Windows, Mac, Linux and Solaris, as well as Flash Player 10.2.156.12 and earlier for Android.

Adobe Reader and Acrobat are also affected because of the authplay.dll component which is responsible for Flash playback support inside PDF documents.

"We are in the process of finalizing a fix for the issue and expect to make available an update for Flash Player 10.2.x for Windows, Macintosh, Linux and Solaris on Friday, April 15, 2011," Adobe's Product Security Incident Response Team (PSIRT) wrote on its blog.

Furthermore, it announced that affected Adobe Reader and Acrobat versions, with the exception of Adobe Reader X (10.0.1) for Windows, will be updated on April 25.

Adobe Reader X for Windows is also vulnerable, but its new sandboxing technology protects it from exploits that might try to exploit the flaw in order to execute arbitrary code.

Therefore Adobe Reader and Acrobat X for Windows will follow the regular quarterly security update cycle and will receive a patch on June 14.

Users who want to protect themselves from the Word-based or PDF-based attacks can uninstall the ActiveX version of Flash Player and delete the authplay.dll component from the Adobe Reader folder.


http://news.softpedia.com/news/Patch-Schedule-Anno...

--
Was this reply relevant?
+0
-0
mogs CClip 81
Member 14th Apr, 2011 18:52
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Google will stop users from sending Gmail to the wrong people

Hopes to reduce confusion
By Dave Neal
Thu Apr 14 2011, 14:10
WEBMAIL HOST Google has added fresh features to its Gmail client meant to stop users from sending messages to the wrong people.
The features have been released from Google Labs and are called "Don't forget Bob" and "Got the wrong Bob?". Google said that they should prevent users from making some common email mistakes, which are, of course, either forgetting to email someone or emailing the wrong person in the first place.
"We've received quite a bit of positive feedback from people who avoided some embarrassing situations thanks to these features. And today, we're excited to graduate them from Gmail Labs and start turning them on for everyone," wrote the Internet giant in a blog post.
"Once that happens, as you type in your recipients, Gmail will automatically make suggestions based on the groups of people you email most often. When you see a suggestion to add a person you've forgotten, all you have to do is click on their name to add them."


Read more: http://www.theinquirer.net/inquirer/news/2043608/g...


--
Was this reply relevant?
+0
-0
mogs CClip 82
Member 14th Apr, 2011 18:58
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Safari is the latest of the top four most popular browsers to receive a do-not-track privacy tool.

So far, the feature is still being tested by developers, but if everything goes according to plan, it will be included in the next version of Mac OS X (Lion) due to be released in the summer.

Of the top four most used browsers - Microsoft's Internet Explorer, Mozilla's Firefox, Google's Chrome and Apple's Safari - Google is the only company that has yet to decide to add a do-not-track tool in its browser.

According to the Wall Street Journal Google says it will still be closely involved in the discussion about whether do-not-track tools should be offered with browsers, which is actually understandable since Google has a major stake in the market of online advertising.

Google's spokesman also pointed out that the company offers an add-on for Chrome called "Keep My Opt-Outs", which lets users request that their data not be used for targeted advertising.

More at :-
http://www.net-security.org/secworld.php?id=10901

--
Was this reply relevant?
+0
-0
mogs CClip 83
Member 14th Apr, 2011 22:20
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Stable Channel Update
Thursday, April 14, 2011 | 12:29
Labels: Stable updates


The Chrome Stable and Beta channels have been updated to 10.0.648.205 for Windows, Mac, Linux and Chrome Frame. This release contains a new version of Adobe Flash which includes a fix for a security vulnerability, as well as the security fixes listed below.

Security fixes and rewards:
Please see the Chromium security page for more detail. Note that the referenced bugs may be kept private until a majority of our users are up to date with the fix.

[$500] [Windows only] [70070] Critical CVE-2011-1300: Off-by-three in GPU process. Credit to yuri.ko616.
[75629] Critical CVE-2011-1301: Use-after-free in the GPU process. Credit to Google Chrome Security Team (Inferno).
[$1000] [78524] Critical CVE-2011-1302: Heap overflow in the GPU process. Credit to Christoph Diehl.

The full list of changes is available from the SVN revision log. If you find new issues, please let us know by filing a bug. Want to change to another Chrome release channel? Find out how.

http://googlechromereleases.blogspot.com/
Jason Kersey
Google Chrome

--
Was this reply relevant?
+0
-0
mogs CClip 84
Member 15th Apr, 2011 08:28
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Beta Channel Update
Thursday, April 14, 2011 | 14:04
Note: Chrome Beta Channel has been updated to 11.0.696.48 for Linux with the same changes as below.

The Chrome Beta channel has been updated to 11.0.696.44 for Windows, Mac and Chrome Frame.

This release contains a new version of Adobe Flash which includes a fix for security vulnerability.

If you find new issues, please let us know by filing a bug.

Want to change to another Chrome release channel? Find out how.

Karen Grunberg
Google Chrome
4 comments | Links to this post | Email Post

--
Was this reply relevant?
+0
-0
mogs CClip 85
Member 15th Apr, 2011 09:13
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Yuri Gagarin Google Images Search Results Poisoned
April 14th, 2011, 13:31 GMT| By Lucian Constantin

Security researchers warn that searching for pictures of Russian space pioneer Yuri Gagarin on Google Images can lead to scareware pages.

Apparently cyber criminals have been engaging in a so-called black hat SEO campaign since April 12, when the world celebrated Yuri's Night to commemorate space exploration.

The celebration is named after Russian cosmonaut Yuri Gagarin, who on April 12, 1961, became the first human being to journey into outer space aboard the Vostok 1 spacecraft.

Interest into the event's commemoration was enhanced by Google replacing its logo with a doodle designed especially for the occasion.

More at :-
http://news.softpedia.com/news/Google-Images-Searc...

--
Was this reply relevant?
+0
-0
mogs CClip 86
Member 15th Apr, 2011 09:17
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 87
Member 15th Apr, 2011 10:14
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Apple delivers security updates for iOS and Safari
by Shaun Nichols

Apple has released a series of security updates for its iOS mobile operating system, as well as its Safari browser and Macintosh operating system.
Among the security fixes delivered in the update are patches to address a vulnerability in the SSL system caused by the security breach at Comodo. A hacker used stolen data from the company to craft a series of fraudulent SSL certificates.
Apple said that the update would change its trust policy to recognise and block the fraudulent SSL certificates. The update will be rolled out to iPhone, iPad and iPod Touch users running iOS 4.2 and 4.3, as well as OS X and both the Mac and Windows versions of Safari.
Additionally, Apple is issuing fixes for a pair of flaws in the WebKit browser platform. Safari and iOS users will both receive updates to fix a pair of flaws in WebKit, which could be exploited by an attacker to perform a remote code execution attack.


Read more: http://www.v3.co.uk/v3-uk/news/2043734/apple-deliv...


--
Was this reply relevant?
+0
-0
mogs CClip 88
Member 15th Apr, 2011 10:19
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK

Spotify cuts back on free music

Online music service Spotify is halving the amount of free music that users can listen to.

Users of its free service will be limited to 10 hours per month, half the time currently offered and will only be able to listen to tracks five times, from May.

New users will get six months of free content before the changes kick in.

The news has angered fans who accuse the firm of seeking to change its model from free to paid.
More at :-
http://www.bbc.co.uk/news/technology-13078302

--
Was this reply relevant?
+0
-0
mogs CClip 89
Member 15th Apr, 2011 11:36
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Side Channel Attack Beats Skype Encryption
April 14, 2011
By Paul Rubens


What is a side channel attack you ask? Good quesiton. A side channel attack uses observations of characteristics such as the power consumption of the system carrying out encryption computations, or the length of time that these computations take, as sources of information that can be used to defeat an encryption system. It turns out that the security of encrypted Skype conversations is vulnerable to a particularly slap-your-head obvious side channel attack that exploits the fact that the service uses variable bit rate compression.

More at :-
http://www.esecurityplanet.com/news/article.php/39...

--
Was this reply relevant?
+0
-0
mogs CClip 90
Member 15th Apr, 2011 14:11
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 91
Member 15th Apr, 2011 14:22
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Oracle to fix 73 security bugs next week
But Java SE and Java for Business are not set to be updated

By Robert McMillan | IDG News Service


Oracle plans to release a large number of security patches for its various software products next week, including six bug-fixes for its flagship database software.

All told, there will be 73 security vulnerabilities fixed across Oracle's various product lines. Oracle releases patches for all of its software - except the Java virtual machine -- quarterly, in a set of patches it calls the Critical Patch Update (CPU).

[ Learn how to greatly reduce the threat of malicious attacks with InfoWorld's Insider Threat Deep Dive PDF special report. ]

Next week's CPU is due on Tuesday. There are nine fixes set for Oracle Fusion middleware, 14 for the PeopleSoft Suite and eight for the JD Edwards Suite.

Two of the database flaws are considered critical, meaning they "may be exploited over a network without the need for a username and password," Oracle said in a statement posted to its website Thursday.

The updates are set to come one week after Microsoft issued one of the largest collections of security patches it has ever issued. They also come on the tail of Apple Mac OS X, Safari, and iOS updates, released Thursday.

Oracle will patch many of its Sun products, including Solaris and some of the Java server software. However, the widely used Java SE and Java for Business client software are not scheduled to be updated in next week's release.

More at :-
http://www.infoworld.com/d/security/oracle-fix-73-...

--
Was this reply relevant?
+0
-0
mogs CClip 92
Member 15th Apr, 2011 16:27
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Internet Explorer 10 will not support Windows Vista
By David Meyer (@superglaze), 15 April, 2011 10:16

Microsoft has confirmed that the next version of its Internet Explorer browser will not run on any version of the company's operating system below Windows 7.

When the company showed off the first IE10 platform preview on Tuesday, it said the early version of the browser would only run on Windows 7. However, on Thursday the company confirmed that it would never allow Windows Vista support in IE10, much as it did not allow Windows XP support in IE9.

"Windows Vista customers have a great browsing experience with IE9, but in building IE10 we are focused on continuing to drive the kind of innovation that only happens when you take advantage of the ongoing improvements in modern operating systems and modern hardware," the company said in a statement.

Internet Explorer 10 will ship with Windows 8 in 2012, with improvements including new HTML 5 features and enhanced JavaScript support.


http://www.zdnet.co.uk/blogs/communication-breakdo...

--
Was this reply relevant?
+0
-0
mogs CClip 93
Member 15th Apr, 2011 16:59
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Last edited on 15th Apr, 2011 17:01
Mozilla plans changes to web certification policy
By Darren Pauli, ZDNet Australia, 15 April, 2011 10:40

Mozilla is reviewing a final draft of its baseline policies to address problems in the way that web certificates are issued.

Mozilla wants Certificate Authorities (CAs) that issue web certificates to adopt a standard that has been dubbed Baseline Requirements for the Issuance and Management of Publicly-Trusted Certificates (PDF), published by the Certificate and Browser Forum and still in a final draft.

Mozilla consultant Kathleen Wilson said on a development forum that from 30 June, Mozilla software will refuse certificates signed with the troubled MD5 hash algorithm for intermediate and end-entity CAs, and "will take this action earlier and at its sole discretion if necessary to keep our users safe".

More at :-
http://www.zdnet.co.uk/news/security-management/20...

--
Was this reply relevant?
+0
-0
mogs CClip 94
Member 16th Apr, 2011 11:06
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
New IM Worm Blocks Access to AV Sites
By Lucian Constantin

Security researchers warn that a malicious component distributed by an IM worm cripples antivirus systems and blocks access to many security-related websites.

The attack begins with malicious links spammed on Windows Live Messenger leading users to rogue pages distributing the trojan dropper.

According to BitDefender's Bogdan Botezatu "the payload is presented as multiple sections of Base-16 Unicode data.

"Conversion to ANSI reveals a set of buffers split by a separator. Ignoring the separators and dumping the data reveals an encrypted file packed with UPX."

The trojan attempts to cripple antivirus programs, but not in the traditional way by using a rootkit. Instead, it closes some of the processes which makes user's interaction with the security programs impossible.

Read more at :-
http://news.softpedia.com/news/New-IM-Worm-Blocks-...

--
Was this reply relevant?
+0
-0
mogs CClip 95
Member 16th Apr, 2011 11:11
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 96
Member 16th Apr, 2011 22:40
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK

Microsoft Patch Disables TDL4 Rootkit on 64-Bit Windows
April 16th, 2011, 07:25 GMT| By Lucian Constantin
Modifications made as part of a Windows update released by Microsoft this week effectively kill the notorious TDL4 rootkit on 64-bit Windows Vista and 7.

Since 64-bit Windows only accepts digitally-signed drivers, there are very few rootkits that manage to infect such systems.

One of them is TDL4, the latest version from the TDSS family of rootkits. It installs itself in the master boot record, making it possible to modify the operating system since the first moment it starts.

On 64-bit systems, it leverages a BCD (Boot Configuration Data) option called BcdOSLoaderBoolean_WinPEMode to disable the code integrity checks in the OS.

On Tuesday, Microsoft released KB2506014, an update which according to the corresponding advisory "addresses a method by which unsigned drivers could be loaded by winload.exe."

Security researchers from ESET note that this update removes the BcdOSLoaderBoolean_WinPEMode option abused by the TDL4 rootkit. In addition, the update intentionally modifies the size of a file called kdcom.dll by adding a KdReserved0 exported symbol.

Under normal circumstances TDL4 checks the size of this file's export directory and replace it with its own malicious version. According to the ESET researchers the change made to kdcom.dll serves no other purpose than to prevent the rootkit from replacing it.

More at :-
http://news.softpedia.com/news/Microsoft-Patch-Dis...

--
Was this reply relevant?
+0
-0
mogs CClip 97
Member 16th Apr, 2011 22:43
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Futuremark Sets Launch Date for PCMark 7

By Ionut Ilascu

Futuremark confirmed yesterday the already announced PCMark 7 will soon be available to the general public. The release date has been pinned to May 3, 2011 and the application is set to be launched in three editions: Basic (free), Advanced and Professional.

PCMark 7 is designed to continue on the same line as its more than five years old predecessor, PCMark05, and sport a suite of system benchmarking tests. In the case of the soon to be released version the tests combine more than 25 individual workloads that assess storage, computation, image and video manipulation, gaming and web browsing.

As expected, the Basic edition, being free of charge, is the most limited as far as benchmarking is concerned, as it will encompass only the PCMark test.

More at :-
http://news.softpedia.com/news/Futuremark-Sets-Lau...

--
Was this reply relevant?
+0
-0
mogs CClip 98
Member 16th Apr, 2011 22:48
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Apple finally updates Safari to deal with fake Comodo SSL certificates
by Phil Muncaster

16 Apr 2011

Apple has finally updated its Safari browser to deal with the SSL Certificates that were erroneously signed by certificate authority (CA) Comodo after a hacker managed to break into its IT systems and request them.
Over three weeks ago, a hacker, believed to be of Iranian descent or affiliated in some way with the Iranian government, broke into one of Comodo's Italian registration authorities (RAs) and requested nine fake certificates for sites such as Google and Yahoo.
Scandal ensued as commentators lined up to point out Comodo and its RA's security failings and to question the entire underlying SSL Certificate system on which users' trust in the web relies.
Microsoft, Google and Mozilla were all quick to update their respective browsers to deal with the fake certs that were issued, so that anyone trying to visit a site associated with the stolen certificates will be blocked.
Now Apple has followed suit, although Cupertino gave no hint in the OS X Security Update 2011-12 of why it has taken this long to take action.
Apple has also issued Safari 5.0.5, which applies to Windows and OS X versions of the browser.


Read more: http://www.v3.co.uk/v3-uk/news/2044100/apple-final...


--
Was this reply relevant?
+0
-0
mogs CClip 99
Member 17th Apr, 2011 06:10
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 100
Member 17th Apr, 2011 06:26
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 101
Member 17th Apr, 2011 07:44
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Norton 2012 betas tweaks already well-regarded suite
by Seth Rosenblatt

New Norton betas include the ability to rate a download's stability based on the file behavior on the computers of other Norton users and full Google Chrome support, setting the tone for the premium security suite updates due later this year.
Released today by Symantec, Norton Internet Security 2012 beta (download) and Norton AntiVirus 2012 beta (download) also include a new start-up manager that debuted earlier this year in Norton 360, changes to Symantec's SONAR technology, and a new autofix feature for curing installation woes quickly.

Read more at :-
http://download.cnet.com/8301-2007_4-20054384-12.h...

--
Was this reply relevant?
+0
-0
mogs CClip 102
Member 17th Apr, 2011 15:18
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 103
Member 17th Apr, 2011 15:23
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
The Stars Are Ours, Inside NASA's Online Image Treasure Chest
By Mark Hachman0digg

A treasure trove of images from space is now available, as NASA has released the some of data and images collected by the Wide-Field Infrared Survey Explorer (WISE).
WISE began scanning the sky on Dec. 14, 2009, traversing it 1.5 times in a polar orbit while collecting data across four infrared wavelengths of light. All told, it collected more than 2.7 million images, which will eventually all be made available to the public.
For now, the archive is available in two forms: a version for the public, with images collected by WISE, is at this U.C. Berkley Web site. A second archive for astronomers can be found here, on a CalTech server.
The mission's nearby discoveries included 20 comets, more than 33,000 asteroids between Mars and Jupiter, and 133 near-Earth objects (NEOs), which are those asteroids and comets with orbits that come within 28 million miles (about 45 million kilometers) of Earth's path around the sun, NASA said. The satellite went into hibernation in early February of this year.

More at :-
http://www.pcmag.com/article2/0,2817,2383671,00.as...

--
Was this reply relevant?
+0
-0
mogs CClip 104
Member 19th Apr, 2011 07:34
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Beta Channel Update
Monday, April 18, 2011 | 16:26
Labels: Beta updates
The Beta channel has been updated to 11.0.696.50 for Macintosh, Windows, Linux and Chrome Frame platforms

The following bugs were fixed
Flash does not load until the tab gets activated. (Issue 71591).
Going to settings from notification popup crashes Chrome (Issue 78938).
Disable speech input for readonly and disabled input fields (Issue 58540 ).
Renamed Blob.slice to Blob.webkitSlice and changed it to take start and end parameters. Also renamed BlobBuilder to WebKitBlobBuilder (Click for more detail).

You can find full details about the changes that are in this version of Chrome 11 in the SVN revision log.

If you find new issues, please let us know by filing a bug.

Want to change to another Chrome release channel? Find out how.

Karen Grunberg

--
Was this reply relevant?
+0
-0
mogs CClip 105
Member 19th Apr, 2011 08:13
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Drive-By Download Attack Launched from Amnesty International UK Website.
By Lucian Constantin

A drive-by download attack launched from the compromised Amnesty International UK website exploited the latest Flash Player zero-day vulnerability to infect visitors.

According to security researchers from Armorize, the attack uses a technique dubbed drive-by caching to deliver the malware and execute it.

In a typical drive-by download attack, the user opens an infected page which loads an exploit, which then executes shellcode, which downloads and runs the final malware payload.

In a drive-by cache attack, however, after the user opens the infected page, the browser is tricked into caching the payload, then the exploit is loaded and the shellcode executes the already stored malware.

More at :-
http://news.softpedia.com/news/Drive-By-Download-A...

--
Was this reply relevant?
+0
-0
mogs CClip 106
Member 19th Apr, 2011 08:18
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 107
Member 19th Apr, 2011 08:22
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Internet-based attacks on critical systems rise

Most countries said they expected a cyber attack to disrupt energy supplies within the next two years

Internet-based attacks on critical systems such as gas, power and water have increased around the world, a report suggests.

Security firm McAfee surveyed 200 IT executives working for utility companies in 14 countries.

Eight out of 10 said their networks had been targeted by hackers during the past year.

China was seen as the most likely source of attacks, followed by Russia and the United States.

The number of reported incidents was higher than in 2009 when just over half of those asked said they had fallen victim.

Denial of service
Most of the reported security breaches took the form of distributed denial of service (DDOS) attacks.

These typically involve a network of computers, under the control of criminals, overwhelming a company's internet-connected systems.

More at
http://www.bbc.co.uk/news/technology-13122339

--
Was this reply relevant?
+0
-0
mogs CClip 108
Member 19th Apr, 2011 10:56
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Children on social networks unaware of privacy risks
Posted on 18 April 2011.77% of 13-16 year olds and 38% of 9-12 year olds in the EU have a profile on a social networking site, according to a pan-European survey carried out for the European Commission. Yet, a quarter of children who use social networking sites like Facebook say their profile is set to "public" meaning that everyone can see it, and many of these display their address and/or phone number.

More at
http://www.net-security.org/secworld.php?id=10916

--
Was this reply relevant?
+0
-0
mogs CClip 109
Member 19th Apr, 2011 23:57
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 110
Member 20th Apr, 2011 00:01
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Lloyds TSB Customers Targeted in New Phishing Attack
April 19th, 2011, 09:57 GMT| By Lucian Constantin

A new phishing campaign is targeting customers of Lloyds TSB with fake emails carrying rogue attachments that claim to come from the bank's security team.

The emails try to lure in victims by suggesting they have to receive money through their subject that reads "You have an incoming payment."

The body text is lacking in details and only says that: "This massage [sic.] was sent by LloydsTSB Security team Proceed Security Via Attachment."

Judging by the poor spelling the scam's creators used a short message because they didn't handle the English language very well.

This phishing attack follows the recent trend of using HTML attachments instead of linking to external websites directly.
More at
http://news.softpedia.com/news/Lloyds-TSB-Customer...

--
Was this reply relevant?
+0
-0
mogs CClip 111
Member 20th Apr, 2011 00:06
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Microsoft kicks off third-party bug warnings with two for Chrome
Google patched the bugs in September and December 2010

By Gregg Keizer
April 19, 2011 04:00 PM
Computerworld - Microsoft today released a pair of security advisories for Chrome, the browser built by rival Google.

One of the advisories also called out a vulnerability in Opera.

The change is part of an expansion of the vulnerability disclosure policy Microsoft launched last summer, said Mike Reavey, the director of the Microsoft Security Response Center (MSRC).

The bugs were discovered by Microsoft researchers, and reported to the security teams responsible for Chrome and Opera. Google patched the two Chrome vulnerabilities last September and December; Opera fixed its browser flaw in October 2010.
More at
http://www.computerworld.com/s/article/9215956/Mic...

--
Was this reply relevant?
+0
-0
mogs CClip 112
Member 20th Apr, 2011 00:11
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 113
Member 20th Apr, 2011 09:47
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 114
Member 20th Apr, 2011 18:07
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Ashampoo Hit by Data Breach
April 20th, 2011, 06:58 GMT| By Lucian Constantin

German software developer Ashampoo has notified its customers about a data breach incident that resulted in the exposure of their names and email addresses.

According to an announcement posted on the company's website, unidentified hackers broke through its security systems and gained unauthorized access to a server.

"We discovered the break-in and interrupted it instantly. The security gap through which the hackers gained access was closed immediately," said Ashampoo's CEO Rolf Hilchner.

"At the same time we reported this incident to the police. Further investigations are underway. Unfortunately, the traces of the well-concealed hackers currently disperse abroad," he added.

Fortunately, the hackers did not obtain access to billing information as this data is not stored on the company's servers.

In addition to its software development business, which includes anti-malware, firewall and data encryption products, the Ashampoo Group offers a diverse range of services through subsidiaries.

More at :-
http://news.softpedia.com/news/Ashampoo-Hit-by-Dat...

--
Was this reply relevant?
+0
-0
mogs CClip 115
Member 20th Apr, 2011 18:11
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 116
Member 20th Apr, 2011 18:15
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 117
Member 20th Apr, 2011 18:23
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Wed Apr 20 2011, 14:25
AT THIS YEAR'S Pwn2own hacking contest Internet Explorer and Safari were hacked in quick time while Chrome and Firefox remained relatively unscathed, but the competition's sponsor made it clear that this didn't mean they were any more secure.
Simon Leech, director at Pwn2own sponsor Tipping Point, speaking during London's Infosecurity conference, said he was surprised that Chrome in particular didn't go down because Google itself offered money for a hacker to take down the web browser.
But this didn't mean that the web browsers were any more secure, with a combination of factors and 'luck' leading to only IE and Safari suffering embarrassment this year. For example, Google came out with a patch release just before the competition that Leech believed fixed a vulnerability one researcher was looking to take advantage of.
Leech said, "There are definitely vulnerabilities in Chrome - it's not the most secure browser out there. There is no evidence to suggest that Chrome is any more secure than any of the other browsers."
He added, "It also might be something to do with Google's policy towards vulnerability research. They are starting to pay people, so researchers may have felt it was better to take their vulnerabilities to Google."
When The INQUIRER asked Leech for a straight-up answer to what the most secure web browser was out there, he jokingly said Wget, a Linux text-based file transfer utility.
But he followed that by saying, "To be honest there is no most secure web browser. You can definitely help your own security by configuring it correctly - disabling stuff that could lead to a security problem."
"Be careful with what you do with Java, use some of the plugins that are available to browsers to check that you're surfing at a secure site. But it's not the browser security you have to worry about. At a certain point every browser has a vulnerability in it somewhere. It's more about the usage of your browser."


Read more: http://www.theinquirer.net/inquirer/news/2045151/c...


--
Was this reply relevant?
+0
-0
mogs CClip 118
Member 21st Apr, 2011 07:41
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Dev Channel Update
Wednesday, April 20, 2011 | 18:32
Labels: Dev updates
The Chrome Dev channel has been updated to 12.0.742.0 for all platforms. This release contains stability and performance fixes. There is one known issue.

Sync may not work correctly

The full list of changes is available from the SVN revision log. If you find new issues, please let us know by filing a bug. Want to change to another Chrome release channel? Find out how.


Jason Kersey
Google Chrome

http://googlechromereleases.blogspot.com/

--
Was this reply relevant?
+0
-0
mogs CClip 119
Member 21st Apr, 2011 22:11
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK

Critical Security Updates Available for Adobe Reader and Acrobat
April 21st, 2011, 17:56 GMT| By Lucian Constantin

Adobe has released new versions of Adobe Reader and Acrobat in order to address two vulnerabilities, one of which has been actively exploited in the wild since two weeks ago.

Identified as CVE-2011-0611, the flaw affects the authplay.dll Flash Player component bundled with Adobe Reader and Acrobat.

The vulnerability was first discovered as part of targeted email attacks that distributed rogue Word documents rigged with the Flash exploit.

The flaw was patched in Flash Player 10.2.159.1 last Friday, at which time the company announced the week of April 25 as the expected release interval for the Adobe Reader and Acrobat updates.

However, it seems the software developer has decided to accelerate the schedule, probably as a result of more varied attacks that exploit this vulnerability.

"CVE-2011-0611, is being actively exploited in the wild against both Adobe Flash Player, and Adobe Reader and Acrobat, as well as via a Flash (.swf) file embedded in a Microsoft Word (.doc) or Microsoft Excel (.xls) file delivered as an email attachment targeting the Windows platform," the company writes in its security bulletin.

A few days ago, security firm Armorize reported about a drive-by download attack launched from the infected website of a UK human rights group, that exploited this Flash vulnerability.

Adobe released Adobe Reader 9.4.4 for Windows and Mac, Adobe Reader X (10.0.3) for Mac, Adobe Acrobat 9.4.4 and Adobe Acrobat X (10.0.3) for Windows and Mac.

Adobe Reader X (10.0.2) for Windows remains vulnerable, but its sandbox (Protected Mode) blocks any exploits from executing arbitrary code on the system. Because of this, the product will follow the normal update cycle and will be patched on June 14, 2011.

The second vulnerability addressed by these updates, CVE-2011-0610, is located in the CoolType library, but no attacks are known to exploit it. The Polish CERT and Paul Baccas of Sophos are credited with reporting it.

More at
http://news.softpedia.com/news/Critical-Security-U...


--
Was this reply relevant?
+0
-0
mogs CClip 120
Member 21st Apr, 2011 22:16
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Avast Releases WebRep for Google Chrome

April 21st, 2011, 14:57 GMT| By Lucian Constantin

Avast has released a long-promised WebRep extension compatible with Google Chrome as part of a new update to its antivirus program.

When it released its avast! 6 line of products back in February, the Czech antivirus vendor introduced several new technologies, some of which included in its free offering.

One of these technologies is WebRep, a web reputation service that keeps users informed about risky and malicious URLs in search results.

In order to determine which URLs are malicious and which aren't, WebRep uses real-time data from the company's cloud intelligence gathering system.

But even if a website doesn't directly try to infect computers, it doesn't mean it cannot pose other risks. To address this WebRep also relies on users to manually provide safety ratings for the sites they visit and them to one of several pre-defined categories.

Avast hopes its 120 million active users will help it create a reliable reputation service, but for this to happen it needs to support all browsers, or at least the major ones.

When it launched, avast! 6 came with WebRep add-ons for Internet Explorer and Mozilla Firefox, but lacked support for Google Chrome.

Google's browser has an estimated 15% market share and is generally preferred by power users, exactly the kind of people the AV vendor wants rating websites.

More at
http://news.softpedia.com/news/Avast-Releases-WebR...

--
Was this reply relevant?
+0
-0
mogs CClip 121
Member 22nd Apr, 2011 08:25
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 122
Member 22nd Apr, 2011 08:30
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 123
Member 22nd Apr, 2011 08:37
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Chrome OS Beta Channel Update
Thursday, April 21, 2011 | 16:58
Labels: Chrome OS
The Chrome OS Beta channel has been updated to the latest R11 release 0.11.257.91 including Chrome update (11.0.696.54).

If you find new issues, please let us know by visiting our help site or filing a bug.

Orit Mazor
Google Chrome
2 comments | Links to this post | Email Post

http://googlechromereleases.blogspot.com/

--
Was this reply relevant?
+0
-0
mogs CClip 124
Member 22nd Apr, 2011 08:44
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Why do governments have trouble retaining cyber warriors?
Posted on 21 April 2011.It is becoming painfully obvious that the U.S. government and the governments of European countries are having trouble recruiting enough capable "cyber warriors" in order to keep their systems secure.

The retention of skilled experts is particularly challenging - some burn out, some go over to the "dark side". Time and time again, government department or agency heads bemoan the loss of perfect candidates - and employees - to the private sector.

Computer security professionals and attackers - two sides of the same coin, really - are mostly highly intelligent individuals who thrive on challenges and might sometimes chafe under the leadership of people who they believe know less about cybersecurity problems than themselves. And it is the somewhat eccentric personality of many of these individuals what makes them difficult to manage.

More at
http://www.net-security.org/secworld.php?id=10943

--
Was this reply relevant?
+0
-0
mogs CClip 125
Member 22nd Apr, 2011 18:31
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
EFF Launches HTTPS Awareness Campaign
April 22nd, 2011, 12:28 GMT| By Lucian Constantin

The Electronic Frontier Foundation (EFF), one of the leading digital rights watchdogs, has launched, together with the Access, a campaign called "HTTPS Now" which raises awareness about the benefits of HTTPS and encourages its adoption.

HTTPS (HTTP Secure) combines the Hypertext Transfer Protocol (HTTP) with Secure Sockets Layer (SSL)/Transport Layer Security (TLS) in order to encrypt traffic between websites and users.

"We've heard a lot about how malicious tools like Firesheep can be used to steal data, including passwords for email and social networking accounts," said EFF Activist Eva Galperin.

"HTTPS Now is aimed at protecting users from attacks like these by spreading the word about HTTPS and how to use it correctly," she explained.

The campaign will extend in three directions, providing users with tools to make HTTPS use easier, gauging the level of HTTPS adoption on the Web and helping website owners implement the technology.

Resources and a growing list of sites on which HTTPS implementation has been tested based on several criteria are available on the campaign's website at httpsnow.org.

More at :-
http://news.softpedia.com/news/EFF-Launches-HTTPS-...

--
Was this reply relevant?
+0
-0
mogs CClip 126
Member 23rd Apr, 2011 04:36
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Chrome Dev Channel Update
Friday, April 22, 2011 | 14:48
Labels: Dev updates
The Chrome Dev channel has been updated to 12.0.742.5 for all platforms. This release fixes a regression with sync along with other bugs. The full list of changes is available from the SVN revision log. If you find new issues, please let us know by filing a bug. Want to change to another Chrome release channel? Find out how.

Jason Kersey
Google Chrome
4 comments | Links to this post | Email Post

http://googlechromereleases.blogspot.com/

--
Was this reply relevant?
+0
-0
mogs CClip 127
Member 23rd Apr, 2011 04:41
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 128
Member 23rd Apr, 2011 04:45
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 129
Member 23rd Apr, 2011 04:48
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 130
Member 23rd Apr, 2011 05:03
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 131
Member 23rd Apr, 2011 10:40
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 132
Member 23rd Apr, 2011 19:14
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
PlayStation Network Down Due to Intrusion
April 23rd, 2011, 09:19 GMT| By Lucian Constantin

Sony says the extended PlayStation Network (PSN) downtime is caused by an intrusion into its systems which has prompted a detailed investigation.

The PlayStation Network is used by 70 million gamers, many of whom are currently infuriated after being locked out of the service for over three days.

"An external intrusion on our system has affected our PlayStation Network and Qriocity services," Patrick Seybold, Sony's senior director of corporate communications & social media, announced.

"In order to conduct a thorough investigation and to verify the smooth and secure operation of our network services going forward, we turned off PlayStation Network & Qriocity services on the evening of Wednesday, April 20th," he explained.

It's not clear who is responsible for the intrusion, but whatever they did must be serious enough to keep the service down for so long, especially now during the Easter break.

When the PSN initially went offline, everyone directed their attention towards Anonymous, the hacktivist collective that attacked it in the past to protest Sony's legal actions against geohot and other PS3 hackers.

However, soon after lauching the attacks the group suspended them saying it doesn't want to hurt players. The people inside Anonymous coordinating this type of operations, have now released a statement entitled "For Once We Didn't Do It."

More at
http://news.softpedia.com/news/PlayStation-Network...

--
Was this reply relevant?
+0
-0
mogs CClip 133
Member 23rd Apr, 2011 19:19
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 134
Member 24th Apr, 2011 03:14
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 135
Member 24th Apr, 2011 13:56
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Amazon still trying to fix computer problems
April 24, 2011

Amazon.com is still trying to restore computers used by other websites as an outage stretched into a third day.
Besides selling books and DVDs, Amazon.com Inc. rents out space on computers that run other websites and online services. One of its data centers in Virginia began having problems on Thursday morning.
Amazon said Saturday that it is making progress fixing the problem, but more slowly than it had hoped. News-sharing site Reddit appeared to be functioning again. On its website, Amazon said it removed some bottlenecks that prevented connections from its Virginia center, but an additional issue was holding up restoring all remaining connections. The company's so-called "cloud' services in Northern California are operating normally.
No one knows for sure how many people have been inconvenienced, but the services affected are used by millions of people.

More at
http://www.physorg.com/news/2011-04-amazon-problem...

--
Was this reply relevant?
+0
-0
mogs CClip 136
Member 25th Apr, 2011 10:03
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
News
Sony 'rebuilding' PlayStation Network after attack
By Martyn Williams
April 24,
IDG News Service - The outage of Sony's PlayStation Network and Qriocity service, now in its fourth day, looks set to continue after the company said on Sunday that it is "rebuilding" its system to better guard against attacks.

Sony said on Saturday that the outage was caused by an "external intrusion" into the network, but has yet to detail the problem.

More at
http://www.computerworld.com/s/article/9216122/Son...

--
Was this reply relevant?
+0
-0
mogs CClip 137
Member 25th Apr, 2011 12:06
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 138
Member 26th Apr, 2011 06:14
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Dev Channel Update
Monday, April 25, 2011 | 17:37
Labels: Dev updates
The Chrome Dev channel has been updated to 12.0.742.9 for all platforms. This release continues to address UI and performance issues, as well as updates the Sync preferences UI. The full list of changes is available from the SVN revision log. If you find new issues, please let us know by filing a bug. Want to change to another Chrome release channel? Find out how.


Jason Kersey
Google Chrome
http://googlechromereleases.blogspot.com/

--
Was this reply relevant?
+0
-0
mogs CClip 139
Member 26th Apr, 2011 14:39
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Last edited on 26th Apr, 2011 14:40
Cloud Computing
News Analysis
What happens to data when your cloud provider evaporates?
There's no way to directly migrate data between service providers

By Lucas Mearian
April 26, 2011 06:07 AM
Computerworld - Over the past year, four cloud storage service providers have said they're shutting down and Amazon's cloud services have been problematic since Thursday.

"All of these things are coming together ... to give cloud storage providers a black eye. Anyone who was on the fence about cloud storage may be off of it by now," said Gartner research analyst Adam Couture.

More importantly, the closures and outages leave users with an important question: What happens to their data when the cloud they use evaporates?

Currently, there's no way for a cloud storage service provider to directly migrate customer data to another provider. If a service goes down, the hosting company must return the data to its customer, who then must find another provider or revert back to storing it locally, according to Arun Taneja, principal analyst at The Taneja Group.

More at
http://www.computerworld.com/s/article/9216159/Wha...

--
Was this reply relevant?
+0
-0
mogs CClip 140
Member 26th Apr, 2011 14:50
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 141
Member 26th Apr, 2011 14:58
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Last edited on 26th Apr, 2011 14:59
Oracle Patches Java.com Flaw
By Sean Michael Kerner

The discovery of security issues in Java is something that Oracle deals with on a routine basis by way of regular security updates. Security issues with Java.com, however, is another issue.

Security researchers with the YGN Ethical Hacker Group publicly reported this week that Java.com was at risk from an arbitrary URL redirection vulnerability. YGN made the report on the public Full-Disclosure security mailing list.

The group also provided a link to a proof-of-concept demo to validate their claim.

According to YGN, it informed Oracle of the vulnerability on April 19th. On April 23rd, Oracle replied, "Thank you for bringing this issue to our attention. We appreciate your note and wanted to let you know that we have fixed it."
Oracle did not respond by press time to a request for comment from InternetNews.com on the YGN disclosure.

A URL redirection flaw is a serious issue that could have enabled an attacker to leverage Java.com for a phishing attack. Security tracking group Mitre has labeled URL Redirection as CWE-601 (Common Weakness Enumeration).

More at
http://www.esecurityplanet.com/news/article.php/39...

--
Was this reply relevant?
+0
-0
mogs CClip 142
Member 26th Apr, 2011 19:42
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Piracy-Enabling Security Hole Possibly Responsible for PSN Outage
April 26th, 2011, 13:43 GMT| By Lucian Constantin

Reports from the PS3 hacking scene suggest the PlayStation Network (PSN) outage, now going into its sixth day, might have been caused by a security hole that enabled piracy.

The PSN went down unexpectedly before the Easter break, on April 20, and remains offline at the time of writing this article with little information about what's going on being available.

Sony only broke the silence after two days to say that the reason for the outage was an "external intrusion."

A subsequent announcement made on Sunday stated that the system is being rebuilt to offer better security to customers.

There is currently no estimated date for when the service will be brought back online, despite PS3 owners growing increasingly impatient and angry.

Meanwhile, a PSX-Scene.com moderator who uses the online handle of Chesh, launched an interesting and plausible theory about what prompted Sony to take such a drastic measure.

According to him, at the end of March, a new version of a PS3 CFW (custom firmware) called REBUG was released.

This third-party firmware unlocks some PS3 features reserved only for developers and some people figured out how to use it to access the PSN developer network.

More at
http://news.softpedia.com/news/Piracy-Enabling-Sec...

--
Was this reply relevant?
+0
-0
mogs CClip 143
Member 27th Apr, 2011 06:49
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Beta Channel Update
Tuesday, April 26, 2011 | 13:54
Labels: Beta updates
The Beta channel has been updated to 11.0.696.57 for Macintosh, Windows, Linux and Chrome Frame platforms

The following bugs were fixed
REGRESSION: left property broken with position:fixed elements in RTL documents. (Issue 80216).
REGRESSION: Bottom of window Border is drawn 1 Pixel Higher than it should be (Issue 79640).
REGRESSION: Chromium window goes beyond the screen for non-Aero themes (Issue 80391).

You can find full details about the changes that are in this version of Chrome 11 in the SVN revision log.

If you find new issues, please let us know by filing a bug.

Want to change to another Chrome release channel? Find out how.

Karen Grunberg
Google Chrome
http://googlechromereleases.blogspot.com/

--
Was this reply relevant?
+0
-0
mogs CClip 144
Member 27th Apr, 2011 07:41
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK

Compared with its predecessors, Windows 7 is remarkably secure and dependable. It's far from perfect, though: An unbootable PC, a nasty piece of malware, or a single important file gone missing can make you lose days or even months of work. And you can't solve every nightmare by waking up.

Here are ways out of six common Windows 7 disasters. I'll tell you how to fix a PC that won't boot, retrieve files from an inaccessible hard drive, stop frequent blue screens of death, restore a forgotten administrator password, remove malware, and find a missing file.

More Windows 7 stories:

11 tools for Windows 7 migrations

Top 10 free Windows 7 desktop themes

Seven things to love, hate about Windows 7

Get all the details you need on deploying and using Windows 7 in the InfoWorld editors' 21-page Windows 7 Deep Dive PDF special report

More at
http://www.infoworld.com/d/microsoft-windows/six-w...

--
Was this reply relevant?
+0
-0
mogs CClip 145
Member 27th Apr, 2011 07:48
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK

6:39am UK, Wednesday April 27, 2011
The Japanese electronics giant Sony has admitted millions of Playstation network gamers may have had their personal details stolen.


A hacker broke into the PlayStation video game online network and stole names, addresses and possibly credit card data belonging to 77 million people.
It is believed to be one of the biggest-ever internet security breaches of its kind.


http://news.sky.com/skynews/Home/Technology/Hacker...

--
Was this reply relevant?
+0
-0
mogs CClip 146
Member 27th Apr, 2011 18:29
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Deleting Flash Cookies Now Possible from Chrome User Interface
April 27th, 2011, 13:56 GMT| By Lucian Constantin

The latest development build of Google Chrome provides users with the necessary UI controls to clear Flash Local Shared Objects (LSO) from inside the browser.

Flash LSOs allow rich Internet applications to store various settings and cache items. For example, a Flash-based music player can use this feature to remember the user's preferred volume level over multiple sessions.

LSOs are commonly referred to as Flash cookies, not because they were designed to serve a similar function, but because they could be used for this purpose.

This alternative storage location raises several problems. For one, it can be abused to track users and respawn regular browser cookies, an unethical and illegal practice.

Several lawsuits seeking class action status have already been filed against major companies like Disney, Warner Bros. Records, Ustream and others, for using the method to track users across their websites.

More at
http://news.softpedia.com/news/Deleting-Flash-Cook...

--
Was this reply relevant?
+0
-0
mogs CClip 147
Member 27th Apr, 2011 18:37
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
SpyEye Adds Support for Chrome and Opera

April 27th, 2011, 07:49 GMT| By Lucian Constantin

According to reports from the cyber criminal underground, the latest version of the SpyEye trojan comes with form grabbing support for Google Chrome and Opera, two browsers largely untouched by malware so far.

Brian Krebs has published a screenshot taken from the trojan's latest "builder" version and it has checkboxes for the anti-Rapport and Firefox webinjects plugins, as well as for Opera and Chrome form grabbers.

These two new components are aimed at stealing information typed into web forms and while this is not as advanced as injecting code into displayed web pages, it represents a serious attack against users who believe that using alternative browsers keeps them safe.

It's not yet entirely clear how these new form grabbers work, whether the malware hooks into the browsers' DLLs or is using extensions.

The hooking approach seems more likely because the APIs available to Chrome and Opera extensions are limited. In addition, only version 11 of Opera supports extensions.

More at
http://news.softpedia.com/news/SpyEye-Adds-Support...

--
Was this reply relevant?
+0
-0
mogs CClip 148
Member 27th Apr, 2011 18:43
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
AhnLab warns of surge in regionalised malware
by Phil Muncaster
27 Apr 2011

Korean security vendor AhnLab is warning of an increase in malicious threats targeted at specific regions, including rogue anti-virus attacks capable of displaying dynamically in the local language.
The firm's latest AhnLab Security Emergency Response Center report for Q1 2011 revealed that well-known threats such as Conficker and Bredolad are increasingly being architected to surmount language barriers which may have previously hindered their success across geographies.
Trojans remain the most common malicious code at 38.1 per cent, followed by adware at 28.7 per cent and droppers at 14.6 per cent. The number of malicious URLs increased by 14 per cent over the period to 11,089, the report found.
Fake anti-virus attacks also continue to grow in number and sophistication, AhnLab found.
"These fake malicious programs are now available in multiple languages. There are no longer restrictions in spreading malicious code and extorting money caused by language," the report noted.


Read more: http://www.v3.co.uk/v3-uk/news/2046187/ahnlabs-war...


--
Was this reply relevant?
+0
-0
mogs CClip 149
Member 27th Apr, 2011 20:18
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 150
Member 27th Apr, 2011 21:56
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK

"You've got a postcard" spam emails lead to fake AV
Posted on 27.04.2011Easter has come and passed, but the threat of bogus e-cards is alive as it ever was.

This particular method of luring users to malicious pages or to download malicious attachments has been around for ages, and the fact that it is still used proves that it is effective enough for spammers to bother with it.

Websense warns about pretty generic spam emails bearing the "You've got a postcard" subject and urging the recipient to follow the offered link in order to view it "at anytime within the next 20 days."

"The URLs used in the emails are either compromised sites or were only created barely two weeks ago," they say. Clicking on the link takes the user to a site containing obfuscated code that creates an iframe containing another URL.

This second URL contains an obfuscated script that drops some exploit code in order to run a rogue AV on the victim's machine.

The biggest danger here is the fact that the recipient doesn't have to do anything other than follow the offered link in order for his computer to get compromised - he doesn't have to confirm the download of an executable camouflaged as an innocuous file or anything else.

http://www.net-security.org/malware_news.php?id=17...

--
Was this reply relevant?
+0
-0
mogs CClip 151
Member 27th Apr, 2011 22:04
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 152
Member 29th Apr, 2011 01:21
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Microsoft fixes Office flaws found in Patch Tuesday updates
'Someone should get slapped...for this crap,' fumes user

By Gregg Keizer
April 28, 2011 02:54 PM
Computerworld - Microsoft today issued a fix for a problem in its Outlook 2007 email client caused by an update that shipped two weeks ago.

It was the second time in the last six days that Microsoft patched bugs introduced in Office applications by updates it issued April 12.

"After installing the April 2011 Public Update, some Outlook 2007 users reported difficulty with print previewing messages," Microsoft acknowledged in a post to its Office Updates blog. "To correct this issue, we have issued a public hotfix which you can download and install."

Although not a security update, the original Outlook 2007 fix appeared on Patch Tuesday, Microsoft's monthly roll-out of bug updates. The April 12 update for Outlook was described as offering "stability and performance improvements."

More at
http://www.computerworld.com/s/article/9216264/Mic...

--
Was this reply relevant?
+0
-0
mogs CClip 153
Member 29th Apr, 2011 01:50
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Beta and Stable Channel Update
Thursday, April 28, 2011 | 12:00
Labels: Beta updates, Stable updates
The Beta and Stable channels have been updated to 11.0.696.60 for the Windows platform

The following bug was fixed:
REGRESSION: Windows painting issue while switching Chrome 11 window with overlapped app. (Issue 74604).
If you find new issues, please let us know by filing a bug.

Want to change to another Chrome release channel? Find out how.

Karen Grunberg
Google Chrome
http://googlechromereleases.blogspot.com/

--
Was this reply relevant?
+0
-0
mogs CClip 154
Member 29th Apr, 2011 01:55
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Russia Top Source of Attack Traffic
April 26, 2011
By Sean Michael Kerner

According to the fourth quarter 2010 State of the Internet report from Akamai, Russia is now the top source of Internet attack traffic in the world.

Akamai found that attack traffic flowing out of Russia represented 10 percent of all observed global attack traffic. In contrast, the U.S accounted for 7.3 percent of attack traffic. The U.S. placed fifth on Akamai's list of attack traffic, dropping from the second spot in the third quarter.

David Belson, Editor of the Akamai State of the Internet report told InternetNews.com that the study specifically looked at port level attacks and is not a measure of spam origination.

"These are things like Conficker trying to spread, port scanning and other exploits that really should have been patched years ago," Belson said. "Some of them are brute force attempts to break into systems via telnet or SSH."

While Akamai sees the attack traffic coming from a specific country, there is the possibility that there is a deeper origination point.

"From our perspective the attacks are originating in Russia but we're only seeing the IP addresses making a request to us," Belson said. "So it could be that the attacks are coming from somewhere else and are being proxied or forwarded through Russia."

More at
http://www.esecurityplanet.com/features/article.ph...

--
Was this reply relevant?
+0
-0
mogs CClip 155
Member 29th Apr, 2011 08:22
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Obama Birth Certificate Image Search Results Poisoned

April 28th, 2011, 17:42 GMT| By Lucian Constantin

Security researchers warn that Google Image searches for president Obama's birth certificate have been poisoned with malicious links that lead users to scareware.

This new black hat SEO campaign was prompted by the White House's decision to release President Barack Obama's long-form birth certificate in order to put to rest the controversy surrounding his birthplace.

The president previously released a standard short variant of the document, which lacked some details, like the name of the exact hospital where he was born in Hawaii.

News of the extended version being released has led to a lot of Google Image searches for "Obama birth certificate," which in turn provided a good opportunity for attackers.

Security researchers from GFI Software warn that links leading users to drive-by download attacks have made their way on the first page of results returned for the aforementioned keywords.

More at
http://news.softpedia.com/news/Obama-Birth-Certifi...

--
Was this reply relevant?
+0
-0
mogs CClip 156
Member 29th Apr, 2011 08:28
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Dev Channel Update
Thursday, April 28, 2011 | 17:42
Labels: Dev updates
The Chrome Dev channel has been updated to 12.0.742.12 for all platforms. This release continues to address UI and performance issues, as well as updates the Sync preferences UI. The full list of changes is available from the SVN revision log. If you find new issues, please let us know by filing a bug. Want to change to another Chrome release channel? Find out how.

Jason Kersey
Google Chrome
http://googlechromereleases.blogspot.com/

--
Was this reply relevant?
+0
-0
mogs CClip 157
Member 29th Apr, 2011 21:00
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 158
Member 29th Apr, 2011 21:08
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 159
Member 29th Apr, 2011 21:14
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Battle of the Web browsers
Chrome, Firefox, Internet Explorer, Opera, and Safari square off on speed, features, and HTML5 compatibility

By Peter Wayner | InfoWorld

Stop. Don't look up. Don't look outside of the box, the rectangle holding this text. Can you tell me which browser you're using? Did you choose it yourself for all the right reasons? Can you explain why you're trusting your precious HTML-encoded content to this browser, the way a major league batter can explain why maple or ash and a thin or thick barrel is absolutely the right choice for sending that ball into the bleachers? Are you sure this browser is the best choice for the tags and the metadata hurling toward your computer?

If you can't answer the questions, get out of here. If you think that this highly optimized, just-in-time, infinitely customizable technology is another mere commodity, don't even bother finishing this sentence to look for the insult you know is coming. You're not good enough to read this text. You don't deserve the information.

Read more at
http://www.infoworld.com/d/applications/battle-the...

--
Was this reply relevant?
+0
-0
mogs CClip 160
Member 30th Apr, 2011 10:49
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 161
Member 30th Apr, 2011 10:57
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
The PlayStation Network hack is now considered to be one among the biggest data thefts of all time, and according to the claims made by the alleged hackers on underground Internet forums, it seems that some 2.2 million credit card numbers were, indeed, stolen.

Security researchers have been sifting through the hacker forums and say that there has been talk of the hackers contacting Sony in order to sell back the credit card list to the company for $100,000, but that Sony didn't respond to the offer.

Whether the claims are true or not it is impossible to tell. "The entire credit card table was encrypted and we have no evidence that credit card data was taken, said Sony. "The personal data table, which is a separate data set, was not encrypted, but was, of course, behind a very sophisticated security system that was breached in a malicious attack."

More at
http://www.net-security.org/secworld.php?id=10964

--
Was this reply relevant?
+0
-0
mogs CClip 162
Member 30th Apr, 2011 15:23
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Sony's Hirai to brief on PlayStation hack on Sunday
By Martyn Williams
April 30, 2011 05:37 AM ET
IDG News Service - Sony is expected to provide its most detailed update yet on Sunday on a hack that hit the PlayStation Network and the status of personal information and credit card numbers of up to 77 million customers.

Kaz Hirai, the head of Sony's gaming division, will speak to journalists in Tokyo and provide the findings of an investigation into the hack of its online gaming service, said Sony. Hirai will also detail the PlayStation Network's system security measures and service restoration plan.

More at
http://www.computerworld.com/s/article/9216310/Son...

--
Was this reply relevant?
+0
-0
mogs CClip 163
Member 30th Apr, 2011 15:28
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 164
Member 30th Apr, 2011 19:17
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 165
Member 30th Apr, 2011 19:23
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Last edited on 30th Apr, 2011 19:23


--
Was this reply relevant?
+0
-0
mogs CClip 166
Member 30th Apr, 2011 19:30
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs RE: Daily CYBERCLIPS April
Member 1st May, 2011 07:13
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Thankyou for your support....This thread is now closed

Please see the May Edition of CYBERCLIPS at :-
http://secunia.com/community/forum/thread/show/856...

--
Was this reply relevant?
+0
-0

This thread has been marked as locked.