Month: January 2010

Google has launched an experimental programme to encourage external security researchers to find and report vulnerabilities in its browser. Borrowing from the Mozilla Foundation’s 2004 Security Bug Bounty Program, $500 will be awarded for each bug found. In special cases, a committee will decide whether to increase the amount to a maximum of $1,337 – however, this reward is only for vulnerabilities which are particularly critical, or particularly smart reports on vulnerabilities and their exploitation. According to Google, it doesn’t matter whether the vulnerability is in the open source Chromium version or the binary Chrome version. The two differ only … Continue reading Google invites attacks on Chrome

http://www.calendarofupdates.com/updates/index.php?showtopic=27452 If you want WinPatrol Plus also… grab your license for .99 cents only.  Go to http://www.winpatrol.com/99cents.html It’s a lifetime license.  One time fee – .99 cents!  It’s a good and helpful program.  It’s a one day deal – today only!

The announcement of the launch of the Apple iPad has led to concerns being raised not only about the security implications, but also the extra strain put on mobile operators. […] Mike Romo, senior product manager at Symantec who works on Norton products for the Mac, said that from a security point of view, developers are still beholden to Apple. He said: "The iPad now runs mobile versions of their popular iWork suite, which opens the door for downloading and sharing important business files. This does push security more into the fore than years past, as users will be open … Continue reading More concerns raised about suitability of the Apple iPad, as Norton say that it will not be able to run its phishing protection engine

Tool tests for newly discovered class of vulnerabilities in popular Apache, Sun, Microsoft Web development platforms A technique used in Web application development platforms that provides a constant look-and-feel across multiple Web pages can potentially expose sensitive user data, such as credit-card numbers, according to researchers, who at next week’s Black Hat DC will demonstrate a new class of vulnerabilities in Apache MyFaces, Sun Mojarra, and Microsoft ASP.NET. They will also release a tool that tests for the flaws. The so-called "view state" technique in both the MyFaces and Mojarra frameworks can be exploited such that an attacker can view … Continue reading Black Hat DC: Researchers To Release Web Development Platform Hacking Tool

Antivir 2010 takes its name from the real Antivir Antivirus by Avira. Antivir 2010 detects fake infections on a clean system to scare users. It also installs a BHO to display error messages in Internet Explorer. http://siri-urz.blogspot.com/2010/01/antivir-2010.html Antivir 2010 is yet another rogue security application. This rogue replaces Antivir rogue security application. Both Antivir 2010 and Antivir are rogue security applications not to be confused with legitimate security application Avira AntiVir Personal. http://bharath-m-narayan.blogspot.com/2010/01/antivir-2010.html Antivir 2010 removal instructions:  http://www.bleepingcomputer.com/virus-removal/remove-antivir

Websense Security Labs ThreatSeeker Network discovered that the SOHU Digital Channel Web site was compromised with a Xunlei Thunder DapPlayer Exploit that can lead to downloading and executing an Autorun worm that steals users’ online game account information. SOHU is one of the biggest portals in China, with Alexa rank 43. It offers mainly advertising, search engines, and online multi-player gaming. While Xunlei is one of most popular download managers and BitTorrent clients, it also offers free media for download. Its main site also has a relatively high Alexa rank of 126. According to Secunia, the vulnerability is caused by … Continue reading SOHU Digital Channel Web Site Compromised with Xunlei Thunder DapPlayer Exploit

Paid virtual private networks (VPNs) are quietly catching on in China as a way to access forbidden websites, analysts say, while authorities are leaving them alone until they become more popular. VPNs designed for secure Internet use in offices have spread over the past half year among expatriates and tech-savvy Chinese since the popular social networking website Facebook was blocked. Twitter and YouTube are also blocked in China, which uses a filtering "firewall" to block Internet users from overseas website content that challenges the Communist Party. The rise of VPNs comes as China defends its curbs on the Internet after … Continue reading China Internet users use VPN servers to cross firewall

You might not be preparing your taxes yet, but hackers are thinking ahead with new tax-time scams. The Oklahoma Tax Commission was victimized by an attack that defaced the organization’s Web site and downloaded malware onto visitors’ computers, security researchers say. Visitors to the Oklahoma Tax Commission Web site were told they needed to accept an Adobe license agreement and then download software. While the prompt appears "normal," researchers said that the application contained malicious code designed to infect users if they click "Accept." Once infected, hackers were able to take control of a user’s PC, and gain access to … Continue reading Hackers Kick Off Tax Season With Oklahoma Web Site Attack

A report shows an upward trend where attack tools exploit layer 7 to maximize the impact of DDoS assaults. A report from the CYBER SECURITY Forum Initiative (CSFI) offers further evidence that botnet herders are getting a bigger bang out of distributed denial-of-service (DDoS) attacks by targeting security holes at layer 7, more commonly known as the application layer. A paper on the findings, L7DA (Layer 7 DOS Attack) Report v1.0, was passed along to CSOonline by Paul de Souza, a Chicago-based security analyst and founder of CSFI, a group of IT security practitioners who volunteer their guidance and support … Continue reading Report: Flawed Apps Increasingly Under the DDoS Gun

It’s sleek. It’s mobile. It has a touchscreen. It’s Fujitsu’s iPad from 2002. Sold mainly in the United States, the multifunctional device from the Tokyo technology company helps shop clerks verify prices, check real-time inventory data and close sales on the go. Fujitsu, which applied for an iPad trademark in 2003, is claiming first dibs, setting up a fight with Apple over the name of the new tablet device that Apple plans to sell starting in March. “It’s our understanding that the name is ours,” Masahiro Yamane, director of Fujitsu’s public relations division, said Thursday. He said Fujitsu was aware … Continue reading IPad? That’s So 2002, Fujitsu Says