Peaches

August 1, 2009 4:17 PM PDT Using software updates to spread malware by Elinor Mills LAS VEGAS--Two researchers from Israeli security firm Radware have figured out a way to trick computers into downloading malware or take over a computer by hijacking the communications during the update process for Skype and other applications. About 100 applications, many among the most popular on CNET's Download.com, can be targeted, said Itzik Kotler, team leader of Radware's security operations center, before his presentation here at the Defcon conference. Kotler and colleague Tomer Bitton are releasing

Solve Start-up Error Messages Rick Broida Reader Randy is suffering from a vexing problem. Each time he boots his PC, he gets a pop-up Internet Explorer window with this message: "Cannot find 'File:///'. Make sure the path or internet address is correct." I feel you, Randy. Stuff like this can be seriously annoying. My guess is that you recently installed or uninstalled a program that Windows is looking for--but can't find--during startup. What you need is some kind of startup monitor that will show you everything that's trying to run during the boot process, so you can determine which Inter

Jul30 2009 Sly Spam Run Targets Hotmail Users by JM Hipolito (Technical Communications) Hotmail users need to be wary about a malicious spam run that specifically targets users of the said webmail. Senior Security Analyst Rik Ferguson reports that spam messages arrive with text indicating that it has file attachments that are image files with the JPEG format. In truth however, the file names of attachments are actually links that connect to shortened URLs, which in turn connect to malicious URLs. Connecting to the malicious URLs, which are now blocked, leads to the download of the malicious

1 August 2009, 18:56 Apple closes hole in iPhone SMS Apple has released iPhone firmware 3.0.1, as a security update. The update closes a vulnerability in the processing of SMS messages. The vulnerability was among a number of presentations at the Black Hat Conference concerning mobile phone security weaknesses. By sending a multi-part SMS message, but not posting all parts of that message, it is possible to manipulate the internal heap of the iPhone. This could cause the phone to crash or, in theory, execute arbitrary binary code. The update is available to download and install by using iTune

Google Safe Browsing Feature Could Compromise Privacy Researcher RSnake has discovered that Google's anti-malware and anti-phishing features for Chrome and Firefox tracks information about user's browsing habits Jul 29, 2009 | 08:11 PM By Kelly Jackson Higgins DarkReading BLACK HAT USA, LAS VEGAS, NV -- Turns out a browser security extension from Google for Chrome and Firefox browsers can actually put user privacy at risk, according to a researcher here at the Black Hat USA conference. Robert "RSnake" Hansen, CEO of SecTheory LLC, says he discovered that Google's Safe Browsing anti-phishin

July 30, 2009 1:53 PM PDT Researchers can attack mobile phones via spoofed SMS messages by Elinor Mills LAS VEGAS--Researchers at the Black Hat security conference on Thursday showed how an attacker could spoof a type of SMS message that appears to be sent from the carrier or some other trusted source. This attack on MMS (multimedia messaging service) messages, a type of SMS message, could allow an attacker to trick the recipient into visiting a malicious Web site or ultimately do something else to harm the phone or steal data. The attacks work potentially on any type of phone that is MMS-en

Jul29 Rogue DNS Targets Popular Russian Social Networking Site 11:45 pm (UTC-7) | by Feike Hacquebord (Advanced Threats Analyst) Today Trend Micro researchers discovered a spoofed (fake) version of the popular Russian social networking site vkontakte.ru. Visitors of the spoofed site risk exposing their personal login credentials to a third party. Vkontakte.ru is roughly the Russian equivalent of Facebook and is very popular in Russian-speaking countries. According to the site itself it has more than 35 million users. Alexa ranks the site as the second most visited site in Russia. The inf

Windows 7 Ultimate RTM Cracked, Fully Validated (Already?) David Murphy That didn't take long. It has only been a week since the official Windows 7 RTM announcement by Microsoft, but crackers have already managed to activate and validate the tricked-out Ultimate version of the OS. The hack is nothing new, as it borrows the same techniques used to bypass activation and verification of previous Vista editions. According to Softpedia, crackers somehow obtained a copy of an OEM Windows 7 Ultimate disc from Lenovo. From there, they were able to extract two critical bits of information: Windows 7's

Intel is Right: Windows 7 Will Succeed Todd R. Weiss Now here's a prediction you can believe in: Sean Maloney, the chief sales and marketing officer for chip maker Intel, predicted yesterday that Microsoft's upcoming Windows 7 operating system will be welcomed and adopted by consumers and businesses much more quickly than Vista. In a story in InformationWeek, Maloney said that Windows 7 will be happily embraced after Vista was shunned by millions of users who had heard about Vista's poor compatibility with older printers and other peripherals, and its slow performance. story at pcworld - http:

Microsoft's browser 'ballot screen' We answer your burning questions Gregg Keizer Microsoft's decision last week to give Windows' users in Europe a so-called 'ballot screen' so they can decide which web browser they want to use, rather than being forced to use Internet Explorer, which previously came bundled with the OS, stunned tech fans across the world. Although the move is a bid to settle the company's antitrust charges, which were brought by the EU in January this year, some likened it to waving the white flag. After all, a 'ballot screen' has been the commission's preferred strategy but

Western Digital launches 1TB laptop drive Scorpio Blue is world's highest capacity 2.5in disk Lucas Mearian Western Digital has unveiled what it claims is the industry's highest capacity 2.5in mobile hard disk drive, the 1TB WD Scorpio Blue. The Scorpio Blue, which also comes in a 750GB version, uses three 333GB platters to achieve its high capacity. The drive is mainly aimed at the external portable storage market and will be used in Western Digital's recently released My Passport Essential SE Portable USB drive. But the company said the Scorpio Blue will also be used by 'select' laptop and

Internet Explorer users told to update now Microsoft releases emergency security patches Erik Larkin Microsoft has taken the unusual step of releasing out-of-band patches for severe security flaws in all versions of Internet Explorer, along with related holes in the Microsoft Active Template Library included with Visual Studio. Microsoft generally only releases patches outside of its normal monthly cycle for the most dangerous security flaws. The IE risks involve "components and controls that have been developed using vulnerable versions of the Microsoft Active Template Library", according to

July 27, 2009 12:15 PM PDT - Windows 7: A great gaming platform? by Don Reisinger With the release of Windows 7 in October, PC gamers will finally have another platform on which to play their favorite games. Those who didn't quite enjoy Windows Vista as a game platform or have stuck with Windows XP are probably looking forward to the opportunity to buy some new hardware, install Windows 7, and get the most out of their favorite games. But is Windows 7 a promising gaming platform? Now that its development is over, it's time to ask questions. What kind of gaming experience will it offer?

Panda Security Launches New Line Of SaaS Security Services New product line leverages company's proprietary collective intelligence technology and software-as-a-service functionality Jul 28, 2009 | 10:38 AM GLENDALE, Calif., July 28 /PRNewswire/ -- Panda Security, the Cloud Security Company, today announced the general availability of its new line of business security solutions, which includes Panda Security for Business, Panda Managed Office Protection, Panda Managed Email Protection, Panda GateDefender SB, and Panda GateDefender Performa. By integrating improved Software-as-a-Service (SaaS

28 July 2009, 18:05 US Government uses talent competition to find IT experts The US Government wants to improve the security of its IT infrastructure and is holding a competition to find 10,000 suitable young talents. The US Cyber Challenge is divided into three internet challenges, namely the Air Force Association's "CyberPatriot High School Cyber Defense Competition", the Department of Defense Cyber Crime Center's "DC3 Digital Forensics Challenge" and the "NetWars" challenge of IT security specialist the SANS Institute. The top scorers are to be sent into a round of further selections next

Windows 7 will give boost to PC hardware by Brooke Crothers Windows 7 will be more than just a better interface. Under-the-hood changes will allow chips from Intel, Nvidia, and Advanced Micro Devices to ratchet up Windows 7 performance above previous Microsoft operating systems. Microsoft on Wednesday said it has finalized the code for Windows 7, set to ship with new PCs starting October 22. Improvements will include how Windows handles multitasking, graphics acceleration, and solid-state drives. Microsoft is working closely with Intel, whose chips will power the vast majority of PCs runnin

Internet Explorer Three Vulnerabilities Highly critical release date: 2009-07-28 Three vulnerabilities have been reported in Internet Explorer, which can be exploited by malicious people to compromise a user's system. 1) An error when accessing deleted objects in memory can be exploited to corrupt memory via a specially crafted web page. 2) An error when handling table operations in specific situations can be exploited to corrupt memory via a specially crafted web page. 3) Another error when accessing deleted objects in memory can be exploited to corrupt memory via a specially crafted web pa

July 28, 2009 11:04 AM PDT Microsoft offers patches to ward off ActiveX attacks by Elinor Mills Microsoft released an emergency patch on Tuesday to protect Internet Explorer users from a hole in technology used to build ActiveX controls and other Web application components that has been targeted in attacks. A critical patch for all versions of IE will protect consumers, while a security update for Visual Studio will help developers fix the controls and components they built that could be affected. Microsoft also has had discussions with Adobe, Sun, and Google about some components involving

PHP Paid 4 Mail Script "page" File Inclusion Vulnerability Highly critical Release Date: 2009-07-28 A vulnerability has been reported in PHP Paid 4 Mail Script, which can be exploited by malicious people to compromise a vulnerable system. Input passed to the "page" parameter in home.php is not properly verified before being used to include files. This can be exploited to include arbitrary files from local or external resources. secunia advisories - http://secunia.com/advisories/35972/

July 28, 2009 11:04 AM PDT Microsoft offers patches to ward off ActiveX attacks by Elinor Mills Microsoft released an emergency patch on Tuesday to protect Internet Explorer users from a hole in technology used to build ActiveX controls and other Web application components that has been targeted in attacks. A critical patch for all versions of IE will protect consumers, while a security update for Visual Studio will help developers fix the controls and components they built that could be affected. Microsoft also has had discussions with Adobe, Sun, and Google about some components involving

SUSE update for MozillaFirefox Release Date: 2009-07-27 Highly critical SUSE has issued an update for MozillaFirefox. This fixes some vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting attacks or compromise a user's system. For more information: SA35914 - http://secunia.com/advisories/35914/

Jul27 Malicious Twitter Posts Get More Personal 10:19 am (UTC-7) | by JM Hipolito (Technical Communications) One recent report by Rik Ferguson revealed that malicious Twitter posts are getting dangerously more customized, increasing the possibility of users getting hooked into malicious schemes. A Twitter spambot is said to have been used in launching this recent attack. The spambot creates Twitter accounts and fashion them to appear as legitimate accounts by posting seemingly harmless posts like those sharing certain music they listen to, or websites they visit. The spambot accounts the

Jul26 Rogue Antivirus Terminates EXE Files 9:02 pm (UTC-7) | by Erika Mendoza (Threat Response Engineer) This weekend, we at TrendLabs came across a FAKEAV variant similar to the one peddled in the solar eclipse 2009 in America attack in this recent blog post. This one, however, introduces another new scare tactic (so far the latest new ploy we’ve seen is the ransomware/FAKEAV that encrypts files in the infected computer and offers a bogus fixtool for a price). This FAKEAV variant terminates any executed file with an .EXE file extension and displays a pop-up message saying that the .EXE

Smut page ransomware Trojan ransacks browsers Pay or it'll display By John Leyden 27th July 2009 14:44 GMT Russian cybercrooks have come up with a variant of ransomware scams, which works by displaying an invasive advert for online smut in users' browsers that victims are extorted to pay to remove. The Ransompage Trojan will display a persistent ad inline on every page that a surfer on an infected Windows machine visits. The ad for a pornographic website covers parts of the original webpage, making it even more annoying. Accompanying Russian-language text instructs victims that in order to re