Peaches

Eonverye taht can raed tihs rsaie yuor hnad. Only great minds can read this This is weird, but interesting! fi yuo cna raed tihs, yuo hvae a sgtrane mnid too Cna yuo raed tihs? Olny 55 plepoe out of 100 can. i cdnuolt blveiee taht I cluod aulaclty uesdnatnrd waht I was rdanieg. The phaonmneal pweor of the hmuan mnid, aoccdrnig to a rscheearch at Cmabrigde Uinervtisy, it dseno't mtaetr in waht oerdr the ltteres in a wrod are, the olny iproamtnt tihng is taht the frsit and lsat ltteer be in the rghit pclae. The rset can be a taotl mses and you can sitll raed it whotuit a pbo

Database Of Stolen Identities Contains More Than 40 Million Names Lucid Intelligence lets users search against more than 120 million stolen records to see if their identities are at risk Jul 20, 2009 | 03:34 PM By Tim Wilson DarkReading A new Website promises to let users search for their own identity information across a database of some 120 million stolen records to find out whether they might be at risk of online identity theft. Lucid Intelligence is the brainchild of Colin Holder, a retired London police detective and one of the world's best-known experts on identity theft. Under Holder

Jul19 Photos From Michael Jackson’s Memorial Mask Malware by Mary Bagtas (Anti-spam Research Engineer) The sudden death of Michael Jackson caused not only an outpouring emotions from his family, friends, and fans, but also a spread of spam mails that took advantage of this tragic event. Even after his memorial service last July 7, 2009, spammers are clearly not resting as they try to spread other malicious spam messages. We recently acquired a Portuguese spam mail that attracts the people by stating that they have the pictures from the memorial service of Michael Jackson. Below is the screen

20 July 2009, 13:21 Symbian Foundation signs mobile phone trojan - Update The Symbian Foundation plans to revise its procedures for testing and signing software after digitally signing a trojan for its Symbian mobile phone operating system by mistake. According to Trend Micro, the SYMBOS_YXES.B ("Sexy Space") trojan, which hides behind the name "ACSServer.exe", has botnet functionality and steals user data. It's even reportedly able to send spam texts to contacts found on the victims mobile phone. Trend Micro's analysis of the malware has shown that it and one other variant, possess valid sig

Lessons to learn from Twitter security breach July 20, 2009 I can't help but feel sorry for Twitter. It's been revealed that the French hacker who broke into Twitter's internal systems a couple of months ago has been up to mischief again, creating more embarrassment for the micro-blogging network. Last time Hacker Croll gained access to the Twitter administration console, giving him access to the accounts of millions of Twitter users. He posted screenshots revealing that he'd been able to access private information regarding the accounts of the likes of Barack Obama, Britney Spears, Ashton K

Kingston launches 256GB USB flash drive DataTraveler 300 world's biggest USB memory stick Megan Burger Kingston today released the world's largest capacity USB memory stick: a flash drive with 256GB worth of storage. According to Kingston, the Kingston DataTraveler 300 is available for sale in the UK, although product searches for both the device's name and part number - DT300/256GB - are at this point failing to turn up any live vendors. The 70.68x16.9x21.99mm Kingston DataTraveler 300 includes the Password Traveler security software for Windows and enjoys claimed transfer rates of up to 20

Thank you for your wishes. Only one fire is partially contained and others are still raging. Winds have died down today so not spreading as rapidly ... latest update is that 6,000 residents are permitted to return to their homes in the area where the fires have been reasonably contained. Highways are still closed to traffic. It is now believed the fires were not caused by lightening but by humans. How they were started is yet to be determined. I am okay as I live across the lake from the major fires ... the one that started almost across the street from me was quickly contained by the us

Microsoft releases Office 2008 for Mac Service Pack 2 Posted on 20 July 2009. Microsoft Office 2008 for Mac Service Pack 2 (SP2) was released today. This midcycle free update is designed to improve speed, stability and compatibility. SP2 delivers highly requested features throughout the suite as well as a new tool, Document Connection for Mac, that helps improve access and browsing to documents on SharePoint Products and Technologies and Microsoft Office Live Workspace. Highlights of the release Two new highly requested features in Microsoft PowerPoint 2008 for Mac: Custom Path Animation adds

20 July 2009, 15:18 US the origin of 16 per cent of spam According to a spam trend report published by the security specialists Sophos, about 1 in 6 junk emails, or 15.6 per cent of spam worldwide, now originates in the US. In contrast, Russia, formerly a big source of spam, is currently only responsible for 3.2 per cent. By continent, Asia continues to be the worst offender with 31.7 per cent. Spamhaus' current ranking (at time of writing) for the top ten countries over the last 24 hours also shows the US as the main spam source. As Graham Cluley, senior technology consultant for Sophos, po

July 20, 2009 11:48 AM PDT Linux exploit gets around security barrier by Tom Espiner A security researcher has released zero-day code for a flaw in the Linux kernel, saying that it bypasses security protections in the operating system. The source code for the exploit was made available last week by researcher Brad Spengler on the Dailydave mailing list. According to the researcher, the code exploits a vulnerability in Linux version 2.6.30, and 2.6.18, and affects both 32-bit and 64-bit versions. The 2.6.18 kernel is used in Red Hat Enterprise Linux 5. The exploit bypasses null pointer de-r

Another High-profile Hack, DDOS Probe Goes Global Nancy Weil, IDG News Service A high-profile hack of a Twitter employee's e-mail and Google Apps accounts tops our news this week, in part because the whole saga offers a reminder about the need for strong passwords and exercising caution about what personal information is posted at social-networking sites, especially if, say, that information gives clues to your passwords. Elsewhere in security news, or perhaps we should say just about everywhere in security news, the search spread worldwide for the source of the massive denial-of-service attac

Google Chrome JavaScript Regular Expressions Memory Corruption Highly critical ... A vulnerability has been reported in Google Chrome, which can be exploited by malicious people to potentially compromise a user's system. The vulnerability is caused due to an error when processing regular expressions in JavaScript and can be exploited to corrupt memory and potentially cause a heap-based buffer overflow. Successful exploitation may allow execution of arbitrary code. NOTE: An additional error can be exploited to potentially bypass the Google Chrome sandbox by allocating large amounts of memory.

17 July Massive SQL Injection Ensues 7:21 am (UTC-7) | by Det Caraig (Technical Communications) With the growing concern with numerous vulnerabilities, just this afternoon, Trend Micro Research Project Manager, Ivan Macalintal, stumbled on a somewhat regional fallout of this SQL injection in India threading through numerous compromised government, tourism, popular media, and other sites. We have identified the following new URLs leading to more malware that made it into unknowing users’ systems while visiting sites where the malicious script injection was found and identified: http://lsg

Buffer overflow in Firefox 3.5.1 A security vulnerability in Firefox 3.5 that became known four days ago also affects the, very recently released, current version 3.5.1 of Firefox. A JavaScript may be employed to pass a long Unicode string to the document.write() method, which then causes a buffer overflow. This may allow an attacker to run arbitrary code. If that doesn't work, the browser will probably claim a large amount of memory, freeze, or crash. SecurityFocus demonstrates this with a simple exploit. IBM Internet Security Services and the National Vulnerability Database also classify th

Yesterday on our way home we drove through a forest fire which started about half an hour previously ... this fire is now burning out of control. Had we not decided to come home a day early we may have been stranded and blocked by the fires. A fire in the Park across from my residence had a fire started but apparently has been quickly contained. Some 6,500 homes, housing an estimated 17,000 people are under evacuation orders. according to the fire chief, these fires are not contained. No rain is expected and only a 60% chance of rain on Thursday. weather is dry & hot and some winds.

July 15, 2009 12:45 PM PDT Lessons from Twitter's security breach by Josh Lowensohn and Caroline McCarthy Twitter's latest security hole has less to do with its users than it does with its staff, but lessons can be learned on both sides. In the case of Jason Goldman, who is currently Twitter's director of product management, the simplicity of Yahoo's password recovery system was enough to let a hacker get in and gain information from a number of other sites, including access to other Twitter staff's personal accounts. The aftermath of the hack, which took place in May, is just now coming

15 July 2009, 11:24 Six patches on Microsoft's July patch day As planned, Microsoft has released six security packages for the July patch day, including one to fix the vulnerability in DirectShow which is already being actively exploited. Three of the update bundles are classed as "critical". As well as DirectShow (part of DirectX), these affect the Video ActiveX control and the Windows Embedded OpenType Font Engine. The company rates the updates for Virtual PC and Server, Office 2007 and ISA Server 2006 as "important". Microsoft expects exploits to appear for all of the vulnerabilities. The u

Jul14 OCW ActiveX Exploit Follows MPEG2TuneRequest’s Lead 11:13 pm (UTC-7) | by Det Caraig (Technical Communications) Barely a few days after the last Microsoft zero-day exploit and out comes another, this time attacking vulnerabilities in the OS’s Office Web Components Spreadsheet ActiveX control (OCW 10 and OCW 11). As if on cue for the next round of Patch Tuesday releases, the cybercriminals also released their own “updates” with this attack. ““This vulnerability could be used for remote code execution in a ‘browse and get owned’ scenario,” says Microsoft, “but requires user interacti

Jul15 Signed Malware Coming To A Phone Near You? Conventional wisdom has it that mobile platforms like PDAs and mobile phones are safer from malware attacks, one reason being the relatively closed nature of such platforms. In some platforms, such as newer versions of the Symbian OS, this is enforced in part by mandatory code signing, which requires that applications need to be signed by a third party, ensuring (in theory) that they are not malicious. (Currently, this process is carried out by Symbian Signed, now part of the Symbian Foundation). Assuming that the third party is trustworthy, thi

July 15, 2009 11:04 AM PDT Survey: Why do people respond to spam? by Lance Whitney Most people may think they're smart enough not to answer an obvious spam message. But is that really the case? Almost one third of consumers questioned admitted answering e-mails they suspected were spam, says a survey released Wednesday by the Messaging Anti-Abuse Working Group (MAAWG). Among those who responded to spam, 17 percent said they clicked on it by mistake, 13 percent said they sent a note to the spammer to complain, while 12 percent said they were interested in the product or service. The MAAWG's s

15 July 2009, 09:54 Oracle closes security holes With this quarters Critical Patch Update (CPU), Oracle has addressed ten security vulnerabilities in its database products. Three of the issues could be exploited over the network without a user name or password being required; the components affected by these problems are Network Authentication, Listener and Secure Enterprise Search. Other problems, which require some level of authentication, affect the Oracle Network Foundation, Advanced Replications, Config Management, Upgrade and Virtual Private Database. The full list of fixed issues and a

14 July 2009, 13:17 Hacker group declares war on the security industry Anti-Sec, an ominous sounding hacker group, has pulled another attention-grabbing stunt. In last week's hack of US image host ImageShack, the group dismissed the policy of full-disclosure of vulnerabilities, an essential piece of policy in the eyes of many security specialists, as playing into the hands of the security industry. The group believes that the security industry uses full disclosure and the publication of exploits only as "scare-tactics to convince people into buying their firewalls, anti-virus software and audi

14 July 2009, 15:26 First Zero Day Exploit for Firefox 3.5 The exploit portal Milw0rm has published an exploit for Firefox 3.5. The exploit demonstrates a security vulnerability by starting the Windows calculator. In testing by heise Security, the exploit crashed Firefox under Vista, but security service providers Secunia and VUPEN confirmed that attackers using prepared websites can infect PCs. The cause of the problem is a buffer overflow when processing specially prepared Font tags. The Mozilla Foundation has been informed about the problem, but so far has not responded to queries by heise

New Trojan Variants Evade Major Antivirus Engines Several successive and massive malware outbreaks caused a spike in malware that was undetected by major AV engines, according to quarterly trend report Jul 14, 2009 | 05:00 PM Sunnyvale, Calif. " July 14, 2009 " Millions of email viruses bypassed major anti-virus engines during the second half of the second quarter, according to the Q2 2009 Internet Threat Trends Report by Commtouch' (Nasdaq: CTCH). Several successive and massive malware outbreaks caused a spike in malware that was undetected by major AV engines, compared to the consistently

Windows Embedded OpenType Font Engine Two Vulnerabilities HIGHLY CRITICAL Two vulnerabilities have been reported in Microsoft Windows, which can be exploited by malicious people to compromise a user's system. 1) A boundary error in the Embedded OpenType (EOT) Font Engine component when parsing data records in embedded fonts can be exploited to cause a heap-based buffer overflow via a specially crafted embedded font. 2) An integer overflow error in the Embedded OpenType (EOT) Font Engine component when parsing name tables in embedded fonts can be exploited to corrupt memory via a specially craf