Peaches

July 14, 2009 8:53 AM PDT Cisco: Text message scams on the rise by Elinor Mills Cyber scammers are banking on the notion that many people who might not fall for a phishing scam via e-mail may still be easy targets through their mobile phone, according to security report released Tuesday from Cisco Systems. Text message scams are on the rise, particularly fake messages that appear to come from a legitimate bank, said the report, which covers a wide variety of cybercrime topics. In many of the scams, the SMS messages direct the recipient to call a telephone number where an automated message p

When computer experts get bored, they create something like this .................

Office 2010 tech preview: Expect the expected And some web apps (eventually) Review Microsoft has released a technical preview of Office 2010. This is a pre-beta release intended for feedback, as well as promotion, so it's not feature-complete and may change before the final release planned for the first half of 2010. Nevertheless, it offers a fair guide to what Microsoft is planning for its ubiquitous office suite. The short summary is 'more of the same': more of the controversial Office Ribbon UI, more features for products that arguably have too many already, and more integration with Share

Microsoft offers Windows 7 early and cheap to volume customers Famine, not feast, for PC OEMs? By Gavin Clarke in New Orleans , 13th July 2009 23:51 GMT WPC Customers on Microsoft's volume licenses will get access to Windows 7 almost two months early and receive limited discounts to switch from Windows XP. Windows 7 will be made available to customers on volume licenses from September 1. The next iteration of Microsoft's client operating system will launch on October 22. Those on volume contracts will also get discounts of between 15 and 35 per cent. Discounts will apply for a limited time an

13 July 2009, 17:00 Microsoft warns of vulnerability in Office Web Component Microsoft has advised of a critical security vulnerability in an Office Web Component that allows attackers to gain control of a Windows PC. According to Microsoft, the first web pages that attempt to exploit the vulnerability, using specially crafted tables, have already appeared. For an attack to be successful, a victim must first visit a specially crafted malicious page using Internet Explorer – which could even happen inadvertently through page forwarding. The vulnerable control is a collection of objects for pub

GlobalCrypto Launches Encryption Service For Large Files Content encryption now available via inexpensive clientless Bunkermail application Internet users July 9, 2009, ATLANTA--GlobalCrypto, the leader in low-cost, user-friendly cryptographic security, today announced the release of Bunkermail for highly-secure file transfer. A web-based email service, this no overhead encryption solution makes adoption easy for both IT and capital budgeting. It is available for $10 per month. "Our clients requested an ultra-secure encryption-based file transfer system that is inexpensive, has low IT overh

New Spam Trick: Shortened URLs Joan Goodchild, CSO Sunday, July 12, 2009 9:45 AM PDT Shortened URLs, a service on many sites that turns lengthy Web addresses into shorter URLs, is rapidly becoming a popular way for spammers to reach unsuspecting readers. New analysis from Symantec's MessageLabs finds shortened URLs now account for 2 percent of all spam in inboxes (See also: Spam is More Malicious than Ever). The presence of shortened URLs in spam has skyrocketed just in the last few weeks, according to Matt Sergeant, senior anti-spam technologist at MessageLabs. "We've been monitoring the use

Ubuntu 6.06 LTS Desktop Edition approaches end-of-life Ubuntu Release Manager Steve Langasek has announced that Ubuntu 6.06 LTS (code named Dapper Drake) Desktop Edition will reach its end-of-life on Tuesday the 14th of July, 2009. Ubuntu 6.06 LTS was originally launched on the 1st of June, 2006 and included the 2.6.15 Linux kernel. The 6.06 LTS release was the first to feature a new graphical installer based on the LiveCD and included MySQL 5.0, Firefox 1.5 and OpenOffice 2.0. After the 14th of July, no new updates, including security updates and critical fixes, will be available for the Des

Vulnerabilities in WordPress - Update Security services provider Core Security has warned of an vulnerability in the processing of certain URLs in the popular WordPress blogging software, leading to various security problems. For example, unprivileged but registered users are reportedly able to examine the configuration pages of plug-ins and to change their options. The "admin.php" dashboard component, which doesn't test access rights correctly, is to blame. Core Labs has listed some sample URLs in its report to show how the plug-ins – including the WP module for the PHPIDS (PHP-Intrusion Det

Microsoft to release DirectShow patch next Tuesday Microsoft has announced that on next Patch Tuesday, the 14th July, it will release six security updates, one of which will probably be a patch to close the current DirectShow holes. This is at least the plan given by Jerry Bryant of Microsoft's Security Response Team. According to Bryant, the developer team is working around the clock and believes that it will be able to release an update of appropriate quality for broad distribution by Tuesday. As a temporary workaround, Microsoft recommends that users download and run the Fix it tool. Two f

Microsoft Security Bulletin Advance Notification for July 2009‏ From: Microsoft ([email protected]) Sent: July 10, 2009 3:13:48 AM ******************************************************************** Microsoft Security Bulletin Advance Notification for July 2009 Issued: July 9, 2009 ******************************************************************** This is an advance notification of security bulletins that Microsoft is intending to release on July 14, 2009. The full version of the Microsoft Security Bulletin Advance Notification for July 2009 can be found at http://www.mi

Jun28 New Anti-analysis Technique for Script Malware 1:42 pm (UTC-7) | by Jonathan San Jose (Threats Analyst) Recently, we came across JS_VIRTOOL which uses certain Javascript techniques so that encrypted code may not be decrypted and analyzed by a malware analyst. Here is how this is done: It retrieves the URL where the malicious script is located. It retrieves its own function and adds the string of the URL. It computes the CRC of the function plus the URL. It decrypts an encrypted code in the script body using the CRC that was computed. It executes the decrypted code using the eval()

Study: Social Network Users Put Their Data At Risk Users of Facebook, LinkedIn, Twitter leave themselves -- and their wallets -- open to attack Jun 27, 2009 | 12:48 AM By Tim Wilson DarkReading "Members of online social networks may be more vulnerable to financial loss, identity theft, and malware infection than they realize, according to a survey released earlier this week. In a survey of more than 1,100 members of Facebook, LinkedIn, MySpace, Twitter, and other popular social networks, security vendor Webroot says it has uncovered numerous behaviors that put social networkers' identities

Michael Jackson spam spreads, malware attacks likely Star's death brings crooks out of the woodwork, expect scam deluge, says Sophos By Gregg Keizer Computerworld - Within hours of the death of pop star Michael Jackson, spam trading on his demise hit in-boxes, a security firm said today as it warned that more junk mail was in the offing. Just eight hours after news broke about Jackson, Abingdon, England-based Sophos PLC started tracking the first wave of Jackson spam, which used a subject line of "Confidential -- Michael Jackson." The spam wasn't pitching a product or leading users to a phishi

Turn your XP or Vista PC into Make Vista and XP feel as fast as Windows 7 Rick Broida Microsoft's new OS, Windows 7, may offer a better user interface and features that Vista and XP. However, many users have also reported that it 'feels' faster during everyday operation, a fact backed up by informal speed tests. Maybe that's because the User Account Control is more restrained in Windows 7 than in Vista and doesn't pester them so often. If you don't want to run the risk of installing the release candidate of Windows 7 but don't want to wait until the final version is made available on October

HP and Lenovo offer free Windows 7 upgrades PC owners can check eligibility online Agam Shah HP and Lenovo are among the first PC manufacturers to announce they will be backing the Windows 7 upgrade scheme Microsoft launched yesterday. Both PC manufacturers said they will offer free upgrades to Windows 7 for customers who buy PCs pre-installed with the Windows Vista OS. Customers who buy PCs with Windows Vista will need to go to the PC makers' websites to check upgrade eligibility. Qualifying customers will receive Windows 7 upgrade disks starting October 22 , when the new OS becomes generall

KDE Multiple Vulnerabilities Highly critical Some vulnerabilities have been reported in KDE, which can be exploited by malicious people to compromise a user's system. 1) A vulnerability is caused due to a boundary error when processing SVGList objects. This can be exploited to trigger a memory corruption when visiting a malicious web page. 2) A vulnerability is caused due to a use-after-free error when processing certain SVG images, which can be exploited to execute arbitrary code via specially crafted SVG images. 3) A vulnerability is caused due to an error when executing JavaScript code whi

26 June 2009, 14:39 Hole in VLC Media Player According to security service provider Secunia, a vulnerability in the Windows version of the VLC media player can be exploited in order to compromise a system. An attack would require the attacker to get the victim to open a play list file with an overly long smb:// URI. The cause of the problem is a buffer overflow in the Win32AddConnection function in modules/access/smb.c The error was discovered in version 0.9.9 of VLC, but is likely to exist in other versions. The VLC developers have fixed the problem in their Git repository, but describe the

Are Some Vista Users Getting Screwed on Windows 7? Sure, some upgrades can be had for as little as 50 clams -- but discounts aren't being extended to Vista Not all Microsoft customers are cheering the just-announced Windows 7 pricing that puts the cost of an upgrade at as little as $50. Redmond is offering discounts on Windows 7 upgrades to some, but not all, Vista users. U.S. customers who pre-order a copy of Windows 7 Home Premium will pay just $49.99, and those who select the Professional version will pay $99.99. But there’s no equivalent deal for Windows 7 Ultimate, the logical upgrade fo

Panda Security Launches Ultra-Light 2010 Consumer Solutions Panda Antivirus for Netbooks, Panda Antivirus Pro 2010, Panda Internet Security 2010, and Panda Global Protection 2010 available for home users and professionals Jun 25, 2009 | 12:32 PM GLENDALE, Calif., June 25 /PRNewswire/ --Panda Security,the Cloud Security Company, launched its new, ultra-light2010 consumer solutions, which include Panda Antivirus for Netbooks, Panda Antivirus Pro 2010, Panda Internet Security 2010 and Panda Global Protection 2010. All of these products will be available on June 25. The new consumer products ar

Secunia release Personal Software Inspector version 1.5 Browsers are gradually replacing emails as points of entry for malware of all kinds. As a result, closing known vulnerabilities by keeping all of the browser-related programs updated has become more important than ever. Version 1.5 of Secunia's Personal Software Inspector (PSI) update tool for Microsoft Windows aims to provide assistance in this respect, offering a dedicated section on "Secure Browsing". The "Secure Browsing" feature gives users an overview of whether important components like the Flash plug-ins, Java or browser librarie

Don't Get Tricked by Fake Microsoft Update E-Mails I've received several phishing e-mails that look surprisingly authentic and professional. I do not know about you, but for the past couple of days my inbox has received several e-mails claiming to be from Microsoft while touting links to updates for Microsoft Outlook and Outlook Express. :>) Naturally, I clicked on those links right-away and installed me some updates (not). However, in all honesty, I was surprised at the level of effort that the sender went through in making this phishing e-mail look more "authentic". For example: •§ First

Copyfraud: Poisoning the public domain the future of knowledge By Charles Eicher Special report The public domain is the greatest resource in human history: eventually all knowledge will become part of it. Its riches serve all mankind, but it faces a new threat. Vast libraries of public domain works are being plundered by claims of "copyright". It's called copyfraud - and we'll discover how large corporations like Google, Yahoo, and Amazon have structured their businesses to assist it and profit from it. Copyfraud first came to my attention nearly two years ago in my scholarly research. As Goo

Apple MacBook Pro firmware fritzes third-party HDDs Fast Sata drives fail post patch By Chris Mellor 26th June 2009 09:30 GMT Apple's firmware upgrade, which restores the 3Gb/s Sata link speed to MacBook Pros, has also caused some 'unauthorised' hard drives to fail. An Apple Discussion board thread has 65 comments about the issue, which may occur when the Apple-shipped drive in the MacBook Pro is replaced with a third-party drive and the fast Sata firmware upgrade is applied. One poster, Ian Burrell, first noticed the issue with a WD Scorpio Blue drive. His MacBook Pro froze randomly and he s

Is Windows Installing Updates Without Permission? Gregg Keizer, Computerworld Windows is installing "surprise updates" against the wishes of some users, who have expressly set up the operating system not to deploy patches without permission, researchers charged today. Numerous readers of the popular Windows Secrets newsletter have reported that they have watched their PCs install updates from the June 9 set of security patches as they've rebooted or when they've turned on their machines, said Brian Livingston, the newsletter's editorial director. Those users have set options in Windows Update