Peaches
-
Content Count
2130 -
Joined
-
Last visited
Content Type
Profiles
Forums
Calendar
Posts posted by Peaches
-
-
New Microsoft Security Essentials Antimalware Engine Release Planned for Next Week
By Marius Oiaga
Come May 18th, 2011, the Redmond company will introduce an updated antimalware engine release to Microsoft Security Essentials 2.0.
As part of regular update of our antimalware technology to address the latest in the threat landscape, MMPC is planning to release a new antimalware engine on 18 May 2011.
"Affected products: Microsoft Security Essentials (MSE), Forefront Client Security (FCS), Forefront Endpoint Protection. Engine Version will be in the range of 1.1.690X.0," a member of the Microsoft Antimalware Engine team stated.
More details here: http://news.softpedi...ek-200038.shtml
-
<h2></h2> http://www.pcworld.com/article/217212/top_10_free_windows_7_desktop_themes.htmlTop 10 Free Windows 7 Desktop Themes
By Kim Saccio-Kent , PCWorld
Take a cue from thousands of PCWorld readers, and try one of these popular downloadable themes. You can decorate your desktop with beautiful high-def images of tropical fish, exotic landscapes, and adorable pets--or just make your PC look like a Commodore 64.
-
Been lazy today .. Taco's for dinner.
-
4 May 2011, 15:36
Trojans tempt users with alleged images of Bin Laden's death
Every major event attracts the attention of internet users who, attempting to find the latest information, become careless and click on anything that appears before them. At the moment, criminals are trying to surf the "Bin Laden is dead" wave, sending out emails advertising images alleged to be of the related military action. F-Secure has already observed the first malware samples of this kind that install an online banking trojan once a computer has become infected.
On its web pages, the FBI has also warned users about emails with images or videos alleged to be of Bin Laden's recent death and recommended exercising extra caution when opening emails.
A JavaScript worm that will automatically send the message "Osama Bin Laden EXECUTION video" (with a link to the purported video) from the victim's account is spreading on Facebook. Written in JavaScript, the worm requires some user interaction to spread, reports Trend Micro.
(crve)
-
May 5, 2011 4:36 PM PDT
Exclusive: Third attack against Sony planned
by Erica Ogg
A group of hackers says it is planning another wave of cyberattacks against Sony in retaliation for its handling of the PlayStation Network breach.
An observer of the Internet Relay Chat channel used by the hackers told CNET today that a third major attack is planned this weekend against Sony's Web site. The people involved plan to publicize all or some of the information they are able to copy from Sony's servers, which could include customer names, credit card numbers, and addresses, according to the source. The hackers claim they currently have access to some of Sony's servers. Should the planned attack succeed, it would be the latest blow in a series of devastating security breaches of Sony's servers over the past month. The failure of Sony's server security has ignited investigations by the FBI, the Department of Justice, Congress, and the New York State Attorney General, ... Read full post & comments http://news.cnet.com/8301-31021_3-20060227-260.html
Originally posted at Circuit Breaker
-
5 May 2011, 14:00
Potential intrusion suspected in LastPass password service
"Network traffic anomalies" to and from the databases of the LastPass password management service have caused the company to suspect that intruders could have harvested personal information – including some customers' master passwords. LastPass is an online password manager that can automatically fill in the log-in forms of web pages by using a browser plug-in.
LastPass said that it doesn't have any concrete evidence of a break-in – but that "where there's smoke, there could have been fire". The company is, therefore, forcing all its customers to change their master passwords. LastPass said that, although it assumes that the salted password hashes will withstand a brute-force attack, very weak passwords could be cracked using a dictionary attack, and that it wants to be on the safe side.
-
-
May 5, 2011, 12:35
Personal firewall for Android
Connection requests can be accepted on a one-off or permanent basis. The WhisperMonitor software firewall intercepts an Android app's outbound connections and asks users to confirm whether they want to allow or block the app's network communication with a given server. This allows users to control the data traffic from their installed apps and enables them to prevent dubious apps – and their creators – from spying on their traffic.
However, the dialogue prompt isn't very helpful in terms of decision-making. A user will only be asked to confirm whether the app is allowed to contact a certain address; it is up to the user to find out whether or not this address is legitimate. The question of why a network connection is established also remains open – users can't see whether an app is downloading or sending data. The dialogue indicates only that an app has unexpectedly attempted to establish a connection.
http://www.h-online.com/security/news/item/Personal-firewall-for-Android-1237972.html
-
PlayBook Videos: Facebook and Native Email Apps, Android App Player
“These PIM applications (including Calendar, Contacts, Tasks, MemoPad and, of course, Email) will come to BlackBerry PlayBook tablets via an update to the BlackBerry Tablet OS later this summer.”
These applications look more than appealing but, in case there are some who would like a bit more from their devices, RIM got them covered, through an Android application player for the BlackBerry PlayBook tablet.
Available later this summer for all users of the tablet PC, the player will enable them to run Android applications on their devices. Have a look at the third video below, available courtesy of RIM's BlackBerry blog as well, to make an idea of this software's capabilities.
-
May 3, 2011 1:01 PM PDT
WikiLeaks docs: Nuclear reprisals if bin Laden killed
Recently-released WikiLeaks documents show that detained al Qaeda members have predicted nuclear reprisals if Osama bin Laden were captured or killed.
The classified Defense Department files, obtained from detainee interviews at the Guantanamo Bay prison, were released by the document-sharing Web site a week before the raid in Pakistan that resulted in bin Laden's demise. (See list of related CNET stories.)
Abu al-Libi, al Qaeda's third in command and "operational chief" before he was captured in 2005, reportedly said the nuclear device was "located in Europe" and would be used in retaliation over bin Laden's death, according to the leaked files. The phrase "nuclear hellstorm" appears in the Defense Department's dossier on Khalid Shaykh Muhammad, who allegedly confessed to masterminding the September 11 attacks and will be tried by a military tribunal.
Another detainee, Sharif al-Masri, reportedly said that if al Qaeda was able to move the bomb to the United States, they would be able to find operatives of Europeans of Arab or Asian descent to use it. He said, the records show, if bin Laden "were to be captured or killed, the bomb would be detonated in the US" and that al-Libi "would be one of those able to give the order."
-
Vishing attack on Skype pushing scareware
By Dancho Danchev | May 2, 2011, 5:25am PDT
Multiple users are reporting on an ongoing vishing attack at Skype, attempting to social engineer users into thinking they're infected with malware. Here's how it works - victims typically receive a pre-recorded Skype call telling them they are infected with malware and need to visit a specific site:
Hey guys,I am working from home on my BlueCoat laptop. It has the cloud client on it. I have skype on this machine. I get a skype call from a place I didn't recognize. I answer the call and it is a recorded message. It says I have a fatal virus that needs to be fixed. That I am on Windows7. (I am not.) The recorded message tells me to go to www.helphs.com. … Can you find anything in our logs about what just happened? Thoughts? The specific site in question is an online shop pushing rogue AV products and malware cleanup services.
-
</h1>
<h1>Adobe and Skype top my Foistware Hall of ShameEd Bott
Along the way, I keep running into a sleazy trick that some software vendors play, and I’ve finally reached the breaking point. I am sick and tired of companies that try to make a quick buck by tricking their customers into installing software they don’t need. I’m experienced enough to bypass this stuff most of the time, but many of my friends and family members aren’t. And guess who gets the call when some add-on or toolbar has slowed their system to a crawl?
I call it foistware, and I’ve decided it’s time to name and shame the worst purveyors of foistware out there. If you’re not sure what I’m talking about, here’s my definition of foistware: Unnecessary third-party software that is offered as part of a program’s installation and that will be installed if the user accepts the default setup options.
This category typically includes toolbars and other browser add-ons, but I have seen software makers push browsers and system utilities as well. I do not object to platform components that are required by the app, such as Adobe Air or Silverlight or the .NET Framework. That’s a necessary and related part of the program. I also don’t object if a company wants to fund its free software by offering a third-party program if they leave the installation option blank and give the user an actual, unforced choice.
Full article a must read which names offenders: http://www.zdnet.com/blog/bott/adobe-and-skype-top-my-foistware-hall-of-shame/3195
-
</h3>
<h3>Coming soon to a Mac near you: serious malwareBy Ed Bott | May 2, 2011, 9:42am PDT
Last week I showed you how malware authors have begun using social engineering to target Google Chrome, with convincing replicas of Chrome’s bright-red security screens to trick victims into installing a package of malware.
Now I am seeing evidence that the next target is OS X. That’s potentially very bad news for Mac owners who have abandoned their PCs in the belief that switching to a Mac somehow immunizes them from malware.
Security experts know, of course, that there’s nothing magical about Macs when it comes to security. They just haven’t been targeted because Windows has been such a big juicy target for so long. But now that Macs have achieved a critical mass of success in the marketplace, they’ve attracted the attention of malware authors. According to a report from a Danish IT security company, an underground group has completed work on a fully operational kit specifically designed to build malware aimed at the Mac OS platform:
Details: http://www.zdnet.com/blog/bott/coming-soon-to-a-mac-near-you-serious-malware/3212
-
'You've got a postcard' emails lead to exploits and scareware
Security researchers from WebSense have intercepted a currently ongoing malware campaign, relying on spamvertised links to a bogus Greeting Postcard Service, the campaign aims to trick ends users into clicking on the link.
Upon clicking on the link, the users are exposed to client-side vulnerabilities which ultimately drop a scareware variant.
Users are advised to avoid interacting with suspicious links and email attachments found in email messages.
http://www.zdnet.com/blog/security/youve-got-a-postcard-emails-lead-to-exploits-and-scareware/8590
-
Assange: Facebook a ‘spying machine’
And media starts wars, says WikiLeaks founder
By Richard Chirgwin – May 3, 2011
Julian Assange, Wikileaks founder, media tart and controversialist, has leveled his hyperbole gun at Facebook, calling it “the most appalling spying machine that has ever been invented.” “Here we have the world’s most comprehensive database about people,” he said in the interview – a database that includes relationships, names, addresses, locations and communications with each other – “all accessible to US intelligence”.
He also said Facebook, along with Google and Yahoo!, have “built-in interfaces” for US intelligence. He said that by storing their information on a site like Facebook, users are essentially doing free work for intelligence agencies.
http://www.theregister.co.uk/2011/05/03/facebook_a_spying_machine/
-
In-Game Phishing Attacks Target Modern Warfare 2 Players on Xbox LIVE
Microsoft warns Xbox LIVE users about phishing messages that resemble official notifications and might appear when playing Call of Duty: Modern Warfare 2.
The so-called Service Alert was posted on the Xbox LIVE Status page under the "Matchmaking" category. It reads:
"Users may experience difficulties with the following services: Users may receive potential phishing attempts via title specific messaging while playing Modern Warfare 2.
"We are aware of the problem and are working to resolve the issue. We apologize for any inconvenience this may cause and thank you for your patience."
There are no details about the exact messages that triggered this alert, what they say or how do they look, but Christopher Boyd, a senior security researcher at GFI Software, has a theory.
According to him, a game mod gives players numerous unauthorized abilities, including the permission to post chat messages that are delivered onscreen.
"They look like the kind of messages that are posted in certain games by developers every now and then," Mr. Boyd concludes after watching some demo videos on YouTube. Of course, this is not the first time when Xbox LIVE users are targeted by phishers. However, because of the unusual nature of the attack they might be caught with their guard down.
-
28 April 2011, 16:40
FBI warns of fraudulent bank transfers to China
According to a report by the FBI, during the last year, several small to medium sized US companies have been victims of unauthorised wire transfers of funds that ended up in the accounts of "Chinese economic and trade companies located near the Russian border." The FBI detected 20 incidents in which a total of $11 million was fraudulently obtained.
The report explains that typically, the attacks were performed by targeting company employees with bank transfer authorisation and grabbing the banking details either through a phishing email or by luring them to a malicious web site. It continues: "When the authorized user attempts to log in to the user’s bank Web site, the user is typically redirected to another Web page stating the bank Web site is under maintenance or is unable to access the accounts. While the user is experiencing logon issues, malicious actors initiate the unauthorized transfers to commercial accounts held at intermediary banks typically located in New York. Account funds are then transferred to the Chinese economic and trade company bank account."
-
Obama Birth Certificate Image Search Results Poisoned
Security researchers warn that Google Image searches for president Obama's birth certificate have been poisoned with malicious links that lead users to scareware.
This new black hat SEO campaign was prompted by the White House's decision to release President Barack Obama's long-form birth certificate in order to put to rest the controversy surrounding his birthplace.
The president previously released a standard short variant of the document, which lacked some details, like the name of the exact hospital where he was born in Hawaii.
News of the extended version being released has led to a lot of Google Image searches for "Obama birth certificate," which in turn provided a good opportunity for attackers.
Security researchers from GFI Software warn that links leading users to drive-by download attacks have made their way on the first page of results returned for the aforementioned keywords.
The malicious pages load an exploit for a known Java vulnerability. If successful, the attacks result in the installation of a scareware application called "Security Shield" on the victims' computers.
The fake antivirus program currently has a very low detection rate according to an Virus Total scan, but it isn't the only malicious application distributed as part of this campaign.
-
Want a dog or???
Actually Taken From Classified Ad's In Newspapers:
FREE YORKSHIRE TERRIER. 8 years old. Hateful little dog. Bites
----------------------------------
FREE PUPPIES: ? Cocker Spaniel, ? sneaky neighbor's dog
-----------------------------
FREE PUPPIES... Part German Shepherd, part stupid dog
------------------------------
GERMAN SHEPHERD 85 lbs. Neutered. Speaks German. Free
-------------------------------------
FOUND: DIRTY WHITE DOG. Looks like a rat ... been out awhile. Better be
reward.
-----------------------------------
COWS, CALVES NEVER BRED... Also 1 gay bull for sale
-------------------------------
NORDIC TRACK $300 Hardly used, call Chubby
-------------------------------------
GEORGIA PEACHES, California grown - 89 cents lb.
------------------------------------------
NICE PARACHUTE: Never opened - used once
-----------------------------------------
JOINING NUDIST COLONY! Must sell washer and dryer $300
------------------------------------------
(AND THE BEST ONE) FOR SALE BY OWNER: Complete set of Encyclopedia
Britannica. 45 volumes. Excellent condition. $1,000 or best offer. No
longer needed. Got married last month. Wife knows everything
---------------------------------
-
</h3>
<h3>Apple sued over location tracking in iOSResearchers announced last week that they found what look like secret files on the iPhone that track user location and store it on the device, without the permission of the device owner. It's unclear what the data is used for and why Apple has been collecting it in iOS products that carry a 3G antenna for nearly a year now.
Pete Warden, a writer, and Alasdair Allan, a senior research fellow in astronomy at the University of Exeter, discovered the log file and created a tool that lets users see a visualization of that data. They say there's no evidence of that information being sent to Apple or anybody else. Even so, the pair note that the data is unencrypted, giving anyone with access to your phone or computer where backups may be stored a way to grab the data and extrapolate a person's whereabouts and routines.
To help users understand more about the data that's being collected, what the risks are, and what they can do about it, CNET has put together this FAQ, which has been updated several times since it first published on April 20.
... Read full post & comments - http://news.cnet.com/apple-talk/
-
DLL-Based FAKEAV Returns, in the Wild Again
6:57 am (UTC-7) | by Roland Dela Paz (Threat Response Engineer)
In our previous FAKEAV white paper, we presented how Trend Micro researchers tracked down the evolution of FAKEAV and followed its development behaviorwise from one generation to the next. One of the earlier generations (fourth, to be exact) in the paper comprises DLL-based FAKEAV—fake antivirus that use a .DLL file to perform all of their malicious routines to primarily avoid easy termination. A few months ago, however, we saw this particular generation again making its rounds in the wild in the form of TROJ_FAKEAV.BTV.
-
Yahoo! PH Purple Hunt 2.0 Ad Compromised
11:32 pm (UTC-7) | by Maharlito Aquino (Threats Analyst)
Earlier the other day, I was browsing through the Yahoo! PH site and the Yahoo! Purple Hunt 2.0 ad caught my attention.
Curious, I clicked the ad and found my browser downloading a suspicious file named com.com.
Apparently, this ad redirected me to a randomly generated URL similar to the following, which unfortunately led to the malicious download:
(more…) plus screenshots: http://blog.trendmicro.com/
-
How to connect to a Wi-Fi network on a Google Android phone
Use Wi-Fi instead of 3G to surf the web
By Carrie-Ann Skinner | PC Advisor | 19 April 11
Smartphones allow users to surf the web, download apps and check emails from their handset. However, this can be costly when it comes to using data, especially if you don't have an all-you-can-consume package. A number of Google Android handsets also come with Wi-Fi connectivity. By using Wi-Fi instead of data, you'll ensure there's far less damage. Here's how to connect to a Wi-Fi network from your handset.
Step one
On the home screen, press the Menu button and then select Settings.
Step two
Open the Wireless and network menu, then choose Wi-Fi settings.
Step three
The handset will identify the Wi-Fi networks in range. Select the network you want to use from those listed.
Step four
You'll be asked to enter the password for the network. Then press Connect
Step five
The handset will now connect to the network. Once successful, 'connected' will be displayed underneath the network's name. You can now begin surfing the web or checking emails from your phone.
How to screenshots here: http://www.pcadvisor...-android-phone/
-
In reversal, Yahoo will store user search data longer
Move to story IP numbers, search terms, cookies for 18 months instead of 90 days unlikely to win friends in the privacy community
By Jaikumar Vijayan | Computerworld US |
In a move that is unlikely to win it any new friends in the privacy community, Yahoo has announced that it will retain consumer search data for a substantially longer period of time than it does today.
Starting sometime in mid-July, Yahoo will hold raw search log file data, including IP addresses, cookies and search-related information, for up to 18 months. It currently retains such data for 90 days.
Yahoo's chief trust officer, Anne Toth, said in a blog post that the change, announced on Friday, was designed to give consumers a more robust and personalized search experience while also bringing Yahoo into closer alignment with industry-wide data retention norms. "We will hold raw search log files for 18 months and we will be closely examining what the right policy and time frame should be for other log file data," Toth wrote. "In announcing this change, we have gone back to the drawing board to ensure that our policies will support the innovative products we want to deliver for our consumers."
Scammers Use New Trick to Mimic Legit Facebook Links
in Security Alerts
Posted
More details here: http://news.softpedia.com/news/Scammers-Use-New-Trick-to-Mimic-Legit-Facebook-Links-200131.shtml