Peaches

May 26, 2009 10:35 AM PDT Facebook sued by user over virus by Elinor Mills Updated at 2:35 p.m. PDT with legal expert comment; at 1:15 p.m. with information from Facebook's terms of service, and at 12:30 p.m. with more details, comment, and background. "A Florida librarian and activist has filed a civil lawsuit against Facebook alleging that the social network failed to adequately protect users from a virus. Theodore Karantsalis, of Miami Springs, Fla., is seeking $70.50 from Facebook in the lawsuit, which was filed a week ago in Miami-Dade county court. Facebook breached a "legal duty to ex

Nawh you guys ... it is candy apple green ... absolutely delicious.

25 May 2009, 11:21 Novell fixes critical vulnerabilities in GroupWise "Novell has released updates for GroupWise 7.x and 8.x to fix six security vulnerabilities. Two of the vulnerabilities relate to buffer overflows in the GroupWise Internet Agent (GWIA) when reading e-mails via SMTP and when processing certain SMTP requests. Attackers are reportedly able to exploit the bugs remotely without authentication to inject and execute code with SYSTEM privileges. The other vulnerabilities concern WebAccess, and permit attackers to gain access to an e-mail account using XSS or vulnerabilities in sess

25 May 2009, 09:44 SIGINT: Ubuntu Privacy Remix "The Ubuntu Privacy Remix (UPR) project is presenting the second beta version of its live CD, at SIGINT 09, a conference organized in Cologne by the Chaos Computer Club (CCC). The conference is debating the topics of monitoring and political interference. The Ubuntu Privacy Remix (UPR) is based on a modified version of Ubuntu 9.04, the most popular Linux distribution. UPR is intended to give personal data the best possible protection against unwanted intruders and to help people, particularly those with little technical savvy, to defend themsel

May25 Brazil: Orkut Phishing Mail Leads to Data-Stealing Malware by Gaye Ofilas (Anti-spam Research Engineer) We recently captured a spam email that appeared to be from Orkut. It is written in Portuguese, and translates to the following (via GoogleTranslate): Problems with your account. Dear User, We received some complaints against your profile saying you are “using copyrighted material,” and before Orkut disables your account unfairly, asks for you to contact us stating the problem. Some information from the complaint: Your Profile: {malicious link to phishing page} Report: {directly downlo

Add Firefox's Spell-Check Feature to Forms Related Content Firefox 3 comes with a handy-dandy built-in spell-checker. If you've ever used, say, Google Docs or posted a message in an online forum, you've probably seen it at work: A red line appears under each misspelled word. Right-click the word to see spelling suggestions (along with the usual context-menu options). It's a great feature, but it has just one shortcoming: It doesn't work in Web forms. Well, not yet, anyway: It's a simple matter to tweak the spell checker so it pulls form duty. Here's how: Open Firefox, then type about:config

Microsoft Plays Hardball With Windows 7 Versions Posted by Dave Methvin, May 23, 2009 01:59 PM "When Windows Vista proved too big to fit early netbooks, Microsoft resurrected XP at a lower price to satisfy that market. Microsoft would only sell XP to an OEM if the system was sufficiently underpowered that it couldn't run Vista. Microsoft has already said that all versions of the slimmer Windows 7 should run on netbooks, so what will happen with Windows 7? Microsoft has been mum on details, but there have been some worrisome rumors that the company might come out with a "Windows 7 Starter for

Arrested Developers: 8 Tech Celebs Who've Been in Trouble with the Law It's easy to forget that the people responsible for creating the technologies we use everyday are, well… people too. And some of them do bad things. Mike Keller, PC World Tech Stars Behind Bars The operators of the Pirate Bay torrent site, which reached over 25 million unique peers, were recently sentenced to a year in prison and millions of dollars in damages. Those behind the hoopla? Three Swedish guys, who considered The Pirate Bay a running piece of performance art. Here a few more tales of infamous "tech celebrity" run

I am a tad out of the loop but good luck with your new chair. I hope it works well for you and reduces your pain. cheers ..

May 22, 2009 4:00 AM PDT Clickjacking: Hijacking clicks on the Internet by Elinor Mills "What if you reached to grab a newspaper out of a news stand and you found a rock in your hand instead? How about opening the front door to a grocery store and ending up on a boat? This sounds like a Matrix movie, but the virtual equivalent of this is real and poses one of the most serious new risks on the Internet, according to Jeremiah Grossman, chief technology officer and co-founder of Whitehat Security. "Most exploits (like worms and attacks that take advantage of holes in software) can be patched,

Google results poisoned with malicious links Security threat found on legitimate websites Robert McMillan A new attack that peppers Google search results with malicious links is spreading quickly, the US Computer Emergence Response Team has warned. The attack, which has intensified in recent days, can be found on several thousand legitimate websites, according to security experts. It targets known flaws in Adobe's software and uses them to install a malicious program on victims' machines, CERT said. The program then steals FTP login credentials from victims and uses that information to sprea

May22 Fake Videos Lead to Fake Flash Player by Jonathan Leopando (Technical Communications) Cybercriminals have long used videos as a lure to get unknowing users to download and install malware onto their systems. Recently, however, a new variant came up that differs just a little from the usual modus operandi. TROJ_SMALL.UY, at first glance, appears to be a fairly standard malware that’s installed by claiming it’s needed for a video. There’s one difference, though: TROJ_SMALL.UY, which poses as an installer for Adobe Flash Player, does appear to actually install Adobe Flash Player. In fact,

Almost 30,000 Videos On YouTube Contain Comments With Links To A Malicious Web Page Automation tools are being used based on large number of videos affected, according to PandaLabs May 22, 2009 | 09:14 AM GLENDALE, Calif., May 22 /PRNewswire/ -- PandaLabs, Panda Security's malware analysis and detection laboratory, has approximately 30,000 videos on YouTube with comments containing links that point to a Web page designed to download malware. This is another example of how cyber-criminals are attacking popular Web 2.0 sites to distribute malware. Similar attacks have previously been seen, to

Cancel Your Cable, Watch TV on an Xbox Darren Gladstone, PC World "Forget all the yammering about the forced digital upgrade on June 12: After years of gripping a wretched remote and looking at lousy menus, I'm Comcastrating my cable service. Or, at least, I'm seriously considering doing so. After test-driving one $40 app for a couple of weeks, I'm ready to chuck that crummy cable box into the trash and forget about the digital-upgrade scheme. This is the story of PlayOn, the software that could ruin everything for cable providers--if the bugs are ever ironed out. Imagine a software package th

Now Google tracking follows you out of cyberspace Making your life easier by knowing what you're doing By Bill Ray "Not content with knowing what you're doing online, Google has patented a process using the accelerometer in your phone to work out what you're doing offline too, all in the interest of improving your experience. Android devices might start working out what we're doing based on how we're moving, and make decisions as to what we'd like them to do based on that information, as outlined in Google's latest patent spotted by Unwired View. Mobile phones have, for some time, been able to

Windows 7 Prices May Be Announced in Mid-June Gregg Keizer, Computerworld "Microsoft will unveil pricing for Windows 7 in a few weeks, a Web site that has accurately predicted past company moves said today. TechARP.com, a Malaysian Web site that correctly named the ship date of Internet Explorer 8 earlier this year and leaked details of an upcoming free Windows 7 upgrade program for users who buy Vista PCs after July 1, said that Microsoft will publicly announce prices for Windows 7 in mid-June. Although Microsoft has detailed the Windows 7" versions it will ship later this year, it has not s

German Job Offers Used for Nigerian Scam by Alice Decker (Advanced Threats Researcher) "These days, German users receive emails announcing that a company called IT-Electronics is looking for professionals in search of extra income. Here is a rough translation of the email message: Dear recipient, IT Electronics, the leading Asian firm in the field of information technology, announces again its intention to employ workers in Germany. We give you another chance to work with us and to have extra income. We are looking for honest, responsible and industrious people aged 21 to 67 years old for

Spam Volume Has Doubled Since April 1 Growth constitutes twice the amount of spam as compared to before the spam hoster McColo was cut off in November 2008 May 20, 2009 | 06:23 PM BERLIN, May 20 /PRNewswire/ -- "The daily spam volume has doubled since 1 April 2009, Germany's leading e-mail security provider eleven reports. After growing significantly in the second half of April, the eleven experts have noticed a dramatic increase in spam traffic, beginning 5 May 2009. Between 1 April and 18 May 2009, spam grew by 102 per cent overall. This growth constitutes twice the amount of spam as comp

Half Of Social Networking Sites Keep Users' Photos After Deletion: Study University of Cambridge study examined 16 popular Web sites that host user-uploaded photos,including social networking sites, blogging sites, and dedicated photo-sharing sites May 21, 2009 | 11:58 AM "Researchers from the University of Cambridge today announced the results of a new study demonstrating that many social networking sites maintain copies of user photos after users delete them. This could be an unpleasant surprise to users who believe they have deleted an embarrassing photo, only to find out it is still avai

Deja vu: New scams hit Facebook and Twitter by Elinor Mills Updated at 4:20 p.m. PDT with Twitter phishing attack, at 4:10 p.m. with Facebook comment and 2:30 p.m. with attack also downloading malware onto computers. "Phishers were having a field day with Facebook and Twitter on Thursday. A new phishing scam hit Facebook users that, like others in recent weeks, sends them to a Web site which steals their log-in information and also secretly downloads malware onto computers when they visit the malicious Web site in what is known as a "drive-by download." Meanwhile, Twitter users were getting

May20 Koobface Worm Alive and Wriggling by JM Hipolito (Technical Communications) "Shortly after a phishing attack that targeted the 200 million users of immensely popular social networking site, Facebook, another attack was launched by cybercriminals. This time however, the attack targets not only Facebook users but also members of Tagged, Friendster, MySpace and other networking sites as well. A new Koobface attack was found, which uses the very same fake YouTube site utilized in another < recent Koobface attack, which scared users into breaking CAPTCHA codes for cybercriminals. Once exe

Mac OS X Java Calendar Deserialisation Code Execution Vulnerability Highly critical "A vulnerability has been discovered in Mac OS X, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an error in the deserialisation of Calendar objects in Java for Mac OS X. This can be exploited to escape the Java sandbox and execute arbitrary code e.g. when a user visits a web page containing a specially crafted Java applet. This is related to vulnerability #14 in: SA32991 The vulnerability is confirmed in Mac OS X 10.5.7. Other versions may also be a

THIS IS INCREDIBLE.... Read all the Numbers... Slowly and in Order!! Be Careful not to MISS ANY 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 Scroll down ..................... TOMORROW I'LL SEND YOU THE ABC's It's so easy to amuse some people

20 May 2009, 12:58 New type of attack on web applications: Parameter Pollution At the recent OWASP conference, the Italian security experts Luca Carettoni and Stefano Di Paola demonstrated a new way of manipulating web applications and tricking security systems: HTTP Parameter Pollution (HPP). This form of attack essentially involves submitting the parameters in GET and POST requests in unusual form or order, or with unusual delimiters. A request like: GET /foo?par1=val1&par2=val2 HTTP/1.1 will be processed in the normal way, while GET /foo?par1=val1&par1=val2 HTTP/1.1 with two occu