Peaches
-
Content Count
2130 -
Joined
-
Last visited
Content Type
Profiles
Forums
Calendar
Posts posted by Peaches
-
-
-
Apr18 Despite the Headlines, SLAAC Does Not Represent a Zero-Day Attack Vector
SLAAC is a mnemonic for IPv6 StateLess Address AutoConfiguration, which follows attempts at obtaining router information that happens only after the interface has established an IPv6 address for the local link. IPv6 does not use Ethernet broadcasting, which imposes scaling limitations on the devices supported on a local link. Instead, IPv6 multicasting divides devices into 16.7 million isolated Solicited-Node groups based on the last 3 bytes of their IPv6 address. Multicasting represents a significant departure from the way networks previously worked using the blunt method of broadcasting.
IPv4 and MAC Address Relationship with Network Interface Unverified
Under IPv4, IP addresses are determined using the ARP [RFC826] to request MAC addresses associated with a specific IPv4 address by using a broadcast (all one’s) destination for the MAC address recognized by switches and interfaces and replicated or flooded across all switch ports. ARP can also announce an address by setting both source and destination IPv4 addresses to the same value or to probe by setting the source to a null IP address.
The inverse of ARP was BootP described in [RFC951] back in 1985. BootP requests an IP address for the MAC address by using a broadcast (all one’s) destination IP address. BootP was superseded by DHCP. Those new to IPv6 are often surprised to find how multicasting rather than broadcasting changed the way networks, switches, and routers operate.
More details: http://blog.trendmicro.com/
-
April 19, 2011 4:15 PM PDT
ACLU: Michigan cops stealing drivers' phone data
The Michigan State Police have started using handheld machines called "extraction devices" to download personal information from motorists they pull over, even if they're not suspected of any crime. Naturally, the ACLU has a problem with this.
The devices, sold by a company called Cellebrite, can download text messages, photos, video, and even GPS data from most brands of cell phones. The handheld machines have various interfaces to work with different models and can even bypass security passwords and access some information.
The problem as the ACLU sees it, is that accessing a citizen's private phone information when there's no probable cause creates a violation of the Constitution's 4th Amendment, which protects us against unreasonable searches and seizures.
To that end, it's petitioning the MSP to turn over ... Read full post & comments
Originally posted at Crave
-
14 April 2011, 12:43
Break-in at WordPress.com
WordPress.com 's Matt Mullenweg has confirmed that attackers broke into its systems, gained root level privileges and that "potentially anything on those servers could have been revealed". While WordPress.com's software is open source, the source code on WordPress.com's servers contained configuration information and code written for partners which would include sensitive information which may have been accessed by the intruders.
Wordpress.com's operator, Automattic, says that after reviewing logs it appears that only limited information was disclosed. At present there is no indication that the intruders stole passwords from Wordpress users and, even if they had, they are stored in hashed and salted form and therefore hard to crack.
Story: http://www.h-online.com/security/news/item/Break-in-at-WordPress-com-1227926.html
-
</h3>
<h3>Toshiba to launch self-erasing hard drivesToshiba will soon debut a series of hard drives that can automatically erase or prevent access to their own data should the drives end up in the wrong hands.
The company's new self-encrypting drive family will include a new feature that detects if the drive is connected to an unknown and undefined computer or other system. If so, the drive can either securely wipe all of its data or just deny access to that data. Customers can apply the feature to specific data on the drive and choose how and when to render the data indecipherable, according to Toshiba.
The drives are designed to provide an extra layer of security, especially for corporations, government agencies, and other organizations that need to adhere to certain security and data privacy requirements. The security technology itself is built on the "Opal" specification from the Trusted Computing Group, which dictates certain ... Read full post & comments http://news.cnet.com/8301-1009_3-20053910-83.html
-
AVG unveils Family Safety parental controls software
Monitor your child's online activity
By Carrie-Ann Skinner | PC Advisor | 13 April 11
AVG has unveiled Family Safety – parental controls software that aims to help parents protect their kids when they're surfing the web.
Related Articles
Parents concerned smartphones encourage kids to grow up too quickly
- 21% of parents concerned about kids' social networking activities
- 95% of kids have accessed porn online
- Kids lie about their personal details on the web
The software allows parents to create profiles for each child, which can be adjusted as the child gets older and as their digital behaviour and habits change. As well as blocking inappropriate content, such as pornographic sites, the software lets uses prevent access to over 80 different social networks including Facebook, MySpace and Bebo.
Furthermore, AVG Family Safety lets adults monitor when children are using the web, the software they open and what they're searching for on the net.
-
</h3>
<h3>Malware Installs Rogue Apps on Compromised Facebook AccountsApril 14th, 2011, 08:32 GMT| By Lucian Constantin
A new piece of malware being distributed by Sality uses stolen Facebook credentials to surreptitiously install rogue apps under the corresponding profiles.
Sality is the world's top file infecting malware and dates back to 2003. The threat has evolved over the years and was fitted with P2P, self-propagation and malware distribution functionality.
According to security researchers from Symantec, at the beginning of this year, Sality operators pushed a malicious component through its P2P network that acted as a keylogger and recorded Facebook, Blogger and MySpace login credentials. The trojan sent the stolen credentials to a command and control (C&C) server, but also stored them locally in an encrypted file to the surprise of security researchers. That was until a new piece of malware recently distributed by Sality began making use of the login details in those encrypted files.
It downloads Internet Explorer automation scripts from a C&C server and uses the stolen credentials to login on the corresponding websites and perform predefined actions. As far as Facebook is concerned, the trojan received instructions to install a rogue application under hijacked accounts. The app, called "VIP Slots," only asked for access to basic account information.
http://news.softpedia.com/news/New-Malware-Forces-Users-to-Install-Rogue-Facebook-Apps-194988.shtml
-
Locate and Update Latest System Driver with SlimDrivers
SlimDriver is a tool that helps users with management of their system’s drivers. It can scan computers and identify drivers. It is a free tool that locates missing drivers and ensures that the drivers are up to date with the latest updates. It ensures that the latest version of software and installs it. Using the SlimDriver interface, users can download and install drivers manually, one after the other.
SlimDrivers works with Windows XP, Windows Vista and Windows 7. This tool helps drivers to be up to date; and therefore resulting in faster drivers that ensure that the PC works better. This is because newer drivers are more optimized and coexist better with software that is in the PC. Additionally, it can also fix issues like devices that use drivers and issues of hardware causing problems.
Some of the most important features of the tool include:
- Instant scanning the system for missing or broken drivers
- Scheduling of scans to run automatically
- Updating drivers after downloading updates
- Uninstalling drivers as and when needed
- Have backup for drivers
- Restoring the system in the event of failure
- Lack of satisfactory information on drivers – both old and new drivers.
- Though the automatic update for drivers is an important feature, the downside is that most of these updates may not be relevant to the PC.
- Restricts the installation to download and installing the drivers in a one-by-one basis.
Overall this tool can be used effectively to monitor and update the system’s drivers. However, it is a tool that can be improved to fix all that needs to be fixed; also giving it enough room for growth. It is important to note here that this is just the first version and will surely be a tool that will help in making the PC faster and more efficient.
http://www.techprone.com/locate-and-update-latest-system-driver-with-slimdrivers/
-
Yahoo! Allows Users to Monitor Account Login Activity
April 13th, 2011, 10:36 GMT| By Lucian Constantin
Yahoo! has introduced a new feature which allows users to review their account's login history for strange activity and signs of possible compromise.
Email accounts are valuable for cyber criminals and can be compromised in a variety of ways, including via keyloggers or phishing. Since storage space is no longer a major issue, a lot of people fail to delete old emails. This is a security risk because those messages can contain passwords and sensitive information about other accounts.
In addition to the more traditional illegal activities like spamming, compromised accounts can be used to send scam emails to the user's own contacts, therefore increasing the chances of finding someone willing to pay.
"The latest incident of email breach at Dallas-based Epsilon, where millions of stolen email addresses potentially could be used for targeted 'spear-phishing' further emphasizes the importance of safeguarding your online account," writes Andy Y Wu, product manager of Yahoo! Membership.
However, the new feature is not limited to email and covers all services provided under the same Yahoo! ID. The "Recent Login Activity" page lists logins by date, location, access client (browser, Y! Messenger) and the place of origin (Front Page, Mail, etc.).
Story: http://news.softpedia.com/news/Yahoo-Allows-Users-to-Monitor-Account-Login-Activity-194784.shtml
-
13 April 2011, 11:20
Chromium-based Flock social web browser is no more
In a post on their home page, the Flock developers have announced that support for their Chromium-based social web browser will officially be discontinued on 26 April 2011. Thanking their "loyal users" for their support, the developers encourage the Flock community to migrate to another browser.
Flock began life as a cross-platform browser start-up in April 2005. Distinguishing itself from other browsers, Flock automatically managed updates and media from several popular social services, including MySpace, Facebook, Bebo, Digg, YouTube and Twitter.
More details: http://www.h-online.com/security/news/item/Chromium-based-Flock-social-web-browser-is-no-more-1227009.html
-
Profile Spy Scam Hits Twitter
April 5th, 2011, 06:57 GMT| By Lucian Constantin
Security researchers warn of a survey scam currently making the rounds on Twitter which tricks users by promising them the ability to view their profile visitors.
According to Robert Graham of Errata Security, victims post spam messages that read "94 people viewed my profile today!" followed by "Wow! See who viewed your twitter with Profile Spy [link]"
Clicking on the link takes users to a page asking for an app called "Profile Spy" to connect to their accounts. This app is used for the scam's propagation and if allowed, it will start sending spam from the victim's accounts without their permission. People who agree to connect with the application will be redirected to a page asking them to participate in a survey, allegedly as a security check. These surveys try to sign up users for premium rate mobile services or are part of legit affiliate marketing campaigns that are abused by the scammers. Each time a user completes a survey, the scammers earn a commission, which makes it worthwhile to keep the attacks going.
Story: http://news.softpedia.com/news/Profile-Spy-Scam-Floods-Twitter-193106.shtml
-
13 April 2011, 10:35
Ransomware claims to lock Windows licence
Calls to unlock the computer are allegedly free.
Source: F-Secure In what appears to be a lucrative scam, after infecting a system, ransomware blocks users from accessing their system and demands payment of a ransom to restore access. A recent variation on this theme claims to lock the Windows licence. The licence can be restored (re-activated) by calling a supposedly free service number.
However, the message is not generated by Microsoft – it's a trick and the call is, of course, anything but free. The numbers called are expensive international numbers in countries such as Madagascar. As anti-virus specialist F-Secure reports, calls are placed in a queue for several minutes to ensure that calling costs mount up. With the help of an operator, the fraudsters are able to divert the call to a cheaper country, allowing them to pocket a portion of the call charge to the number originally called.
Details & screenshot: http://www.h-online.com/security/news/item/Ransomware-claims-to-lock-Windows-licence-1226789.html
-
13 April 2011, 17:12
Software to protect users from prying eyes
Vendor Oculis Labs has announced that its PrivateEye security software is now also available as an enterprise version. PrivateEye is designed to protect screen contents from prying eyes by permanently monitoring the area in front of the screen via a webcam and blurring contents as soon as the user looks away or another person looks over the user's shoulder. A face recognition algorithm reportedly ensures that the screen content is only accessible to specific persons. If an unknown face approaches the protected computer, the software takes a picture and displays it on screen for deterrence until the legitimate user returns.
Details: http://www.h-online.com/security/news/item/Software-to-protect-users-from-prying-eyes-1227562.html
-
</h1>
<h1>Adobe Photoshop Updates for iPadAdobe has been trying to create different apps that can recreate Photoshop to the Apple iPad. However, it has been reported that the latest version promises to be the best one yet. It promises to be a support for content creation on the Apple tablet.
Adobe is scheduled to demonstrate the different programs that will allow tablet to act as an input device, when it is used in conjunction with a Mac or PC that runs Photoshop. Adobe is offering three kind of solutions:
- Nav: Enables easy and quick shifts between tools or opening photos.
- Eazel: Provides a high-tech finger painting pad on the iPad.
- Abode Colour Lava: Converts the Apple tablet into an ultra color-mixing palette.
These three enhancements are part of the Adobe Creative Suite version 5.5, and have been scheduled to be released on May 3. It is believed that by early next month this version will be available in the iTunes Store and will be available at the similar price of the previous versions ranging between $1.99 and $4.99.
Adobe usually updates its entire Creative Suite every 18 to 24 months, however, this time they have decided to release it a little quicker. This definitely promises to be an exciting and interesting update, apart from the others updates that Adobe will do to the suite itself.
via [All Things Digital] - http://mobilized.allthingsd.com/20110410/adobe-recasts-the-ipad-as-high-tech-palette-for-photoshop-video/
-
Windows 7 Color Changer Adds Aero Color to Wallpapers
Windows 7 Color Changer allows you to add Aero colors to your customized wallpapers. Though, by default, this feature is not in Windows 7, this application can be downloaded and used very easily. Like the default version, Aero Color Changer allows you to rotate wallpaper and images. Additionally, it also gives you the option to set a separate Aero color; that too, for each of the rotating images.
This application is easy to download and install and once that’s done, using it is that much easier to use because of its user-friendly interface. Using this application you can customize the wallpaper, add Aero colors to each of the images in the wall paper, set transparency levels for the wall paper, and also set the rotation time for the wallpaper.
To use this application the way you want to, complete the following:
1. To launch the application click the application icon in the system tray, and then click Setup Wallpaper.
This displays the Edit Your Wallpapers dialog box.
2. Add your custom images to create your own personal theme.
Note: At this stage you can give Aero color to the wallpapers and manage the transparency levels of the wallpaper.
3. After making the required changes, click Set.
You can also change the rotation time of the new wallpaper, after enabling auto start Window 7 Color Changer at the system startup, from the Options menu. You can choose the kind of change you want and after how many minutes you want the wallpaper to rotate.
http://www.techprone.com/windows-7-color-changer-adds-aero-color-to-wallpapers/
-
-
Microsoft cranks out Internet Explorer 10 preview
IE9 still warm
MIX 2011 Microsoft has released an Internet Explorer 10 preview, little more than a month after the debut of IE9.
The company posted its IE10 Platform Preview build on Tuesday, calling it "the first step in delivering the next wave of progress in native HTML5 support". It seems likely that an IE10 beta will be delivered in September.
As he demonstrated planned features for IE10 at Microsoft's annual MIX conference in Las Vegas, Nevada, Windows and Windows Live president Steven Sinfosky announced the dates for Microsoft's "next developer conference". It will be held in September in Anaheim, California. "All the things you are hearing about today will be just as impressive in the preview of the things we will show in September," he said.
-
April 12, 2011 8:12 AM PDT
Avast update blocks legitimate Web sites
An update rolled out yesterday to Avast's antivirus product contained a bug that flags legitimate Web sites as malware infected. In a blog post late yesterday, Avast acknowledged the false positive glitch in an update known as 110411-1, which was automatically rolled out to Avast AV users earlier that day. The error has specifically affected versions 4.x, 5.x, and 6.x of Avast's antivirus software.
In an e-mail to CNET, an Avast spokesman said today that the update was downloaded by around 5 million users, mostly on the Western Hemisphere due to the time in which it was launched. In-house sensors discovered the problem just a few minutes after the buggy update was released, and Avast workers managed to create and release a fix within 45 minutes, according to the company.
Known as 110411-2, the fix must be manually installed. Avast is advising all users to ...
Read full post & comments -= http://news.cnet.com/8301-1009_3-20053085-83.html
-
Exploit-wielding boffins go on free online shopping binge
World's biggest e-commerce sites wide open
By Dan Goodin in San Francisco
Computer scientists have documented serious flaws in software running some of the world's biggest e-commerce sites and shown how they can be exploited to receive DVDs, digital journals, and other products for free or at sharply reduced prices not authorized by the sellers.
The findings, laid out in a paper to be presented at next month's IEEE Symposium on Security and Privacy, is an indictment of the software makers, the e-commerce sites, and the third-party cashiers used to process payments. By exploiting the buggy programming interfaces the three parties use to work together, the researchers were able to defraud sites including Buy.com, JR.com, and LinuxJournalStore.com. (They later canceled the transactions or returned the items to work around legal and ethical constraints.)
The researchers, from Microsoft and Indiana University, said the vulnerabilities stem from the interconnected communication among the end user making a purchase, the online merchants, and the cashier-as-a-service providers such as PayPal, Amazon Payments, and Google Checkout. The “trilateral interaction” is so complex that the two most popular e-commerce programs used to coordinate the communications can easily be fooled into approving the transactions for free, or at a tiny fraction of the price being charged.
Story: http://www.theregister.co.uk/2011/04/12/free_online_shopping_exploits/
-
April 12, 2011 4:00 AM PDT
Democratic senator wants Internet sales taxes
A Democratic senator is preparing to introduce legislation that aims to end the golden era of tax-free Internet shopping. The proposal--expected to be made public soon after Tax Day--would rewrite the ground rules for Internet and mail order sales by eliminating the ability of Americans to shop at Web sites like Amazon.com and Overstock.com without paying state sales taxes.
Dick Durbin of Illinois, the second most senior Senate Democrat, will introduce the bill after the Easter recess, a Democratic aide told CNET.
"Why should out-of-state companies that sell their products online have an unfair advantage over Main Street bricks-and-mortar businesses?" Durbin said in a speech in Collinsville, Ill., in February. "Out-of-state companies that aren't paying their fair share of taxes are sticking Illinois residents and businesses with the tab."
-
Keep Track of Your Laptop and Phone
Prey is an open source program for tracking laptops and Android phones. It's free to use for up to three devices, and there are paid plans available if you need more. Prey runs on Windows, Mac, some Linux, and Android. If you use this software (or anything like it!) make sure you test it BEFORE your phone or laptop wanders off. Prey is available here: http://preyproject.com/ -
Are you using this or something like it? What do you think?
-
</h3>
Read full post & comments - http://news.cnet.com/8301-27080_3-20052203-245.html<h3>New fake antivirus accepts SMS paymentsby Elinor Mills There's a new twist with some fake antivirus scareware that has cropped up. It accepts payment via SMS, according to antivirus firm CyberDefender.
Typical rogue security programs infect the system first, then display pop ups warning that the computer is infected, and request payment to clean it up. The new programs are seemingly more genteel, asking for the money before the program is installed and infects the system, said Achal Khetarpal, threat research director at CyberDefender. Of course, a payment does nothing to "fix" a system and means criminals now have your money and possibly your credit card information.
When a potential victim happens upon a Web site hosting the malware, a dialog box pops up that looks very much like an installer window for a legitimate antivirus product, according to screenshots from CyberDefender. It says "Welcome ... ........
Originally posted at InSecurity Complex
-
April 5, 2011 5:55 PM PDT
Wrap Firefox in a Cocoon of privacy
Web browsers are ground zero for Internet security threats, and the debate over responsibility for preventing those threats has resulted in a Gordian knot. The people behind the new add-on for Firefox called Cocoon (download) want to cut through debate by serving the entire Web to you via proxy. (Cocoon is also available at GetCocoon.com.)
Cocoon's Web site, with the Cocoon add-on installed. It adds a toolbar to the top of the Firefox interface, and adds buttons to the Add-On Bar at the bottom of the interface.
Made by Santa Barbara, Calif., start-up Virtual World Computing, Cocoon's goal is to put the Internet on a server to prevent individual users from having to touch it, Cocoon Chief Executive Officer and co-founder Jeff Bermant said in an interview today at CNET's San Francisco offices. The add-on, which has about 4,000 users since it ...
Originally posted at The Download Blog - http://download.cnet...0051064-12.html
Read full post & comments & screenshot - http://news.cnet.com/security/
-
Three new search engines worth checking out
Keir Thomas, PC World
Sites to try if you're fed up with Google
DuckDuckGo
Unlike the other search engines mentioned here, DuckDuckGo appears to be just another search engine in the same mould as Google. However, it respects privacy and doesn't record search results or track you (unlike Google et al).
Qyo
Built on the theory that two (or more) heads are better than one, Qyo attempts to bring collaborative search to the masses. This is a buzz phrase within the search engine world at the moment, especially for organisations like Google and Facebook that want to expand their offerings in new directions. It's rumoured Google will soon be launching its Circles service, for example, that could feature social search.
Blekko
Blekko brings a couple of new tricks to the search party but the main one is the concept of slashtags. These are qualifying words that are added to search phrases after a slash (/) to refine the query.
For example, if I wanted to search for articles about Google Docs sorted by date, I'd type Google Docs /date. If I wanted to search for pages discussing Google Docs in the context of handheld computers like cell phones, I could type Google Docs /gadgets.
Full details: http://www.pcadvisor...?newsid=3266703
Smartphones eat games handhelds and cameras for lunch
in Tech Rumors, Updates, & Alerts
Posted
Story & graphs .. http://www.reghardware.com/2011/04/19/smartphones_effect_consumer_electronics/