Peaches

Review: Windows 7 Beta 1 shows off new task bar, more UI goodies Goodbye, Quick Launch bar -- there's a new task bar in town. January 7, 2009 (Computerworld) The just-released Beta 1 version of Windows 7 is a solid, fast-performing, stable operating system that appears to be just about fully baked and ready for prime time. It is much further along than Windows Vista was during its initial beta phase, and it appears to be feature-complete. Based on the stability and speed of this beta, don't be surprised if Microsoft Corp. releases Windows 7 before 2010 rolls around. The new, powered-up task b

How to Get Your Mitts on the Windows 7 Beta Late Wednesday, Microsoft unveiled the public beta for Windows 7, the follow-on and follow-up to Vista, which from all signs the company is trying to forget as fast as possible. CEO Steve Ballmer, in a surprisingly subdued keynote -- no real shouting -- made the announcement Wednesday night at the International CES. It wasn't much of a surprise, what with leaks to file-sharing sites and hints posted on Microsoft's own site in recent weeks. Still, it's a new version of Windows, even if some have dubbed it "Vista, a lot better." Oh, wait, that was Ball

7 January 2009, 09:46 Twitter hack explained by hacker The person responsible for the Twitter hack that saw various celebrity twitter accounts announcing bizarre news, or pointing to spam sites, has come forward and spoken to Wired magazine. There were numerous theories on how the person, who goes by the handle GMZ, gained access to those accounts. It turns out that it was a simple brute force dictionary attack on a Twitter account's password. The hacker, who only identified themselves as an 18 year old US student, had been randomly targeting apparently popular users with his own, dictionary

7 January 2009, 11:53 Fake LinkedIn profiles spread trojans Criminals have created fake profiles for celebrities on the professional networking site LinkedIn to attract unsuspecting users and infect them with malware. Profiles in the names of Victoria Beckham, Beyoncé Knowles, Christina Ricci, Kirsten Dunst, Salma Hayek and Kate Hudson offered links to sets of nude photos and films. Users who clicked on links were sent to either fake anti-virus software or directed to download a media player for Windows, containing a trojan. There are hundreds of other similar accounts created by criminals,

Jan7 Once Again, Bogus Promos Used to Seed Malware by Maydalene Salvador (Anti-spam Research Engineer) “The conclusion of the recent holiday season didn’t stop cybercriminals from creating new spoofed promos to distribute malware, of course. Very much similar to the social-engineering campaign that used McDonald’s and Coca-Cola, yet another spam run that distributes malware was recently found by Trend Micro researchers. Popular brands such as Ikea, Symantec, Jack Daniel’s, and British Airways were all used for this recent campaign. Spam emails are sent, promoting a coupon and instruct

Most Dangerous Security Myths: Myth #3 Erik Larkin "When the Web was young and blink tags abounded, it wasn't hard to avoid the bad stuff online. You could generally tell by looking at a site if it was unsavory or even dangerous, and if you were careful with your surfing and your e-mail, you could generally have gone without antivirus. Not anymore. These days crooks like nothing more than to find a security flaw in a benign but vulnerable site and use the flaw to insert hidden attack code. Once in place, that hidden snippet will scan for security flaws on your PC any time you view the page. If

Mozilla Firefox/Thunderbird/SeaMonkey Multiple Remote Vulnerabilities Bugtraq ID: 32882 Class: Unknown CVE: CVE-2008-5500 CVE-2008-5501 CVE-2008-5503 CVE-2008-5504 CVE-2008-5505 CVE-2008-5506 CVE-2008-5507 CVE-2008-5508 CVE-2008-5510 CVE-2008-5511 CVE-2008-5512 CVE-2008-5513 CVE-2008-5502 Remote: Yes Local: No Published: Dec 16 2008 12:00AM Updated: Jan 06 2009 11:42PM Credit: Daniel Veditz, Jesse Ruderman, David Baron, Boris Zbarsky, moz_bug_r_a4, Hish, Marius Schilder of Google Security, Chris Evans, Chip Salzenberg, Justin Schuh, Tom Cross, Peter William, Gary Kwong, and

Google picks up third spot in spam-friendly shame list Blogspot exploits and Gmail scams slammed By John Leyde "Google has leapfrogged Microsoft to reach third place in a blacklist of spam-friendly ISPs, compiled by anti-spam organisation Spamhaus.org. Microsoft, which cropped up at fifth place on the November edition of the same list, has cleaned up its act to the extent that it no longer appears in the rogues' gallery of the ten ISPs that are slackest in dealing with junk mail problems. Previously Microsoft's live.com and livefilestore.com web properties were soft targets for penis pill purv

Apple Security: Time To Stop Feeling Superior? There have been far more Apple-related security problems in the past two years than in previous years, requiring Mac users to be more vigilant than ever to ensure that their computers are safe. By Thomas Claburn InformationWeek "Apple issued 35 security updates in 2008, down slightly from the 38 issued in 2007, but significantly more than the 22 security updates in 2006 and 23 in 2005. In a report on the state of Mac security, Intego -- a seller of Mac security software -- claims, "There have been far more [Apple-related] security problems in

January 6, 2009 10:13 AM PST Hackers hit MacRumors keynote coverage "Some nasty pranksters, likely associated with Web forum 4Chan, have hacked into Apple gossip mainstay MacRumors' live-blog coverage of Tuesday's Macworld keynote. Hosted on a separate domain, MacRumorsLive.com, the site was plagued by offensive messages about Apple CEO Steve Jobs' health and general inanity (i.e. "SEX ME") before finally succumbing to "technical difficulties." It remains uncertain whether the pranksters actually brought down the site, or whether MacRumors voluntarily took it down to keep things under control

Twitter Hack: How It Happened and What's Being Done JR Raphael, PC World "Twitter is tackling a series of security issues, starting with a hack that hit some well-known celebrity accounts. Someone broke into Twitter accounts belonging to President-elect Barack Obama, CNN anchor Rick Sanchez, and Britney Spears over the weekend. At the same time, a phishing scam is trying to trick regular users into handing over their passwords and compromising their profiles. Twitter Hack: Celebrity Targets First, the freshest set of hacks: Someone managed to crack the passwords to nearly three dozen

Researchers Hack Into Intel's VPro Robert McMillan, IDG News Service Sort By Rating Rating Date Performance Price Get Reviews Close “Security researchers said they've found a way to circumvent an Intel vPro security feature used to protect PCs and the programs that they run from tampering. Invisible Things Labs researchers Rafal Wojtczuk and Joanna Rutkowska said they've created software that can "compromise the integrity" of software loaded using the Trusted Execution Technology (TXT) that is part of Intel's vPro processor platform. That's bad news, because TXT is supposed t

Is it Safe to Just Ignore Windows' Service Packs? Lincoln Spector timestamp(1231170900000,'longDateTime') Don Dalton installed Vista's SP1 update, encountered "a multitude of problems," and uninstalled it. Can he safely go on indefinitely without it? “Windows service packs can be the stuff of nightmares. Do you let Microsoft do a major, remote-control overhaul of your operating system that might break something that was working just fine? Or do you ignore a service pack that plugs some serious security holes and is more likely to fix something that's already broken than to break some

Microsoft MSN Messenger IP Address Information Disclosure Vulnerability Bugtraq ID: 33125 Class: Design Error CVE: Remote: Yes Local: No Published: Dec 30 2008 12:00AM Updated: Jan 05 2009 11:22PM Credit: Carmelo Brancato Vulnerable: Microsoft MSN Messenger Service 8.5.1 http://www.securityfocus.com/bid/33125 - source of information

XP users should consider disabling Windows' indexing service, a system hog of little practical value. Go to Control Panel, Administrative Tools, Services, and scroll down to Indexing Service. Double-click it, and set Startup type to Disabled. >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> The following program is free and I have already downloaded it and going to give it a try on my old computer which is very slooooooooowwwwww!! Start up delayer .... Nobody likes getting stuck in traffic. But that's

Latest Foxmarks Add-On for Firefox Tackles Password Backups Erik Larkin "If you're among the multitude of people who rely on the Firefox browser to remember their Web site passwords (and there's no denying that I am), here's something you might like. The latest version of the popular, free Foxmarks add-on now has a feature for synchronizing and effectively backing up the passwords that your browser stores, in much the same way as it does for your bookmarks. It's dead simple to set up Foxmarks so that whenever you add a bookmark to your browser at work, the new addition will also be automatica

Jan1 2009 ‘Classmates Reunion’ Used as Malware Ploy by Florabel Baetiong (Anti-spam Research Engineer) "Class reunion invitations (supposedly from classmates.com) are being seen in spam recently — recipients of these messages are asked to click on a link found in the message to get the details of the “reunion†and also see a related video. Looking at the IP origins of sample spam messages, it appears that these have been sent out by spam bots using dynamic IPs from different dialup and broadband ISPs. Clicking on the link would actually direct users to a malicious webpage. In this p

Don't download any program from CNET/download.com Recent occurrences concerning CNET/download.com and their download archive make clear they offer malicious programs for download and therefore it is advised to avoid CNET. Apparently they don't screen software before offering it for download, so there is a not acceptable risk that software gained via CNET is malicious and will infect PCs. Recent example is Intelinet Internet Security, a rogue anti-spyware and offered via CNET. Really irresponsible is the refusal of CNET to remove malicious programs from their download archive: several people ha

Rescue a Wet Cell Phone So you dropped your cell phone in the toilet. Or left it out in the rain. Or ran it through a load of whites. Hey, it happens. Before slinking into the phone store for a replacement, try bringing your drowned device back to life. First, remove the battery (which may need to be replaced). If your phone has a memory card, take that out, too--it should be fine once it dries. Submerge the phone in a bowl of dry rice, cover it, and leave it overnight. The rice should suck out the moisture from the phone's innards. Pop in a new battery, and you might just be back in business

Nokia 'Curse of Silence' SMS exploit uncovered Old bug, new tricks By Bill Ray • 2nd January 2009 11:08 GMT Mobile phone security vendors were rejoicing last night when it emerged that an obscure bug in an old version of the Symbian OS could allow an attacker to crash a target's mobile phone with a specially-formatted text message. The attack has been rather dramatically branded the "Curse of Silence", and is a genuine bug that prevents incoming SMS messages being received once a specially-formatted text has been sent to the target as, demonstrated by Tobias Engel. Phones running Nokia's S6

RemApple Safari WebKit 'alink' Property Memory Leakote Denial of Service Vulnerability Bugtraq ID: 33080 Class: Design Error CVE: Remote: Yes Local: No Published: Jan 01 2009 12:00AM Updated: Jan 02 2009 11:41PM Credit: Jeremy Brown Vulnerable: Apple Safari 3.2 http://www.securityfocus.com/bid/33080

RealNetworks Helix Server Multiple Vulnerabilities Secunia Advisory: SA33360 Release Date: 2008-12-30 Critical: Highly critical Impact: DoS System access Where: From remote Solution Status: Vendor Patch Software: Helix DNA Server 11.x RealNetworks Helix Mobile Server 12.x RealNetworks Helix Server 12.x Subscribe: Instant alerts on relevant vulnerabilities Description: Some vulnerabilities have been reported in RealNetworks Helix Server, which can be exploited by malicious people to cause a DoS (Denia

The State of Spam: What to Expect in 2009 A look at the scourge of spam in 2008 and some predictions for spam in 2009. R Raphael, PC World Jpam, oh spam -- can we ever get rid of you? 2008 saw a promising blow to the endless sea of junk mail, but the relief didn't last for long. Now, spam experts say new forms of annoyances are on the way for the new year. "Some battles have been won in 2008, but the war is far from over," says Martin Thornberg, co-founder of SPAMfighter, a software development and spam research company. So far, junk mail has managed to infiltrate only about 22 percent of its

25C3: Many RFID cards poorly encrypted Karsten Nohl, the security investigator who had a big hand in cracking NXP's Mifare Classic chips, says many RFID smartcards from other manufacturers are also vulnerable to a simple hacker attack. He told the 25th Chaos Communication Congress (25C3) in Berlin that "Almost all RFID cards use weak proprietary encryption systems" and only the latest types were any better. For example, several generations of Legic, HID and Atmel cards have holes in their armour. RFID cards are used today to control access to buildings, rooms, cars or electronic devices. Mifa

1 January 2009, 17:37 25C3: SMS killer application for many Nokia mobiles Some of the SMSs expected to be sent to mobile phones in the New Year period are unlikely to contribute to their recipients' holiday joy. The Chaos Computer Club (CCC) is warning, in at least one vulnerability report, of dangerous emails, sent as SMSs, that block reception of further SMSs or MMSs on many current Nokia mobile phones. Tobias Engel, a member of CCC, discovered the security leak and baptized it the "Curse of Silence because it shuts off the channel for incoming SMSs on the attacked mobile phone. Th