A recent case, discussed by Omer Tene from The Center of Internet and Society at Stanford Law School, opens a few interesting discussion points around this issue.
The Kentucky Court of Appeals recently stated that you don't need a person's permission to tag them in a Facebook photo (LaLonde vs. LaLonde).
The case synopsis is that mother loses custody of her child based on evidence featuring, among other things, Facebook photos showing her drinking. The problem was that she had received mental health advice to abstain from drinking due to her medication regime. She did not post the pictures or give consent for them to be broadcast for the world to see, yet they directly impacted her life.
Ouch. And according to Tene, Facebook "evidence" is increasingly being used in court.
Continued : http://nakedsecurity.sophos.com/2011/03/23/52408/
Also: Can Facebook use my name and profile picture in ads?
Reply 1 : NEWS - March 24. 2011
Windows users who install the latest Java security patches may end up with a little more security than they bargained for, at least that's the risk they take if they don't pay close attention to the installation process.
Starting last month, Oracle began bundling a security scanning tool called the McAfee Security Scan Plus with its Java updates for the Windows operating system. The software is installed by default with the Java update, so unless users notice and uncheck the McAfee installation box as they're updating Java, they'll end up downloading McAfee's software too.
Security Scan Plus checks the PC to see if has antivirus and firewall software and if they're both up-to-date. The program comes with pop-up windows and is a bit more noticeable than the previous software that was bundled with Java in the U.S., such as the Yahoo Toolbar. Oracle bundles different products with Java in different regions, so not all Windows users may get Security Scan Plus with their Java updates.
Once downloaded, the McAfee software prompts the user on a daily basis to accept McAfee's licensing terms to complete the installation. The user can cancel out of this prompt, but there is no option to decline the terms. To remove the software, the user must use the Windows "Uninstall a Program" feature.
A number of users have inadvertently installed the software since Oracle started the bundling deal with Intel's McAfee subsidiary last month.
Continued : http://www.pcworld.com/businesscenter/article/223153/update_java_and_you_may_get_annoying_mcafee_scanner_too.html
Starting last month, Oracle began bundling a security scanning tool called the McAfee Security Scan Plus with its Java updates for the Windows operating system. The software is installed by default with the Java update, so unless users notice and uncheck the McAfee installation box as they're updating Java, they'll end up downloading McAfee's software too.
Security Scan Plus checks the PC to see if has antivirus and firewall software and if they're both up-to-date. The program comes with pop-up windows and is a bit more noticeable than the previous software that was bundled with Java in the U.S., such as the Yahoo Toolbar. Oracle bundles different products with Java in different regions, so not all Windows users may get Security Scan Plus with their Java updates.
Once downloaded, the McAfee software prompts the user on a daily basis to accept McAfee's licensing terms to complete the installation. The user can cancel out of this prompt, but there is no option to decline the terms. To remove the software, the user must use the Windows "Uninstall a Program" feature.
A number of users have inadvertently installed the software since Oracle started the bundling deal with Intel's McAfee subsidiary last month.
Continued : http://www.pcworld.com/businesscenter/article/223153/update_java_and_you_may_get_annoying_mcafee_scanner_too.html
Reply 2 : NEWS - March 24. 2011
Business gurus have long maintained that time = $$, but that doesn't mean that playtime necessarily decreases the bottom line. Many corporations have discovered that their employees tend to be more productive when they have time to give their brains a break, and gameplay is the perfect escape. So it's not surprising that some cyber criminals have taken this lesson to heart, and are crafting crime machines to include games that allow their evildoing customers to steal money and set their hi-scores at the same time.
I had a laugh when I stumbled upon the administrative panel shown in the video below. It's a back-end Web database designed to interact with a collection of Windows PCs infected by the ZeuS Trojan. This panel receives financial data stolen from victim machines, including PayPal and Bank of America account credentials. This video shows the Bank of America tab of the tool, which also allows the criminal to inject specific "challenge/response" questions into BofA's Web page as displayed in the victim's browser, as a way to steal the answers to these questions should the criminal later be asked for them when later logging in to victim accounts.
Continued : http://krebsonsecurity.com/2011/03/big-scores-and-hi-scores/
I had a laugh when I stumbled upon the administrative panel shown in the video below. It's a back-end Web database designed to interact with a collection of Windows PCs infected by the ZeuS Trojan. This panel receives financial data stolen from victim machines, including PayPal and Bank of America account credentials. This video shows the Bank of America tab of the tool, which also allows the criminal to inject specific "challenge/response" questions into BofA's Web page as displayed in the victim's browser, as a way to steal the answers to these questions should the criminal later be asked for them when later logging in to victim accounts.
Continued : http://krebsonsecurity.com/2011/03/big-scores-and-hi-scores/
Reply 3 : NEWS - March 24. 2011
One week after the much publicized Rustock botnet command and control take down, and subsequent drop in spam volumes, SophosLabs can confirm Rustock has not come back from the dead. "Dawn of the Dead" analogies need not apply.
To illustrate this, the graph below displays weekly spam volumes going back to the start of February (red line is the average volume prior to the take down). Notice the lighter blue line, which highlights the spam volume in the week since the take down: [Screenshot]
With the specific messages tied to Rustock remaining flatlined: [Screenshot]
For those wondering exactly what type of spam is no longer filling the pipes of networks worldwide, here are two recent examples of spam sent in the days prior to the take down:
Continued : http://nakedsecurity.sophos.com/2011/03/24/one-week-later-rustock-and-pharmacy-express-still-flatlined/
To illustrate this, the graph below displays weekly spam volumes going back to the start of February (red line is the average volume prior to the take down). Notice the lighter blue line, which highlights the spam volume in the week since the take down: [Screenshot]
With the specific messages tied to Rustock remaining flatlined: [Screenshot]
For those wondering exactly what type of spam is no longer filling the pipes of networks worldwide, here are two recent examples of spam sent in the days prior to the take down:
Continued : http://nakedsecurity.sophos.com/2011/03/24/one-week-later-rustock-and-pharmacy-express-still-flatlined/
Reply 4 : NEWS - March 24. 2011
Greg Hoglund, CEO of HBGary, admits that lackluster security at his company played a central role in the breach that led to the release of some 50,000 company emails, but also disputes common understanding and reported details of the hack and the group behind it, going so far as to say there was actually no hack at all.
In an interview with CSO Online's Robert Lemos, Hoglund explains that Anonymous, the hacker-collective of online mischief makers that exposed the trove of HBGary emails, never entered the company's network, and in fact may not have even been aware of its existence until long after the fact. Instead, Anonymous members used a stolen password to gain access to the companies email spool.
The email spool was hosted in Google's cloud service. Hoglund reportedly spent the better part of Super Bowl Sunday trying to shut-down the HBGary site but only ended up getting the run-around from a Google service call center in India. As his company was in the process of getting "owned," so to speak, Google's call center set up elaborate hoops through which they expected Hoglund to jump in order to validate his identity. By the time he proved himself and was able to get technical support on the phone, the damage had already been done.
Continued : https://threatpost.com/en_us/blogs/hbgary-ceo-speaks-out-anonymous-hack-032311
In an interview with CSO Online's Robert Lemos, Hoglund explains that Anonymous, the hacker-collective of online mischief makers that exposed the trove of HBGary emails, never entered the company's network, and in fact may not have even been aware of its existence until long after the fact. Instead, Anonymous members used a stolen password to gain access to the companies email spool.
The email spool was hosted in Google's cloud service. Hoglund reportedly spent the better part of Super Bowl Sunday trying to shut-down the HBGary site but only ended up getting the run-around from a Google service call center in India. As his company was in the process of getting "owned," so to speak, Google's call center set up elaborate hoops through which they expected Hoglund to jump in order to validate his identity. By the time he proved himself and was able to get technical support on the phone, the damage had already been done.
Continued : https://threatpost.com/en_us/blogs/hbgary-ceo-speaks-out-anonymous-hack-032311
Reply 5 : NEWS - March 24. 2011
A new malware distribution campaign that generates emails posing as delivery notifications from United Parcel Service (UPS) is currently hitting people's inboxes.
The rogue emails bear a subject of "United Parcel Service notification" and have spoofed headers to appear as originating from a infojs@ups.com address.
The contained message reads: "The parcel was sent your home address. And it will arrive within 7 business day. More information and the tracking number are attached in document below. Thank you."
The attachment is called UPSnotify.rar, which is a bit unusual as .zip would have probably made more sense. There is no native support for .rar in Windows.
The archive contains a file called UPSnotify.exe which is a trojan downloader. Once installed, this malicious file proceeds to download and execute additional malware on the computer.
According to independent security consultant Dancho Danchev, the threats associated with this attack include a fake antivirus, a Gbot backdoor and a variant of W32.Pilleuz which currently has a low detection rate.
An interesting aspect of this Pilleuz version is that it contacts gmail.com, yahoo.com and hotmail.com for no reason, except to throw researchers off.
Continued : http://news.softpedia.com/news/Fake-UPS-Email-Campaign-Serves-Malware-Cocktail-191161.shtml
The rogue emails bear a subject of "United Parcel Service notification" and have spoofed headers to appear as originating from a infojs@ups.com address.
The contained message reads: "The parcel was sent your home address. And it will arrive within 7 business day. More information and the tracking number are attached in document below. Thank you."
The attachment is called UPSnotify.rar, which is a bit unusual as .zip would have probably made more sense. There is no native support for .rar in Windows.
The archive contains a file called UPSnotify.exe which is a trojan downloader. Once installed, this malicious file proceeds to download and execute additional malware on the computer.
According to independent security consultant Dancho Danchev, the threats associated with this attack include a fake antivirus, a Gbot backdoor and a variant of W32.Pilleuz which currently has a low detection rate.
An interesting aspect of this Pilleuz version is that it contacts gmail.com, yahoo.com and hotmail.com for no reason, except to throw researchers off.
Continued : http://news.softpedia.com/news/Fake-UPS-Email-Campaign-Serves-Malware-Cocktail-191161.shtml
Reply 6 : NEWS - March 24. 2011
Yes,dangerous and suspiciously deceptive as to timing because I am expecting an online order from the USA to Australia - within the 7 day time frame mentioned.
Never having had any dealings with UPS this is absolutely amazingly coincidental and I don't believe in such coincidences. I think the supplier, with whom I am doing business, is highly likely to have been hacked at some level.
Fortunately Zone Alarm was right on top of it and immediately quarantined it.
Never having had any dealings with UPS this is absolutely amazingly coincidental and I don't believe in such coincidences. I think the supplier, with whom I am doing business, is highly likely to have been hacked at some level.
Fortunately Zone Alarm was right on top of it and immediately quarantined it.
Reply 7 : NEWS - March 24. 2011
TripAdvisor, the popular travel-planning site, is warning customers that some portion of the company's customer email database was stolen recently by attackers. The company is not saying how many customers are affected or how the breach occurred.
TripAdvisor posted a message on its site warning customers about the attack, but offering little in the way of details on what actually happened.
"We discovered that an unauthorized third party has recently stolen part of TripAdvisor's member email list. We're taking this incident very seriously. We've identified the vulnerability, shut it down and are vigorously pursuing the matter with law enforcement. We sincerely apologize for this inconvenience," the company said in its statement.
"The portion of our membership that was impacted may receive some unsolicited emails (SPAM) as a result. No passwords were taken, and any and all password information is secure. TripAdvisor does not collect members' credit card or financial information, and we never sell or rent our member list."
Continued : https://threatpost.com/en_us/blogs/tripadvisor-warns-customers-data-breach-032411
Also: Hackers make off with TripAdvisor's membership list
TripAdvisor posted a message on its site warning customers about the attack, but offering little in the way of details on what actually happened.
"We discovered that an unauthorized third party has recently stolen part of TripAdvisor's member email list. We're taking this incident very seriously. We've identified the vulnerability, shut it down and are vigorously pursuing the matter with law enforcement. We sincerely apologize for this inconvenience," the company said in its statement.
"The portion of our membership that was impacted may receive some unsolicited emails (SPAM) as a result. No passwords were taken, and any and all password information is secure. TripAdvisor does not collect members' credit card or financial information, and we never sell or rent our member list."
Continued : https://threatpost.com/en_us/blogs/tripadvisor-warns-customers-data-breach-032411
Also: Hackers make off with TripAdvisor's membership list
Reply 8 : NEWS - March 24. 2011
Romanian antivirus vendor BitDefender has opened public beta testing for a free security solution designed specifically to protect users when browsing the Web.
Called TrafficLight, the product is capable of scanning Web traffic in real time and blocking malicious code and other threats.
It also taps BitDefender's cloud network to check if accessed URLs are associated with phishing or black hat SEO attacks.
Since search engines and social networks are popular distribution platforms for malicious URLs, TrafficLight adds visual safety indicators to all links listed in search results or popular social media sites.
These icons can be green for safe, yellow for suspicious and red for harmful. Users will have the option to force the loading of harmful pages with the known malicious elements stripped out.
The antivirus vendor takes pride in the browser-agnostic design of the product and work is being done to make it OS-independent too.
TrafficLight does not install any browser extensions which means that it functions at the protocol level, probably as a network filter driver.
Continued : http://news.softpedia.com/news/BitDefender-Launches-Free-Web-Antivirus-191224.shtml
Called TrafficLight, the product is capable of scanning Web traffic in real time and blocking malicious code and other threats.
It also taps BitDefender's cloud network to check if accessed URLs are associated with phishing or black hat SEO attacks.
Since search engines and social networks are popular distribution platforms for malicious URLs, TrafficLight adds visual safety indicators to all links listed in search results or popular social media sites.
These icons can be green for safe, yellow for suspicious and red for harmful. Users will have the option to force the loading of harmful pages with the known malicious elements stripped out.
The antivirus vendor takes pride in the browser-agnostic design of the product and work is being done to make it OS-independent too.
TrafficLight does not install any browser extensions which means that it functions at the protocol level, probably as a network filter driver.
Continued : http://news.softpedia.com/news/BitDefender-Launches-Free-Web-Antivirus-191224.shtml
Reply 9 : NEWS - March 24. 2011
"The traffic went through China Telecom and SK Broadband, perhaps due to an error, but it is still a mystery"
Traffic destined for Facebook from AT&T's servers took a strange loop though China and South Korea on Tuesday, according to a security researcher.
Barrett Lyon, who has worked for companies such as EveryDNS, did a traceroute -- a command that allows a user to see which network providers were used to reach a desired website -- to Facebook while on AT&T's network.
Lyon wrote on his blog that data from AT&T customers would usually go directly to Facebook's network provider. But due to what Lyon characterized as a routing mistake, the traffic first went through China Telecom and then to SK Broadband in South Korea before routing to Facebook.
Routing errors are not uncommon on the part of network operators. In insignificant cases, it can allow traffic to take circuitous routes to destinations. But in the worst scenarios, it can mean websites in certain IP ranges could be unreachable.
Continued : http://www.networkworld.com/news/2011/032411-att-facebook-traffic-takes-a.html
Traffic destined for Facebook from AT&T's servers took a strange loop though China and South Korea on Tuesday, according to a security researcher.
Barrett Lyon, who has worked for companies such as EveryDNS, did a traceroute -- a command that allows a user to see which network providers were used to reach a desired website -- to Facebook while on AT&T's network.
Lyon wrote on his blog that data from AT&T customers would usually go directly to Facebook's network provider. But due to what Lyon characterized as a routing mistake, the traffic first went through China Telecom and then to SK Broadband in South Korea before routing to Facebook.
Routing errors are not uncommon on the part of network operators. In insignificant cases, it can allow traffic to take circuitous routes to destinations. But in the worst scenarios, it can mean websites in certain IP ranges could be unreachable.
Continued : http://www.networkworld.com/news/2011/032411-att-facebook-traffic-takes-a.html
Reply 10 : NEWS - March 24. 2011
Password service Lastpass simply blocks the IP addresses of users who test the site's security measures in a move which may very well cause collateral damage. Lastpass offers a central storage facility for passwords that are then made available to devices independently of browsers and platforms, via extensions and apps.
This rather unusual security measure was discovered when an editor at c't magazine, The H's associates in Germany, in preparation for an article, routinely fed a few input fields with character strings that would indicate if there were XSS or SQL injection problems at the site. Unfortunately, such security holes are still very common and would be unforgivable for a central password storage service. When a colleague of the editor tried to access the Lastpass web site a little later, he was only presented with the message that his IP address had been blocked due to suspicious activities.
Since all of the publisher's employees use a joint proxy to access the internet, it was this proxy's IP address that had been blacklisted, and this promptly blocked all Heise employees; the address was unblocked again after a short email exchange. However, the question remains whether such a blacklist is really a suitable measure for increasing a service's security levels. Apparently, Lastpass only introduced the measure after information on an XSS hole in its web pages was published on the internet; Lastpass had closed the hole the following day - a Sunday.
Continued : http://www.h-online.com/security/news/item/Password-service-locks-out-hackers-1214086.html
This rather unusual security measure was discovered when an editor at c't magazine, The H's associates in Germany, in preparation for an article, routinely fed a few input fields with character strings that would indicate if there were XSS or SQL injection problems at the site. Unfortunately, such security holes are still very common and would be unforgivable for a central password storage service. When a colleague of the editor tried to access the Lastpass web site a little later, he was only presented with the message that his IP address had been blocked due to suspicious activities.
Since all of the publisher's employees use a joint proxy to access the internet, it was this proxy's IP address that had been blacklisted, and this promptly blocked all Heise employees; the address was unblocked again after a short email exchange. However, the question remains whether such a blacklist is really a suitable measure for increasing a service's security levels. Apparently, Lastpass only introduced the measure after information on an XSS hole in its web pages was published on the internet; Lastpass had closed the hole the following day - a Sunday.
Continued : http://www.h-online.com/security/news/item/Password-service-locks-out-hackers-1214086.html
Reply 11 : NEWS - March 24. 2011
.. Facebook apps
Below we have a rather fetching page located at helpjapan(dot)co(dot)tv: [Screenshot]
"Japan Earthquake Relief: Help raise money for disaster relief in Japan with a few clicks of your mouse".
That's great, except hitting the Connect with Facebook button reveals an app called "your age pic" located at apps(dot)facebook(dot)com/youwilllooklike - at least, it would if it wasn't currently offline due to an "issue with its third party developer".
[Screenshot]
Check out the reviews, which mention friend spamming. Here's someone having problems with rapid fire messages being sent out.
The message posted to Facebook pages looks like this: [Screenshot]
"YOUR 1 click = $0.5 for Japan Relief Fund !! Guys ! Japan needs ur help real bad !! People are suffering,lost their homes,friends,family and more Please Support the earthquake victims @ helpjapan(dot)co(dot)tv/"
There's quite a few off those knocking around in public Facebook searches right now. Given that the whois info for the website looks fake ("the almsn ddsfg Afghanistan"?) and it is hosted alongside what look like Call of Duty Facebook scam sites I doubt we'll be seeing this app reactivated.
Continued : http://sunbeltblog.blogspot.com/2011/03/japan-earthquake-relief-and-young-girl.html
Below we have a rather fetching page located at helpjapan(dot)co(dot)tv: [Screenshot]
"Japan Earthquake Relief: Help raise money for disaster relief in Japan with a few clicks of your mouse".
That's great, except hitting the Connect with Facebook button reveals an app called "your age pic" located at apps(dot)facebook(dot)com/youwilllooklike - at least, it would if it wasn't currently offline due to an "issue with its third party developer".
[Screenshot]
Check out the reviews, which mention friend spamming. Here's someone having problems with rapid fire messages being sent out.
The message posted to Facebook pages looks like this: [Screenshot]
"YOUR 1 click = $0.5 for Japan Relief Fund !! Guys ! Japan needs ur help real bad !! People are suffering,lost their homes,friends,family and more Please Support the earthquake victims @ helpjapan(dot)co(dot)tv/"
There's quite a few off those knocking around in public Facebook searches right now. Given that the whois info for the website looks fake ("the almsn ddsfg Afghanistan"?) and it is hosted alongside what look like Call of Duty Facebook scam sites I doubt we'll be seeing this app reactivated.
Continued : http://sunbeltblog.blogspot.com/2011/03/japan-earthquake-relief-and-young-girl.html
Reply 12 : NEWS - March 24. 2011
Five men have been jailed for their roles in a huge missing-trader fraud which netted £140m.
The men were sentenced to 37 and a half years in prison in total.
HMRC said the five were motivated by pure greed. They were convicted of various counts of cheating the Revenue contrary to Common Law.
Andrew Hart (40) of Cricklewood, London, Mohammed Chaudhery (36) of Slough, Berkshire, Kevin Davis (46) of Kilburn, London, and Abdul Jabbar Butt (49) of Wembley, Middlesex set up their own limited companies, most of which traded for five weeks or less.
A fifth man, Tariq Sarwar, of Ryecroft Street, Gloucester acted as organiser. He pleaded guilty to five counts of cheating the Revenue and was sentenced to nine years in prison.
They imported mobile phones and computer chips VAT-free from other EU countries, then sold them on, with VAT added to UK customers. Each company owed the Revenue between £26.5m and £39.1m when it shut.
The money was never paid to the Rev but was laundered through various offshore firms.
Continued : http://www.theregister.co.uk/2011/03/24/hmrc_vat_fraud_sentence/
The men were sentenced to 37 and a half years in prison in total.
HMRC said the five were motivated by pure greed. They were convicted of various counts of cheating the Revenue contrary to Common Law.
Andrew Hart (40) of Cricklewood, London, Mohammed Chaudhery (36) of Slough, Berkshire, Kevin Davis (46) of Kilburn, London, and Abdul Jabbar Butt (49) of Wembley, Middlesex set up their own limited companies, most of which traded for five weeks or less.
A fifth man, Tariq Sarwar, of Ryecroft Street, Gloucester acted as organiser. He pleaded guilty to five counts of cheating the Revenue and was sentenced to nine years in prison.
They imported mobile phones and computer chips VAT-free from other EU countries, then sold them on, with VAT added to UK customers. Each company owed the Revenue between £26.5m and £39.1m when it shut.
The money was never paid to the Rev but was laundered through various offshore firms.
Continued : http://www.theregister.co.uk/2011/03/24/hmrc_vat_fraud_sentence/
Reply 13 : NEWS - March 24. 2011
The EU has reported a "serious" cyber attack on the Commission and External Action Service on the eve of a summit in Brussels, a spokesman told the BBC.
Crucial decisions on the future structure of the EU, economic strategy and the ongoing war in Libya are to be discussed at the two-day talks.
Details were not given but other sources compared the attack to a recent assault on France's finance ministry.
"We're often hit by cyber attacks but this is a big one," one source said.
The European Commission has been assessing the scale of the current threat and, in order to prevent the "disclosure of unauthorised information", has shut down external access to e-mail and the institutions' intranet.
Staff have been asked to change their passwords.
'Serious cyber attack'
"The Commission and External Advisory Service are subject to a serious cyber attack," Antony Gravili, the spokesman for the inter-institutional relations and administration commissioner, told the BBC News website.
Continued : http://www.bbc.co.uk/news/world-europe-12840941
Also: Major cyber attack hits EU Commission and EEAS days before Brussels summit meeting
Crucial decisions on the future structure of the EU, economic strategy and the ongoing war in Libya are to be discussed at the two-day talks.
Details were not given but other sources compared the attack to a recent assault on France's finance ministry.
"We're often hit by cyber attacks but this is a big one," one source said.
The European Commission has been assessing the scale of the current threat and, in order to prevent the "disclosure of unauthorised information", has shut down external access to e-mail and the institutions' intranet.
Staff have been asked to change their passwords.
'Serious cyber attack'
"The Commission and External Advisory Service are subject to a serious cyber attack," Antony Gravili, the spokesman for the inter-institutional relations and administration commissioner, told the BBC News website.
Continued : http://www.bbc.co.uk/news/world-europe-12840941
Also: Major cyber attack hits EU Commission and EEAS days before Brussels summit meeting
Reply 14 : NEWS - March 24. 2011
Sony claims that PlayStation 3 jailbreaker George "GeoHot" Hotz fled to South America to avoid legal action. But according to Hotz, he's just on vacation.
Earlier this week, Sony filed papers in a California court, which accuse Hotz of fleeing the country to avoid handing over "components of his hard drives as requested" to the court. Sony says Hotz has attempted "to dodge this Court's authority," which raises "very serious questions" about Hotz and his defense in Sony's lawsuit against him.
According to a post by Hotz on his blogspot blog, "GeoHot Got Sued," the hacker is actually just in South America for some much-needed R&R. The post, entitled "Fearmongering" [sic] reads:
Continued : http://www.digitaltrends.com/gaming/sony-playstation-3-hacker-george-hotz-denies-fleeing-to-south-america/
Also: Sony: PS3 hacker GeoHot fled to South America
Earlier this week, Sony filed papers in a California court, which accuse Hotz of fleeing the country to avoid handing over "components of his hard drives as requested" to the court. Sony says Hotz has attempted "to dodge this Court's authority," which raises "very serious questions" about Hotz and his defense in Sony's lawsuit against him.
According to a post by Hotz on his blogspot blog, "GeoHot Got Sued," the hacker is actually just in South America for some much-needed R&R. The post, entitled "Fearmongering" [sic] reads:
Continued : http://www.digitaltrends.com/gaming/sony-playstation-3-hacker-george-hotz-denies-fleeing-to-south-america/
Also: Sony: PS3 hacker GeoHot fled to South America
Reply 15 : NEWS - March 24. 2011
A Chinese mobile security firm has been accused of bundling viruses with their anti-malware software in an expose aired on Chinese state-run television.
The expose claims the company, NetQin, partnered with another mobile software firm Feiliu to deliberately infect smartphones with malware and then charge users for removing it, according to CNET's Asian blog Sinobytes. The expose was first aired on a state-run Chinese Centeral Television program on March 15, according to the blog.
NetQin sells its mobile security app for various platforms on at least three Chinese network app stores. The country's three major cellular communications companies-China Mobile, China Telecom and China Unicom-have blocked sales of the software through their app stores for the time being pending further investigation, according to both Asian branches of ZDNet and CNET. The carriers have also stopped all payment processes, preventing NetQin from charging customers for the updates on their phone bills.
When users downloaded and installed the NetQin antivirus application on their device, it allegedly downloaded the malware from Feiliu. It is unclear at this time whether Feiliu is a legitimate tool that happened to be malware-ridden or if it was a stand-alone virus.
Continued : http://www.eweek.com/c/a/Security/NetQin-Accused-of-Bundling-Malware-with-AntiVirus-Software-560890/
CNET Asia: Anti-virus maker NetQin found to be infecting and defrauding its users
The expose claims the company, NetQin, partnered with another mobile software firm Feiliu to deliberately infect smartphones with malware and then charge users for removing it, according to CNET's Asian blog Sinobytes. The expose was first aired on a state-run Chinese Centeral Television program on March 15, according to the blog.
NetQin sells its mobile security app for various platforms on at least three Chinese network app stores. The country's three major cellular communications companies-China Mobile, China Telecom and China Unicom-have blocked sales of the software through their app stores for the time being pending further investigation, according to both Asian branches of ZDNet and CNET. The carriers have also stopped all payment processes, preventing NetQin from charging customers for the updates on their phone bills.
When users downloaded and installed the NetQin antivirus application on their device, it allegedly downloaded the malware from Feiliu. It is unclear at this time whether Feiliu is a legitimate tool that happened to be malware-ridden or if it was a stand-alone virus.
Continued : http://www.eweek.com/c/a/Security/NetQin-Accused-of-Bundling-Malware-with-AntiVirus-Software-560890/
CNET Asia: Anti-virus maker NetQin found to be infecting and defrauding its users
Reply 16 : NEWS - March 24. 2011
Yesterday we learned that Elizabeth Taylor, an American icon for some seven decades, died of congestive heart failure at 79. Today, Kaspersky Lab expert Dmitry Bestuzhev informs us that the news of her death is being exploited via social engineering scams on Twitter.
The scam uses a shortened, malicious link that has been in circulation since November of 2010, and has been used in various pay-per-click scams by the same affiliate program.
If nothing else, the scam proves Elizabeth Taylor was an international star, as the phishing scam successfully lured and hooked individuals from 48 countries.
This news comes with little surprise, as trends of exploiting high profile world events to propagate phishing scams and spread malware becomes more and more commonplace.
https://threatpost.com/en_us/blogs/elizabeth-taylors-death-triggers-spam-campaign-032411
The scam uses a shortened, malicious link that has been in circulation since November of 2010, and has been used in various pay-per-click scams by the same affiliate program.
If nothing else, the scam proves Elizabeth Taylor was an international star, as the phishing scam successfully lured and hooked individuals from 48 countries.
This news comes with little surprise, as trends of exploiting high profile world events to propagate phishing scams and spread malware becomes more and more commonplace.
https://threatpost.com/en_us/blogs/elizabeth-taylors-death-triggers-spam-campaign-032411
Reply 17 : NEWS - March 24. 2011
Kaspersky Lab is still monitoring malicious websites involved in the recent Japan spam campaigns.
For those who may have missed the two first blogs, you can read them here and here However, today we discovered than some of the payloads were not the usual Trojan-Downloader.Win32.CodecPack.*.
Instead, the payload is now Ransomware (detected as Trojan-Ransom.Win32.PornoBlocker.jtg), disguising itself as a fake warning message from the German Federal Police. The message pretends that your computer has been blocked because it was found to be hosting child pornography.
Victims are asked to pay a 100 euros fine to unlock the machine.
As if the German police logo wasn't enough, they also use logo from anti-virus companies such as Kaspersky Lab to look more convincing.
On successful exploitation, the malware hijacks the desktop to display the following warning: [Screenshot]
The victim can no longer use their computer, unless they pay a 100 euros ransom. Here is a translation of the blackmail test:
Continued :http://www.securelist.com/en/blog/6155/Ransomware_Fake_Federal_German_Police_BKA_notice#readmore
For those who may have missed the two first blogs, you can read them here and here However, today we discovered than some of the payloads were not the usual Trojan-Downloader.Win32.CodecPack.*.
Instead, the payload is now Ransomware (detected as Trojan-Ransom.Win32.PornoBlocker.jtg), disguising itself as a fake warning message from the German Federal Police. The message pretends that your computer has been blocked because it was found to be hosting child pornography.
Victims are asked to pay a 100 euros fine to unlock the machine.
As if the German police logo wasn't enough, they also use logo from anti-virus companies such as Kaspersky Lab to look more convincing.
On successful exploitation, the malware hijacks the desktop to display the following warning: [Screenshot]
The victim can no longer use their computer, unless they pay a 100 euros ransom. Here is a translation of the blackmail test:
Continued :http://www.securelist.com/en/blog/6155/Ransomware_Fake_Federal_German_Police_BKA_notice#readmore
Reply 18 : NEWS - March 24. 2011
Google leveled new charges against China this week, claiming that the country has interfered with some citizens' access to the Internet giant's Gmail service, disguising the interference as technical glitches.
Security experts say that China is most likely using invisible intermediary servers, or "transparent proxies," to intercept and relay network messages while rapidly modifying the contents of those communications. This makes it possible to block e-mail messages while making it appear as if Gmail is malfunctioning.
Companies regularly use transparent proxies to filter employees' Web access. Some ISPs have also used the technique to replace regular Web advertisements with those of their own. But it's becoming increasingly common for governments to use transparent proxies to censor and track dissidents and protestors. All traffic from a certain network is forced through the proxy, allowing communications to be monitored and modified on the fly. Intercepting and relaying traffic is known as a "man in the middle" attack.
"What you are doing is rewriting the content as it is delivered back to the user," says Nicholas J. Percoco, the head of SpiderLabs, which is part of the security firm Trustwave. Percoco said China's ISP could track everyone who uses Gmail. To do this, it would "inject a JavaScript keystroke logger, which would record every keystroke they typed on the service."
Robert Lemos article continued : http://www.technologyreview.com/web/37074/
Security experts say that China is most likely using invisible intermediary servers, or "transparent proxies," to intercept and relay network messages while rapidly modifying the contents of those communications. This makes it possible to block e-mail messages while making it appear as if Gmail is malfunctioning.
Companies regularly use transparent proxies to filter employees' Web access. Some ISPs have also used the technique to replace regular Web advertisements with those of their own. But it's becoming increasingly common for governments to use transparent proxies to censor and track dissidents and protestors. All traffic from a certain network is forced through the proxy, allowing communications to be monitored and modified on the fly. Intercepting and relaying traffic is known as a "man in the middle" attack.
"What you are doing is rewriting the content as it is delivered back to the user," says Nicholas J. Percoco, the head of SpiderLabs, which is part of the security firm Trustwave. Percoco said China's ISP could track everyone who uses Gmail. To do this, it would "inject a JavaScript keystroke logger, which would record every keystroke they typed on the service."
Robert Lemos article continued : http://www.technologyreview.com/web/37074/
Reply 19 : NEWS - March 24. 2011
If you got a call from a legitimate security source informing you that your website was infected, would you take action?
I certainly would, which is why I am rather frustrated when we take time to reach out to an organisation about a web infection, and they deliberately choose to do nothing about it.
Case in point: In January, Sophos contacted a Milan-based law firm, specialists in Intellectual Property, to inform them that its site was infected with Mal/Iframe-Gen. [Screenshot]
Turns out that they have not acted on the information we provided. In fact, if you look below, it looks like they haven't updated their site since November last year. We contact the firm again yesterday, and they are simply uninterested in dealing with the infection on their website.
Continued : http://nakedsecurity.sophos.com/2011/03/24/infected-website-ignored-by-law-firm/
I certainly would, which is why I am rather frustrated when we take time to reach out to an organisation about a web infection, and they deliberately choose to do nothing about it.
Case in point: In January, Sophos contacted a Milan-based law firm, specialists in Intellectual Property, to inform them that its site was infected with Mal/Iframe-Gen. [Screenshot]
Turns out that they have not acted on the information we provided. In fact, if you look below, it looks like they haven't updated their site since November last year. We contact the firm again yesterday, and they are simply uninterested in dealing with the infection on their website.
Continued : http://nakedsecurity.sophos.com/2011/03/24/infected-website-ignored-by-law-firm/
My question is, if I try building a PC with 2 256MB RAM modules and a NVIDIA GeForce 2 card, what kind of tower would I need to buy? Also, I'm trying to go for AMD for a processor and I want to know which of the NVIDIA GeForce 2 series is the best? The Ultra, GTS, MX, Pro, or Ti?
Finally, with processors what is the best one that will support my motherboard for either Intel or AMD?
tons of P4's on there.