30 Eylül 2011 Cuma
Backdoor:WinCE/PhoneCreeper.A
Samsung gives Apple proposal to end Australia standoff (Appolicious)
esed nod32 keyleri esed nod32 key esed nod32 keys est nod32 key
Mac Cloner Psystar Denied Appeal in Court
The U.S. Court of Appeals for the Ninth Circuit has sided with Apple in the company's bitter lawsuit against Psystar.
Circuit Judge Mary Schroeder ruled yesterday that Psystar's Mac clones violated copyrights Apple holds, and the ban on sales will be upheld. According to Schroeder, Psystar specifically violated copyrights Apple holds in Mac OS X, and said that the U.S. District Court's ruling in favor of Apple was just.
Psystar first started selling its Mac clones in April 2008 under the name "OpenMac" after buying copies of Mac OS X on the market and then installing them on its own brand of computers. Soon after, the company changed the name of its devices to "Open Computer." Even so, Apple filed a copyright infringement suit against the small PC maker in July of that year. Apple argued in its lawsuit that Psystar's clones violated its Mac OS X software licensing agreement and committed "direct and contributory copyright infringement, trademark and trade dress infringement, and violation of state and common law unfair competition laws." Apple also argued that Psystar violated the Digital Millennium Copyright Act.
nod32 full indir nod32 full download full nod32 download est nod32 serial
Adware:W32/Apropos
esed nod32 keys est nod32 key esed nod32 serial esed nod32 antivirus
Hackers leak data of Goldman Sachs CEO
Lab Matters - DDoS Bot Landscape 2011
Arbor Networks researcher Jose Nazario talks about new DDoS bot families, most previously unidentified. Nazario provides a tour of recently discovered DDoS bots from around the world showing the proliferation of attack models, adoption of .Net, and new modular functionalities.
nod32 keyleri güncel güncel nod32 keyleri nod32 guncel keyler nod32 guncel key
Exploit:W32/PDF-Payload.Gen
Time to party! Windows 7 is here!
It's only a few days away. The official launch of Windows 7 is here!
And of course, that means its time to party!!! You may have heard about the Windows 7 House Parties that are being thrown all around the world. Basically thousands of small groups of people are getting together to see what Windows 7 can do.
Personally, I thought we needed to do more. So fellow MVP and friend Charlie Russel and I decided we would throw our own party. But focused on IT pros and not the consumer angle. We plan to have a lot of fun, showing the cool features of Windows 7 for IT pros like BitLocker, AppLocker and DirectAccess. We plan to bring a bunch of laptops and show new shell extensions, Powershell, new multitouch features and basically sit around and enjoy hours of Q&A for those that haven't tried it yet. We are even planning on installing Windows 7 on a guest's Macbook to show how well it does using Bootcamp on Apple hardware and even on small netbooks.
I also wanted to send a message out to the Vancouver IT community to clear up some misconceptions. This is a party hosted by Charlie and myself. This is NOT a Microsoft event. Microsoft was gracious enough to let us use their facility and even sprung for some of the cost for pizza. However, they never planned this out. Nor did the local VanTUG and VanSBS groups.
Our party is an INVITATION ONLY event. Because we are limited in our own budget and constrained in where we could have the party... we only have enough room for 75 people. So we could only allow a certain number of our friends to come. Charlie and I decided the best way to handle this would be to simply invite who we wanted, and then open it to our friends at the local user groups on a first come, first served basis. This is why there is a cap on the registration on the event, and why it booked up so quickly.
I am hearing through the grapeline that there is a LOT of descent in the Vancouver IT community who feel that Microsoft, VanTUG and VanSBS did a poor job organizing this. >LET ME BE CLEAR. This is a personal party that Charlie and I organized. If you were lucky enough to get an invitation and registered, great. But if you didn't, don't take it out on Microsoft, the local usergroups or their leaders. It's not their fault!!!
We are using our own money and time to throw this party. Please be considerate and respect that we couldn't invite all of you. I am happy to see there is so much excitement about Windows 7 and that you wanted to party with us. And I am sorry if you feel it isn't fair that you didn't get invited. Please feel free to share your own Windows 7 experience, and host your own party. We may be the only IT pro party during the Windows 7 launch, but nothing says you can't have your own!
So party on. Welcome to a new world. Welcome to Windows 7!
esed nod32 serial esed nod32 antivirus nod32 turkce nod32 full indir
Desire for knowledge or the vice of curiosity?
One of the main rules of IT security is to be very cautious when dealing with archived attachments in emails. “If you’re not sure, don’t open it!” It’s an easy rule to follow when the text in the message obviously has nothing to do with you.
When an experienced user reads about IT security problems at a bank where they don’t have an account, or about winning a lottery that they never bought a ticket for, then it’s usually immediately obvious that they are faced with yet another example of spam and there’s absolutely no reason to open the attached ZIP file. Cybercriminals will often resort to all types of social engineering to trick people into passing on their personal data and/or infecting their own computers. More often than not, they send messages that are made to look as though they come from well-known companies that either offer rewards for those that fill out or run the attached files (even stooping to threats of all kinds for those that fail to do so). But less mundane approaches are also used.
nod32 turkce nod32 full indir nod32 full download full nod32 download
Phishing at the Top Level
esed nod32 serial esed nod32 antivirus nod32 turkce nod32 full indir
Firefox devs mull dumping Java to stop BEAST attacks
Firefox developers searching for a way to protect users against a new attack that decrypts sensitive web traffic are seriously considering an update that stops the open-source browser from working with Oracle's Java software framework.
The move, which would prevent Firefox from working with scores of popular websites and crucial enterprise tools, is one way to thwart a recently unveiled attack that decrypts traffic protected by SSL, the cryptographic protocol that millions of websites use to safeguard social security numbers and other sensitive data. In a demonstration last Friday, it took less than two minutes for researchers Thai Duong and Juliano Rizzo to wield the exploit to recover an encrypted authentication cookie used to access a PayPal user account.
Short for Browser Exploit Against SSL/TLS, BEAST injects JavaScript into an SSL session to recover secret information that's transmitted repeatedly in a predictable location in the data stream. For Friday's implementation of BEAST to work, Duong and Rizzo had to subvert a safety mechanism built into the web known as the same-origin policy, which dictates that data set by one internet domain can't be read or modified by a different address.
Lab Matters - DDoS Bot Landscape 2011
Arbor Networks researcher Jose Nazario talks about new DDoS bot families, most previously unidentified. Nazario provides a tour of recently discovered DDoS bots from around the world showing the proliferation of attack models, adoption of .Net, and new modular functionalities.
7 Common Questions About Startup Employee Stock Options (Mashable)
Perhaps you’ve heard about the Google millionaires: 1,000 of the company’s early employees (including the company masseuse) who earned their wealth through company stock options. A terrific story, but unfortunately, not all stock options have as happy an ending. Pets.com and Webvan, for example, went bankrupt after high-profile Initial Public Offerings left their stock grants worthless.
Worm:W32/Todon.I
nod32 guncel key eset nod32 guncel key eset nod32 güncel key indir com nod32
Trojan:SymbOS/ZeusMitmo.A
esed nod32 serial esed nod32 antivirus nod32 turkce nod32 full indir
McAfee beats Symantec and Kaspersky to all-in-one security
McAfee has beaten its major competitors in the race to get an all-in-one security product on the market, protecting Macs, PCs, smartphones and tablets.
McAfee All Access has been made available from today, coming out before Kaspersky One and Norton One, all of which look to protect the plethora of devices used by consumers. Kaspersky?s product is due out in October, whilst the Symantec offering will not be available until 2012, according to reports.
?We?re excited to launch McAfee All Access today to meet increasing consumer demand for a single solution that safeguards users? internet-connected devices and protects their digital lifestyles,? said Todd Gebhart, co-president of McAfee. ?Users now have the protection they need without having to make buying decisions for each and every one of their devices - or go through the hassle of dealing with individual licenses each time they want to add or eliminate a device.?
29 Eylül 2011 Perşembe
27% of tested Google Chrome extensions allow data theft
27 of a 100 tested Google Chrome extensions have been found vulnerable to data (passwords, history, etc.) extraction attacks though specially crafted malicious websites or by attackers on public WiFi networks.
A trio of security researchers have manually analyzed 50 of the most popular Chrome extensions and added to that list 50 more chosen by random.
"We looked for JavaScript injection vulnerabilities in the cores of the extensions (the background, popup, and options pages); script injection into a core allows the complete takeover of an extension," explained Adrienne Porter Felt, one of the researchers. To prove their claim, they performed PoC attacks devised to take advantage of the vulnerabilities.
nod32 guncel key eset nod32 guncel key eset nod32 güncel key indir com nod32
Critical TCP/IP Worm Hole Dings Windows Vista
esed nod32 indir nod32 serial nod32 güncel keyleri nod32 keyleri güncel
Google Asks for Right in AT&T Case to Protect Confidential Company Data
Google Inc. (GOOG) asked a U.S. judge overseeing the government?s lawsuit seeking to stop AT&T Inc. (T) from buying T-Mobile USA Inc. for a chance to contest the disclosure of its confidential data in the case.
Google, which provided the information to the Justice Department in its investigation of the proposed T-Mobile deal, made its request yesterday in federal court in Washington. Google, describing the data as ?competitively sensitive? and related to internal products and launch plans, urged U.S. District Judge Ellen Segal Huvelle to have the parties give the company advance notice of possible disclosures in court or to experts.
?Without such additional protection, Google and other non- parties could find their confidential information -- such as Google?s business plans related to Android -- in the hands of competitors (or their competitors? consultants), or even in newspapers, without having had prior notice of its disclosure,? Google said its request to intervene in the lawsuit.
Okla. school official tweets: Educators 'dirtbags' (AP)
nod32 full indir nod32 full download full nod32 download est nod32 serial
Devs produce nine new NFC apps at Boston hackathon
L33tdawg: Don't miss HackWEEKDAY, a 24-hour hackathon to work on security tools which runs alongside the 9th annual HITBSecConf next month - applicants are still welcome with USD1337 up for grabs for the 'best' coder!
Forty-three developers produced nine prototype NFC applications at Isobar's 48-hour hackathon in Boston, including systems for ordering drinks in busy bars and an innovative car parking app.
How difficult is it to create new NFC applications? Public relation and marketing agency Isobar decided to find out earlier this month by hosting 'Create 48', a 48-hour NFC hackathon for developers and designers. According to Michael Nicholas, Isobar's chief strategy officer and the host of the event, the organizers didn't know how many hackers to expect. The event was promoted across the internet, through Twitter and by NFC World, and the organizers were happily surprised when 43 developers and designers showed up.
The hackers, split into 11 teams, had 48 hours to develop an NFC application that in some way improved interactions between brands and consumers. Some teams arrived together with ideas in mind and beer in hand, while other teams were formed on the spot by people who'd never met before. Sponsors provided Samsung Nexus S and Nokia handsets, NFC tags, readers, and demo code. Isobar provided the workspace, food and drink, experts to offer advice, and a place to sleep if needed.
Hotspot now shields you ad-free
nod32 güncel keyleri nod32 keyleri güncel güncel nod32 keyleri
The unstolen Matrix
After having handled thousands and thousands of phishing emails/webpages, they usually don’t actually reach me in any way or form. They are processed and added to our detection list in what is now a merely routine task. But recently I got a mail which was different because it appeared to be sent from my bank.
esed nod32 indir nod32 serial nod32 güncel keyleri nod32 keyleri güncel
Go ahead, open more tabs; Firefox 7 runs even faster
Mozilla released Firefox 7 today, and the new version of makes web browsing faster than ever. The update is especially helpful for the hardcore web junkies among us who browse with scores of open tabs and browsing sessions that span multiple days.
Firefox 7 reduces memory usage by 20 to 50 percent, which translates to quicker response times and fewer crashes. These improvements constitute the first publicly available implementation of MemShrink, Mozilla?s project focusing on decreasing Firefox?s memory consumption to make browsing faster and more stable.
The hackers at Mozilla are still working on accurate benchmark tests for quantifying Firefox?s memory usage and improvements. Mozilla says Firefox 7?s improvements should be most noticable to users who leave browser windows open for many hours or days on end, who browse with multiple tabs at once, who open image-heavy pages or pages with large amounts of text, who run Firefox on Windows machines or who use the browser simultaneously with other programs that take a large toll on memory.
Inside The Russian Short Wave Radio Enigma
From a lonely rusted tower in a forest north of Moscow, a mysterious shortwave radio station transmitted day and night. For at least the decade leading up to 1992, it broadcast almost nothing but beeps; after that, it switched to buzzes, generally between 21 and 34 per minute, each lasting roughly a second?a nasally foghorn blaring through a crackly ether. The signal was said to emanate from the grounds of a voyenni gorodok (mini military city) near the village of Povarovo, and very rarely, perhaps once every few weeks, the monotony was broken by a male voice reciting brief sequences of numbers and words, often strings of Russian names: ?Anna, Nikolai, Ivan, Tatyana, Roman.? But the balance of the airtime was filled by a steady, almost maddening, series of inexplicable tones.
The amplitude and pitch of the buzzing sometimes shifted, and the intervals between tones would fluctuate. Every hour, on the hour, the station would buzz twice, quickly. None of the upheavals that had enveloped Russia in the last decade of the cold war and the first two decades of the post-cold-war era?Mikhail Gorbachev, perestroika, the end of the Afghan war, the Soviet implosion, the end of price controls, Boris Yeltsin, the bombing of parliament, the first Chechen war, the oligarchs, the financial crisis, the second Chechen war, the rise of Putinism?had ever kept UVB-76, as the station?s call sign ran, from its inscrutable purpose. During that time, its broadcast came to transfix a small cadre of shortwave radio enthusiasts, who tuned in and documented nearly every signal it transmitted. Although the Buzzer (as they nicknamed it) had always been an unknown quantity, it was also a reassuring constant, droning on with a dark, metronome-like regularity.
But on June 5, 2010, the buzzing ceased. No announcements, no explanations. Only silence.
Malware Calendar Wallpaper for September 2011
Here's the latest of our malware calendar wallpapers.
1280x800 | 1680x1050 | 1920x1200 | 2560x1600
This month marks the anniversary of the arrest of the alleged author of the CIH virus (also known as Chernobyl). This virus was designed to erase the flash BIOS of PCs running Windows 9x, making the machine unbootable - something that was particularly nasty on notebooks, where hardware components like flash memory are built into the motherboard. CIH also had another payload - to overwrite the hard disk with garbage.
This virus was responsible for damage to a large number of computers in South Korea in 2000, three years after its first appearance.
Today the threat landscape is dominated by malware-for-profit, in contrast to the cyber-vandalism of the 1990s. However, CIH provides a reminder that even cyber-vandalism could have a serious financial impact on its victims.
Hackers hijack Twitter accounts of Chavez critics
Over months, Venezuelan TV soap opera writer Leonardo Padron built a Twitter following of about 250,000 people by posting more than a dozen messages a day, many of them skewering President Hugo Chavez.
On Aug. 29, Padron issued a typical shot: "Chavez knows of the immense death toll that there is in this country, so why such indifference to the subject of insecurity?"
Three days later, however, the tweets picked a new target: Padron himself. "In no way have I contributed to combat racism, discrimination, cultural alienation," one note read. "My soap operas feed these evils in our society."� Padron had fallen victim to an unknown hacker or group of hackers who have hijacked the accounts of at least nine well-known Chavez critics, posting curse-filled insults, threats and slogans such as "Long live Chavez."
nod32 guncel keyler nod32 guncel key güncel key nod32 full nod32
Countrywide insider gets eight months in prison for theft
A former employee of mortgage company Countrywide Financial was sentenced Tuesday to eight months in prison and ordered to pay $1.2 million in restitution after admitting to stealing and selling customers' personal data.
Rene Rebollo Jr. of Pasadena, Calif. was also sentenced by U.S. District Judge Christina Snyder in Los Angeles to serve an additional 10 months in a community jail. Rebollo, who formerly worked as a senior analyst at Countrywide, was charged in 2008 with exceeding authorized access to the company's data, orchestrating a scam to steal customer information and selling it to loan officers from other companies.
Rebollo had initially pleaded innocent but changed his plea in January.. Another defendant, Wahid Siddiqi of Thousand Oaks, Calif. was previously sentenced to 36 months in prison for selling the information that Rebollo provided.
full nod32 esed nod32 keyleri esed nod32 key esed nod32 keys
Trojan:W32/AntiAV
eset nod32 guncel key eset nod32 güncel key indir com nod32 nod32 keyleri
Kaspersky Lab... also in my list of DDoS attacks! [by SpyEye]
The title of this post suggests that I’ve been thinking of one of the cyber-criminals that uses SpyEye, maybe in admiration! But actually his cyber-criminal actions overshadow anything else.
The truth is that, following my post highlighting the tactic of using as C&C one of the Cloud Computing services offered by Amazon, I found a sample of SpyEye that is somewhat interesting: among its goals is an attack DDoS directed against the Kaspersky Lab website.
The SpyEye configuration file, which is basically a compressed file and password protected (usually MD5), stores the resources involved in the planned attack. The surprise came when I looked at the configuration file of the plugin (ddos.dll.cfg). The following image shows the parameters set in this file:
28 Eylül 2011 Çarşamba
Phishers are lovin? McDonald's
Today we came across a new, very sophisticated type of phishing. The user receives a message that, at first glance, appears to be from McDonald's. It states that the recipient has won the chance to participate in a survey and immediately receive remuneration of $80 for doing so.
Desire for knowledge or the vice of curiosity?
One of the main rules of IT security is to be very cautious when dealing with archived attachments in emails. “If you’re not sure, don’t open it!” It’s an easy rule to follow when the text in the message obviously has nothing to do with you.
When an experienced user reads about IT security problems at a bank where they don’t have an account, or about winning a lottery that they never bought a ticket for, then it’s usually immediately obvious that they are faced with yet another example of spam and there’s absolutely no reason to open the attached ZIP file. Cybercriminals will often resort to all types of social engineering to trick people into passing on their personal data and/or infecting their own computers. More often than not, they send messages that are made to look as though they come from well-known companies that either offer rewards for those that fill out or run the attached files (even stooping to threats of all kinds for those that fail to do so). But less mundane approaches are also used.
esed nod32 keyleri esed nod32 key esed nod32 keys est nod32 key
Phishing at the Top Level
esed nod32 download nod32 serialleri esed nod32 indir nod32 serial
Hands-on with Amazon's new Kindles
Amazon didn't just introduce the tablet everyone expected today; the company completely revamped its Kindle line and introduced a new mobile browser that relies on Amazon's content distribution network and compute clusters in order to speed up mobile browsing.
All of this cried out for some hands-on time with the hardware after the live announcement in New York. Unfortunately, Amazon was extremely guarded about its new hardware; the only device we were allowed to pick up and use is that low-end Kindle, which is supposed to be shipping already. The new Kindle Touch could barely be touched, and hands-on time with the Fire was limited to a carefully monitored test of its weight.
Still, it was possible to get some feel for the hardware, which we'll go through in ascending price order. At the bottom of the heap is the new base model of the Kindle, which is selling for $79 for the ad-supported version. With its compact form and very low weight (you barely notice it as you lift it), this thing matches its price. It feels like an impulse buy, one that you can happily throw into a bag and take anywhere. It'll hurt if it's lost, broken, or stolen, but it won't be a tragedy. The low weight doesn't seem to reflect a low build quality, though?the device feels solid and robust.
Kindle Fire Tracks Amazon Purchases, Web Browsing (ContributorNetwork)
Bitcoin: Cheat Sheet
The digital currency doesn't glitter but it's like gold...
(silicon.com - Finance)
nod32 serialleri esed nod32 indir nod32 serial nod32 güncel keyleri
Microsoft SDL bans mempcy()... next it will be zeros!!!!
So recently Microsoft banned memcpy() from their SDL process, which got several of us talking about perf hits and the likes when using the replacement memcpy_s, especially since it has SAL mapped to it. For those that don't know, SAL is the "Standard Annotation Language" that allows programmers to explicitly state the contracts between params that are implicit in C/C++ code. I have to admit its sometimes hard to read SAL annotations, but it works extremely well to be able to help compilers know when things won't play nice. It is great for static code analysis of args in functions, which is why it works so sweet for things like memcpy_s()... as it will enforce checks for length between buffers.
Anyways, during the discussion Michael Howard said something that had me fall off my chair laughing. And I just had to share it with everyone, because I think it would make a great tshirt in the midst of this debate:
Oh, I'm thinking of banning zero's next - so we can no longer have DIV/0 bugs! Waddya think?
OK.. so its a Friday and that is funny to only a few of us. Still great fun though.
Have a great long weekend! (For you Canadian folks that is)
esed nod32 key esed nod32 keys est nod32 key esed nod32 serial
Microsoft addresses Windows 8 secure boot issue
Hacked MySQL.com used to serve Windows malware
esed nod32 keyleri esed nod32 key esed nod32 keys est nod32 key
Spyware:Android/Flexispy.K
Adobe September 2011 Patch Release
In addition to today's Microsoft updates, users of Adobe's Reader and Acrobat software on both Windows and Apple systems need to update their software ASAP. Adobe released Bulletin APSB11-24, addressing at least thirteen memory corruption flaws, and several privilege escalation, logic flaw, and bypass issues.
In today's earlier post about Microsoft's patched vulnerabilities, Excel was highlighted as the target of choice in many targeted attacks. Along those lines, Adobe's Reader and Flash are among the most commonly exploited software applications that are attacked by professional attackers.
nod32 full indir nod32 full download full nod32 download est nod32 serial
Online crime costs more than drugs - but the real losses go beyond dollars
Steve Ranger's Notebook: Why it's not just about the money...
(silicon.com - Security)
Indonesia's only female sex therapist goes online (AP)
AP - Zoya Amirin has come across every myth imaginable in her job as sex psychologist in Indonesia: An uncircumcised girl will become sex-crazed. Clove cigarettes increase virility. A gecko's saliva can cure AIDS.
nod32 güncel keyleri nod32 keyleri güncel güncel nod32 keyleri nod32 guncel keyler
Patch Tuesday September 2011
This month's Microsoft patch release is pushed out with lower urgency recommendations overall. While the Sharepoint and server side vulnerabilities are interesting, IT and individuals should attend to the Excel vulnerabilities with urgency. Microsoft is also putting to bed any issues related to Diginotar certificate trust by adding cross signed Diginotar root certificates to the Microsoft Untrusted Certificate Store.
Only five security bulletins are being distributed along with the Diginotar Certificate additions and updates. None are labeled with "Deployment Priority 1". However, in light of the ongoing spearphishing and targeted attacks, the most relevant and important of these arguably is the Excel related bulletin, MS11-072. While it is being listed as "Important", not every enterprise has rolled out the latest version of Excel to all of their systems. A set of "use-after-free" and other heap corruption vulnerabilities that are very difficult to discover with automated auditing frameworks plague the application. These vulnerabilities can be exploited to execute spyware, backdoors, and downloaders of the attackers' choosing on victim systems. Excel related email attachments and links have commonly been used in targeted attacks on organizations and this one should be addressed.
Excel can be a major problem. The RSA breach "2011 Recruitment Plan.xls" file made it very clear how social engineering schemes are used to effectively trick employees - it is important to note that the message was pulled out of the RSA employee's spam folder and opened. This Excel attachment maintained embedded malicious Flash content and exploited the vulnerability right in front of the employee after being opened, effectively delivering its cyber-espionage payload. Now, attackers don't need embedded Flash content to take advantage of employee dependency on Excel.
nod32 guncel key eset nod32 guncel key eset nod32 güncel key indir com nod32
Facebook changes prompting some users to leave
esed nod32 keyleri esed nod32 key esed nod32 keys est nod32 key
Report: Data may actually be safer in the cloud
Ever since cloud computing became part of our lexicon a few years back, the main showstopper, as seen by many enterprises, has been security. Many executives and managers are nervous about entrusting sensitive or competitive corporate data to offsite, and often unseen, third-parties.
A few months back, I spoke with a CIO who admitted, however, that he felt his data is probably in better hands with a well-trained, SAS-70 compliant cloud provider than trying to keep his own systems and staff up to date with security procedures and protocols.
Now, a report by The Wall Street Journal?s John Bussey reinforces this idea: that data ? especially among small to medium-size businesses ? may actually be more secure in the cloud.
esed nod32 antivirus nod32 turkce nod32 full indir nod32 full download
Critical TCP/IP Worm Hole Dings Windows Vista
nod32 guncel key güncel key nod32 full nod32 esed nod32 keyleri
Are you ready for the BYO gadget revolution? Five ways to feel the fear and do it anyway
Security chiefs reveal the issues behind bring-your-own-device policies...
(silicon.com - Hardware)
esed nod32 serial esed nod32 antivirus nod32 turkce nod32 full indir
27 Eylül 2011 Salı
Peter Cochrane's Blog: So you think you've got security nailed down?
Why security is literally an open-and-shut case...
(silicon.com - Security)
Lawmakers Want Investigation of Supercookies
Two U.S. lawmakers have called on the U.S. Federal Trade Commission to investigate the use of so-called supercookies on many websites, with the two suggesting that use of the hard-to-remove tracking tools may be an unfair business practice.
The FTC has the authority to investigate supercookies, a persistent form of tracking cookies, under its mandate to protect U.S. consumers against unfair and deceptive business practices, Representatives Joe Barton and Edward Markey wrote in a letter to the FTC, sent Monday.
The use of supercookies, which can be installed without a computer user's knowledge, raises "serious privacy concerns and is unacceptable," the lawmakers said in their letter. The Wall Street Journal published a report on supercookies in August. Supercookies should be "outlawed," said Barton, a Texas Republican. "How can you protect yourself from unwanted online tracking or your browsing history when you don't even know your information is at risk?" he said in a statement. "The constant abuse of online activity must stop."
Phishing at the Top Level
Alleged LulzSec member arrested in Sony breach
est nod32 key esed nod32 serial esed nod32 antivirus nod32 turkce
Backdoor:OSX/Imuler.A
Trojan:W32/AntiAV
nod32 guncel key eset nod32 guncel key eset nod32 güncel key indir com nod32
Anonymous planning 'Day of Vengeance' on Sept. 24
nod32 güncel key nod32 guncel key eset nod32 guncel key eset nod32 güncel key
Photos: Stop thief! A look at iPhone 4 and iPad 2 locks
How to stop your tablet going walkabout...
(silicon.com - Security)
esed nod32 indir nod32 serial nod32 güncel keyleri nod32 keyleri güncel
Privacy at risk: Who's watching you? (roundup)
RunAs Radio podcasts you might want to listen to
Hey guys. I noticed Twitter is a buzz with a few podcast interviews I did on RunAs Radio lately. I thought I will post the links for those of you who don't follow such tweets.
There were two interviews I did last month:
The first interview was discussion on free tools available for network monitoring and diagnostics. The second was some in depth discussion on using DirectAccess with Windows 7 and Windows Server 2008 R2. I do hope you find both interviews fun and useful.
Enjoy!
esed nod32 serial esed nod32 antivirus nod32 turkce nod32 full indir
Errant character to blame for Twitter 'hack'
esed nod32 keyleri esed nod32 key esed nod32 keys est nod32 key
Full Tilt Poker lashes out at Ponzi scheme claims
Online crime costs more than drugs - but the real losses go beyond dollars
Steve Ranger's Notebook: Why it's not just about the money...
(silicon.com - Security)
Come have Coffee and Code in Vancouver with me and Microsoft tomorrow
So John Bristowe, Developer Evangelist for Microsoft Canada will be hosting a Coffee and Code event in Vancouver tomorrow from 9 to 2 at Wicked Cafe. Come join him and fellow Microsoft peers Rodney Buike and Damir Bersinic as they sit and share their knowledge over a cup of joe.
I will be there too, and will be available if anyone wants to talk about secure coding, threat modeling with the SDL TM or if you want to talk about integrating AuthAnvil strong authentication into your own applications or architectures
I do hope to see some of you there. And if I don't... I will be seeing you at #energizeIT right?
What: Coffee and Code in Vancouver
When: April 8th, 2009 from 9am - 2pm
Where: Wicked Cafe - 861 Hornby Street (Vancouver)
nod32 güncel keyleri nod32 keyleri güncel güncel nod32 keyleri nod32 guncel keyler
Water Balloon + Face + Slow-Motion Camera = Art [VIDEO] (Mashable)
26 Eylül 2011 Pazartesi
Worm:ACAD/Kenilfe.A
Facebook unfriending 'bug' gets quick fix
eset nod32 güncel key indir com nod32 nod32 keyleri nod32 keyler
Just Show Me: How to use AirPrint on your iPad (Yahoo! News)
nod32 guncel keyler nod32 guncel key güncel key nod32 full nod32
When a Company Gathers Info About You, Is that Invasion of Privacy?
If someone shadowed your digital footprints, making notes of who you became a "fan" of on social networks, keeping records where you were checking-in via mobile devices, compiling your data to decipher your intent, would you consider that collection to be tracking your personal info? If that same entity followed you home and gathered more info on what your interests were, would you feel a bit like you were being stalked or your privacy invaded? What if that so-called stalker were not interested in you personally, just the how's of making money off your "intent"?
Microsoft and others have invested $61 million in Adchemy advertising technology. Microsoft entered into an "expanded technology partnership" with Adchemy that will deepen Adchemy IntentMap technology to "help Microsoft adCenter customers create more relevant ads based on consumer intent." According to Rik van der Kooi, corporate vice president of the Microsoft Advertising Business Group, "Microsoft Advertising is committed to enriching the online ad experience for consumers and helping deliver more effective campaigns and higher ROI for advertisers and agencies. The key to this is to have a deeper understanding of consumer intent so that the ads users see are engaging and relevant."
nod32 keyleri güncel güncel nod32 keyleri nod32 guncel keyler nod32 guncel key
Exploit:W32/PDF-Payload.Gen
New OnStar privacy policy expands on data sharing
nod32 guncel key güncel key nod32 full nod32 esed nod32 keyleri
Is Twittering safe?
So Susan has been on my case about Twitter for some time now. In a recent round table we were recording she "beat me up" about it, and tonight on IM we had a good discussion about the REAL vs PERCEIVED risks in Twitter.
Susan's biggest complaint is that security minded individuals shouldn't be blindly recommending the use of Twitter without educating the user on 'safe-twittering'. I would say that same logic exists for setting up web pages, blogs and the use of social networking sites like Facebook.
She stepped that up a bit tonight when she blogged her discomfort in the fact the RSA Conference was recommending Twitter as well.
So in an effort to stop spreading the FUD about Twitter insecurity, I wanted to share some of my thoughts through a quick set of safe twittering rules.
@DanaEpp's 5 Rules of Safer Twittering
- Never share information in a tweet that you wouldn't share with the world. You can never expect to take it back once it's on the Internet. Even though you can delete a tweet, 3rd party clients may still have it archived. If you feel you want to share private thoughts through Twitter, consider using a "Private Account" and limited it to only people you trust and want to share with. Of course, remember nothing prevents your friends from sharing your tweets with the world. So never share private information on Twitter. Ever. it's just easier that way.
- There is no assurance that a Twitter account is the person you believe it is. Deal with it. Anyone can register an account if it doesn't already exist. As a real world example, for some time @cnnbrk was NOT an official CNN account, even though most of the Twitter world thought it was. It wasn't until recently that CNN bought the account from James Cox (the account holder) for an undisclosed amount of money. Another example is the fact that one of Susan's Twitter accounts was actually created by a fellow SBS MVP, and not actually her. :-)
- Never click on links in a tweet, unless you trust the URL. If unsure, don't click! The worms that were used to attack Twitter came from people getting users to go to profile pages etc that they had control over for some interesting script attacks. With only 140 chars, its common to "shorten" the URL. Which means you might be clicking on a link blind. That's fine. But only trust shortened URLs that can be previewed BEFORE you go to it. As an example, my recommendation is to use something like TinyURL. However, here is the trick. When you create a TinyURL, use the preview mode. As an example, if you want to send someone to my blog you can use http://tinyurl.com/silverstr to go directly. However, if you use http://preview.tinyurl.com/silverstr it will stop at TinyURL.com and let the user SEE the link before they actually get to it. That is much safer. If using TweetDeck, select TinyURL as the provider, and when it creates the shortened url, simply add "preview." in front of "tinyurl.com".
- Use a 3rd party Twitter client instead of using the Twitter.com website directly. I am a fan of TweetDeck and Twitterfon, but there are tons of different clients out there. Why? It is the lesser of two security evils as it relates to web based attacks in Twitter. Most clients have ways to reduce or turn off linking, prevents the script attacks in profile viewing and generally is just an easier environment to stay protected in. Are these clients free of attack? Of course not. But its another layer of defense. Of course... you need to have trust in your client. But that's a story for another day ;-)
- You never know who is following you. Remember that. As you use Twitter more and more, you never know who might be watching. I recently had someone who has been trying to get an interview with me who follows me on Twitter, knew where I was having coffee one day because of a tweet I wrote (and it's geotag) and ended up coming down to confront me with his resume. Which was inappropriate in my books. But my own fault. I wasn't too concerned.. but it definitely gave me pause when considering my daughter uses Twitter and could be as easily found. Nothing like the potential of being stalked. GeoTagging makes it way to easy to find you. Remember that.
Look, Twitter is addictive. Simple. Short. Fast. A great way to see the thoughts of others you might care about. Ultimately though... like any other Internet based technology it has the potential to be abused... and put you at risk. No different than websites or blogs.
So be careful. Follow these rules and enjoy the conversation!
Packed:W32/PeCan.A
nod32 güncel keyleri nod32 keyleri güncel güncel nod32 keyleri nod32 guncel keyler
Trojan:Android/BaseBridge.A
Lab Matters - Exploit Kits Evolution - Server Side
In this special edition we have an external expert again, a participant of SAS 2011, Aviv Raff from Seculert. He talks about the evolution of exploit kits, especially on the server side.
güncel key nod32 full nod32 esed nod32 keyleri esed nod32 key
X-rated websites, and porn-shy companies, get head start on .xxx domain
News in brief: Registration opens for the new top-level domain...
(silicon.com - Networks)
Report: Apple to unveil iPhone at corporate headquarters (Appolicious)
nod32 güncel keyleri nod32 keyleri güncel güncel nod32 keyleri nod32 guncel keyler
New spam sources in the making
After the Pushdo/Cutwail, Bredolab and Rustock botnets were taken offline, the geography of spam sources underwent some major changes. In particular, from September 2010 the US, for a long time the leading spam distributor, began to lose ground. For several months now it hasn’t even made it into the Top 10 leading sources of spam and only occasionally appears at the bottom of the Top 20.
The US and some European countries have been replaced by Asian and Latin American countries. The cybercriminals have clearly established new bases for distributing spam with eight of July’s top 10 spam sources located in Asia and Latin America.
nod32 full indir nod32 full download full nod32 download est nod32 serial
Other:W32/Generic
güncel key nod32 full nod32 esed nod32 keyleri esed nod32 key
Trojan:Android/DroidKungFu.C
Is Twittering safe?
So Susan has been on my case about Twitter for some time now. In a recent round table we were recording she "beat me up" about it, and tonight on IM we had a good discussion about the REAL vs PERCEIVED risks in Twitter.
Susan's biggest complaint is that security minded individuals shouldn't be blindly recommending the use of Twitter without educating the user on 'safe-twittering'. I would say that same logic exists for setting up web pages, blogs and the use of social networking sites like Facebook.
She stepped that up a bit tonight when she blogged her discomfort in the fact the RSA Conference was recommending Twitter as well.
So in an effort to stop spreading the FUD about Twitter insecurity, I wanted to share some of my thoughts through a quick set of safe twittering rules.
@DanaEpp's 5 Rules of Safer Twittering
- Never share information in a tweet that you wouldn't share with the world. You can never expect to take it back once it's on the Internet. Even though you can delete a tweet, 3rd party clients may still have it archived. If you feel you want to share private thoughts through Twitter, consider using a "Private Account" and limited it to only people you trust and want to share with. Of course, remember nothing prevents your friends from sharing your tweets with the world. So never share private information on Twitter. Ever. it's just easier that way.
- There is no assurance that a Twitter account is the person you believe it is. Deal with it. Anyone can register an account if it doesn't already exist. As a real world example, for some time @cnnbrk was NOT an official CNN account, even though most of the Twitter world thought it was. It wasn't until recently that CNN bought the account from James Cox (the account holder) for an undisclosed amount of money. Another example is the fact that one of Susan's Twitter accounts was actually created by a fellow SBS MVP, and not actually her. :-)
- Never click on links in a tweet, unless you trust the URL. If unsure, don't click! The worms that were used to attack Twitter came from people getting users to go to profile pages etc that they had control over for some interesting script attacks. With only 140 chars, its common to "shorten" the URL. Which means you might be clicking on a link blind. That's fine. But only trust shortened URLs that can be previewed BEFORE you go to it. As an example, my recommendation is to use something like TinyURL. However, here is the trick. When you create a TinyURL, use the preview mode. As an example, if you want to send someone to my blog you can use http://tinyurl.com/silverstr to go directly. However, if you use http://preview.tinyurl.com/silverstr it will stop at TinyURL.com and let the user SEE the link before they actually get to it. That is much safer. If using TweetDeck, select TinyURL as the provider, and when it creates the shortened url, simply add "preview." in front of "tinyurl.com".
- Use a 3rd party Twitter client instead of using the Twitter.com website directly. I am a fan of TweetDeck and Twitterfon, but there are tons of different clients out there. Why? It is the lesser of two security evils as it relates to web based attacks in Twitter. Most clients have ways to reduce or turn off linking, prevents the script attacks in profile viewing and generally is just an easier environment to stay protected in. Are these clients free of attack? Of course not. But its another layer of defense. Of course... you need to have trust in your client. But that's a story for another day ;-)
- You never know who is following you. Remember that. As you use Twitter more and more, you never know who might be watching. I recently had someone who has been trying to get an interview with me who follows me on Twitter, knew where I was having coffee one day because of a tweet I wrote (and it's geotag) and ended up coming down to confront me with his resume. Which was inappropriate in my books. But my own fault. I wasn't too concerned.. but it definitely gave me pause when considering my daughter uses Twitter and could be as easily found. Nothing like the potential of being stalked. GeoTagging makes it way to easy to find you. Remember that.
Look, Twitter is addictive. Simple. Short. Fast. A great way to see the thoughts of others you might care about. Ultimately though... like any other Internet based technology it has the potential to be abused... and put you at risk. No different than websites or blogs.
So be careful. Follow these rules and enjoy the conversation!