30 Haziran 2012 Cumartesi

In a Relationship: College Students and Their Smartphones [INFOGRAPHIC]

In a Relationship: College Students and Their Smartphones [INFOGRAPHIC]College students aren't just concerned with getting good grades and finding the best parties. More than ever, they're using their to navigate life on campus.


esed nod32 keyleri esed nod32 key esed nod32 keys

The Scienceblogging Weekly (June 29th, 2012)

The Scienceblogging Weekly (June 29th, 2012)

nod32 güncel key nod32 guncel key eset nod32 guncel key eset nod32 güncel key

Trojan-Downloader:OSX/Flashback.A

Trojan-Downloader:OSX/Flashback.A poses as a Flash Player installer, and connects to a remote host to obtain further installation configuration and files.

eset nod32 guncel key eset nod32 güncel key indir com nod32 nod32 keyleri

Iconic Atari turns 40, tries to stay relevant

FILE- In this June 5, 1984, file photo, a woman in Chicago demonstrates Atari's new game, Mind Link, which utilizes a headband that picks up electrical impulse from the movement of the forehead and transmits them to a receiver attached to a video game or home computer console. (AP Photo/Charlie Knoblock)A scruffy, young Steve Jobs worked at Atari before he founded Apple. "Pong," one of the world's first video games, was born there, as was "Centipede," a classic from the era of quarter-guzzling arcade machines. "Call of Duty" creator Activision was started by four of Atari's former game developers.


nod32 güncel key nod32 guncel key eset nod32 guncel key eset nod32 güncel key

Impressions: Hunting Security Bugs

nod32 guncel key güncel key nod32 full nod32

Nexus Q hacked to run Android games in under 24 hours

http://www.technobuffalo.com/wp-content/uploads/2012/06/IMG_20120627_191931-580x434.jpeg

Less than 24 hours after its release, Google?s new Nexus Q media player has already been hacked to run ? but not play ? Android games.

The $299 Nexus Q possesses all of the internals it needs to run applications, including a dual-core OMAP4460 processor ? the same processor packed into the Samsung Galaxy Nexus, a PowerVR SGX540 graphics processing unit, and 1GB of RAM. It also has a microUSB port, which means developers can plug it straight into their computers and tinker with it.

nod32 esed nod32 indir nod32 nod32 güncel key

Operation High Roller auto-targets bank funds

Working autonomously, the global fraud scheme has attempted to transfer between $75.1 million and $2.5 billion to mule business accounts.

nod32 turkce nod32 full indir nod32 full download full nod32 download

Come have Coffee and Code in Vancouver with me and Microsoft tomorrow

So John Bristowe, Developer Evangelist for Microsoft Canada will be hosting a Coffee and Code event in Vancouver tomorrow from 9 to 2 at Wicked Cafe. Come join him and fellow Microsoft peers Rodney Buike and Damir Bersinic as they sit and share their knowledge over a cup of joe.

I will be there too, and will be available if anyone wants to talk about secure coding, threat modeling with the SDL TM or if you want to talk about integrating AuthAnvil strong authentication into your own applications or architectures

I do hope to see some of you there. And if I don't... I will be seeing you at #energizeIT right?

What: Coffee and Code in Vancouver
When: April 8th, 2009 from 9am - 2pm
Where: Wicked Cafe - 861 Hornby Street (Vancouver)

esed nod32 antivirus nod32 turkce nod32 full indir nod32 full download

RIMageddon: Three end-game scenarios

http://i.i.com.com/cnwk.1d/i/tim/2011/10/12/research-in-motion-headquarters.jpg

A little less than a year ago, ZDNet?s Jason Perlow predicted three outcomes for the BlackBerry maker: independence, assimilation, or oblivion.

The company was given three valid options ? and it still had time on its side ? to pull itself out of the then-quagmire it had found itself in.

nod32 full download full nod32 download est nod32 serial

Apple's Siri voiceprints raise privacy concerns

http://7.mshcdn.com/wp-content/uploads/2012/01/Apple-iphone-siri.jpg

Even in an age of vanishing privacy, people using Apple?s digital assistant Siri share a distinct concern. Recordings of their actual voices, asking questions that might be personal, travel over the Internet to a remote Apple server for processing. Then they remain stored there; Apple won?t say for how long.

nod32 guncel key eset nod32 guncel key eset nod32 güncel key indir com nod32

Storm Damage in the US: Did it Affect You?

Storm Damage in the US: Did it Affect You?The mid-Atlantic region of the United States was hit hard by a major storm on Saturday. Washington, D.C. was the center of the damage, but the effects of the storm stretched from Indiana to New Jersey.


full nod32 download est nod32 serial 64 bit nod32 esed nod32 4

Facebook to require privacy policies in mobile apps

It's one small step for individual autonomy, as the social network brings its app ecosystem into compliance with a user-privacy effort spearheaded by the California attorney general.

full nod32 esed nod32 keyleri esed nod32 key esed nod32 keys

Trojan-Downloader:OSX/Flashback.B

Trojan-Downloader:OSX/Flashback.B poses as a Flash Player installer, and connects to a remote host to obtain further installation configuration and files.

güncel key nod32 full nod32 esed nod32 keyleri

Trojan-Downloader:OSX/Flashback.C

Trojan-Downloader:OSX/Flashback.C poses as a Flash Player installer and connects to a remote host to obtain further installation files and configuration.

güncel nod32 keyleri nod32 guncel keyler nod32 guncel key güncel key nod32

Major Windows 7 gotcha you should know about that may block you from upgrading

OK, so anyone who knows me expects that I stay up on the bleeding edge when it comes to dev tools and operating systems. Yes, I have been using Windows 7 for almost a year now and have been loving it. However, I never ran it on my production dev environment as I felt I did not what to disrupt our software development workflow until Windows 7 was in final release. With it out to RTM now, I felt it was as good as time as any to migrate, especially since we recently released our latest build of our own product and have a bit of time to do this.

So last week I deployed Windows 7 to both of my production dev systems, as well as the primary QA lab workstations. It was the worst thing I could ever have done, halting all major development and test authoring in our office due to a MAJOR gotcha Microsoft failed to let us know about during the beta and RC.

Ready for this....

You cannot run Virtual PC 7 (beta) in Windows 7 WITHOUT hardware virtualization. OK, I can live with that, since the new XP mode (which is an excellent feature) may very well need it. That didn't concern me. It was my fall back that failed to work that blew my mind...

You cannot run Virtual PC 2007 in Windows 7, as they have a hard block preventing it from being installed on Windows 7 due to compatibility issues. So the same machine that I have been using for development using Vista for a few years has now become a glorified browsing brick. I cannot do any of my kernel mode and system level development or debugging as I am not ALLOWED to install Virtual PC 2007 on the same hardware that worked before. *sigh*

What surprised me is that Ben, the Virtual PC Guy at Microsoft blogged that it was possible to run Virtual PC on Windows 7, and in his own words:

While all the integration aspects of Virtual Machine Additions work (mouse integration, shared folders, etc...) there is no performance tuning for Windows 7 at this stage - so for best performance you should use a system with hardware vitalization support.

That sounds to me like it will still work without hardware virtualization. Seems that is not the case.

Since Windows 7 is already to RTM, if this is a block due to Windows, it isn't going to be fixed anytime soon. So hopefully they can do something in the Virtual PC side of the equation, or they are going to disappoint a lot of unknowing developers.

This just became a MAJOR blocking issue for many dev shops that are using Virtual PC for isolated testing.

If this concerns you, then I recommend you download Intel's Processor Identification Utility so you can check to see if your dev environment is capable of running hardware virtualization.

Failing to do so might get you stuck like I did, now having me decide if I want to degrade back to Windows Vista just to get work done. There goes another day to prep my main systems again. *sigh*

UPDATE: Fellow MVP Bill Grant has provided me a solution to my delimma. It appears the issue is because Virtual PC 7 (beta), a built in component for Windows 7 when installed, is causing the blocking issue. By going into "Turn Windows features on or off" and removing Virtual PC support (and effectively removing XP mode support), Virtual PC 2007 can then be installed on machines that do not have hardware virtualization support.

This isn't the most optimal behaviour, but acceptable. Since without VT support in my CPU I can't use XP mode anyways, removing it does not limit WIndows 7 from functioning. I have reported to Microsoft on this odd behaviour since:

  • Virtual PC 7 and XP Mode simply shouldn't be installing if my CPU isn't supported

  • When the Customer Experience dialog pops up there is an option to "Check for Solutions Online". This is a PERFECT time where they could explain to uninstall Virtual PC 7 and XP mode support built into Windows 7 so Virtual PC 2007 will not block. Right now it reports that no solution is available.

So if you do NOT have VT support in your CPU, please uninstall Virtual PC 7 support if you installed it. VPC 2007 will then properly install for you.

nod32 keyleri güncel güncel nod32 keyleri nod32 guncel keyler nod32 guncel key

Bitdefender builds a safer browser

The 2013 version of Bitdefender hands you a locked-down browser for safer financial transactions while debuting remote controls for both Windows and Android.

nod32 güncel key nod32 guncel key eset nod32 guncel key eset nod32 güncel key

Facebook to require privacy policies in mobile apps

It's one small step for individual autonomy, as the social network brings its app ecosystem into compliance with a user-privacy effort spearheaded by the California attorney general.

est nod32 key esed nod32 serial esed nod32 antivirus

Two hackers plead guilty to LulzSec attacks on Web sites

Ryan Cleary and Jake Davis, aka "Topiary," plead guilty to DDoS attacks; two others plead not guilty. The charges centered on events in a 50-day hacking spree last year.

nod32 keyleri güncel güncel nod32 keyleri nod32 guncel keyler nod32 guncel key

Virus:W32/Ramnit.N

A program that secretly and maliciously integrates itself into program or data files. It spreads by integrating itself into more files each time the host program is run.

nod32 keyleri nod32 keyler nod32 key esed nod32 download

Is Twittering safe?

So Susan has been on my case about Twitter for some time now. In a recent round table we were recording she "beat me up" about it, and tonight on IM we had a good discussion about the REAL vs PERCEIVED risks in Twitter.

Susan's biggest complaint is that security minded individuals shouldn't be blindly recommending the use of Twitter without educating the user on 'safe-twittering'. I would say that same logic exists for setting up web pages, blogs and the use of social networking sites like Facebook.

She stepped that up a bit tonight when she blogged her discomfort in the fact the RSA Conference was recommending Twitter as well.

So in an effort to stop spreading the FUD about Twitter insecurity, I wanted to share some of my thoughts through a quick set of safe twittering rules.

@DanaEpp's 5 Rules of Safer Twittering


  • Never share information in a tweet that you wouldn't share with the world. You can never expect to take it back once it's on the Internet. Even though you can delete a tweet, 3rd party clients may still have it archived. If you feel you want to share private thoughts through Twitter, consider using a "Private Account" and limited it to only people you trust and want to share with. Of course, remember nothing prevents your friends from sharing your tweets with the world. So never share private information on Twitter. Ever. it's just easier that way.
  • There is no assurance that a Twitter account is the person you believe it is. Deal with it. Anyone can register an account if it doesn't already exist. As a real world example, for some time @cnnbrk was NOT an official CNN account, even though most of the Twitter world thought it was. It wasn't until recently that CNN bought the account from James Cox (the account holder) for an undisclosed amount of money. Another example is the fact that one of Susan's Twitter accounts was actually created by a fellow SBS MVP, and not actually her. :-)
  • Never click on links in a tweet, unless you trust the URL. If unsure, don't click! The worms that were used to attack Twitter came from people getting users to go to profile pages etc that they had control over for some interesting script attacks. With only 140 chars, its common to "shorten" the URL. Which means you might be clicking on a link blind. That's fine. But only trust shortened URLs that can be previewed BEFORE you go to it. As an example, my recommendation is to use something like TinyURL. However, here is the trick. When you create a TinyURL, use the preview mode. As an example, if you want to send someone to my blog you can use http://tinyurl.com/silverstr to go directly. However, if you use http://preview.tinyurl.com/silverstr it will stop at TinyURL.com and let the user SEE the link before they actually get to it. That is much safer. If using TweetDeck, select TinyURL as the provider, and when it creates the shortened url, simply add "preview." in front of "tinyurl.com".
  • Use a 3rd party Twitter client instead of using the Twitter.com website directly. I am a fan of TweetDeck and Twitterfon, but there are tons of different clients out there. Why? It is the lesser of two security evils as it relates to web based attacks in Twitter. Most clients have ways to reduce or turn off linking, prevents the script attacks in profile viewing and generally is just an easier environment to stay protected in. Are these clients free of attack? Of course not. But its another layer of defense. Of course... you need to have trust in your client. But that's a story for another day ;-)
  • You never know who is following you. Remember that. As you use Twitter more and more, you never know who might be watching. I recently had someone who has been trying to get an interview with me who follows me on Twitter, knew where I was having coffee one day because of a tweet I wrote (and it's geotag) and ended up coming down to confront me with his resume. Which was inappropriate in my books. But my own fault. I wasn't too concerned.. but it definitely gave me pause when considering my daughter uses Twitter and could be as easily found. Nothing like the potential of being stalked. GeoTagging makes it way to easy to find you. Remember that.

Look, Twitter is addictive. Simple. Short. Fast. A great way to see the thoughts of others you might care about. Ultimately though... like any other Internet based technology it has the potential to be abused... and put you at risk. No different than websites or blogs.

So be careful. Follow these rules and enjoy the conversation!

est nod32 key esed nod32 serial esed nod32 antivirus nod32 turkce

29 Haziran 2012 Cuma

WhiteHat Finds Website Security Has Drastically Improved

https://www.whitehatsec.com/

An examination of thousands of websites across a dozen industries has found a major reduction in the number of serious vulnerabilities exposing the properties to hackers.

The average number of serious vulnerabilities found in 2011 on the 7,000 websites monitored by WhiteHat Security fell 66 percent to 79 from 230 in 2010, according to the vendor's annual report, released Wednesday. The decline in security flaws has been falling steadily since 2007, when the number was 1,111.

full nod32 download est nod32 serial 64 bit nod32

Facebook's stock ends week lower

During the week that the bankers behind Facebook's initial public offering issued their first ratings on the company, its shares fell nearly 6 percent.

est nod32 key esed nod32 serial esed nod32 antivirus nod32 turkce

Foxconn moves to secure Apple HDTV orders, industry exec says

Foxconn moves to secure Apple HDTV orders, industry exec saysRecent moves by Foxconn were made with the sole intention of securing a deal to manufacture Apple?s upcoming high-definition television, an industry executive recently claimed.�Ho Chao-yang, former head of display panel supplier Chimei Innolux and current chairman of Chi Mei Materials Technology, told Digitimes on Friday that Foxconn?s recent investment in Sharp was aimed squarely at ensuring the manufacturing giant lands the deal to build the much-rumored ?iTV.? Ho?s comments join a laundry list of reports from numerous industry insiders who claim that Apple is working on its own HDTV�that will utilize Sharp display panels. The device will reportedly employ Siri voice controls, the iOS operating system and possibly even a unique new content distribution model.�Launch speculation ranges from the


nod32 key esed nod32 download nod32 serialleri esed nod32 indir

Phishing at the Top Level

Opinion: ICANN and overbearing governments are gearing up for a major expansion of the attack surface of the DNS.

esed nod32 antivirus nod32 turkce nod32 full indir nod32 full download

Impressions: Hunting Security Bugs

est nod32 key esed nod32 serial esed nod32 antivirus

Patch Tuesday April 2012 - Patching Multiple Web Based Client Side and Spearphishing Exposures

This month's patch Tuesday fixes a small set of critical vulnerabilities in a variety of client side software and one "important" server side Forefront UAG data leakage/information disclosure issue. Six bulletins have been created to address eleven exploitable flaws. Three of the six bulletins are top priority and should be addressed ASAP. These are the MS12-023 bulletin, patching a set of five Internet Explorer vulnerabilities leading to remote code execution, and the MS12-027 bulletin, patching the MSCOMCTL ActiveX Control currently receiving some attention as a part of very limited targeted attacks. If they must prioritize deployment, administrators should start their work here. Most folks should have automatic updates enabled and will silently receive the patches, or they can simply navigate their start menu and manually begin the Windows update process.

RCE attacks abusing these six IE and ActiveX vulnerabilities would look like web browser redirections to malicious sites hosting web pages attacking Internet Explorer and emails carrying malicious attachments constructed to appear familiar to the targeted victim. These are currently significant vectors of attack for both consumer/home and corporate Microsoft product users.

Microsoft also is recommending that administrators prioritize the Authenticode flaw and rated it critical, which could be used as a part of targeted attacks. And ActiveX controls can be delivered leveraging this vulnerability, so some distribution vectors may become enhanced. But this flaw allows for additions and modifications to existing code that in turn won't invalidate the existing signature.

A vulnerability exists in the .Net framework, allowing for XBAP applications to be run from the Internet Zone with a prompt. But anytime a decision like that is left to a user, it seems that we have a 50/50 chance of successful exploitation. The remaining vulnerabilty in the Office converter is significant and may result in RCE, but is much less likely to be attacked.

Dangerous, but manageable.

nod32 keyleri güncel güncel nod32 keyleri nod32 guncel keyler nod32 guncel key

Trojan:Android/DroidKungFu.C

Trojan:Android/DroidKungFu.C forwards confidential details to a remote server.

nod32 esed nod32 indir nod32 nod32 güncel key

Android Security Suite Premium = New ZitMo

On the 4th of June 2012 we found 3 APK files of ~207 kb in size each heuristically detected by our engine as HEUR:Trojan-Spy.AndroidOS.Zitmo.a. All these applications are malicious and were created to steal incoming SMS messages from infected devices. SMS messages will be uploaded to a remote server whose URL is encrypted and stored inside the body of the Trojan. We found 3 more APK files with exactly the same functionality on 8th, 13th and 14th of June. So there are at least 6 files which pretend to be ‘Android Security Suite Premium’ but in fact were created only for stealing incoming SMS messages.

After the infection there is a blue shield icon in the menu with the name ‘Android Security Suite Premium’:

If the application is launched it will show a generated ‘activation code’:

esed nod32 key esed nod32 keys est nod32 key esed nod32 serial

The Day The Stuxnet Died

Deep inside one of Stuxnet’s configuration blocks, a certain 8 bytes variable holds a number which, if read as a date, points to June 24th, 2012. This is actually the date when Stuxnet’s LNK replication sub-routines stop working and the worm stops infecting USB memory sticks.

güncel key nod32 full nod32 esed nod32 keyleri

Latest hacker dump looks like Comcast, AT&T data

http://asset1.cbsistatic.com/cnwk.1d/i/tim/2012/06/27/Screen_shot_2012-06-27_at_6.45.28_PM_610x127.png

A group of hackers has posted to the Web today data that appears to include Comcast employee names, ages and salaries, as well as e-mails and passwords associated with AT&T VoIP service accounts.

Proclaiming the kickoff of "#WikiBoatWednesday...when all the members from @TheWikiBoat fight corruption, leak data, and bring down websites," the hackers released the data in two different posts to the Pastebin Web site. One of the Twitter handles used by the group is @AnonymousWiki but the connection to the larger, decentralized collective known as "Anonymous" is unclear.

eset nod32 güncel key indir com nod32 nod32 keyleri nod32 keyler

SEC Guidance Is a Really Big Deal

güncel nod32 keyleri nod32 guncel keyler nod32 guncel key güncel key nod32

Virus:W32/Ramnit.N

A program that secretly and maliciously integrates itself into program or data files. It spreads by integrating itself into more files each time the host program is run.

indir nod32 nod32 güncel key nod32 guncel key eset nod32 guncel key

Microsoft explains reason for ditching Start button in Windows 8

Microsoft explains reason for ditching Start button in Windows 8Microsoft shocked the world when it decided to remove the Start button from Windows 8. The removal of the button, which has been featured in the operating system for more than 15 years, puzzled many early adopters. In an interview with PCPro, however, Microsoft revealed that consumers had actually stopped using the button in favor of the taskbar. ?When we evolved the taskbar [in Windows 7] we saw awesome adoption of pinning [applications] on the taskbar,? said Chaitanya Sareen, principal program manager at Microsoft. ?We are seeing people pin like crazy. And so we saw the Start menu usage dramatically dropping, and that gave us an option. We?re saying ?look, Start menu usage is dropping, what can we do about


esed nod32 keys est nod32 key esed nod32 serial

Kevin Mitnick to Kim DotCom: 'I hope you win'

Did the famed computer hacker really just send the MegaUpload founder a Tom Petty song for inspiration?

esed nod32 indir nod32 nod32 güncel key nod32 guncel key

The Roof Is on Fire: Tackling Flame?s C&C Servers

On Sunday, May 27 2012, the Iranian MAHER CERT posted a note announcing the discovery of a new targeted attack dubbed “Flamer”. On Monday 28 May 2012 aat 9am EST, after an investigation prompted and supported by the International Telecommunication Union, Kaspersky Lab and CrySyS Lab from Hungary announced the discovery of Flame (aka Skywiper), a sophisticated cyber-espionage toolkit primarily targeting Windows computers in the Middle East.

Several hours later, around 4PM GMT, the Flame command-and-control infrastructure, which had been operating for years, went dark.

For the past weeks, Kaspersky Lab has been closely monitoring the C&C infrastructure of Flame. In collaboration with GoDaddy and OpenDNS, we succeeded in sinkholing most of the malicious domains used by Flame for C&C and gain a unique perspective into the operation.

Before going further, Kaspersky Lab would like to thank the “GoDaddy Network Abuse Department” and to William MacArthur for their fast reaction and exceptional support of this investigation. The OpenDNS security research team also offered invaluable assistance during the course of this investigation.

Our findings from analysing the infrastructure can be found below.

Introduction

Since both Flame and Duqu appear to be targeting similar geographical regions and have been created with similar goals in mind, we will provide an analysis from the point of view of comparing the Flame C&C infrastructure with the Duqu infrastructure.

In the past, Kaspersky Lab analyzed the Duqu C&C infrastructure and found several important details, such as the attackers’ preference for CentOS, the use of SharpSSH to control the proxy servers and the huge number of hacked proxies used to hide the true identity of the attackers.

In the case of Flame, we performed a similar analysis. First of all, it’s interesting to point out a big difference from Duqu: while all the Duqu C&C proxies were CentOS Linux hosts, all of the known Flame C&C are running Ubuntu.

Additionally, while Duqu used the super stealthy way of hiding the true IP of the mothership using SSH port forwarding, Flame’s scripts are simply running on the respective servers. The reason is simple - on Monday May 28, all control scripts started returning 403/404 errors. In the case of Duqu, the real malware scripts were on a remote server and were never found.

From this point of view, we can state that the Duqu attackers were a lot more careful about hiding their activities compared to the Flame operators.

Here’s a comparison of the Duqu and Flame C&C infrastructure:

Duqu Flame
Server OS CentOS Linux Ubuntu Linux
Control scripts Running on remote server, shielded through SSH port forwarding Running on servers
Number of victims per server 2-3 50+
Encryption of connections to server SSL + proprietary AES-based encryption SSL
Compression of connections No Yes, Zlib and modified PPMD
Number of known C&C’s domains n/a 80+
Number of known C&C IPs 5 15+
Number of proxies used to hide identity 10+ Unknown
Time zone of C&C operator GMT+2 / GMT+3 Unknown
Infrastructure programming .NET Unknown
Locations of servers India, Vietnam, Belgium, UK, Netherlands, Switzerland, Korea, etc... Germany, Netherlands, UK, Switzerland, Hong Kong, Turkey, etc...
Number of built-in C&C IPs/domain in malware 1 5, can update list
SSL certificate self-signed self-signed
Servers status Most likely hacked Most likely bought
SSH connections no yes

nod32 guncel key güncel key nod32 full nod32 esed nod32 keyleri

Backdoor:W32/Bohu.A

This program installs various files onto the system. Among the components installed are: a backdoor which connects to an external site to optain updates and other settings; and a component that monitors web traffic to various search engines in China and the domains of certain antivirus (AV) vendors.

nod32 guncel key güncel key nod32 full nod32

Announcing Elevation of Privilege: The Threat Modeling Game

I have had the pleasure over the past few months to spend some time playing with an early rendition of " Elevation of Privilege: The Threat Modeling Game". According to Adam, "Elevation of Privilege is the easiest way to get started threat modeling".  I couldn't agree more. If you have a team that is new to the whole process of threat modeling, you will want to check it out. If you are at RSA this week, drop by the Microsoft booth and pick the game up for free. If you aren't, you can download it here.

EoP is a card game for 3-6 players. The deck contains 74 playing cards in 6 suits: one suit for each of the STRIDE threats (Spoofing, Tampering, Repudiation, Information disclosure, Denial of Service and Elevation of Privilege). Each card has a more specific threat on it.  You can see a short video on how to play and some more information about the game by checking our Adam's post here. In the end, it is a game that makes it possible to have more fun when thinking about threats. And that's a good thing.

Even more impressive is that they have released the game under Creative Commons Attribution license which gives you freedom to share, adapt and remix the game. So you if you feel you can improve up this, step up and let everyone know!!   

Congratulations to the SDL team at Microsoft for creating an innovative way to approach the concept of threat modeling.

eset nod32 güncel key indir com nod32 nod32 keyleri nod32 keyler

Trojan:W32/Ransomcrypt

Trojan:W32/Ransomcrypt is ransomware that encrypts files on the affected computer and demands payment in order to provide a password decrypting the affected files.

esed nod32 4 nod32 esed nod32 indir nod32

28 Haziran 2012 Perşembe

Google releases Chrome browser for iPhone, iPad

Google's Chrome browser can now be used to surf the Web on the iPhone and iPad.

indir nod32 nod32 güncel key nod32 guncel key eset nod32 guncel key

RIMageddon: Three end-game scenarios

http://i.i.com.com/cnwk.1d/i/tim/2011/10/12/research-in-motion-headquarters.jpg

A little less than a year ago, ZDNet?s Jason Perlow predicted three outcomes for the BlackBerry maker: independence, assimilation, or oblivion.

The company was given three valid options ? and it still had time on its side ? to pull itself out of the then-quagmire it had found itself in.

esed nod32 key esed nod32 keys est nod32 key

Carolina Dieckmann, Brazilian cybercrime legislation and la ?Viveza criolla?

��� Carolina Dieckmann, a famous Brazilian actress, recently became the victim of cyber attacks that allowed cybercriminals to steal personal property - nude pictures of her- from her computer. Many pictures or maybe all of them got leaked to the Internet. This incident has served as a good incentive for the Brazilian government to have new cybercrime laws in the country (the current law to fight cybercrime in Brazil was approved back in the 40’s of XX century). As a result of this incident, a new cybercrime law that carries a punishment of up to 2 years in prison for such crimes has finally been proposed for consideration. This is a good and right move! A press article in Portuguese can be

nod32 serialleri esed nod32 indir nod32 serial nod32 güncel keyleri

Rogue:OSX/FakeMacDef.A

Dishonest antivirus software which tricks users into buying or installing it, usually by infecting a user's computer, or by pretending the computer is infected.

nod32 güncel keyleri nod32 keyleri güncel güncel nod32 keyleri nod32 guncel keyler

Automated robbery: how card skimmers (still) steal millions from banks

http://cdn.arstechnica.net//wp-content/uploads/2012/06/nyda-skim1-640x370.jpg

In January 2011, a pair of Bulgarian-born Canadians named Nikolai Ivanov and Dimitar Stamatov took a road trip from their home in Quebec to New York City. Their five-day visit to Manhattan?s East Village and Astor Place wasn?t your typical tourist trek, though; instead of Statue of Liberty souvenirs, the pair collected the card data and personal identification numbers for over 1,100 ATM cards. Ivanov and Stamatov were "skimmers."

est nod32 key esed nod32 serial esed nod32 antivirus nod32 turkce

More Bad Drivers on the Information Superhighway

Opinion: In order to prevent bad device drivers from making the system unstable, Microsoft artificially limits the amount of memory available to Windows.

güncel key nod32 full nod32 esed nod32 keyleri

Packed:W32/PeCan.A

This program is packed using a packer program associated with numerous other malware.

nod32 full download full nod32 download est nod32 serial 64 bit nod32

Trojan-Downloader:OSX/Flashback.K

Trojan-Downloader:OSX/Flashback.K connects to a remote site to download its payload; on successful infection, the malware modifies targeted webpages displayed in the web browser.

eset nod32 guncel key eset nod32 güncel key indir com nod32 nod32 keyleri

Impressions: Fuzzing

indir com nod32 nod32 keyleri nod32 keyler nod32 key

Patch Tuesday June 2012 - IE Client Side and RDP Exposures, 24 Other Vulnerabilities

Microsoft released a set of seven bulletins, patching 26 total software vulnerabilities. Multiple remote code execution holes are being patched, but the two most urgent are the Internet Explorer and Remote Desktop Protocol updates. Almost half of the 26 vulnerabilities being patched this month are maintained in versions 6, 7, 8, and 9 of Internet Explorer code, all patched with Security Bulletin MS12-037.

RDP is not enabled by default on Windows systems, but exposure to this month's remote code execution vulnerability is a problem for many businesses around the world, as the recent activity from the Morto worm demonstrated. Many businesses need to use Remote Desktop functionality and enable it, but don't understand how to or just don't bother hiding the port behind a firewall and limiting access or requiring VPN access only. Past pre-authentication vulnerabilities in RDP should have improvded the situation by now, and folks need to understand that this service should be better isolated. We'll see if this one is taken advantage of in coming weeks. Updating systems with MS12-036 is a priority - including Windows 2003 installs and up to the Server Core installation of Windows Server 2008 R2 for x64-based Systems Service Pack 1. It's rated critical, and most versions of Windows server OS are vulnerable not only to DoS attacks, but remote code execution.

For most folks, properly licensed Windows systems with Windows Updates enabled will update the software automatically over the next day or so. People can also find "Windows Updates" in their start menu and open it, then click on "Check for Updates".

nod32 serial nod32 güncel keyleri nod32 keyleri güncel

SabPub Mac OS X Backdoor: Java Exploits, Targeted Attacks and Possible APT link

Last week, Apple released two urgent updates to Mac OS X to:

1. Remove the Flashback malware about which we have already written

2. Automatically deactivate the Java browser plugin and Java Web Start, effectively disabling java applets in browsers

Particularly, the second step shows the severity of the CVE-2012-0507 vulnerability exploited by Flashback to infect almost 700,000 users via drive-by malware downloads.

Actually, it was the right decision because we can confirm yet another Mac malware in the wild - Backdoor.OSX.SabPub.a being spread through Java exploits.

This new threat is a custom OS X backdoor, which appears to have been designed for use in targeted attacks. After it is activated on an infected system, it connects to a remote website in typical C&C fashion to fetch instructions. The backdoor contains functionality to make screenshots of the user’s current session and execute commands on the infected machine.

nod32 keyler nod32 key esed nod32 download nod32 serialleri

Fresh iPhone Apps for June 28: The Amazing Spider-Man, Squids Wild West, Cthulu Saves the World

As we near the release of the next Spider-Man movie, Gameloft has teamed with Sony to create The Amazing Spider-Man, today?s leading fresh iPhone app. The game gives you an open-world setting in New York and sets you free to sling webs all over it. We?ve also got the hilarious old-school role-playing title Cthulhu Saves the World, and Squids Wild West, the next chapter in the Squids series that brings more turn-based strategy action mixed with RPG elements.

nod32 guncel key güncel key nod32 full nod32 esed nod32 keyleri

Is Network Solutions Snatching Domain Names?

Numerous individuals have discovered that when they search for a domain name at Network Solutions, the domain register is automatically registering the name for Network Solutions.

nod32 full download full nod32 download est nod32 serial 64 bit nod32

Is your printer spewing gibberish? Could be malware

Symantec says mystery printer mishaps are a side effect of malware designed to get eyeballs on ads.

esed nod32 key esed nod32 keys est nod32 key

Indian court overturns Vimeo, Pirate Bay blockade

After a host of sites were taken down recently following a court order, ISPs prevailed in getting the bans overturned.

full nod32 download est nod32 serial 64 bit nod32 esed nod32 4

Google Copies Microsoft, Not Apple, To Fix Android Fragmentation

http://www.blogcdn.com/www.engadget.com/media/2012/06/googleio20124330.jpg

This is smart, and long overdue. Google said today that it will begin releasing an Android Platform Development Kit (PDK).

This will give Android device makers access to coming versions of Android 2-3 months before its official release. As is well-documented, most Android devices are way behind. 65% today run Android 2.3 Gingerbread which, with the release of 4.1 JellyBean today, now lags 3 versions behind.

nod32 serial nod32 güncel keyleri nod32 keyleri güncel güncel nod32 keyleri

New APT Attack Shows Technical Advance in Exploit Development

Recently, we came by an interesting targeted attack which was evading most antivirus products. This is a recent spearphish targeting various Tibetan and human rights activists. It demonstrates the level of effort put into infiltrating their groups with some unique characteristics, relative to the many other exploits targeting CVE-2012-0158. Here’s how such e-mails appear:

esed nod32 serial esed nod32 antivirus nod32 turkce nod32 full indir

Stratfor to settle class action suit over hack

NEW YORK (Reuters) - The global security analysis company Strategic Forecasting Inc will settle a class action lawsuit brought by one of its customers over a crippling attack by hackers who stole data of clients including Henry Kissinger, court documents show. U.S. District Judge Denis Hurley in Central Islip on New York's Long Island earlier this month gave his stamp of approval to a proposed settlement in a case that was filed in January. ...

nod32 guncel keyler nod32 guncel key güncel key nod32

Feds Smash Global Hacking Group UGNazi

http://en.wikipedia.org/wiki/UGNazi

The FBI arrested 24 hackers from across the globe, including the leader and members of the global hacking group UGNazi on Tuesday. The people arrested were all men and ranged from 18 to 25-years old Hackers from the US, Norway, Australia, Japan, Italy and the UK were included in the massive operation. Eleven people were arrested in the United States, the Federal Bureau of Investigation and the Manhattan US Attorney's office said.

esed nod32 keyleri esed nod32 key esed nod32 keys est nod32 key

27 Haziran 2012 Çarşamba

A look at recent tech-industry earnings

Here is a summary of recent earnings and reports for selected technology companies and what they reveal about the state of spending and the overall economy:

est nod32 key esed nod32 serial esed nod32 antivirus nod32 turkce

Foncy is dead. Long live Mania

The story of the Foncy SMS Trojan started during the fall of 2011. This piece of malware was one of the first SMS Trojans targeting users outside Russia and China. Potential victims were from various countries in Europe, North America and Africa. In the middle of January 2012 Foncy was updated: it started to spread together with an IRC bot and a root exploit. But the end of the Foncy story was very close because in February two suspected authors of this malware were arrested in Paris: you can read the story here in French and here in English. Since then we haven’t found any new modifications of this piece of malware.

So, Foncy is dead. And what is Mania? Mania is an SMS Trojan which currently only targets users of Android from France and its code is very similar to the code of the Foncy malware. The first sample of Mania (Trojan-SMS.AndroidOS.Mania) was found approximately at the same time when the Foncy IRC bot was discovered (during the first half of January). After that new variants of Mania appeared in February, March, April and May.

We haven’t found any traces of Mania on Android Market Google Play. It seems that it is spread via file sharing web sites as popular legitimate applications such as PhoneLocator Pro, BlackList Pro, Enhanced SMS and Caller ID, CoPilot Live Europe, Settings Profiles Full, Advanced Call Blocker and Kaspersky Mobile Security.

nod32 güncel key nod32 guncel key eset nod32 guncel key eset nod32 güncel key

FTC sues Wyndham Hotels after three credit card breaches

http://en.wikipedia.org/wiki/Federal_Trade_Commission

The Federal Trade Commission is suing a major hotel chain and its subsidiaries for allegedly failing to secure the financial information of its guests, which led to fraudulent charges of more than $10 million and the siphoning out of hundreds of thousands of credit card numbers.

The complaint (PDF), announced Tuesday, centers on the fact that New Jersey-based Wyndham Worldwide Corp. experienced three data breaches in under three years. In each case, the intruders made off with financial information by breaching the company's Phoenix data center.

nod32 turkce nod32 full indir nod32 full download

The Flame: Questions and Answers

Duqu and Stuxnet raised the stakes in the cyber battles being fought in the Middle East - but now we’ve found what might be the most sophisticated cyber weapon yet unleashed. The ‘Flame’ cyber espionage worm came to the attention of our experts at Kaspersky Lab after the UN’s International Telecommunication Union came to us for help in finding an unknown piece of malware which was deleting sensitive information across the Middle East. While searching for that code - nicknamed Wiper - we discovered a new malware codenamed Worm.Win32.Flame.

Flame shares many characteristics with notorious cyber weapons Duqu and Stuxnet: while its features are different, the geography and careful targeting of attacks coupled with the usage of specific software vulnerabilities seems to put it alongside those familiar ‘super-weapons’ currently deployed in the Middle East by unknown perpetrators. Flame can easily be described as one of the most complex threats ever discovered. It’s big and incredibly sophisticated. It pretty much redefines the notion of cyberwar and cyberespionage.

For the full low-down on this advanced threat, read on…

General Questions

What exactly is Flame? A worm? A backdoor? What does it do?

Flame is a sophisticated attack toolkit, which is a lot more complex than Duqu. It is a backdoor, a Trojan, and it has worm-like features, allowing it to replicate in a local network and on removable media if it is commanded so by its master.

The initial point of entry of Flame is unknown - we suspect it is deployed through targeted attacks; however, we haven’t seen the original vector of how it spreads. We have some suspicions about possible use of the MS10-033 vulnerability, but we cannot confirm this now.

Once a system is infected, Flame begins a complex set of operations, including sniffing the network traffic, taking screenshots, recording audio conversations, intercepting the keyboard, and so on. All this data is available to the operators through the link to Flame’s command-and-control servers.

Later, the operators can choose to upload further modules, which expand Flame’s functionality. There are about 20 modules in total and the purpose of most of them is still being investigated.

nod32 guncel key eset nod32 guncel key eset nod32 güncel key indir com nod32

Impressions: Windows Sysinternals Administrator's Reference

esed nod32 keys est nod32 key esed nod32 serial esed nod32 antivirus

Feds Smash Global Hacking Group UGNazi

http://en.wikipedia.org/wiki/UGNazi

The FBI arrested 24 hackers from across the globe, including the leader and members of the global hacking group UGNazi on Tuesday. The people arrested were all men and ranged from 18 to 25-years old Hackers from the US, Norway, Australia, Japan, Italy and the UK were included in the massive operation. Eleven people were arrested in the United States, the Federal Bureau of Investigation and the Manhattan US Attorney's office said.

nod32 keyleri güncel güncel nod32 keyleri nod32 guncel keyler nod32 guncel key

Trojan:Android/AutoSPSubscribe.A

Trojan:Android/AutoSPSubscribe.A is a malicious app that targets Android users in China, and is distributed through unofficial markets.

nod32 guncel key eset nod32 guncel key eset nod32 güncel key

Trojan:Android/DroidKungFu.C

Trojan:Android/DroidKungFu.C forwards confidential details to a remote server.

nod32 guncel key güncel key nod32 full nod32 esed nod32 keyleri

Whistleblowers: The Approaching Storm for Digital Security

esed nod32 key esed nod32 keys est nod32 key esed nod32 serial

The site that outs all your stupid Facebook updates

We Know What You're Doing proudly reveals all the things you have blurted out on Facebook that you wish you hadn't blurted out on Facebook.

esed nod32 keys est nod32 key esed nod32 serial esed nod32 antivirus

Impressions: The Web Application Hacker's Handbook, 2nd Ed

nod32 serialleri esed nod32 indir nod32 serial

Phishing at the Top Level

Opinion: ICANN and overbearing governments are gearing up for a major expansion of the attack surface of the DNS.

nod32 esed nod32 indir nod32 nod32 güncel key

Bitdefender builds a safer browser

The 2013 version of Bitdefender hands you a locked-down browser for safer financial transactions while debuting remote controls for both Windows and Android.

est nod32 key esed nod32 serial esed nod32 antivirus nod32 turkce

How attacks on social networks work

Symantec talks social-networking threats and how a new Norton Labs tool called App Advisor will stop them from attacking you.

nod32 serial nod32 güncel keyleri nod32 keyleri güncel güncel nod32 keyleri

Announcing Elevation of Privilege: The Threat Modeling Game

I have had the pleasure over the past few months to spend some time playing with an early rendition of " Elevation of Privilege: The Threat Modeling Game". According to Adam, "Elevation of Privilege is the easiest way to get started threat modeling".  I couldn't agree more. If you have a team that is new to the whole process of threat modeling, you will want to check it out. If you are at RSA this week, drop by the Microsoft booth and pick the game up for free. If you aren't, you can download it here.

EoP is a card game for 3-6 players. The deck contains 74 playing cards in 6 suits: one suit for each of the STRIDE threats (Spoofing, Tampering, Repudiation, Information disclosure, Denial of Service and Elevation of Privilege). Each card has a more specific threat on it.  You can see a short video on how to play and some more information about the game by checking our Adam's post here. In the end, it is a game that makes it possible to have more fun when thinking about threats. And that's a good thing.

Even more impressive is that they have released the game under Creative Commons Attribution license which gives you freedom to share, adapt and remix the game. So you if you feel you can improve up this, step up and let everyone know!!   

Congratulations to the SDL team at Microsoft for creating an innovative way to approach the concept of threat modeling.

nod32 serial nod32 güncel keyleri nod32 keyleri güncel

Mountain Lion gets daily automatic updates

Apple's enhanced software updating routine has its benefits and drawbacks.

esed nod32 indir nod32 nod32 güncel key nod32 guncel key

Mountain Lion gets daily automatic updates

Apple's enhanced software updating routine has its benefits and drawbacks.

nod32 full download full nod32 download est nod32 serial 64 bit nod32