News

February 21, 2014

Adobe pushes out critical Flash update - the second zero-day hole of the month

According to Adobe, there are three vulnerabilties patched in this update, numbered CVE-2014-0498, CVE-2014-0499 and CVE-2014-0502. The last on the list is the one known to have been exploited in the wild, according to analysts at vulnerability research company FireEye, and it's the reason why you should updgrade promptly. Presumably, the other two vulnerabilities have been patched "just in case," because Adobe's next scheduled security update doesn't arrive until April 2014.

Read more here.

February 17, 2014

Have Your Kids Sign an Internet Contract

Letting your kids be on the internet can be scary. You can keep an eye on what they're up to and there are ways to help keep them safe, but you might also want to take a page from schools that provide internet access and have them sign an appropriate-use contract. Signing a contract with your kids provides a few benefits. First, it spells out exactly how you expect them to behave because it forces you to explain your position clearly. Second, the act of signing a contract helps drive home the point. And finally, if they do break your rules, there's no argument involved. You can point to the line item on the contract that they broke and issue the appropriate punishment (which should also be spelled out in the contract).

Read more here.

February 10, 2014

Mac OS X Bitcoin Stealing Trojan Horse Called OSX/CoinThief Discovered

SecureMac.com has discovered a new trojan horse for Mac OS X called OSX/CoinThief.A, which spies on web traffic to steal Bitcoins. This malware has been found in the wild, along with numerous reports of stolen coins. The malware, which comes disguised as an app to send and receive payments on Bitcoin Stealth Addresses, instead covertly monitors all web traffic in order to steal login info for Bitcoin wallets.

Read more here.

February 4, 2014

Java botnet hits Mac, Linux and Windows machines

CYBER CROOKS are once again targeting Java users, but this time taking advantage of the cross-platform design to threaten Linux and Mac users, Kaspersky researchers have claimed. The malware is a functioning botnet written entirely in Java and is capable of infecting computers running Windows, Mac OS X and Linux that have Oracle's Java software framework installed. Once infected, a computer that has been compromised by the Java based malware - most likely through a malware hosting website - is pulled into a botnet and then controlled to launch distributed denial of service (DDoS) attacks against other websites to knock them offline.

Read more here.

January 22, 2014

Chrome Bugs Lets Sites Listen To Your Private Conversations

Last year Google rolled out a new feature for the desktop version of Chrome that enabled support for voice recognition directly into the browser. In September, a developer named Tal Ater found a bug that would allow a malicious site to record through your microphone even after you'd told it to stop. Quoting: 'When you grant an HTTPS site permission to use your mic, Chrome will remember your choice, and allow the site to start listening in the future, without asking for permission again. This is perfectly fine, as long as Chrome gives you clear indication that you are being listened to, and that the site can't start listening to you in background windows that are hidden to you. When you click the button to start or stop the speech recognition on the site, what you won't notice is that the site may have also opened another hidden popunder window.

Read more here.

January 20, 2014

The 25 Most Popular Passwords of 2013: God Help Us

You'd think that, by this point, people would start being a little more discerning with their passwords. You would be wrong. And here are the 25 most common (i.e. worst) passwords of 2013 to prove it. Compiled by SplashData, the list pulls from the millions of stolen passwords made public throughout the year—a large chunk of which was made possible thanks to the Adobe hackers and their 38 million victims back in October. That explains why this year's list includes newcomers "adobe123" and "photoshop." It also gives us the opportunity to remind you that basing your password on whatever program you're logging into is always a terrible, terrible idea.

Read more here.

January 5, 2014

Yahoo Advertising Serves Up Malware For Thousands

Thousands of users have been affected by malicious advertisements served by ads.yahoo.com. The attack, which lasted several days, exploited vulnerabilities in Java and installed malware. The Netherlands based Fox-IT estimates that the infection rate was at about 27,000 infections per hour. In response to the breach in security, Yahoo issued the following statement, 'At Yahoo, we take the safety and privacy of our users seriously. We recently identified an ad designed to spread malware to some of our users. We immediately removed it and will continue to monitor and block any ads being used for this activity.' While the source of the attack remains unknown, Fox-IT says it appears to be 'financially motivated.'

Read more here.

January 1, 2014

The iPhone has reportedly been fully hacked by the NSA since 2008 (Update: Apple denies working with NSA)

As 2013 edges to a close, reports of the NSA’s widespread surveillance capabilities have reached new heights of absurdity. A report from Der Spiegel over the weekend highlighted the NSA’s elite TAO hacking unit, which directly targets corporate networks and can even place spyware on devices while they’re being shipped to recipients. And yesterday, security researcher Jacob Applebaum and Der Spiegel blew the lid off another NSA program, dubbed “DROPOUTJEEP,” which gives the agency fully control of Apple’s iPhone.

Read more here.

December 20, 2013

Target Hacked, Credit Cards and Private Data for 40 Million Stolen

Earlier this week, word came out that Target was the victim of a massive hack that exposed the credit card numbers and other personal, private data for over 40 million customers at its brick-and-mortar stores. Now, Target has confirmed the breach. The breach was restricted only to Target's physical stores, so online shoppers are (ironically) safe in this case, but anyone who shopped in a Target store between the week of Black Friday (November 27th) through until the breach was discovered and sealed on December 15th may have had their information stolen. The data collected includes credit and debit card numbers, expiration dates, CVV codes (the three-digit security code on the back of your card), and customer names.

Read more here.

November 13, 2013

Porn-Surfing Execs Infecting Corporate Networks With Malware

According to a recent survey of malware analysts at U.S. enterprises, 40% of the time a device used by a member the senior leadership team became infected with malware was due to executives visiting a pornographic website. The study, from ThreatTrack Security, also found that nearly six in 10 of the malware analysts have investigated or addressed a data breach that was never disclosed by their company. When asked to identify the most difficult aspects of defending their companies' networks from advanced malware, 67% said the complexity of malware is a chief factor; 67% said the volume of malware attacks; and 58% cited the ineffectiveness of anti-malware solutions.

Read more here.

October 24, 2013

How to prevent Cryptolocker Ransomware from infecting your PC

Cryptolocker is a relatively new kind of ransomware that was first detected in the wild in September 2013. Ransomware for those who do not know the term refers to malicious software that, when executed on a PC, encrypts files on it so that they cannot be accessed anymore unless decrypted. Cryptolocker displays a ransom notification to the user of the system that states that the ransom -- usually between $100 and $300 -- has to be paid to unlock the files again. If the demand is not met in 96 hours, the option to do so will expire and the files will be lost forever.

Read more here.

October 18, 2013

How To Opt Out of Google's Shared Endorsements

Google recently announced an update to its Terms of Service, focused on displaying your profile name and photo next to advertisements and reviews. The new feature, which goes into effect on November 11, is called Shared Endorsements and will allow you to share your recommendations (whether a +1 on Google Play or a restaurant rating on Google Maps) with your connections.

For example, if your friend searches "Indian food" and an advertisement shows up for a local restaurant you've rated, your profile picture, name, and review might show up alongside it. Many users will take issue with their likeness used to promote sponsored links without their explicit consent—as Facebook knows all too well. Even more users rightfully have concerns with the fact that old comments posted with one online landscape in mind are now being reused in a completely different manner and placed before a completely different audience.

Read more here.

October 8, 2013

Don't want your unwatched TV ending spoiled by social media? There's an app for that

When you’re not able to watch a football game live – and want to put it on your DVR – you run the risk of having the ending spoiled by a friend on a social network. It’s heartbreaking when it happens. But with the help of a new app, it could happen less and less. The Spoiler Shield app lets you continue to check your favorite social media websites – and still not see messages about your game. The app shields for over 30 popular TV shows, such as Breaking Bad, Mad Men, Survivor, The Bachelor, and The Voice – as well as every NFL and MLB team.

Read more here.

September 25, 2013

Siri offers the latest backdoor into your iPhone - just ask nicely!

We really didn't want to write another Apple iOS 7 story. With two lockscreen holes and a fingerprint sensor that can be fooled with woodglue, we thought we'd given diehard iPhone fans a horse that was already dangerously high enough for them not to get down from. For example, we chose not to cover the fact that the New York Police Department were handing out flyers over the weekend advising residents of the Big Apple to take Even Bigger Apple's advice, and to upgrade to iOS 7 as soon as possible for security reasons.

Read more here.

September 19, 2013

iOS 7's Biggest Annoyances (and How to Fix Them)

With the release of any new operating system comes a slew of slight problems and annoyances. iOS 7 is no different. While certain things won't annoy everyone, a few minor problems are bound to trouble people. With that in mind, here's how to fix some of the more common annoyances

Read more here.

September 18, 2013

Internet Explorer zero-day exploit prompts Microsoft to publish emergency Fix it

For the first time in a little over four months, Microsoft published an emergency advisory and Fix it for users of its Internet Explorer web browser. Exploitation of Internet Explorer 8 and 9 has already been witnessed in the wild. That doesn't necessarily mean that users of Internet Explorer 6, 7, 10 and 11 are safe however. The only unaffected Windows platforms are the server platforms that ship with IE in restricted mode by default. If you have disabled the restricted mode, these may also be vulnerable.

Read more here.

September 9, 2013

Debunked: 9 Common Myths About Technology

Macs don't get viruses. The more megapixels your camera has, the better it is. Shelling out more money for expensive cables is worth it. These are some of the most common myths revolving around the technology we use every day. From battery draining to deleting files off your computer, we've explained and debunked some of these popular beliefs.

Read more here.

August 13, 2013

Heads up for Patch Tuesday: 24 hours, 8 bulletins, 3 critical, everything needs a reboot

It's that time of the month again, with Microsoft Patch Tuesday just 24 hours away. In point form, August 2013 brings you: Eight bulletins Three critical due to potential remote code execution Critical #1: All Internet Explorer versions from 6 to 10 Critical #2: Exchange Server versions 2007, 2010 and 2013 Critical #3: Windows itself, but only XP and Server 2003 Patches for Server Core, but none critical Reboot required It's hard to say just how severe (or how widely exploited, if at all) any of the critical vulnerabilities are, since Microsoft plays its cards close to its chest until the patches actually ship.

Read more here.

August 6, 2013

Firefox Zero-Day Used to Reveal Identities: Does The End Justify The Means?

An Exploit for Mozilla’s Firefox version 17 is making headlines, not simply because it is a zero-day but mainly because it appears to be part of an operation to uncover the identity of people using the Tor Browser to view child pornography. Last Saturday, it was reported that the FBI wanted to extradite who they called the ‘largest child-porn dealer on the planet’. The next day, several services offered by the Tor network ceased to exist, prompting many to look into the issue. It wasn’t too long before malicious code that had been injected in a large number of hidden websites was uncovered. The code was not just your run-of-the-mill exploit, but a Zero-Day that affected a specific version of Firefox, one that happened to be bundled in the Tor Browser.

Read more here.

July 25, 2013

What Google's Chromecast Has That All the Other Web-to-TV Devices Don't

Google today announced a new Internet-to-television device called Chromecast, a well-developed area of technology that doesn't really need another gizmo. With Apple TV, Roku and Boxee all providing solutions to turn a regular old HDTV into an Internet-capable TV, you might be thinking that the Chromecast is an also-ran before it's even been released. Yet Chromecast, as it's called, has the techies all giddy. A few of them said they already went on over to the Play store and bought one — before Google had even finished up its event. The general upshot of the stick is that it ports the television on your computer or smartphone — like Netflix, or YouTube — to your television. A lot of devices can already do this for you. So what makes this thing any different or better than all the others?

Read more here.

July 24, 2013

New Office 2010 and SharePoint 2010 Service Packs Roll Out

While service packs are out of style for the Windows operating system, Microsoft has pushed out another service pack (SP2) for both Office 2010 and SharePoint 2010 products. According to the company, they provide key updates and fixes across servers, services and applications including security, stability, and performance enhancements and better compatibility with Windows 8, Internet Explorer 10, Office 2013, and SharePoint 2013. The updates are available through Windows Update and as separate downloads.

Read more here.

July 21, 2013

Apple: Developer Site Targeted In Security Attack, Still Down

Apple has informed developers that an intruder gained access to its developer site database. Quoted email from Apple: 'Last Thursday, an intruder attempted to secure personal information of our registered developers from our developer website. Sensitive personal information was encrypted and cannot be accessed, however, we have not been able to rule out the possibility that some developers' names, mailing addresses, and/or email addresses may have been accessed. In the spirit of transparency, we want to inform you of the issue. We took the site down immediately on Thursday and have been working around the clock since then. In order to prevent a security threat like this from happening again, we're completely overhauling our developer systems, updating our server software, and rebuilding our entire database. We apologize for the significant inconvenience that our downtime has caused you and we expect to have the developer website up again soon.'

Read more here.

July 7, 2013

How To Stop AT&T From Selling Your Private Data To Advertisers

AT&T is ready to follow in its rivals' footsteps and begin selling the private usage data it collects from its subscribers' phones to advertisers. The data in question is anonymized, according to AT&T, but it includes very sensitive information such as customers' locations, Web browsing history, mobile app usage and more. Privacy is something of a hot button issue right now, so it is likely that a number of AT&T subscribers would prefer to not have their private data sold to advertisers. Luckily, there is a fast and easy way to opt out of AT&T's 'External Marketing and Analytics Reporting' program.

Read more here.

July 5, 2013

New Android Vulnerability Affects 99% of Devices

Yesterday, Bluebox Security unveiled in a corporate blog post that their research team—dubbed Bluebox Labs—had uncovered a vulnerability that affects 99% of Android devices. The vulnerability has been reported as existing since Android 1.6 (“Donut”) and may be plaguing some 900 million devices.Android According to the firm’s CTO Jeff Forristal, the vulnerability allows a hacker to “modify APK code without breaking an application’s cryptographic signature, to turn any legitimate application into a malicious Trojan, completely unnoticed by the app [Google Play] store, the phone, or the end user.”

Read more here.

June 28, 2013

Windows 8.1 preview ready for download, if you dare

Microsoft just might win some kind of award for listening to its customers. After customers went up in arms over the Xbox One's DRM, the company completely reversed course. And when Windows 8 left many desktop PC users grumbling over a forced touch-centric future that they weren't quite ready for, the company also made some adjustments, in the form of Windows 8.1. If you're feeling particularly frisky, you can now download the first public preview of that update formerly known as "Blue."

Read more here.

June 19, 2013

Millions At Risk From Critical Vulnerabilities From WordPress Plugins

Checkmarx's research lab identified that more than 20% of the 50 most popular WordPress plugins are vulnerable to common Web attacks, such as SQL Injection. Furthermore, a concentrated research into e-commerce plugins revealed that 7 out of the 10 most popular e-commerce plugins contain vulnerabilities. This is the first time that such a comprehensive survey was prepared to test the state of security of the leading plugins.

Read more here.

June 19, 2013

Researchers Crack iOS Mobile Hotspot Passwords In Less Than a Minute

Business travelers who tether their iPhones as mobile hotspots beware. Researchers at the University of Erlanger-Nuremberg in Germany have discovered a weakness in the way iOS generates default passwords for such connections that can leave a user's device vulnerable to man-in-the-middle attacks, information leakage or abuse of the user's Internet connection. Andreas Kurtz, Felix Freiling and Daniel Metz published a paper (PDF) that describes the inner workings of how an attacker can exploit the PSK (pre-shared key) authentication iOS uses to establish a secure WPA2 connection when using the Apple smartphone as a hotspot. The researchers said that attackers would find the least resistance attacking the PSK setup rather than trying their hand at beating the operating system's complex programming layers.

Read more here.

June 14, 2013

Microsoft Office Finally Gets iOS App

After years of rumors and months of bickering with Apple over revenue splits, Microsoft has finally released an official iOS app for Office 365 subscribers, allowing people to use Word, Excel and PowerPoint on their iPhones and iPads. According to a hands-on report with the software, the Office app has basic functionality, but is missing some key productivity features. 'These include: font options, text alignment, bulleted lists and, again, more color choices, all of which you can find in, say, the Google Drive app.' They say it's a fairly useful addition for current subscribers, but certainly not enough to make it worth the Office 365 subscription fee on its own.

Read more here.

June 7, 2013

Poll Results 2013: Chrome overtakes Firefox as the preferred web browser

In 2012, TechRepublic asked a very simple question: Given a fresh choice, which Web browser would you choose? The poll results in 2012 showed that Firefox was the most used web browser in 2012. However, when it comes to information technology, change is inevitable, so a few weeks ago we asked the same question and discovered that Mozilla Firefox has been overtaken by Google Chrome as the preferred web browser among IT professionals on TechRepublic in 2013.

Read more here.

May 24, 2013

Android Malware Intercepts Text Messages, Forwards To Criminals

A new piece of Android malware has been discovered that can intercept your incoming text messages and forward them on to criminals. Once installed, the trojan can be used to steal sensitive messages for blackmailing purposes or more directly, codes which are used to confirm online banking transactions. The malware in question, detected as "Android.Pincer.2.origin" by Russian security firm Doctor Web, is the second iteration of the Android.Pincer family according to the company. Both threats spread as security certificates, meaning they must be deliberately installed onto an Android device by a careless user.

Read more here.

May 24, 2013

HTC’s Bizarro World: where the maker of the best smartphone gasps for air

If you polled a roomful of smartphone pundits about the best phone you can buy right now, there’s a good chance plenty of them would say the HTC One. Hell, we might even say that. So it’s a bit strange to hear stories of the company bleeding top staff and continuing to hit hard times ... while simultaneously selling one of the most important phones of the year. Welcome, HTC. You've officially entered Bizarro World.

Read more here.

May 22, 2013

Ethernet celebrates its 40th birthday

Most people probably associate Ethernet with a simple colored cable cinched with phone-like jacks. But, Ethernet is so much more. It is the foundation for global Internet access and undoubtedly the world's most used connectivity technology. In the annuals of techdom, Ethernet is a very big deal. "Ethernet ranks highly among those technologies that impact day-to-day life on a global basis," IEEE Standards Association writes on its Web site. "Data center networks, PCs, laptops, tablets, smartphones, and now the smart grid, smart meters, personal medical devices, the Internet of Things, connected cars, and more -- Ethernet touches them all in one way or another." And, it was 40 years ago today that inventor Bob Metcalfe passed around a memo explaining just how Ethernet would work -- connecting multiple computers to one another to exchange messages over increasingly busy networks.

Read more here.

May 21, 2013

Goodbye, Lotus 1-2-3

In 2012, IBM started retiring the Lotus brand. Now 1-2-3, the core product that brought Lotus its fame, takes its turn on the chopping block. IBM stated, 'Effective on the dates listed below, [June 11, 2013] IBM will withdraw from marketing part numbers from the following product release(s) licensed under the IBM International Program License Agreement:' IBM Lotus 123 Millennium Edition V9.x, IBM Lotus SmartSuite 9.x V9.8.0, and Organizer V6.1.0. Further, IBM stated, 'Customers will no longer be able to receive support for these offerings after September 30, 2014. No service extensions will be offered. There will be no replacement programs.'

Read more here.

May 17, 2013

Florida's Redlight Program Designed To Make Driving More Dangerous By Shortening Yellow Lights

For years, we've been critics of red light cameras, which have been shown time and time again to actually increase accidents rather than decrease them -- which you would think should be the goal. Of course, we all know that's not really the goal. The goal has always been revenue generation for cities. If they actually wanted to increase safety there's a very simple way to do it: you increase the timing of yellow lights (and for the places, like where I live, that don't have an interval between when one direction turns red and the other turns green, you add that brief interval where all directions are red). Do that, and you increase safety and decrease accidents. And it's incredibly easy and cheap to do.

Read more here.

May 9, 2013

US DOJ Say They Don't Need Warrants For E-Mail, Chats

The U.S. Department of Justice and the FBI believe they don't need a search warrant to review Americans' e-mails, Facebook chats, Twitter direct messages, and other private files, internal documents reveal. Government documents obtained by the American Civil Liberties Union and provided to CNET show a split over electronic privacy rights within the Obama administration, with Justice Department prosecutors and investigators privately insisting they're not legally required to obtain search warrants for e-mail.

Read more here.

May 6, 2013

Adobe kills Creative Suite – all future features online only

Adobe had been expected to demo Creative Suite 7 at its MAX conference down in smoky Los Angeles on Monday, but instead announced there'll be no more versions of its boxed software and that the Creative Suite brand will cease to exist. All CS apps updates will only be added to its Creative Cloud suite, and Adobe showed off some new tools to tempt its software stick-in-the-muds online. "We believe that we're now collectively hitting a tipping point where the web is now ready for a generation of tools and services that help build the future of HTML5, CSS, and JavaScript web," said David Wadhwani, general manager of Adobe's digital media business unit, at the MAX keynote.

Read more here.

April 23, 2013

Yet another unpatched security hole found in Java

Just last week Oracle issued a critical security patch for Java, and strongly advised computer users to update their systems as soon as possible. If you did update your Java installation, give yourself a pat on the back. Done that? Good. Because, unfortunately, the celebrations need to be short-lived as a security researcher now claims to have found yet another as-yet-unpatched flaw, which affects all versions of Java SE 7.

Read more here.

April 19, 2013

Oracle Fixes 42 Security Vulnerabilities In Java

Oracle released its quarterly Critical Patch Update (CPU) for April, which addressed a whopping 128 security issues across multiple product families. As part of its update, Oracle released a Java SE Critical Patch Update to plug 42 security holes in Java, 19 with base CVE score of 10 (the highest you can go) and 39 related to the Java Web Start plugin which can be remotely exploited without authentication. According to security analyst Wade Williamson, organizations need to realize that Java will continue to pose a significant risk. 'The first step is for an organization to understand precisely where and why Java is needed,' Williamson wrote. 'Based on the rate of newly discovered vulnerabilities, security teams should assume that Java is and will continue to be vulnerable.' Organizations should to take a long, hard look at Java and answer for themselves if it's worth it, Williamson added. Due to the threat posed by a successful attack, Oracle is strongly recommending that organizations apply the security fixes as soon as possible.

Read more here.

April 16, 2013

Sony Launches Internet Service Offering Twice the Speed of Google Fiber

Sony Japan has announced that its own Internet service provider So-net Entertainment has launched what is thought to be the world's fastest Internet connection for home use in Japan with download speed of 2 Gbps on average. This speed is twice as fast as competing high-speed fiber connections in Japan. The ultra-fast connection, known as Nuro, will cost an inexpensive 4,980 yen ($51) per month- offering download speeds of 2 Gbps and uploads of up to 1 Gbps.

Read more here.

April 10, 2013

Microsoft fixes 9 flaws, Adobe 3 in April's Tuesday update

No surprises, simply time to do your monthly duty on the second Tuesday of the month. No, not clean the fish tank, apply your Microsoft and Adobe fixes! As Paul pointed out last week, there are nine updates released today covering Windows, Internet Explorer, SharePoint, Defender and InfoPath. The speculation around the Internet Explorer patch (MS13-028) fixing the PWN2OWN vulnerability disclosed by VUPEN was untrue. The critical patch for Internet Explorer fix two vulnerabilities reported to Microsoft by Google researchers that could result in remote code execution (RCE). This fix requires a reboot, but should be considered of the highest priority.

Read more here.

March 26, 2013

T-Mobile Ends Contracts and Subsidies

In what I see as a refreshing change, T-Mobile, the fourth largest carrier in the U.S., has made sweeping changes to its service, ending both phone subsidies and service contracts. Its CEO said, 'Here's the deal: If we suck this month, go somewhere else. If we're good, stay with us.' As part of that change, the new base plan will include unlimited access, including voice, text, and data. Data will be restricted to edge speeds after 500MB with no overage costs, but can be upgraded to 2.5GB for $10, or unlimited for $20. Portable Wi-Fi hotspot usage is also unrestricted for no additional cost. In addition, LTE services just went live in eight markets. As is already standard practice with T-Mobile, you are free to bring your own device. To keep customers from having to front the full cost of the phone with unsubsidized plans, they'll let people pay off phones in installments. They're also getting the iPhone 5 next month for $650.

Read more here.

March 17, 2013

Microsoft To Abandon Windows Phone?

Microsoft has had some trouble as of late getting adoption of their mobile products. Even Bill Gates has said it was inadequate. Despite rave reviews of Windows Phone in the press it has failed to get double digit share of the smartphone market. Now comes reports from WMPoweruser that WP8 will lose mainstream support in July 2014.

Read more here.

March 15, 2013

Apple Nabs Java Exploit That Bypassed Disabled Plugin

Apple on Thursday released a large batch of security fixes for its OS X operating system, one of which patches a flaw that allowed Java Web Start applications to run even when users had Java disabled in the browser. There have been a slew of serious vulnerabilities in Java disclosed in the last few months, and security experts have been recommending that users disable Java in their various browsers as a protection mechanism. However, it appears that measure wasn't quite enough to protect users of some versions of OS X.

Read more here.

March 13, 2013

It's Microsoft Patch Tuesday: March 2013

It’s time to beware the Ides of March - but what about the Patches of Tuesday? This month traditionally heralds the arrival of spring, but before you succumb to spring fever and abandon the server room for the great outdoors, be sure you get the March updates applied to your systems. We’re back to lucky seven in the number of security bulletins, with the majority of those (four) affecting Microsoft Office. Two of the Office-related bulletins, along with one affecting Windows and IE, and one affecting Silverlight, are rated Critical; the rest are rated Important.

Read more here.

March 11, 2013

Yahoo! webmail! hijacks! are! back!... Didn't! they! fix! that?!

Yahoo! has blamed cross-site scripting security bugs, which it claims to have squashed, for a recent upsurge in webmail account takeovers. Over the last few days several Reg readers have been in touch to complain that their Yahoo! webmail accounts have been hijacked or to point us towards complaints on various support forums about the issue. One tipster told us: "Lots of Yahoo! Mail accounts were broken into last week by computers all over the world. It seems a botnet was used to do it. The hackers might have accessed some of the accounts through Apple iPhone's Yahoo! Mail app, as account security logs show that as one of the hack entry points." BT has a tie-up with Yahoo! and the tipster pointed us towards tales of webmail account hacking woe from the telco's customers, including one from someone who works for a support organisation and another from a computer company in Devon. The latter ruled out a virus infection at their end and suggested a security flaw in the Yahoo! mobile app might be to blame for the problem.

Read more here.

March 11, 2013

Microsoft to patch security vulnerabilities on Tuesday - including some rated as "critical"

Patch Tuesday is bringing seven security fixes, with Microsoft deeming four of them "drop-everything-and-fix-this-now" critical. The patches are for Windows, Internet Explorer and Office, as well as a sprinkling for Windows Server and Silverlight. Microsoft says that four of the patches will address "critical" vulnerabilities. Emergency. Image from Shutterstock "Critical" is, of course, Microsoft's highest severity rating. It covers self-propagating malware such as network worms or common-use scenarios in which code is executed without warning or prompt, such as when users open booby-trapped email or suffer drive-by attacks from maliciously rigged webpages. In this patch go-round, Microsoft warns that critical flaws might allow for remote code execution on Windows, IE, Silverlight and Office.

Read more here.

March 9, 2013

Apple finally adopts HTTPS for the App Store - here's why it matters

Apple has been a bit half-hearted about encrypting App Store traffic...until recently, anyway. Does that matter? Surely encrypting just the really secret stuff, like passwords and credit card numbers, is enough? Should Apple really be encrypting *everything*, even if for no better reason than "because it can"? Paul Ducklin investigates...

Read more here.

March 6, 2013

Oracle ships out-of-band Java fix, Apple follows suit

Want a big surprise? Oracle recently published an emergency update for Java, and Apple quickly followed suit for the version of Java it still officially supports. Want another surprise? The fix was brought forward from Oracle's regular scheduled patch (the next one is on 16 April 2013) because of its critical importance. Just like last time, when Oracle pre-empted its official 19 February 2013 update with an emergency fix at the start of the month.

Read more here.

February 22, 2013

NBC website hacked and distributes malware - here's what happened

The latest high-profile organisation to fall victim to cybercriminals is the National Broadcasting Company (NBC), one of the so-called Big Three television networks in the USA. NBC's website was "owned" and used as a go-between in a campaign to infect online visitors automatically. Fortunately, the malevolent content on the site was up only briefly, limiting the harm that was done. But researchers at Dutch security company SurfRight managed to grab samples of some of the malware on offer during this time.

Read more here.

February 14, 2013

iOS 6.1 hack lets users see your phone app, place calls

A new hack of Apple's iOS 6.1 has been illustrated in a YouTube video, and we can confirm it works.

Some sleight of hand will allow iOS 6.1 hackers to access your phone application, listen to your voicemails, and place calls. A YouTube video showing users how to "bypass iPhone 5 passcode" on Apple's latest iOS releases, including iOS 6.1, has been published. The person who uploaded the video shows how anyone can access the phone application on a passcode-protected iPhone. In order to achieve the hack, users must come close to turning off the iPhone, place an emergency call, and keep their finger on the power button. CNET was able to recreate the hack with ease, and the YouTube user who uploaded the video provided step-by-step directions.

Read more here.

February 8, 2013

Microsoft readies monster-sized security patch for Windows users

Patch Tuesday is approaching, and for users of Microsoft's software it's going to be a monster. In all, 57 separate security flaws are waiting to be fixed. Perhaps the biggest concern will be related to the security holes in Internet Explorer. According to Microsoft, every single version of Internet Explorer - from version 6 to version 10 - needs to be patched, as they are vulnerable to exploitation by drive-by attacks.That means that simply visiting a boobytrapped webpage could silently infect your computer with malware - hijacking your PC for a hacker's own ends.

Read more here.

February 3, 2013

AT&T: Don't Want a Data Plan for That Smartphone? Too Bad.

Joel Runyon recounts a tale that will be familiar to many people who have bought secondhand smartphones. After his old dumbphone died a few months ago, Runyon picked up a used iPhone. He just needed it for basic phone capabilities, and used it as such, turning data off. However, AT&T eventually figured out he was making calls from a smartphone, and they decided he needed a data plan, even if he wasn't going to use it. They went ahead and opted him into a plan that cost an extra $30 a month. Quoting: 'According to AT&T: They can opt me into a contract that I didn't agree to because I was using a phone that I didn't buy from them because it had the ability to use data that I wasn't using (and was turned off). To top it all off, they got the privilege of charging me for it because I bought a differently categorized device – even though the actual usage of their network did not change at all and I never reconstituted a new agreement with them.'

Read more here.

February 1, 2013

Online Ads Are More Dangerous Than Porn, Cisco Says

The popular belief is that security risks increase as the user engages in riskier and shadier behavior online, but that apparently isn't the case, Cisco found in its 2013 Annual Security report. It can be more dangerous to click on an online advertisement than an adult content site these days, according to Cisco. For example, users clicking on online ads were 182 times more likely to wind up getting infected with malware than if they'd surfed over to an adult content site, Cisco said. The highest concentration of online security targets do not target pornography, pharmaceutical, or gambling sites as much as they affect legitimate sites such as search engines, online retailers, and social media. Users are 21 times more likely to get hit with malware from online shopping sites and 27 more times likely with a search engine than if they'd gone to a counterfeit software site, according to Cisco's report (PDF). There is an overwhelming perception that people get compromised for 'going to dumb sites,' Mary Landesman, senior security researcher at Cisco, told SecurityWeek.

Read more here.

January 31, 2013

"Bill Shocker" Malware Controls 620,000 Android Phones In China

A new discovered malware is potentially one of the most costly viruses yet discovered. Uncovered by NQ Mobile, the 'Bill Shocker' (a.expense.Extension.a) virus has already impacted 620,000 users in China and poses a threat to unprotected Android devices worldwide. Bill Shocker downloads in the background, without arousing the mobile device owner's suspicion. The infection can then take remote control of the device, including the contact list, Internet connections and dialing and texting functions. Once the malware has turned the phone into a "zombie," the infection uses the device to send text message to the profit of advertisers. In many cases, the threat will overrun the user's bundling quota, which subjects the user to additional charges.

Read more here.

January 30, 2013

RIM Unveils BlackBerry 10, Its Big Turnaround Hope

Research In Motion has whipped the curtain back from BlackBerry 10. The revamped operating system is widely perceived as RIM's best chance at staying relevant in a smartphone market dominated by Google Android and Apple's iOS. Once a significant player in mobility, RIM watched its earnings and market-share crumble over the past few years. BlackBerry 10 abandons the longtime BlackBerry user interface, centered on grids of icons, in favor of one built on the same QNX technology that powers RIM's PlayBook tablet. The BlackBerry 10 home-screen offers 'live tiles' that dynamically refresh with updated information, and RIM is playing up how users can move between apps and alerts by swiping and flicking the screen. Other features include BlackBerry Balance, which divides the 'personal' and 'corporate' sides of the phone, as well as an updated BlackBerry Messenger. RIM also announced they are rebranding themselves as BlackBerry. If you like pictures, omfglearntoplay sent in an article that delivers. Gimmicks of the launch include hiring Alicia Keys as their "Global Creative Director."

Read more here.

January 29, 2013

Apple Has a New Porn Problem

Twitter's new iOS-only app, Vine, was prominently featured by Apple as an 'Editor's Pick' in its App Store the day it launched. However, given Apple's policies for adult content, they may have rushed the whole thing since this past Sunday, a number of news outlets ran stories covering the rise of easily-accessible pornography on the new video sharing app. As Joshua Topolsky explains, the situation draws even more attention to the vague and sometimes confusing rules of Apple's App Store guidelines, and more clearly showcases the sporadic and often unusual criteria the iPhone-maker uses to decide the fates of applications. So it will be interesting to see how Apple handles this given that they've never been shy about banning similarly racy apps in the past.

Read more here.

January 14, 2013

Oracle Ships Java 7 Update 11 With Vulnerability Fixes

After announcing a fix was coming just yesterday, Oracle on Sunday released Java 7 Update 11 to address the recently disclosed security vulnerability. If you use Java, you can download the latest update now from the Java Control Panel or directly from Oracle's website here: Java SE 7u11. In the release notes for this update, Oracle notes this version "contains fixes for security vulnerabilities." A closer look at Oracle Security Alert for CVE-2013-0422 details that Update 11 fixes two vulnerabilities.

Read more here.

January 12, 2013

How Verizon's 'Six Strikes' Plan Works

With the 'six-strikes' anti-piracy plan set to begin in the U.S. soon, TorrentFreak has gotten its hands on a document showing how Verizon in particular will be dealing with copyright-infringing users. For your first and second strike, Verizon will email you and leave you a voicemail informing you that your account is involved in copyright infringement. For your third and fourth strikes, the ISP will automatically redirect your browser to a page that requires you to acknowledge receiving the alerts. They'll also play a video about the dangers of infringement. For your fifth and sixth strikes, they give you three options: massively throttle your connection for a few days, wait two weeks and then throttle your connection, or file an appeal with an arbitration service for $35. TorrentFreak points out that the MPAA and RIAA can obtain the connection information of repeat infringers, with which they can then take legal action.

Read more here.

January 7, 2013

Apple's App Store Tops 40 Billion Downloads; Generates $7 Billion For Developers

With the eyes of the tech world fixed on CES this week, Apple this morning conveniently decided to issue a press release announcing that the iTunes App Store has now topped over 40 billion downloads. That's an incredible feat, to be sure, but even more incredible is that nearly half of those downloads occurred in 2012. In December alone, iOS users downloaded over 2 billion applications, setting a monthly record in the process.

Read more here.

January 6, 2013

NVIDIA Releases Fix For Dangerous Display Driver Exploit

NVIDIA on Saturday quietly released a driver update (version 310.90) that fixes a recently-uncovered security vulnerability in the NVIDIA Display Driver service (nvvsvc.exe). The vulnerability was disclosed on Christmas day by Peter Winter-Smith, a researcher from the U.K. According to Rapid7's HD Moore, the vulnerability allows a remote attacker with a valid domain account to gain super-user access to any desktop or laptop running the vulnerable service, and allows an attacker (or rogue user) with a low-privileged account to gain super-access to their own system. In addition to the security fix, driver version 310.90 addresses other bugs and brings performance increases for several games and applications for a number of GPUs including the GeForce 400/500/600 Series.

Read more here.

January 1, 2013

Pirated iOS App Store Site Shuts Down

Installous, a major portal for pirated paid apps from Apple's App Store, won't be around anymore. Development team Hackulous today announced the closure of Installous on their official Web site. As of today, the pirated app store no longer works, and only shows these errors: "Outdated version. Installous will now terminate" or "API Error. API unavailable." For many years, Installous offered complete access to thousands of paid iOS apps for free for anyone with a jailbroken iPhone, iPad, and iPod Touch. Think of it as being able to walk into a fancy department store, steal anything you want, and never get caught.

Read more here.

December 31, 2012

Microsoft issues fix for IE flaw that could allow PC hijack

Microsoft issued a fix today for a zero-day vulnerability in older versions of Internet Explorer that could allow attackers to gain control of Windows-based computers to host malicious Web sites. The company confirmed Saturday that it was investigating a remote code execution vulnerability in IE 6, IE 7, and IE 8 that could allow an attacker to use the corrupted PC to host a Web site designed to exploit the vulnerability with other users. Versions of the browser after IE 8 are unaffected, Microsoft said.

Read more here.

December 27, 2012

Nvidia Display Driver Service Attack Escalates Privileges On Windows Machines

A zero-day exploit has been found in the Nvidia Display Driver Service on Windows machines. An attacker with local access can use the exploit gain root privileges on a Windows machine. Windows domains with relaxed firewall rules or file sharing enabled can also pull off the exploit, which was posted to Pastebin by researcher Peter Winter-Smith

Read more here.

December 21, 2012

iOS 6 Adoption Rates Soar Following Google Maps Release

The Dec. 12 reinstatement of Google Maps on iOS has apparently been enough for some of those reticent users to finally make the upgrade to iOS 6. According to MoPub, the San Francisco-based mobile ad exchange that monitors more than 1 billion ad impressions a day and supports more than a dozen ad networks and 12,000 apps, there has been a 29 percent increase in unique iOS 6 users in the past five days following Google Maps' release on iOS. In fact, MoPub reports a 13 percent increase in iOS 6 users from last Monday to Wednesday alone, which would mean that nearly half of the converts to iOS 6 in the past week switched the very moment Google Maps' standalone app hit the App Store.

Read more here.

December 15, 2012

South Carolina Shows How Not To Do Security

Earlier this year, the state's Department of Revenue was storing 3.3 million bank account numbers, as well as 3.8 million tax returns containing Social Security numbers for 1.9 million children and other dependents, in an unencrypted format. After a state employee clicked on a malicious email link, an attacker was able to obtain copies of those records. It's easy to blame the breach on 'Russian hackers' but who is really to blame? 'The state's leadership, from the governor on down, failed to take information security seriously or to correctly gauge the financial risk involved. As a result, taxpayers will pay extra to clean up the mess. Beyond the $800,000 that the state will spend — and should have already spent — to improve its information security systems, $500,000 will go to the data breach investigation, $740,000 to notify consumers and businesses, $250,000 for legal and PR help, and $12 million for identity theft monitoring services.'

Read more here.

December 13, 2012

Facebook helps FBI smash global 11 million-strong botnet

The U.S. Department of Justice and the FBI, with help from international law enforcement agencies, have arrested 10 suspects involved in a cybercrime ring related to a global botnet that infected more than 11 million machines worldwide. The arrests came from Bosnia and Herzegovina, Croatia, Macedonia, New Zealand, Peru, the U.K. and the U.S., after numerous search warrants and interviews were executed.

Read more here.

December 4, 2012

Microsoft Steeply Raising Enterprise Licensing Fees

Microsoft is trying to make up for below expected earnings following Windows 8's and Surface RT's lack luster adoption rates by increasing the prices of its products between 8 and 400 per cent. Trying to make more out of its enterprise customers who are tied under its Software Assurance payment model, Microsoft has increased user CALs pricing 15 per cent; SharePoint 2013 pricing by 38 per cent; Lync Server 2013 pricing by 400 per cent; and Project 2013 Server CAL by 21 per cent.

Read more here.

December 4, 2012

Facebook Users Voting On Privacy, Instagram, Other Issues

Facebook is letting users vote on changes to its Data Use Policy and Statement of Rights and Responsibilities (Facebook users can vote via this link). The company will also host a live Webcast to answer questions at 9:30 AM PST. One section of Facebook's revamped policies insists that the network can share information with its family of companies. This apparently applies to Instagram, the photo-sharing service acquired by Facebook earlier this year. Under the terms of the provision, Facebook can store 'Instagram's server logs and administrative records in a way that is more efficient than maintaining totally separate storage systems.' Facebook is also clarifying its language surrounding affiliates, as well. As long as Facebook continues to exist in its current form, these debates over its privacy rules will almost certainly continue to crop up on a semi-regular basis. The challenge for Facebook executives is how to best maintain that delicate dance between their need for revenue, advertising firms' desire for effective marketing campaigns, and users' rights to privacy. They run a corporation — but at moments, it also starts to resemble a messy democracy.

November 29, 2012

Windows Blue: Microsoft's Plan To Release a New Version of Windows Every Year

Way back in August, three months before the release of Windows 8, we learned about the existence of a project at Microsoft codenamed Blue. At the time it wasn't clear whether this was Windows 9, or some kind of interim update/service pack for Windows 8. Now, if unnamed sources are to be believed, Windows Blue is both of those things: a major update to Windows 8, and also the beginning of a major shift that will result in a major release of Windows every 12 months — just like Apple's OS X. According to these insiders, Blue will roll out mid-2013, and will be very cheap — or possibly even free, to ensure that 'Windows Blue the next OS that everyone installs.' Exact details are still rather vague, but at the very least Blue will make 'UI changes' to Windows 8. The sources also indicate that the Windows 8 and Windows Phone 8 SDKs will be merged or standardized, to further simplify the development of cross-platform apps. Perhaps more important, though, is the shift to a 12-month release cadence. Historically, Microsoft has released a major version of Windows every few years, with the intervening periods populated with stability- and security-oriented service packs. Now it seems that Microsoft wants to move to an OS X-like system, where new and exciting features will be added on an annual basis. In turn, Microsoft will drop the price of these releases — probably to around $25, just like OS X.

Read more here.

November 9, 2012

Rejected: 74% of organizations have no plans to deploy Windows 8

We have been telling our interested customers that many companies we are working with have no desire to introduce Windows 8 into their environment, and that Windows 7 may very well be the next Windows XP in terms of its longevity.

From the article "Microsoft Windows chief Steven Sinofsky has described Windows 8 as “a generational change” the likes of which hasn’t been made since Windows 95. With Windows 8, Microsoft hopes to move its flagship OS beyond the PC into the fast-growing tablet market. But, according to TechRepublic Pro and ZDNet research, Microsoft hasn’t convinced many IT decision makers that Windows 8 is an essential OS upgrade."

Read more here.

November 6, 2012

Microsoft Retiring Messenger, Replacing It With Skype

Windows Live Messenger will be shut down by March 2013, after nearly 13 years of service, so Microsoft can focus its efforts on Skype, its recent $8.5bn acquisition. No word on whether users will be able to transfer their WLM accounts to Skype. 'According to internet analysis firm Comscore, WLM still had more than double the number of Skype's instant messenger facility at the start of this year and was second only in popularity to Yahoo Messenger. But the report suggested WLM's US audience had fallen to 8.3 million unique users, representing a 48% drop year-on-year. By contrast, the number of people using Skype to instant message each other grew over the period.'

Read more here.

November 4, 2012

Microsoft Escapes Kaspersky's Top 10 Vulnerabilities List

Security firm Kaspersky has released its latest IT Threat Evolution report. There were some interesting findings in the report, as always, but the most interesting thing that stuck out was all the way at the bottom: 'Microsoft products no longer feature among the Top 10 products with vulnerabilities. This is because the automatic updates mechanism has now been well developed in recent versions of Windows OS.'

Read more here.

November 1, 2012

First iPad Mini Reviews: "Shockingly Nice to Hold", Non-Retina Display, Pricier than Rivals

The embargo has just lifted on the first iPad Mini reviews. Apple has provided some publications with an early review unit of the iPad Mini. We are collecting some of the more interesting points from each review, but you can click each title to read the full writeup. The iPad Mini will officially launch on November 2nd and will likely be available in retail stores beginning at 8am.

Read more here.

October 17, 2012

Apple resumes User Tracking with iOS 6. Here's how to disable it

Apple got caught with its hand in the cookie jar when privacy experts protested the use of a universal device identifier, or UDID, to track the online preferences of iPhone and iPad users. The problems with that model became all too apparent after hackers compromised systems belonging to digital media firm Bluetoad and made off with close to a million device IDs. Enough is enough, right? Well, maybe not. It looks like device tracking is back with iOS 6, courtesy of a new tracking technology: IDFA, or identifier for advertisers.

Read more here.

October 16, 2012

FBI Issues Android Virus Warning

The IC3 has been made aware of various malware attacking Android operating systems for mobile devices. Some of the latest known versions of this type of malware are Loozfon and FinFisher. Loozfon is an information-stealing piece of malware. Criminals use different variants to lure the victims. One version is a work-at-home opportunity that promises a profitable payday just for sending out email. A link within these advertisements leads to a website that is designed to push Loozfon on the user's device. The malicious application steals contact details from the user's address book and the infected device's phone number.

Read more here.

October 12, 2012

Malware attack strikes, posing as Skype password change notification

If Skype users didn't have enough to worry about this week security-wise (with a worm spreading across the system), there's now another threat to warn about. Emails have been spammed out by cybercriminals, posing as messages from Skype, claiming that you have changed your password on the service. Perhaps surprisingly, the links really do point to the genuine Skype website at skype.com. However, a file (Skype_Password_insctructions.zip) is attached to the email, and if you make the mistake of unzipping and executing its contents (Skype_Password_inscructions.pdf.exe) you run the risk of infecting your Windows computer.

Read more here.

October 9, 2012

A study confirms Internet Explorer 9 is the safest web browser

I get several pitches from researchers, marketers, and vendors during the course of a week touting some sort of interesting information about information technology. Many of the pitches aren’t worth much, but every once in a while one actually grabs my attention. Early this week, I received information about a study by NSS Labs, which clearly showed that Microsoft Internet Explorer 9 was significantly better at blocking malware than any other browser tested. In fact, their study showed that no other tested browser even came close to challenging IE9.

Read more here.

September 13, 2012

Fragmentation Comes To iOS

While the fragmentation issues in iOS are nowhere near as bad as Android, it can no longer be considered non existent. I have prepared a chart showing which features will be available on which device. While some restrictions are the result of hardware limitations, it is clear that Apple has deliberately chosen to limit some previous generation devices, and figuring this out isn't always straightforward if you're not buying the latest iPad or iPhone.

Read more here.

September 10, 2012

Go Daddy-serviced Web sites taken down in apparent attack

Web sites serviced by DNS and hosting provider Go Daddy were down today. A hacker using the "Anonymous Own3r" Twitter account claimed credit for the outage. "Status Alert: Hey, all. We're aware of the trouble people are having with our site. We're working on it," Go Daddy acknowledged in a Twitter post. Go Daddy representatives did not immediately respond to e-mails seeking comment on the outage, and phone lines at the Scottsdale, Ariz.-based company were busy. The problem could be affecting thousands, if not millions, of sites, given that Go Daddy is not only one of the biggest Web site hosters but also the largest domain registrar.

Read more here.

September 6, 2012

Cloud Computing: Americans Still Unclear on the Concept

When you think of the term "cloud," do you think of pillows, drugs or even toilet paper? A survey of more than 1,000 American adults found that while the cloud is widely used, it is still misunderstood. Despite this confusion, 59 percent said they believe the "workplace of the future" will exist entirely in the cloud. Here are some of the verbatim responses some respondents came up with to describe "the cloud."

Read more here.

September 4, 2012

Windows 7 Overtakes XP, OSX Struggles To Beat Vista

Latest market share figures show the difference between perception and reality. Windows 7 just nudged past Windows XP with both around the the 43 percent mark. OS X and Windows Vista divide the rest of the spoils, with all versions of OSX only just adding up to a little more than the failed Windows version, according to data from Netmarketshare.

Read more here.

August 28, 2012

Update: iPad Mini To Debut After iPhone 5

Apple will reveal a smaller iPad at an event separate from the next-generation iPhone announcement. This is contrary to previous rumors and reports, which indicated that the new tablet and phone would be unveiled at the same event. The latest report comes from AllThingsD. In the past, it and the Wall Street Journal have been so accurate with Apple rumors, we swear Kara Swisher must have some incriminating photos of Jony Ive on hand.Apart from the upcoming iPhone event, which is rumored to be dated for Sept. 12, with a release on Sept. 21, Apple is said to be planning a separate announcement of a smaller iPad, nicknamed iPad Mini by the press.

Read more here.

August 24, 2012

iPhone 5, Samsung Galaxy S III Have a Lot in Common

With Apple’s iPhone 5 announcement expected just under a month away, the battle for supremacy in the mobile market is heating up. On one side, we have Apple’s iPhone 5, which, according to the rumor mill, will deliver a host of improvements that could cement the device as the top smartphone over the next year. On the other side, there’s the Samsung Galaxy S III, a device that has proven to be the very best iPhone alternative on the market. After the iPhone 5 is announced, all the differences between the products will be highlighted. Which features does the iPhone 5 win on? What offerings would the Galaxy S III take the nod on? Almost immediately after the iPhone 5 is announced, you can expect to find story after story agonizing over their many differences. But what about their similarities? The fact is that it’s tough to make two smartphones that are all that different nowadays. There are certain features that need to be included in every product, and vendors are having a harder time differentiating their devices. With that in mind, this slide show takes a look at some of the features that both the iPhone 5 and Galaxy S III will likely share. It’s easy to recognize the differences, but the sheer number of similarities might surprise you.

Read more here.

August 23, 2012

Windows 7 Is the Next Windows XP

Windows XP's most beloved factors are also driving business organizations to Windows 7 in the face of Windows 8. 'We love Windows 7: That's the message loud and clear from people this week at the TechMentor Conference held at Microsoft headquarters in Redmond, Wash. With Windows XP reaching end of life for support in April 2014, the plan for most organizations is to upgrade — to Windows 7,' indicating 'a repeat of history for what we've seen with Windows releases, the original-cast Star Trek movie pattern where every other version was beloved and the ones in between decidedly not so.'

Read more here.

August 22, 2012

T-Mobile Returns To Unlimited Data Plans

Today T-Mobile decided that unlimited data plans are a good thing after all. Over a year after discontinuation, T-Mobile announced that unlimited data is coming back. 'T-Mobile said the new unlimited data plan will cost $20 a month when added to a Value voice and text plan, and $30 a month when added to a Classic voice and text plan. ... Among its top U.S. network counterparts, only Sprint offers a similar deal, and it costs about $110 a month. But Sprint offers the iPhone; T-Mobile does not. One of the new T-Mobile plan's flaws, though, is that it cannot be used for tethering -- that is, connecting multiple devices to the Internet. MetroPCS, considered the fifth-largest carrier in the U.S., made a big announcement of its own Tuesday, saying it would begin offering an unlimited everything promotional plan for $55 a month for a limited time.'

Read more here.

August 21, 2012

Where the Candidates Stand On Net Neutrality

Net neutrality is one of the biggest issues with regard to the internet today. At the heart of the issues is how much control ISPs will be allowed to have over their networks. Each candidate has come out with a strong position on the matter, and whoever wins will have a drastic effect on the future of the internet. Barack Obama has been a proponent of net neutrality. Under his watch, the FCC has implemented net neutrality rules. These restrictions did not apply to wireless networks, though; a gaping loophole that will be problematic in the future, as mobile internet is exploding in popularity. Until it is addressed, Obama can only be given a barely passing grade with regard to net neutrality. Republican Presidential candidate Mitt Romney has come down on the other side of the issue. The former Massachusetts governor strongly opposes net neutrality. According to Politico, Romney believes net neutrality will restrict ISPs, and that they alone should govern their networks. The governor has stated that he wants as little regulation of the internet as possible.

Read more here.

August 7, 2012

Hotel booking confirmation emails aim to infect your computer. Watch out!

Be on your guard against emails that claim to be about a hotel booking that you never made - you could be putting your computer at risk of infection by malware. Emails have been spammed out claiming to be a confirmation from the booking.com website about a hotel reservation.

Read more here.

August 2, 2012

Commodore 64 turns 30

It is 30 years since the Commodore 64 went on sale to the public. The machine was hugely successful for its time, helping to encourage personal computing, popularise video games and pioneer homemade computer-created music. The $595 (£399) device took its name from its US maker, Commodore International, and the fact it had 64 kilobytes of RAM memory.

Read more here.

July 27, 2012

New Mac Trojan installs silently, no password required

A new Mac OS X Trojan referred to as OSX/Crisis silently infects OS X 10.6 Snow Leopard and OS X 10.7 Lion. The threat was created in a way that is intended to make reverse engineering more difficult, an added extra that is more common with Windows malware than it is with Mac malware.

Read more here.

July 18, 2012

AT&T not commenting on Facetime 3G issues

AT&T has nothing to say about what appears to be a big change coming to Facetime in the new version of Apple's iPhone operating system. The most recent beta version of the new OS and are on AT&T, the Facetime service might end up being a new cash cow that can rack up overage charges or force customers into more expensive plans.

Read more here.

July 7, 2012

Apple Exits "Green Hardware" Certification Program

CNET reports that Apple is turning its back on the EPA supported EPEAT hardware certification program. One of the problems EPEAT sees are barriers to recycling. Batteries and screens glued into place — that sort of thing. There is a price for Apple in this: CIO Journal notes that the U.S. government requires that 95 percent of its electronics bear the EPEAT seal of approval; large companies such as Ford and Kaiser Permanente require their CIOs to buy from EPEAT-certified firms; and many of the largest universities in the U.S. prefer to buy EPEAT-friendly gear.

Read more here.

July 6, 2012

First iOS Malware Discovered In Apple's App Store

Security experts have discovered what is claimed to be the first ever piece of malware to be found in the Apple App Store. While Android is well known for malware, Apple has prided itself on being free from malicious apps ... until now. The app steals your contact data and uploads it to a remote server before sending spam SMS messages to all your contacts, but the messages look like they are coming from you.

Read more here.

July 6, 2012

New Version of the MaControl Trojan Spotted In the Wild

A new version of the MaControl malware has been reported in the wild. More information on the malware, its behavior, and the attack campaign is available from Kaspersky Labs, who discovered this variant. As more malware authors become motivated to attack OS X it is likely that we will continue to see targeted attacks such as this in the future. Just like with PC malware, a combination of exploits and social engineering tricks are generally the most effective; it won't be surprising to see a spike in such attacks soon.

Read more here.

June 28, 2012

Comcast Pays $800,000 To U.S. For Hiding Stand-Alone Broadband

The Federal Communications Commission has settled with Comcast over charges that the cable company made it hard for consumers to find stand-alone broadband packages that don't cost an arm and leg. As part of the settlement Comcast paid the U.S. Treasury $800,000 and the FCC extended the length of time Comcast had to provide such a service.

Read more here.

June 26, 2012

Apple steals from Windows Update playbook for OS X Mountain Lion

Apple will boost the frequency of security updates in OS X Mountain Lion and automatically install required patches for users, steps that bring it into line with Microsoft's practices. In an update Monday to Mountain Lion's Developer Preview 4, Apple supplied what it called "Security Test Update Test 1.0." As the name implied, the update was a test of Mountain Lion's new security infrastructure, which presumably was put into place earlier.

Read more here.

June 25, 2012

Facebook has changed all of its users' default email to an @facebook.com address without asking.

The change, first uncovered by hacker Gervase Markham, means that any email messages you received through Facebook since Friday have been routed back into the Facebook Messages inbox, rather than into your email inbox. Annoying? Perhaps. Something to get really angry about? Perhaps — maybe you were expecting some highly time sensitive email to come through Facebook. But for the most part, we’d guess that people are more shocked that they have an @facebook email address than the fact that Facebook pulled a switcharoo.

Read more here.

June 25, 2012

Apple Yanks Mac Virus Immunity Claims From Website

Apple quietly switched out a statement that claimed its Mac computers were completely immune to viruses with a less-forward statement: 'It's built to be safe.' The PR shift comes in the aftermath of the Flashback Trojan, which affected hundreds of thousands of Macs back in early April. From the article: 'Apple strives for perfection, but stating something is perfect when it isn't is ultimately bad for PR and company morale. Jobs used his reality distortion field to "rally the troops," so to speak, but "Mountain Lion" will ensure Apple can tout its closed, highly-secure operating system for the foreseeable future in a much more realistic sense. Just because a product isn't impervious to sickness doesn't mean it isn't "insanely great."'

Read more here.

June 25, 2012

Apple Yanks Mac Virus Immunity Claims From Website

Apple quietly switched out a statement that claimed its Mac computers were completely immune to viruses with a less-forward statement: 'It's built to be safe.' The PR shift comes in the aftermath of the Flashback Trojan, which affected hundreds of thousands of Macs back in early April. From the article: 'Apple strives for perfection, but stating something is perfect when it isn't is ultimately bad for PR and company morale. Jobs used his reality distortion field to "rally the troops," so to speak, but "Mountain Lion" will ensure Apple can tout its closed, highly-secure operating system for the foreseeable future in a much more realistic sense. Just because a product isn't impervious to sickness doesn't mean it isn't "insanely great."'

Read more here.

June 25, 2012

New iPhone Prototypes Have Integrated NFC chips and Antenna

Apple's next-generation iPhone will feature an integrated NFC chip according to a new report, suggesting the Cupertino, California-based company may soon make its entrance into the mobile payment space. A report from 9to5Mac states that an analysis of code from Apple's latest iOS software includes references to an integrated NFC chip and antenna.

Read more here.

June 23, 2012

Older Means Wiser To Computer Security

Growing up in the digital age, 18 – 25s may appear to be a more tech-savvy generation, but that does not translate into safer computing and online practices. A new study reveals that they are the most at-risk group, and prone to cyber-attacks. That makes this group even more vulnerable to online security threats. Younger users tend to prioritize entertainment and community over security, perhaps due to overconfidence in their security knowledge. For example, they're more concerned about gaming or other social activities than their online security. They also have less sophisticated security software, and hence, have reported more security problems than other groups.

Read more here.

June 22, 2012

Microsoft-branded tablets rise to the 'Surface'

Microsoft stole the tech news spotlight this week, initially by introducing its first Microsoft-branded tablet device, the Surface, which effectively helps it play catch-up in the competitive iPad-led tablet market. And then at the same developer conference, it made its next-generation mobile operating system, Windows Phone 8, official and promised the OS would ship on handsets starting this fall.

Read more here.

June 18, 2012

Retailers feast on free Facebook tools, shun ads

(Reuters) - Krishan Agarwal, president of online luxury watch vendor Melrose.com, told a roomful of attentive Internet retailers last week how Facebook had helped his company generate about 25 percent more sales in two years. Then he dropped a bombshell: Melrose spent less than $1,500 on Facebook ads during that time. Everything else the company did with Facebook was free.

Read more here.

June 18, 2012

Mozilla Shows Off Junior, a Simple Browser Built for iPad

The Verge reports that Mozilla last week showed off an prototype browser built for the iPad called Junior, based on a simplified interface and gesture-based controls. Junior — remember, not a shipping product — is full-screen, and lacks tabs; most controls are off-screen until called up with an on-screen button, to emphasize whatever page is loaded. See the video demo for an idea of what Junior is like in use.

See the video here.

June 15, 2012

Vizio launches Mac-like PCs starting at $898

Vizio, a company best known for making TVs, is officially throwing its hat into the PC arena. The company is taking the wraps off three distinct lines of Windows computers: ultrabooks, mid-size laptops, and all-in-one desktops. Vizio had previously announced its plans to jump into the PC market at the January Consumer Electronics Show in Las Vegas, but today's New York press event was the official coming-out party for the new systems.

Read more here.

June 5, 2012

Facebook privacy notice chain letter is a hoax

Sorry folks, but posting a supposed legal disclaimer to your Facebook profile does not alter the Terms of Service (ToS) or privacy policies governing how your content is viewed on Facebook. Facebook users have submitted tips to Naked Security over the last week alerting us to a new chain letter/hoax circulating among well-meaning Facebook users.

Read more here.

June 1, 2012

Windows 8 Will Have "Do Not Track" Turned on by Default

Microsoft says DNT tech on by default is a milestone Microsoft announced yesterday that Windows 8 had reached Release Preview. Microsoft also said that Internet Explorer 10 in Windows 8 would run Do Not Track (DNT) by default. That Do Not Track technology allows users to surf the web without worrying that ads will track where they go after they leave that site.

Read more here.

May 31, 2012

Microsoft unveils free preview version of Windows 8 OS

Microsoft on Thursday rolled out a near-complete version of its new operating system Windows 8 for consumers to try out, another key step in the company's effort to reboot its flagship software for a computing era dominated by mobile gadgets such as Apple's iPhone.

Read more here.

May 26, 2012

Hacked Bitcoin Financial Site Had No Backups

A fortnight ago the Bitcoin financial website Bitcoinica was hacked and the hacker stole $87,000 worth of Bitcoins. At the time the owner promised that all users would have their Bitcoins and US dollars returned in full, but one of the site developers has just confirmed that they have no database backups and are having difficulty figuring out what everyone's account balance should actually be. A failure of epic proportions for a site holding such large amounts of money.

Read more here.

May 25, 2012

It's Official: Google Is Now a Hardware Company

Last August, Google (GOOG) Chief Executive Officer Larry Page fulfilled a pledge made to one of his senior executives, a square-jawed former attorney named Dennis Woodside. Apple (AAPL) CEO Tim Cook had been trying to poach Woodside to make him Apple’s head of sales; Google had persuaded him to stay, in part by promising him a bigger job, according to two people with knowledge of the matter, but who asked not to be named because the discussions were private. Now it was time to make good.

Read more here.

May 25, 2012

Four Years Jail For Bredolab Botnet Author

The creator of the Bredolab malware has received a four-year prison sentence in Armenia for using his botnet to launch DDoS attacks that damaged multiple computer systems owned by private individuals and organizations. G. Avanesov was sentenced by the Court of First Instance of Armenia's Arabkir and Kanaker-Zeytun administrative districts for offenses under Part 3 of the Article 253 of the country's Criminal Code — intentionally causing damage to a computer system with severe consequences.

Read more here.

May 15, 2012

Apple issues security updates for Mac OS X Leopard - to fight malware menace

Apple has released a couple of important security patches for Mac users who have shunned upgrading to Snow Leopard and Lion, and chosen to remain on Mac OS X 10.5 Leopard. The fixes, which were already released in the last month for Snow Leopard and Lion users, should help make Mac OS X 10.5 Leopard a safer environment, and help reduce the number of Macs which became infected by the high-profile Flashback malware.

Read more here.

May 14, 2012

30 Best Features of Windows 8

As Windows 8 creeps ever closer to completion, we now have a firm idea of what is and isn’t going to be in the most ambitious new version of Windows in almost 20 years. This feature highlights the 30 best features we’ve discovered in the Windows 8 Consumer Preview – and ten features that we hope Microsoft finds time to add to its operating system before its expected launch at the end of this year. We’ve also dived into the Metro interface, with an annotated guide to the striking new Start screen and where to find all of Windows 8’s sometimes hidden features. Of course, being a “Consumer Preview”, the software is available to download for free to try all these new features for yourself. Read our guide to safely installing Windows 8 on your PC, and benefit from our experience of installing it on our own machines.

Read more here.

May 11, 2012

Apple Auto-Disables Old Flash Players In Mac OS X 10.7.4

We don't normally post these sort of things, but after a recent Microsoft update we had a client call who was experiencing this problem. Obviously they cannot work and it is impacting their business. After running Outlook in Safe Mode and disabling the COM add-ins and a clean boot, the problem was persistent. We then found the oddest solution. A video directing Outlook be launched, then cascade the windows. After doing this and resetting Outlook to normal size/position preferences we closed Outlook and re-launched it and it worked properly. We then re-enabled the COM add-ins and then closed and re-opened Outlook. All is well with the world. We wanted to share this in the event it happens to you or someone you know.

Read more here.

May 11, 2012

Outlook 2010 Runs But Window Will Not Open

We don't normally post these sort of things, but after a recent Microsoft update we had a client call who was experiencing this problem. Obviously they cannot work and it is impacting their business. After running Outlook in Safe Mode and disabling the COM add-ins and a clean boot, the problem was persistent. We then found the oddest solution. A video directing Outlook be launched, then cascade the windows. After doing this and resetting Outlook to normal size/position preferences we closed Outlook and re-launched it and it worked properly. We then re-enabled the COM add-ins and then closed and re-opened Outlook. All is well with the world. We wanted to share this in the event it happens to you or someone you know.

Watch the video here.

May 5, 2012

Adobe issues emergency update to fix cross-platform Flash exploit

Adobe on Friday released a security bulletin that announced an emergency update that affects all versions of its Flash Player, though it seems the exploit is currently being used to target Windows PCs running Microsoft's Internet Explorer . Dubbed an "object confusion vulnerability," the bug tricks a user into opening a malicious file sent in an email message which can cause Flash to crash, potentially giving the attacker control of the affected PC. First reported by Microsoft Vulnerability Research, the bug resides in Flash Player code for Windows, Mac, Linux and Android, though Adobe claims that the exploit being used only targets Internet Explorer for Microsoft's OS. Users who installed Flash on Google Chrome are unaffected as the browser updated automatically.

Read more here.

May 5, 2012

Microsoft: Macs 'Not Safe From Malware, Attacks Will Increase'

Microsoft researchers have analyzed a new piece of Mac malware that uses a multi-stage attack similar to typical Windows malware infection routines. In a post titled 'An interesting case of Mac OSX malware' the Microsoft Malware Protection Center closed with this statement: 'In conclusion, we can see that Mac OSX is not safe from malware. Statistically speaking, as this operating system gains in consumer usage, attacks on the platform will increase. Exploiting Mac OSX is not much different from other operating systems. Even though Mac OSX has introduced many mitigation technologies to reduce risk, your protection against security vulnerabilities has a direct correlation with updating installed applications.'

Read more here.

May 1, 2012

Tor Researchers' Tool Aims To Map Out Internet Censorship

Tor developers Arturo Filasto and Jacob Appelbaum have released OONI-probe, an open-source software tool designed to be installed on any PC and run to collect data about local meddling with the computer's network connections, whether it be website blocking, surveillance or selective bandwidth slowdowns. Unlike other censorship tracking projects like HerdictWeb or the Open Net Initiative, OONI will allow anyone to run the testing application and share their results publicly. The tool has already been used to expose censorship by T-Mobile of its prepaid phones' browser and also by the Palestinian Authority, which was found to be blocking opposition websites. The minister responsible for the Palestinian censorship was forced to resign last week.

Read more here.

April 27, 2012

Study Finds 1 in 10 Used Hard Drives Contains Old Personal Data

A newly published study by Britain's data protection regulatory agency found that more than one in 10 second-hand hard drives being sold online contain recoverable personal information from the original owner. "Many people will presume that pressing the delete button on a computer file means that it is gone forever. However this information can easily be recovered," Britain's Information Commissioner, Christopher Graham, said in a statement. In all, the research found 34,000 files containing personal or corporate information were recovered from the devices. Along with the study, a survey revealed that 65% of people hand down their old PC, laptop and cell phones to others. One in ten of those people who disposed of their old devices, left all their data on them. The British government also offered new guidelines for ensuring devices are properly wiped of data.

Read more here.

April 26, 2012

Microsoft Says Two Basic Security Steps Might Have Stopped Conficker

If businesses and consumers stuck to security basics, they could have avoided all cases of Conficker worm infection detected on 1.7 million systems by Microsoft researchers in the last half of 2011. According to the latest Microsoft Security Intelligence report, all cases of Conficker infection stemmed from just two attack methods: weak or stolen passwords and exploiting software vulnerabilities for which updates existed.

Read more here.

April 24, 2012

Infosec: One In Five Macs Is Infected With Windows Malware

Researchers at security firm Sophos have discovered that one in five Macs is infected with Windows malware, while one in thirty-six contains a Mac OS X-specific virus. The study, which looked at 100,000 Macs over a seven day period, found that the most common malware to afflict the OS specifically was the Flashback Trojan, which at one point infected more than 600,000 systems around the world. Graham Cluley, Sophos’ senior technology consultant, notes in the Naked Security blog that despite being seven times more prevalent, Windows malware is not usual in Macs unless users also run Windows on their system. However, Macs will continue to serve as a transmission vector for viruses and Trojans so long as anti-malware software is not installed.

Read more here.

April 23, 2012

Mac Flashback Attack Began With Wordpress Blogs

Alexander Gostev, head of the global research and analysis team at Kaspersky, says that 'tens of thousands of sites powered by WordPress were compromised. How this happened is unclear. The main theories are that bloggers were using a vulnerable version of WordPress or they had installed the ToolsPack plug-in.

Read more here.

April 21, 2012

Microsoft Looks To Stall iPad With New Windows 8 VDI License

As Microsoft prepares to stake its claim in the tablet market with Windows 8, the company is tweaking its software licensing to make it more expensive for organizations that remotely access virtual desktops using non-Windows tablets. With Windows 8, Microsoft is adding a new optional add-on to its Software Assurance (SA) volume licensing agreement -- called a Companion Device License (CDL) -- which gives customers the right to access corporate desktops through virtual desktop infrastructure on up to four personally owned devices.

Read more here.

April 20, 2012

Infected Mac network may be expanding, not shrinking

The vast network of Apple Macintosh machines infected by the Flashback Trojan may be going dormant instead of shrinking, a Russian information-security firm said in a blog posting Friday. "The botnet statistics acquired by Doctor Web contradict recently published reports indicating a decrease in the number of Macs infected by BackDoor.Flashback.39 The number is still around 650,000," reads the posting on the Dr. Web website.

Read more here.

April 16, 2012

New Targeted Mac OS X Trojan Requires No User Interaction

Another Mac OS X Trojan has been spotted in the wild; this one exploits Java vulnerabilities just like the Flashback Trojan. Also just like Flashback, this new Trojan requires no user interaction to infect your Apple Mac. Kaspersky refers to it as 'Backdoor.OSX.SabPub.a' while Sophos calls it at 'SX/Sabpab-A.'

Read more here.

April 12, 2012

Microsoft adds 6 months to Office 2007's support lifespan

Microsoft has extended the mainstream support period for Office 2007 by six months to align the suite's lifecycle with a little-known provision in the company's support policy. Although it's unclear when Microsoft added the six months to Office 2007's lifetime, at one point the software was to leave mainstream support this week, and be put out to pasture in April 2017, the same month that Windows Vista is to retire. Office 2007 will now exit mainstream support in October 2012, and fall off the support list for good in October 2017.

Read more here.

April 12, 2012

End of Windows XP Support Era Signals Beginning of Security Nightmare

Microsoft's recent announcement that it will end support for the Windows XP operating system in two years signals the end of an era for the company, and potentially the beginning of a nightmare for everyone else. When Microsoft cuts the chord on XP in two years it will effectively leave millions of existing Windows-based computers vulnerable to continued and undeterred cyberattacks, many of which hold the potential to find their way into consumer, enterprise and even industrial systems running the latest software. Although most of the subsequent security issues appear to be at the consumer level, it may not be long until they find a way into corporate networks or industrial systems, Miller says. Even scarier, Sarwate says many SCADA systems for industrial networks still run a modified version of XP, and are not in a position to upgrade. Because much of the software running on SCADA systems is not compatible with traditional Microsoft OS capabilities, an OS upgrade would entail much more work than it would for a home or corporate system.

Read more here.

April 10, 2012

Medicaid Hack Update: 500,000 Records and 280,000 SSNs Stolen

Utah's Medicaid hack estimate has grown a second time. This time we have gone from over 180,000 Medicaid and Children's Health Insurance Plan (CHIP) recipients having their personal information stolen to a grand total of 780,000. More specifically, the state now says approximately 500,000 victims had sensitive personal information stolen and 280,000 victims had their Social Security numbers (SSNs) compromised.

Read more here.

April 10, 2012

US Carriers Finally Doing Something About Cellphone Theft

In a move that is so long overdue that it boggles the mind, the FCC and the four largest cellular providers in the U.S. state that they will be joining forces to combat cell phone theft. From the article: 'Over the next six months, each of the four operators is expected to put in place a program to disable phones reported as stolen and within 18 months the FCC plans to help merge them into a central database in order to prevent a phone from being used on another carrier's network.'

Read more here.

March 30, 2012

LG Begins Mass Production of First Flexible E-ink Displays

LG has just announced it has begun mass production of the world's first flexible, plastic e-ink display, with finished devices expected to hit Europe next month. LG says these plastic displays are half the weight (14g) and 30% thinner (0.7mm) than the hard, heavy, prone-to-cracking glass-laminate e-ink displays found in e-book readers like the Kindle and Nook. The press release says the plastic display survives repeated 1.5-meter drop tests and break/scratch tests with a small hammer, and that it's flexible up to 40 degrees from the mid point. Technology-wise, it's not very clear how LG's e-paper actually works. The press release suggests LG is using a conventional TFT process, which hints that they've cracked Electronics on Plastic by Laser Release (EPLaR). EPLaR is basically a technique of embedding electrophoretic ink capsules in a plastic substrate, but using existing TFT manufacturing processes, rather than building a whole new factory (unlike E Ink, which makes displays for the Kindle and other e-book readers). If this is the case, then other LCD manufacturers like Samsung and Sharp could start producing e-ink displays as well, hopefully driving prices down and further improving the display technology.

Read more here.

March 13, 2012

'Siri, I have some some suggestions for you'

When Apple's new iPad was unveiled last week, one of the features users had hoped for didn't come with it. Siri, the voice-controlled personal assistant that's been such a hit on the iPhone 4S, wasn't among the tablet's new features. (Apple did add a dictation feature, but it has none of Siri's interactivity; all you can do is one-way dictation.) Despite the disappointment of Siri users, this is actually not a bad move on Apple's part. Siri is still in beta and could use a little polishing before being rolled out to the iPad. Even though I found in my first month of use that it is good enough to change users' habits, Apple clearly wants to make damn sure Siri works as billed. Even in beta, Siri's easy interaction, fast results and sometimes quirky responses produce an emotional reaction that has encouraged people to use it -- a lot.

Read more here.

March 3, 2012

Google's Chrome drops share for second straight month

Computerworld - The browser battle returned to a kind of normalcy last month as Microsoft's Internet Explorer (IE), which had posted its largest-ever share increase in January, declined slightly in February. And Google's Chrome fell for the second straight month in Web metrics firm Net Application's statistics as the company acknowledged it has been over-counting that browser's share for months. Chrome's pre-rendering feature -- where the browser loads pages in the background that the user may view -- kicked off last August with version 13, and was enhanced in Chrome 17 that launched about a month ago.

Read more here.

February 25, 2012

New Version of Flashback Trojan Targets Mac Users

On Friday, researchers from security firm Intego reported that a new variant of Flashback is targeting passwords and as a byproduct of infection, Flashback is crashing several notable applications. Flashback was first discovered by Intego in September of 2011. It targets Java vulnerabilities on OS X, two of them to be exact, in order to infect the system. Should Flashback find that Java is fully updated, it will attempt to social engineer the malware's installation, by presenting an applet with a self-signed certificate. The certificate claims to be signed by Apple, but is clearly marked as invalid. However, users are known to skip such warnings, thus allowing the malware to be installed. The newest variant will render programs such as Safari and Skype unstable, causing them to crash. Interestingly enough, normally these are stable programs, so if they start suddenly crashing might be a sign of larger issues.

Read more here.

February 23, 2012

Box Offers 50GB of Free Storage for Android Users

For the next month, Box is offering 50 GB of free online storage for Android users, with no strings attached. To get the free storage, just log in to the Box app for Android, and you'll be upgraded automatically. The offer is valid until March 23, and provides an extra 45 GB over Box's existing free plan for the lifetime of your account. But don't abandon your Dropbox or SkyDrive accounts just yet. Unlike those competing online storage services, Box doesn't offer a free desktop sync tool, so users can't automatically back up their local files online. Box's desktop app is only available for professional accounts, which cost $15 per month.

Read more here.

February 23, 2012

Flash Browsing Comes to iPad via OnLive App

Talk about "eat that, Apple." OnLive's Desktop Plus for the iPad tablet now provides full PC Flash-based animation and video thanks to the company's Gigabit speed accelerated browsing. You won't get this kind of love on the freebie Standard version however, requiring iPad owners to shell out $4.99 per month for "Plus" which also grants priority access and "lightning-fast" transfers of Web email attachments (Gmail, Yahoo Mail, etc) and cloud storage files (Dropbox, Pogo, etc).

Read more here.

February 22, 2012

Why Corporate Cloud Storage Doesn't Add Up

Deep End's Paul Venezia sees few business IT situations that could make good use of full cloud storage services, outside of startups. 'As IT continues in a zigzag path of figuring out what to do with this "cloud" stuff, it seems that some companies are getting ahead of themselves. In particular, the concept of outsourcing storage to a cloud provider puzzles me. I can see some benefits in other cloud services (though I still find the trust aspect difficult to reconcile), but full-on cloud storage offerings don't make sense outside of some rare circumstances.'

Read more here.

February 20, 2012

Microsoft: Google bypassed IE privacy settings too

In the wake of reports that Google had sidestepped privacy settings in Safari, Microsoft announced today it had discovered the Web giant had done the same with Internet Explorer. "When the IE team heard that Google had bypassed user privacy settings on Safari, we asked ourselves a simple question: is Google circumventing the privacy preferences of Internet Explorer users too?" IE executive Dean Hachamovitch wrote in a blog post this morning. "We've discovered the answer is yes: Google is employing similar methods to get around the default privacy protections in IE and track IE users with cookies.

Read more here.

February 17, 2012

Mountain Lion's Gatekeeper: A Big Step But Not Enough, Experts Say

Apple OS X 10.8 Mountain Lion, previewed yesterday, includes a new Mac security feature that experts say pays mere lip service to the security measures adopted by Windows 8 on ARM. "Gatekeeper" is a new security setting in OS X (the operating system Formerly Known As Mac OS X) that lets users choose where they want to accept installs. Gatekeeper's objective, according to Apple, is to protect users from downloading malicious applications from uncertified and pirated app stores, a common point of entry for malware as experienced by the Windows OS.

Read more here.

February 17, 2012

A flag no more: Microsoft unveils new Windows logo

The multicolored Windows flag is no more. Windows 8 will do away with the wavy Windows logo that Microsoft has used in one form or another for the last 20 years, and replace it with a logo that's, well, a window. Windows 8 ushers in a new, and completely different, Windows look and feel: it brings the Metro design concept to the desktop. With Metro's emphasis on clean lines and typography, Microsoft wanted a logo that reflected these ideals, and so commissioned agency Pentagram to create the new logo. Though Microsoft is showing off the logo in blue, in Windows 8 it will change color to match the user's preference.

Read more here.

February 16, 2012

Oracle Claims Dramatic MySQL Performance Improvements

Oracle wins back some karma from the open source community be releasing MySQL cluster 7.2 with ambitious claims of 70x performance gains. The new release is GPL and claims to have processed over 1 billion queries per minute.

Read more here.

February 13, 2012

EU and US Approve Google-Motorola Deal

European regulators have given Google the green light to take over Motorola Mobility. The U.S. $12.5 billion deal faced strong opposition from open source and consumer rights advocates, including Consumer Watchdog, but the European Commission announced on Monday that the acquisition could go ahead, without conditions. Later in the day the DOJ announced an end to its investigation, greenlighting the acquisition in the U.S. as well.

Read more here.

February 9, 2012

Google Close To Launching Cloud Storage 'Google Drive'

Why doesn't Google offer a cloud storage service to rival Dropbox, Box.net, or Microsoft's SkyDrive? Google has the most internet-connected servers in the world, the largest combined storage of any web company, and already offers photo storage (Picasa), document storage (Docs), music storage (Music), but for some reason it has never offered a unified Google Drive. According to people familiar with the matter, however, our wait is almost over: Google's Hard Drive In The Sky is coming soon, possibly 'within weeks.' Feature-wise, it sounds like Google Drive will be comparable to Dropbox, with free basic storage (5GB?) and additional space for a yearly fee.

Read more here.

February 8, 2012

Former Google Exec: Traditional Search Market Shrinking

Former Google executive Stafford Masie believes that traditional search is dying because users are choosing to query their friends and followers on services like Facebook, Twitter, and Tumblr. Here's the quote from the video: 'The pie of search query volumes in the world – that business is shrinking. Why? Because people are going and doing search queries – search query volumes are moving towards social containers. They're moving away from static pages being searched and they're moving more towards dynamic real-time stream content. Like Twitter. Like Tumblr. Like Facebook. Those things have a better result because the penetration, the personalization associated with it, and the constant freshness of the content. So I believe that Google's search volume – the business Google is in on the search side – that business is shrinking. And they've got to do something about it.'

Read more here.

February 8, 2012

4G Phones Are Really Fast — At Draining Batteries

With Verizon's 4G network covering a good chunk of the country and AT&T gaining ground, more smartphone users have access to the fastest wireless service available. But because 4G coverage isn't truly continuous in many locations, users' batteries are taking a big hit with 4G, as phones spend an lot of battery power trying to hunt down a signal. 'You've got a situation where the phones are sending out their signals searching and searching for a 4G tower, and that eats up your battery,' says Carl Howe, a vice president for research firm Yankee Group. The spottiness of 4G stems at least in part from the measured approach carriers have taken to it, rolling out the service city by city. There are a few tricks 4G users can try to extend battery life such as turning off your 4G connection when you don't need the fastest speeds — when using email, for instance — or using a program such as JuiceDefender to search for apps you may have downloaded that you don't need to run all the time, and erase them.

Read more here.

February 8, 2012

HDD Price Update: How the Thai Floods Have Affected Prices, 3 Months Later

The hard disk drive supply chain was hit hard late last year when a series of floods struck Thailand. The Asian country accounts for about a quarter of the world's hard drive production, but thousands of factories had to close shop for weeks as facilities were under water, in what is considered the world's fourth costliest natural disaster according to World Bank estimates. That's on top of the human cost of over 800 lives. TechSpot has monitored a number of mobile and desktop HDDs to get a better overview of how the situation has developed in the last three months.

Read more here.

February 7, 2012

Proposed Law Would Give DHS Power Over Privately Owned IT Infrastructure

H.R. 3674, the Promoting and Enhancing Cybersecurity and Information Sharing Effectiveness Act (PRECISE Act), would allow the U.S. Department of Homeland Security to require improved security practices from those businesses managing systems whose disruption could prove detrimental to critical life-sustaining or national-security initiatives.

Read more here.

February 4, 2012

Google Starts Scanning Android Apps

A recent blog post has Android developers talking about Google finally scanning third party applications for malware. Oddly enough, Google claims this service (codenamed 'Bouncer') has been active for some time: 'The service has been looking for malicious apps in Market for a while now, and between the first and second halves of 2011, we saw a 40% decrease in the number of potentially-malicious downloads from Android Market. This drop occurred at the same time that companies who market and sell anti-malware and security software have been reporting that malicious applications are on the rise.'

Read more here.

January 29, 2012

Five Million Android Users Might Have Fallen Victim to Another Malware Attack

According to Symantec, 13 apps from three developers—many in the official Android Market—have been carrying malicious chunks of code called Android.Counterclank, and are suspected of running on as many as five million phones, stealing info and running ads against the will of the device's owner. ComputerWorld, speaking to Symantec, learned that the apps have been downloadable for over a month, and Symantec calls it the biggest android malware outbreak to date.

Read more here.

January 29, 2012

Siri Competitor Evi Arrives, But Already Overloaded

Evi, a new rival to Siri, Apple's voice-driven personal assistant, has made its debut on both the iPhone and the Android. And people are so keen to that Evi's servers are overloaded — so be prepared for a wait for answers. The app costs 99 cents for iOS users, but it's free on Android.

Read more here.

January 29, 2012

Some Windows 8 Laptops May Come With Built-In Kinect Sensors

Asus is "working on a new laptop that will include Kinect gestures and will be compatible with Windows 8," and adds, "What does this mean for the consumer? Portable gestures in Windows 8!" Wired has an article based on the same report, which mentions also the prospect of devices incorporating alternative gesture-tracking software from SoftKinectic and others.

Read more here.

January 29, 2012

Facebook Expected To Go Public Next Week

Many credible sources, including Forbes and CBS, say that Facebook will finally IPO next week, raising about $10 billion and valuating at $75 billion, almost three times the valuation of Google at the point of their IPO in 2004. This shift raises questions about how the new ownership will affect the company's ability to innovate and remain on the forefront of social media.

Read more here.

January 28, 2012

iPhone 4S's Siri Is a Bandwidth Guzzler

'Siri's dirty little secret is that she's a bandwidth guzzler, the digital equivalent of a 10-miles-per-gallon Hummer H1.' A study by Arieso shows that users of the iPhone 4S demand three times as much data as iPhone 3G users and twice as much as iPhone 4 users, who were identified as the most demanding in a 2010 study. 'In all, Arieso says that the Siri-equipped iPhone 4S 'appears to unleash data consumption behaviors that have no precedent.'

Read more here.

January 27, 2012

EU ACTA Chief Resigns

The EU ACTA chief has resigned, saying, 'This agreement might have major consequences on citizens' lives, and still, everything is being done to prevent the European Parliament from having its say in this matter. That is why today, as I release this report for which I was in charge, I want to send a strong signal and alert the public opinion about this unacceptable situation. I will not take part in this masquerade.' 22 EU members signed the controversial ACTA treaty Thursday in Tokyo.

Read more here.

January 26, 2012

Symantec: Stop using pcAnywhere, right now

Symantec has admitted that blueprints for current versions of its pcAnywhere software were stolen in 2006 and that all users are at risk of attack and should pull the plug. That includes users of both current and past iterations as well as those bundled with Altiris and the pcAnywhere Thin Host packaged with backup and security products.

Read more here.

January 19, 2012

Sir Tim Berners-Lee Speaks Out On SOPA

Father of the web Sir Tim Berners-Lee called for Americans to protest SOPA and PIPA, laws he says violate human rights and unfit for a democratic country. Sir Tim's condemnation came on the day an editorial in Australia's leading broadsheet newspapers pointed out that although the laws ostensibly applied to US interests they could overreach to impact those in other countries.

Read more here.

January 19, 2012

Kodak Files For Bankruptcy Protection

Following up on a story previously discussed here, it now appears Eastman Kodak, the company that invented the hand-held camera, has filed for bankruptcy protection. The move, according to Kodak's news release, gives the company time to reorganize itself without facing its creditors, and Kodak said it would mean business as normal for customers. The company has recently moved away from cameras, focusing on making printers to stem falling profits.

Read more here.

January 18, 2012

Research In Motion To Be Sold, Possibly To Samsung

The talk of the tech world over the past day is that RIM, struggling mightily in these last months, was in talks to be bought either partially or wholly by Samsung. Sources at the Boy Genius Report indicate that while RIM may be trying to sell, it is asking way too much for itself.

Read more here.

January 17, 2012

Wikipedia Still Set For Full Blackout Wednesday

Jimmy Wales confirms that the entire English language Wikipedia will be on blackout January 18th from midnight to midnight, Eastern Standard Time. The site's 25 million daily users will redirected to an education page with a call to action. Votes are still being taken on the exact implementation. Despite a small victory against SOPA in the House, Wikipedia still feels the blackout is necessary due to the looming Senate vote on PROTECT IP, and as a deterrent to future attempts to revive a similar law under a new name.

Read more here.

January 16, 2012

Zappos Hacked: Internal Systems Breached

Zappos appears to be the latest victim of a cyber attack resulting in a data breach. In an email to Zappos employees on Sunday, CEO Tony Hsieh asked employees to set aside 20 minutes of their time to read about the breach and what communications would be sent to its over 24 million customers. While Hsieh said that credit card data was not compromised, he did say that 'one or more' of the following pieces of personal information has been accessed by the attacker(s): customer names, e-mail addresses, billing and shipping addresses, phone numbers, the last four digits of credit card numbers. User passwords were 'cryptographically scrambled,' he said.

Read more here.

January 14, 2012

FTC Expands Its Google Antitrust Investigations

Bloomberg is reporting that the U.S. Federal Trade Commission is expanding its antitrust probe of Google Inc. to include scrutiny of its new Google+ social networking service. Google this week introduced changes to its search engine so that results feature photos, news and comments from Google+. The changes sparked a backlash from bloggers, privacy groups and competitors who said the inclusion of Google+ results unfairly promotes the company's products over other information on the Web. Before expanding the probe, FTC was already investigating Google for giving preference to its own services in search results and whether that practice violates antitrust laws. The agency is also examining whether the company is using its control of the Android mobile operating system to discourage smartphone makers from using rivals' applications. Google is facing similar investigations in Europe and South Korea.

Read more here.

January 13, 2012

7000 e-Voting Machines Now Deemed Worthless By Irish Government

Despite spending at least 51 million euro over the last decade buying and storing 7000 e-voting machines from Dutch firm Nedap, the Irish Finance minister has announced that they are now 'worthless'. The machines were originally trialled in 2002 on three regional elections, but a nationwide rollout in 2004 was put on hold after a confidential report expressed serious concern over the security of the voting machines. According to the report, the integrity of the ballot could not be guaranteed with the equipment and controls used. Several years on, and tens of millions later, it looks like the pen and paper ballot will remain for now.

Read more here.

January 12, 2012

Symantec Sued For Running Fake "Scareware" Scans

James Gross, a resident of Washington State, filed what he intends to be a class action lawsuit against Symantec in a Northern District California court Tuesday, claiming that Symantec defrauds consumers by running fake scans on their machines, with results designed to bully users into upgrading to a paid version of the company's software. 'The scareware does not conduct any actual diagnostic testing on the computer,' the complaint reads. 'Instead, Symantec intentionally designed its scareware to invariably report, in an extremely ominous manner, that harmful errors, privacy risks, and other computer problems exist on the user's PC, regardless of the real condition of the consumer's computer.' Symantec denies those claims, but it has a history of using fear mongering tactics to bump up its sales. A notice it showed in 2010 to users whose subscriptions were ending in 2010 warned that 'cyber-criminals are about to clean out your bank account...Protect yourself now, or beg for mercy.'

Read more here.

January 12, 2012

LG To Pay Licensing Fees To Microsoft For Using Android

InformationWeek reports that LG is the latest in a string of companies who have been bullied into paying 'license fees' to Microsoft for the use of Android on their products. 'Microsoft said the deal with LG means that 70% of Android-based smartphones sold in the U.S. are now covered by its licensing program. ... Microsoft does not disclose how much revenue it's obtaining from Android, Chrome, and Linux licenses, but some analysts believe it may be substantial, to the point where the company is making significant profits from the mobile revolution even though its own offering, Windows Phone, commands a market share of less than 2%, according to Gartner.'

Read more here.

January 9, 2012

Kodak Failing, But Camera Phones Not To Blame

According to the Wall Street Journal, camera manufacturer Kodak is preparing to file for Chapter 11 bankruptcy, following a long struggle to maintain any sort of viable business. The announcement has prompted some commentators to claim that Kodak's near-demise has been brought on by: a failure to innovate, or a failure to anticipate the shift from analogue to digital cameras, or a failure to compete with the rise of cameras in mobile phones. Actually, none of these claims are true. Where Kodak did fail is in not understanding what people take photographs for, and what they do with photos once they have taken them.

Looking at camera data from Flickr, of images uploaded in 2011, camera phones only make up 3% of the total. Dedicated cameras from Canon, Nikon and yes, Kodak were used to take 97% of the images. What Kodak failed to understand is that people have switched from taking photos for remembering and commemorative reasons to using photos for identity and communication. The shift changes the emphasis away from print to social media platforms and dedicated apps.

Read more here.

January 5, 2012

Broadcom to Unveil Four Faster Wi-Fi Chips

The International Consumer Electronics Show next week may be a major launchpad for a new, faster generation of Wi-Fi that goes about three times faster than current gear, with at least one major silicon vendor announcing and demonstrating a set of chips for the IEEE 802.11ac standard. The new generation of networks, which Broadcom is calling "5G WiFi," will be available in versions offering speeds as high as 1.3G bps. That will translate to as much as 1.1G bps of real-world performance for the high-end version of the technology, which will use three streams of data.

Read more here.

January 4, 2012

Diebold Marries VMs with ATMs to Secure Banking Data

Automatic teller machine maker Diebold has taken a novel approach to protecting bank customer data: virtualization. Virtualized ATMs store all customer data on central servers, rather than the ATM itself, making it difficult for criminals to steal data from the machines. In places including Brazil, customer data has been at risk when thieves pulled or dynamited ATMs out of their settings and drove off with them. With threats increasing worldwide at many retail points of sale, such as supermarket checkout counters and service station gas pumps, Diebold needed to guarantee the security of customer data entered at the 50,000 ATMs that it manages. Diebold last year partnered with VMware to produce a zero-client ATM. No customer data is captured and stored on the ATM itself.

Read more here.

January 2, 2012

Fake Antivirus Scams Spread To Android

Fake antivirus scams have plagued Windows and Mac OSX during the last couple of years. Now it seems like such scams have spread to Android. Fake antivirus scams on Android work the same as they do on PC's — a user with an Android phone downloads an application or visits a website that says that the user's device is infected with malware. It will then show a fake scan of the system and return hard-coded 'positives' and gives the option the option to buy antivirus software that will 'remove' the malware on the affected system. Android, which is based on Linux, has been plagued with malware earlier too. According to McAfee, almost all new mobile malware now targets Android. Android app stores, including the official one from Google, has also been hosting hundreds of trojan applications that send premium rate SMSes on behalf of unsuspecting users.

Read more here.

December 30, 2011

Verizon Backtracks On $2 Convenience Fee

As a follow-up to a previous news article that Verizon would be implementing a $2 'convenience fee' for certain online and phone-based bill payments. In addition to dealing with outrage from customers, Verizon also felt resistance from the Federal Communications Commission, who decided they would investigate the matter. Today, in a brief press release, Verizon announced that they've canceled their plans for the new fee in response to customer feedback.

Read more here.

December 30, 2011

Two new iPads due next month, report says

According to DigiTimes, Apple will unveil two versions of its next-generation tablet next month at the Macworld|iWorld conference. Sources at Apple's supply chain partners tell the blog that the new models will target the mid- and high-end markets, while the existing iPad 2 will be positioned to compete with the Amazon Kindle Fire.

Read more here.

December 30, 2011

Attack Tool Released For WPS Setup Flaw

Just a day after security researcher Stefan Viehbock released details of a vulnerability in the WiFi Protected Setup (WPS) standard that enables attackers to recover the router PIN, a security firm has published an open-source tool capable of exploiting the vulnerability. The tool, known as Reaver, has the ability to find the WPS PIN on a given router and then recover the WPA passphrase for the router, as well. Tactical Network Solutions has released the tool as an open-source project on Google Code, but also is selling a more advanced commercial version.

Read more here.

December 29, 2011

Microsoft Issuing Unusual Out-of-Band Security Update

In a rare move, Microsoft is breaking its normal procedures and will issue an emergency out-of-band security update on Thursday to address a hash collision attack vulnerability that came into the spotlight yesterday, and affects various Web platforms industry-wide. The vulnerability is not specific to Microsoft technologies and has been discovered to impact PHP 5, Java, .NET, and Google's v8, while PHP 4, Ruby, and Python are somewhat vulnerable. Microsoft plans to release the bulletin on December 29, 2011, at 10:00 AM Pacific Time, and said it would addresses security vulnerabilities in all supported releases of Microsoft Windows. 'The impact of this vulnerability is similar to other Denial of Service attacks that have been released in the past, such as the Slowloris DoS or the HTTP POST DoS,' said security expert Chris Eng. 'Unlike traditional DoS attacks, they could be conducted with very small amounts of bandwidth. This hash table multi-collision bug shares that property.'

Read more here.

December 29, 2011

No IPv6 Doomsday In 2012

Yes, IPv4 addresses are running out, but a Y2K-style disaster/frenzy won't be coming in 2012. Instead, businesses are likely to spend the coming year preparing to upgrade to IPv6, experts say. Of course there's a chance that panic will ensue when Europe's RIPE hands out its last IPv4 addresses this summer, but 'most [businesses] understand that they can live without having to make any major investments immediately,' said IDC analyst Nav Chander. Plus, it won't be until 2013 that North America will run out of IPv4 addresses and there's no sense getting worked up before then.

Read more here.

December 29, 2011

HP TouchPad Go: $99?

The HP TouchPad Go, which is a smaller version of the company's signature TouchPad, may go on sale for $99 like its predecessor. The tablet features a 1023 x 768 resolution display, runs on webOS, and also has a removable cover with soft-touch coating to minimize fingerprints on the 7-inch screen. HP's new tablet also comes with a removable battery, 32GB of storage, a 3G radio, a five-megapixel camera and LED flash.HP designed the TouchPad Go around the same time as the larger model, but it failed to reach production stages when the company decided to kill off all devices running on the doomed webOS. If the tablet indeed sells for $99, it would be the cheapest tablet in the world besides the Aakash tablet, which was released by the Indian government for $35.

Read more here.

December 20, 2011

Firefox 9 Released, JavaScript Performance Greatly Improved

Firefox 9 is now available — but unlike its previous rapid release forebears where not a lot changed, a huge feature has landed with the new version: the JavaScript engine now has type inference enabled. This simple switch has resulted in a 20-30% JS execution speed increase (PDF), putting JaegerMonkey back in line with Chrome's V8 engine, and even pulling ahead in some cases. If you switched away from Firefox to IE or Chrome for improved JS performance, now is probably the time to give Firefox another shot.

Read more here.

December 19, 2011

Hard Drive Makers Slash Warranties

Both Seagate and Western Digital have reduced their hard drive warranties, in some cases from five years to one year. While Western Digital wouldn't explain why, it did say it has nothing to do with the flooding of its manufacturing plants in Thailand, which has dramatically impacted its ability to turn out drives. For its part, Seagate is saying it cut back its warranties to be more closely aligned with other drive manufacturers.

Read more here.

December 19, 2011

Apple adopts Santa for Christmas

A Christmas Advert created by Apple shows Santa Claus making the most of Siri, its voice activated personal assistant for Ithings. Apple has taken the image of Santa, who does exist in case any kids are reading, and used it to hawk Siri in a video that so far we have only seen on Youtube. In the advert Santa is seen asking Siri for updates on the weather and funny things like that. He is even able to ask it for directions to children's' homes, which we hope is an application that it unique to him.

Read more here.

December 14, 2011

24-Year-Old Asks Facebook For His Data, Gets 1,200 PDFs

Be careful of what you ask for. That's a lesson Max Schrems of Vienna, Austria learned the hard way when he sent a formal request to Facebook for a copy of every piece of personal information that the social network had collected on him, as required under European law. After a wait, the 24-year-old law student got what he was seeking: a CD with all his data stored on it — 1,222 files in all. The collection of PDFs was roughly the length of Leo Tolstoy's War and Peace, but told a more mundane story: a record of Schrems' years-long relationship with the world's largest social network, including reams of data he had deleted. Now Schrems is pushing Facebook to disclose even more of what it knows.

Read more here.

December 7, 2011

AT&T Repeats As Lowest-Rated Wireless Carrier

Consumer Reports' latest ratings survey of cell phone carriers revealed that Verizon Wireless scored the highest satisfaction score out of the four major U.S. service providers, earning particularly high grades for texting and data service. Verizon was followed closely by Sprint and T-Mobile USA, but all three companies earned scores lower overall than their figures from last year. AT&T was at the very bottom of the list for the second year in a row. While AT&T's satisfaction score in 2011 wasn't as bad as its score from 2010, the Dallas-based cell phone provider, which recently discontinued its bid to acquire its better rival T-Mobile, still ranked at the bottom of the pack. Last year, AT&T was the only carrier for the Apple iPhone, but still managed to receive the lowest scores.

Read more here.

December 6, 2011

Amazon phishing attack claims your account is about to expire

Have you received an email telling you that your Amazon.com account is about to expire? Does the message urge you to confirm that you need to confirm "wether" (sic) you wish to continue to use the account or risk deactivation? Well, hold up a minute. Because if you respond to the notification in haste, you could be repenting at leisure.

Read more here.

November 29, 2011

Facebook Settles With FTC, Admits Privacy Violations

Facebook has agreed to settle Federal Trade Commission charges that it deceived consumers by telling them they could keep their information on Facebook private, and then repeatedly allowing it to be shared and made public. The settlement is soft on Facebook; there are no fines or criminal penalties. According to the FTC, in December 2009, Facebook 'changed its website so certain information that users may have designated as private – such as their Friends List – was made public. Facebook didn't warn users that this change was coming, or get their approval in advance.' Among the other complaints (PDF), 'Facebook represented that third-party apps that users' installed would have access only to user information that they needed to operate. In fact, the apps could access nearly all of users' personal data – data the apps didn't need.'

November 26, 2011

Hard Drive Prices Up 150% In Less Than Two Months

The Register reports that hard drive prices (lowest average unit prices) have rocketed 151% from October 1 to November 14th. The worst days have seen over 5% daily price increases. This is commonly attributed to the floods in Thailand, but there are concerns of artificial price fixing and suspicion that retailers or members of the supply channel are taking advantage of the situation.

Read more here.

November 18, 2011

Why Do Companies Backup So Infrequently?

Businesses are on average backing up to tape once a month, with one alarming statistic showing 10 percent were only backing up to tape once per year, according to a survey by Vanson Bourne. Although cloud backup solutions are becoming more common, still the majority of companies will do their backups in-house. Sometimes they will have dedicated IT staff to run them, but usually it's done in-house because they have always done it like that, and they have confidence in their own security and safekeeping of data.

Read more here.

November 14, 2011

Mac OS X Sandbox Security Hole Uncovered

Researchers at Core Security Technologies have uncovered a security hole that could allow someone to circumvent the application sandbox restrictions of Mac OS X. The report of the vulnerability, which affects Mac OS X 10.7x, 10.6x and 10.5x, follows Apple's announcement earlier this month that all applications submitted to the Mac App store must implement sandboxing as of March 1, 2012. Sandboxing, Apple has argued, limits the resources applications can access and makes it more difficult for malware to compromise systems. Researchers at Core however revealed Nov. 10 that they had warned Apple in September about a vulnerability in their sandboxing approach. According to Core's advisory, several of the default predefined sandbox profiles fail to 'properly limit all the available mechanisms.' As a result, the sandboxing restrictions can be circumvented through the use of Apple events.

Read more here.

November 11, 2011

Facebook Agrees To Make New Privacy Changes Opt-In

Facebook has reached an agreement with the FTC to make all future changes to privacy settings opt-in, presumably including new features with their own privacy controls. The Wall Street Journal wrote that the social network was nearing a settlement on the issue and now its Marketplace editor Dennis K. Berman says that settlement is for new privacy controls to be opt in. The agreement could limit Facebook's ability to drive adoption of new features, as they won't be able to immediately go viral. Users rarely visit their privacy settings, so Facebook will need to devise a way to get them to do so.

Read more here.

November 10, 2011

Comcast Begins Native IPv6 Deployment To End Users

Comcast has begun deployment of Native IPv6 access to end users. The deployment is starting out small with a single market, but is expected to expand rapidly.Comcast is the nations first ISP to make the switch to IPV6 and the first phase will support certain types of directly connected CPE, where a single computer is connected directly to a cable modem. Subsequent phases in 2011 and 2012 will support home gateway devices which will support most routers in the typical American household and business.

Read more here.

November 7, 2011

Over 10% of U.S. Mobile Phone Users Now on an iPhone

comScore released the results of its latest survey of mobile phone usage in the United States, noting that Apple has reached a milestone in surpassing a 10% share of the U.S. mobile phone market. Apple's iOS took 27.4% of the market, up 0.8 percentage points since the previous three-month period but trailing Android's 44.8% share and 4.6 percentage point growth.

Read more here.

November 4, 2011

Apple Acknowledges iPhone 4S Battery Problems

After more than two weeks of complaints from frustrated iPhone 4S owners, Apple finally has admitted problems with fast-draining batteries in the new devices. The company blames it on bugs in iOS 5 and promises a fix 'in a few weeks.' But Apple should have spoken up sooner, if only to acknowledge the issue.

Read more here.

November 4, 2011

Google Tweaks Algorithm As Concern Over Bing Grows

As Bing gets closer to capturing almost 33% of the market share in the US, Google has again made a large tweak to its algorithms to provide more up-to-the-minute search results. The change affects around 35% of queries and is intended to give users more recent news and stories. For breaking news stories the search engine will now weight more heavily the most recent coverage, and not just those sites that are linked the most, and for general terms the search engine values fresh content more than old. Google is hoping that these recent new changes will provide better search experience and stops users from switching over to Bing, which just recently launched its own GroupOn like site.

Read more here.

November 2, 2011

Siri nibbles away at iPhone data plans

Ars Technica conducted a pretty thorough investigation into just how big a dent Siri users can expect the digital dame to make in their monthly data usage. See, whenever you talk to Siri, an audio file of your command is sent to Apple's servers for processing and then the requested data and vocal response is sent back over the network to your phone, even if the question is something that should be able to be gleaned from your phone's local data.

Read more here.

November 1, 2011

Apple Has Already Started Work on Mac OS X 10.8

Apple has already begun work on the next major revision to Mac OS X which is being labeled as version 10.8. Apple only just released the final version of OS X 10.7 (Lion) to customers in July. OS X Lion was the first version of Mac OS X to be distributed through the Mac App Store and it included a number of new features for the Mac. These included an iOS-like application launch screen known as Launchpad, full-screen apps, a new combined interface for Dashboard, Expose, and Spaces known as Mission Control, enhanced Multi-Touch gestures, and improvements to a number of core applications such as Mail.

Read more here.

November 1, 2011

DevilRobber Mac OS X Trojan horse spies on you, uses GPU for Bitcoin mining

Yesterday, users of Sophos's security products (including free anti-virus for Mac home users) had their protection automatically updated to protect against a new Mac OS X Trojan horse that has been distributed via torrent sites. Copies of the legitimate Mac OS X image editing app GraphicConverter version 7.4 were uploaded to file-sharing networks. Hidden inside the download was a copy of the OSX/Miner-D (also known as 'DevilRobber') Trojan horse. If your Mac computer was infected by the malware, the first thing you might notice is performance becoming sluggish.

Read more here.

October 31, 2011

First Android Device Certified For DoD Personnel

The Defense Information Systems Agency (DISA) has certified its first secure mobile device running Android 2.2 — the Dell Streak 5. It is certified for use in the Defense Department's secure but unclassified communications. 'Although the Streak 5 is no longer available commercially, Dell is supplying it to DOD because the military likes the form factor,' said John Marinho, director of Dell enterprise mobility solutions. It 'includes a set of Android application interfaces designed to enhance the security of the device. Besides being able to transmit secure unclassified messages, the device can have its data remotely wiped in the event of loss or theft.' The device also has the ability to lock down after multiple unsuccessful password entries and allows admins to remotely control the peripherals and security policy levels on the device.

Read more here.

October 27, 2011

HP Keeping Their PC Business

Hewlett-Packard Co. has decided to keep its PC division. So says its newly appointed CEO Meg Whitman. Whitman, the former eBay chieftain, categorically rejected a plan offered up by her predecessor, former CEO Leo Apotheker, to either sell or spin-off this division. HP announced the decision after the close of financial markets today.

Read more here.

October 27, 2011

RIM gets sued over BlackBerry outage

Consumers in the United States and Canada have sued Research in Motion for a days-long service outage on BlackBerry devices that rippled across the world earlier this month. The system-wide failure of the service had left tens of millions of frustrated BlackBerry users on five continents without email, instant messaging and browsing.

Read more here.

October 24, 2011

ASUS reveals ZENBOOK ultra-portable laptop

Last week in New York, ASUS unveiled the ZENBOOK ultra-portable PC. The ZENBOOK represents collaboration between ASUS and Intel on a category of stylish and thin PCs called Ultrabooks introduced by Intel.

Read more here.

October 24, 2011

Sprint Cutting Unlimited 4G Data Plans

In a notice posted Thursday on the customer support section of its website, Sprint said it would impose monthly data caps on plans for all tablets, laptops, netbooks, USB and PC Card modems, and mobile hotspot devices — everything, that is, except smartphones. The caps will begin with each subscriber's next bill following notification, the carrier said.

Read more here.

October 21, 2011

iOS 5 introduces security challenges and flaws

A little over a week since Apple released iOS 5, I thought I would review some of the new functionality and security on the platform in general. I began by revisiting the encryption Apple promises and whether they have fixed the issue that I first wrote about in May 2010. According to the "iPad in Business: Security" document on Apple's website

Read more here.

October 21, 2011

Ubuntu Turns 7

Ubuntu, the world's most popular GNU/Linux based operating system is celebrating its 7th year today. Ubuntu was first released on 20 October 2004. In these 7 years Ubuntu has changed the GNU/Linux desktop segment by making it more useful for ordinary user. Besides the work that Ubuntu has done to popularize and polish the Linux desktop, and to present a humane entry point for non-guru users, it's provided a base for many other distributions and helped make people realize just how powerful is the Debian infrastructure that Ubuntu itself launched from.

Read more here.

October 21, 2011

Early Speed Tests For Windows 8

You often hear in the software industry that performance optimization is one of the last steps in the software development process. That bodes well for Windows 8, considering at the early stage of Developer Preview—even before we've seen an actual beta—the nascent operating system is getting widespread praise for its performance, particularly in startup times. Anecdotal evidence is always encouraging, but PCMag decided to run some very early tests on the OS to see if the reports were wishful thinking or if there was a real, measurable boost in speed. Along with startup and shutdown times, they used several standard industry benchmarks to compare Windows 8 performance with that of Windows 7 running on the same machine.

Read more here.

October 17, 2011

RIM Offers Free Apps and Support Following Service Interruptions

Following a series of outages last week that affected BlackBerry users around the word over a three day period, RIM has come forward with its plans to “make good” on the incidents that frustrated millions of users who bashed the mobile technology provider, and rightfully so. Research In Motion today said it would offer a selection of premium apps worth more than US $100 free of charge to subscribers as “an expression of appreciation for their patience during the recent service disruptions.”

Read more here.

October 17, 2011

Sesame Street's YouTube channel hacked, replaced with porn

Sesame Street had its YouTube channel hacked on Sunday, and its highly popular child-friendly videos of muppets like Kermit the frog and the Big Bird replaced with something far less savoury: Hard core porn movies. X-rated Sesame Street.

Read more here.

October 13, 2011

The top five alternatives to the iPhone 4S

Takeaway: If you’re feeling left out because you’re not getting an iPhone 4S, here are five other great phones to consider if you’re looking for an upgrade.

Despite the initial cries of disappointment from the tech press, the Apple iPhone 4S is reportedly almost sold out heading into its official launch on Friday. If you’re ready to upgrade your phone but can’t get a hold of an iPhone 4S on Friday, don’t forget that there are plenty of great alternatives in the smartphone market right now.

Read more here.

October 12, 2011

iOS 5 Update Available

Apple has released the iOS 5 update. To update to iOS 5 just open iTunes with your iDevice connected to your computer and press update. I recommend doing a manual backup of your iDevice and make sure all your apps are transferred.

Read more here.

October 4, 2011

The short history of Mac malware: 1982 - 2011

Before we begin, it's worth recognizing that malware on the Mac is a subject which raises strong emotions. There are some who believe that the problem is overhyped (or even non-existent!) and others who believe that the malware problem on Macs is underestimated by the Apple-loving community. Hopefully this short history will go some way to present the facts, and encourage sensible debate. From the early 1980s, right up until the present day, here are some of the highlights in the history of Apple Mac malware.

Read more here.

September 29, 2011

Flashback Mac Trojan poses as Adobe Flash update, opens backdoor

Mac users are once again being reminded to keep their anti-virus software up-to-date, following the discovery of a Trojan horse that poses as an update to Adobe Flash. The OSX/Flshplyr-A Trojan horse (called "Flashback" by our friends at Intego, who first publicised it), is disguised as an installer for the popular Adobe Flash program. Mac backdoor Trojan Once in place, Trojan horse could allow a remote hacker to gain access to your computer or download further malicious code to your Mac.

Read more here.

September 29, 2011

Amazon's New Silk Redefines Browser Tech

While the Kindle Fire tablet consumed much of the focus at Amazon's launch event Wednesday in New York, the company also showed off a bit of potentially radical software technology as well, the new browser for the Fire, called Silk. Silk is different from other browsers because it can be configured to let Amazon's cloud service do much of the work assembling complex Web pages. The result is that users may experience much faster load times for Web pages, compared to other mobile devices, according to the company.

Read more here.

September 26, 2011

Aussie Researcher Cracks OS X Lion Passwords

Thought your Mac was secure running Apple's latest operating system? Think again. Turns out that in some respects Lion is actually less secure than previous version of Mac OS X, due to some permission-tweaking by Apple that has opened up a way for an attacker to crack your password on your Lion box. The flaw was discovered by an Australian researcher who has previously published a guide to cracking Mac OS X passwords. Sounds like Apple had better get a patch out for this.

Read more here.

September 26, 2011

Facebook Cookies Track Users Even After Logging Out

According to Australian technologist Nik Cubrilovic: 'Logging out of Facebook is not enough.' He added, Even after you are logged out, Facebook is able to track your browser's page every time you visit a website. He wrote in his blog: 'With my browser logged out of Facebook, whenever I visit any page with a Facebook like button, or share button, or any other widget, the information, including my account ID, is still being sent to Facebook.' After explaining the cookies behavior he also suggested a way to fix the tracking problem: 'The only solution to Facebook not knowing who you are is to delete all Facebook cookies.'

Read more here.

September 25, 2011

Adobe Tricks Users into Downloading, Installing Google Chrome

"As it turns out, several of Adobe products' download pages have opt-out checkboxes to also install Google Chrome. This was spyware-like behaviour when Apple did it with Safari and the iPhone Configuration Utility, and it is still spyware-like behaviour when Adobe and Google do it with Chrome. [...] I have no issues with these kinds of bundles - or with Apple using its updater to offer Safari to Windows users - but only if it's opt-in. In other words, the user should have to specifically select a checkbox - if he doesn't, no additional spyware should be installed."

Read more here.

September 24, 2011

New Mac OS X Trojan Hides Inside PDFs

Malware that targets Mac OS X isn't anywhere near catching up to Windows-based malware in terms of volume and variety, but it seems that OS X malware may be adopting some of the more successful tactics that Windows viruses have been using to trick users. Researchers have come across a sample of an OS X-based Trojan that disguises itself as a PDF file, a technique that's been in favor among Windows malware authors for several years now.

Read more here.

September 8, 2011

Google Kills Desktop Search and Gadgets

Google has decided to retire Desktop, an application it first launched in 2004 that is designed to let people search for files and data stored in their computers' hard drives. It was one of the first products Google aimed against Microsoft and was intended to improve upon the native search functionality found in Windows. Desktop search became an area of competition, as Microsoft responded to the challenge and others such as Yahoo launched their own products. However, Google has decided that, with the popularity of cloud computing and users' increasing comfort with Web apps, the time has come to decommission Desktop, it said in a recent blog post. As of September 14, Google will also end support for Desktop APIs, services, plug-ins and gadgets.

Read more here.

September 8, 2011

Hidden Wi-Fi Diagnostics Application In OS X Lion

The latest version of Apple's operating system, OS X 10.7 Lion, has a hidden Wi-Fi Diagnostics application that allows the user to view information about their wireless network performance, record performance and also capture raw frames. Hidden away in the System folder the application is meant for Apple tech diagnostic use but is also very useful for any user interested in diagnosing wi-fi problems or checking network performance.

Read more here.

September 1, 2011

Hackers May Have Nabbed Over 200 SSL Certificates

Hackers may have obtained more than 200 digital certificates from a Dutch company after breaking into its network, including ones for Mozilla, Yahoo and the Tor project — a considerably higher number than DigiNotar has acknowledged earlier this week when it said 'several dozen' certificates had been acquired by attackers. Among the certificates acquired by the attackers in a mid-July hack of DigiNotar, Van de Looy's source said, were ones valid for mozilla.com, yahoo.com and torproject.org, a system that lets people connect to the Web anonymously. Mozilla confirmed that a certificate for its add-on site had been obtained by the DigiNotar attackers. 'DigiNotar informed us that they issued fraudulent certs for addons.mozilla.org in July, and revoked them within a few days of issue,' Johnathan Nightingale, director of Firefox development, said Wednesday. Looy's number is similar to the tally of certificates that Google has blacklisted in Chrome.

Read more here.

August 29, 2011

Facebook's New Privacy Controls: Still Broken

Blogger Dan Tynan was one of the recipients of the new privacy controls that Facebook promised last week. The bad news: They still don't work, and may even be worse than before. 'Using Facebook's new improved privacy controls, you can tag someone else in photo and then keep them from seeing it,' says Tynan. 'It's pretty simple; just change the sharing option so they don't see what you posted. So if you want to tag a picture of some jerk with your friend's name on it and make it Public, everyone on Facebook will be able to see it except one — the person whose name is on it.'

Read more here.

August 28, 2011

New Worm Morto Using RDP To Infect Windows PCs

A new worm called Morto has begun making the rounds on the Internet, infecting machines via Remote Desktop Protocol. The worm is generating a large amount of outbound RDP traffic on networks that have infected machines, and Morto is capable of compromising both servers and workstations running Windows. Users who have seen Morto infections are reporting in Windows help forums that the worm is infecting machines that are completely patched and are running clean installations of Windows Server 2003.

Read more here.

August 15, 2011

SpyEye Trojan Source Code Leaked

The SpyEye malware kit has long been both the bane of unsuspecting victims and a boon for cyber-criminals. Now, according to security researchers, the situation may have taken a turn for the worse. The SpyEye Builder patch source code for release 1.3.45 was leaked by the Reverse Engineers Dream Crew (RED Crew) recently after a crew member was able to locate a copy of SpyEye Builder 1.3.45 and create a tutorial that enables a reader with SpyEye Builder to crack the hardware identification.

Read more here.

August 14, 2011

BlackBerry Server Can Be Hacked With Image File

There are remotely and easily exploitable vulnerabilities in the BlackBerry Enterprise Server that could allow an attacker to gain access to the server by simply sending a malicious image file to a user's BlackBerry device. The vulnerabilities are in several version of BES for Exchange, Lotus Domino and Novell GroupWise, and Research in Motion said that an attacker who is able to exploit one of the bugs might also be able to move from the compromised BES server to other parts of the network.

Read more here.

August 10, 2011

Microsoft Patches 1990s-Era 'Ping of Death'

Microsoft on Tuesday issued 13 security updates that patched 22 vulnerabilities in Internet Explorer, Windows, Office and other software, including one that harked back two decades to something dubbed 'Ping of Death.' While other patched vulnerabilities we more serious, one marked 'CVE-2011-1871' brought back memories for nCircle's Andrew Storms. 'This looks like the Ping of Death from the early-to-mid 1990s,' he said. 'Then, when a specially-crafted ping request was sent to a host, it caused the Windows PC to blue screen, and then reboot.' Two decades ago, the Ping of Death (YouTube video demonstration) was used to bring down Windows PCs remotely, often as a way to show the instability of the operating system.

Read more here.

August 7, 2011

Black Hat Talk Demonstrates New Document Exploits

Remember the days of the viruses embedded in email attachments? They're coming back, according to a pair of researcher talking at Black Hat this week: '"If you have installed all Microsoft Office patches and there are no 0 day vulnerabilities, will it be safe to open a Word or Excel document?" TT asked the audience. "The answer is no."'

Read more here.

August 5, 2011

Hundreds of Bank Account Details Left In London Pub

Another day, yet another data security failure. Two companies have been found in breach of the Data Protection Act after tens of thousands of tenants' details were left at a London pub, alongside 800 records with bank account details. A contractor who had stored data from two different companies on an unencrypted USB drive was responsible. We've all lost things on a night out, but rarely is it other people's banking information. The two firms involved have been told to get a grip on their security procedures, but they escaped a fine from the ICO.

Read more here.

July 31, 2011

Researchers Expose Tracking Service That Can't Be Dodged

Researchers at U.C. Berkeley have discovered that some of the net's most popular sites are using a tracking service that can't be evaded — even when users block cookies, turn off storage in Flash, or use browsers' 'incognito' functions. The service, called KISSmetrics, is used by sites to track the number of visitors, what the visitors do on the site, and where they come to the site from — and the company says it does a more comprehensive job than its competitors such as Google Analytics.

Read more here.

July 29, 2011

TN BlueCross Encrypts All Data After 57 Disks Stolen

After dozens of hard disk drives were stolen from a leased facility in Chattanooga, potentially exposing the personal data of more than 1 million customers, BlueCross decided to go the safe route: they spent $6 million to encrypt all stored data across their enterprise. The health insurer spent the past year encrypting nearly a petabyte of data on 1,000 Windows, AIX, SQL, VMware and Xen server hard drives; 6,000 workstations and removable media drives; as well as 136,000 tape backup volumes.

Read more here.

July 28, 2011

Apple Mac OS X Lion doesn't play nice with others

Apple's Mac OS X Lion operating system isn't working very well with Microsoft and Google software. It seems both companies haven't been paying enough attention to the changes in Lion. If you're a Microsoft Office junkie with a Mac you might not be too pleased to know that the productivity suite has problems running under Apple's latest OS. Microsoft has communicated about the issue on its Office for Mac blog.

Read more here.

July 28, 2011

Android Market Upgraded, Buy eBooks and Rent Movies

Search engine giant Google has quietly dished out an update for its Android Market mobile application store. The update, which bumps the Android Market version to 3.0.27, brings a new user interface and new content for Android powered Smartphones and Tablet devices. Users will now be able to purchase and download eBooks and rent movies.

Read more here.

July 17, 2011

Internet Explorer 9 utterly dominates malware-blocking stats

Internet Explorer 9's dual-pronged approach to blocking access to malicious URLs—SmartScreen Filter to block bad URLs, and Application Reputation to detect untrustworthy executables—provides the best socially engineered malware blocking of any stable browser version, according to NSS Labs' latest report. Internet Explorer 9 blocked 92 percent of malware with its URL-based filtering, and 100 percent with Application-based filtering enabled. Internet Explorer 8, in second place, blocked 90 percent of malware. Tied for third place were Safari 5, Chrome 10, and Firefox 4, each blocking just 13 percent. Bringing up the rear was Opera 11, blocking just 5 percent of malware.

Read more here.

July 15, 2011

Hotmail To Ban Common Passwords

Time and again, when security breaches reveal large numbers of user passwords, analysis shows there are particular passwords commonly used by a significant percentage of the userbase. Now, an anonymous reader tips news that Hotmail is trying to do something about it. "We will now prevent our customers from using one of several common passwords. Having a common password makes your account vulnerable to brute force 'dictionary' attacks, in which a malicious person tries to hijack your account just by guessing passwords (using a short list of very common passwords). ... Common passwords are not just 'password' or '123456' (although those are frighteningly common), but also include words or phrases that just happen to be shared by millions of people, like 'ilovecats' or 'gogiants.'" This comes alongside a new feature that lets users send a report indicating a friend has had their account hacked.

Read more here.

July 14, 2011

Office 2010 and SharePoint 2010 Service Pack 1 Availability

Today SP1 is available from the Download center. The Downloads Table below provides links to the new packages for SP1. If you have installed all Office Automatic Updates, you will also see SP1 available as a manual download from Microsoft Update. After a 90 day grace period, SP1 will be offered as an automatic update through Microsoft Update. Customers using the Office Click-to-Run technology will have SP1 streamed to them beginning in July.

Read more here.

July 1, 2011

40GB of Data That Costs the Same As a House

PC Pro has an infographic that reveals the extortionate cost of roaming data. They compared the cost of data typically bundled with a fixed-line broadband package (40GB) costing £15, with the cost of buying that data on various mobile tariffs. Buying 40GB of data on a domestic mobile internet tariff from Orange would cost the same as an iMac; buying the same quantity of data on O2's non-Europe roaming tariff would cost £240,000 — or the same as a three-bedroom house.

Read more here.

June 301, 2011

Microsoft Says Reinstall Overkill In Removing Rootkit

Microsoft has clarified the advice it gave users whose Windows PCs are infected with a new, sophisticated rootkit dubbed Popereb that buries itself on the hard drive's boot sector, noting Wednesday that a complete OS reinstall is not necessary. 'If your system is infected with Trojan:Win32/Popureb.E, we advise fixing the MBR using the Windows Recovery Console to return the MBR to a clean state,' MMPC engineer Chun Feng wrote in an updated blog entry. Feng provided links to instructions on how to use the Recovery Console for Windows XP, Vista and Windows 7. Once the MBR has been scrubbed, users can run antivirus software to scan the PC for additional malware for removal, Feng added. Several security researchers agreed with Microsoft's revisions, but a noted botnet expert doubted that the advice guaranteed a clean PC. But an internationally-known botnet expert disagrees. Joe Stewart, director of malware research at Dell SecureWorks, said, 'Once you're infected, the best advice is to [reinstall] Windows and start over ... [MBR rootkits] download any number of other malware. How much of that are you going to catch? This puts the user in a tough position.' MBR rootkit malware is among the most advanced of all threats.

Read more here.

June 25, 2011

Citi Hackers Got Away With $2.7 Million

Citigroup suffered about US$2.7 million in losses after hackers found a way to steal credit card numbers from its website and post fraudulent charges. Citi acknowledged the breach earlier this month, saying hackers had accessed more than 360,000 Citi credit card accounts of U.S. customers. The hackers didn't get into Citi's main credit card processing system, but were reportedly able to obtain the numbers, along with the customers' names and contact information, by logging into the Citi Account Online website and guessing account numbers.

Read more here.

June 18, 2011

After 7 Years, MyDoom Worm Is Still Spreading

Researchers at Sophos have revealed that the MyDoom worm, which spread via email and launched denial-of-service attacks against websites belonging to SCO and Microsoft, is still spreading on the internet after more than seven years in existence. The firm suggests, tongue-in-cheek, that it would be nice if computer users updated their anti-virus software at least once every 5 years to combat the malware threat.

Read more here.

June 16, 2011

Adobe Patches Second Flash Zero-Day In 9 Days

For the second time in nine days, Adobe has patched a critical vulnerability in Flash Player that hackers were already exploiting, Computerworld's Gregg Keizer reports. Adobe also updated Reader to quash 13 new bugs and several older ones the company had not gotten around to fixing. The memory corruption vulnerability in Flash Player could 'potentially allow an attacker to take control of the affected system,' Adobe said in an accompanying advisory. 'There are reports that this vulnerability is being exploited in the wild in targeted attacks via malicious Web pages.' Adobe last issued an 'out-of-band' emergency update on June 5, when it fixed a critical flaw that attackers were exploiting to steal Gmail login credentials. Those attacks were different from the ones Google disclosed the week before, when it accused Chinese hackers of targeting specific individuals, including senior U.S. and South Korean government officials, anti-Chinese government activists and journalists. Google, which bundles Flash Player with Chrome, also updated its browser Tuesday to include the just-patched version of Flash.

Read more here.

June 16, 2011

ADP Experiences Security Breach

HR and Payroll outsourcing giant Automatic Data Processing, Inc. (ADP) experienced a system intrusion, the company announced Wednesday. ADP said it was investigating and taking measures to address the impact of a system intrusion that occurred with a client at Workscape, a benefits administration provider that ADP acquired in August 2010. ADP has also been actively cooperating with law enforcement to determine the cause of this incident and to assist authorities in identifying and apprehending those responsible. ADP added the following in a statement: 'Because this incident is the subject of an ongoing law enforcement investigation, ADP cannot disclose any additional details at this time. ADP will provide further updates once information that can be made public becomes available, and we will continue to communicate with all affected parties as appropriate.'

Read more here.

June 14, 2011

Phishers Hone Skills, Craft More Impressive Attacks

Recent break-ins at high-profile targets like the International Monetary Fund demonstrate just how proficient hackers have become at so-called spear phishing, researchers said on Tuesday. 'Today's spear phishing is not only more prevalent but also much more technically proficient,' said Dave Jevans, chairman of the Anti-Phishing Working Group. 'They're not going for a password, anymore; they're getting people to install crimeware on their computers.' The trend highlights the need for defenses against such targeted threats, requiring companies to look beyond security strategies focused purely on dealing with traditional network threats, analysts said. Increasingly, companies also need to focus on approaches such as continuous monitoring of networks, databases, applications and users, outbound traffic filtering and whitelisting.

Read more here.

June 9, 2011

Citi Bank Reveals Attack... One Month Late

Is account security a thing of the past? Quote: 'We're talking a fairly serious hack, too. The personal and account information of some 200,000 Citibank card holders in North America was breached, reports Reuters, including contact specifics like names and email addresses. The solitary bit of good news? Citibank claims far more sensitive info like social security numbers, birth dates, card expiry dates and CVV card security codes was not compromised.

Read more here.

June 8, 2011

Facebook Facial Recognition Raises New Privacy Concerns

Now might be a good time to check your Facebook privacy settings as many Facebook users are reporting that the site has enabled the face recognition in the last few days without giving users any notice. Once again, Facebook seems to be sharing personal information by default, instead on users having to 'opt-in'. Some other comments and an interesting reaction from Google and how to get around/disable it.

To disable the feature: 1 Go to the "Account" tab in the top right hand corner 2 Click on "Privacy settings" 3 Click "Customise settings" 4 Scroll down to "Things others share" 5 Click "Edit settings" next to "Suggest photos of me to friends" 6 Choose "Disable" or "Enable" from the dropdown.

Read more here.

June 6, 2011

Adobe Flash security update for Windows, Mac, Android, Linux and Solaris users

It doesn't matter if you run Windows, Mac, Linux, Solaris or even Android.. if Adobe goes public about a security vulnerability in its Flash product, you better install the patch to protect against the problem. Adobe's emergency patch was issued over the weekend to protect against a cross-site scripting vulnerability. Targeted attacks could use the vulnerability to trick users into clicking on a malicious link delivered in an email message.

Read more here.

June 2, 2011

Sony Compromised, Again

The hacker group LulzSec on Thursday posted information it took from Sony Entertainment and Sony BMG on its site, called the LulzBoat. Lulz Security said it broke into servers that run SonyPictures.com. The information includes about a million usernames and passwords of customers in the US, the Netherlands and Belgium and is available for download and posted on the group's site.

Read more here.

May 31, 2011

Mac OS Update Detects, Kills MacDefender Scareware

Apple released an update for Snow Leopard on Tuesday that warns users that they've downloaded fake Mac security software and scrubs already-infected machines. Chet Wisniewski, a security researcher with Sophos, confirmed that the update alerts users when they try to download any of the bogus MacDefender antivirus software. Wisniewski had not yet tested the malware cleaning functionality of the update, but was confident that it would work. 'It's reasonably trivial to remove MacDefender,' said Wisniewsk. The update, labeled 2011-003, adds a new definition to the rudimentary antivirus detection engine embedded in Mac OS X 10.6, aka Snow Leopard, and also increases the frequency with which the operating system checks for new definitions to daily.

Read more here.

May 27, 2011

Amazon Challenges Apple With Mac App Store

Amazon launched a Mac-specific application download store on Thursday that will compete with Apple's nearly five-month-old Mac App Store. The new subsection of Amazon's massive online store, dubbed 'Mac Software Downloads,' kicked off quietly Thursday. Amazon has long offered software downloads for both Windows and Mac customers, but this was the first time that the company called out its Mac-centric 'store.' The retailer, however, apparently did not want to goad Apple into another legal battle by mimicking its rival's 'App Store' moniker: The two companies are already in court over Amazon's 'Appstore for Android,' which Apple claims violates its trademark. Unlike the Mac App Store, which Apple opened in early January, Amazon's includes the popular Office for Mac line from Microsoft.

Read more here.

May 26, 2011

Apple's iOS 4 Hardware Encryption Cracked

Russian company ElcomSoft is claiming to have cracked the 256-bit hardware encryption Apple uses to protect the data on iOS 4 devices, and is offering software that allows anyone to do it. ElcomSoft can now gain full access to what is stored on a gadget such as the iPhone 4. This includes historical information such as geolocation data, browsing history, call history, text messages and emails, usernames, and passwords.

Read more here.

May 26, 2011

Skype Crashes and Burns In Worldwide Outage

VoIP and instant messaging service Skype has disappeared from the Internet, nary a fortnight after Microsoft snaffled up the outfit in an overpriced $8.5 billion deal.

Read more here.

On Target has a business relationship with SIP Advantage, a world class VoIP provider. Contact On Target today to learn more.

May 25, 2011

Sony Suffers Yet More Security Breaches

As Sony struggles to restore the Playstation Network we receive news today of another breach, this time at Sony Ericsson in Canada. 'Sony Corp. spokesman Atsuo Omagari said Wednesday that names, email and encrypted passwords may have been stolen from the Sony Ericsson Canada website, but no credit card information was taken.'

Read more here.

On Target can help protect your business by preventing these intrusions into your environment, contact On Target today to learn more.

May 25, 2011

Apple Acknowledges MacDefender

Apple is planning to release an update specifically designed to protect users against the MacDefender malware that has been circulating for the last couple of weeks. The update for Mac OS X will automatically find and remove the malware on an infected machine and also will warn users if another infection attempt is detected.

Read more here.

On Target can help protect your computers and your network. Contact On Target today to learn more.

May 23, 2011

PlayStation Network Hack Will Cost Sony $170M

Sony expects the PlayStation Network hack will cost it $170 million this financial year, it said Monday. Unknown hackers hit the network gaming service for PlayStation 3 consoles in April, penetrating the system and stealing personal information from the roughly 77 million accounts on the PlayStation Network and sister Qriocity service. A second attack was directed at the Sony Online Entertainment network used for PC gaming. Sony responded to the attacks by taking the systems offline.

Read more here.

On Target can help protect your business by preventing these intrusions into your environment, contact On Target today to learn more.

May 20, 2011

Sony hacked again

This latest setback comes after personal information of some 100 million Sony user accounts was stolen last month when its online gaming systems, the PlayStation Network and Sony Online Entertainment, were hacked. Security experts said there were not surprised the electronics company has yet to clean up weaknesses in its massive global network. Earlier this week, Sony shut down one of its websites set up to help millions of users change their passwords after finding a security flaw.

Read more here.

On Target can help protect your business by preventing these intrusions into your environment, contact On Target today to learn more.

May 18, 2011

Microsoft: One In 14 Downloads Is Malicious

About one out of every 14 programs downloaded by Windows users turns out to be malicious, Microsoft said Tuesday. And even though Microsoft has a feature in its Internet Explorer browser designed to steer users away from unknown and potentially untrustworthy software, about 5% of users ignore the warnings and download malicious Trojan horse programs anyway. IE also warns users when they're being tricked into visiting malicious websites, another way that social-engineering hackers can infect computer users. In the past two years, IE's SmartScreen has blocked more than 1.5 billion Web and download attacks, according to Jeb Haber, program manager lead for SmartScreen.

Read more here.

On Target can help protect your business by preventing these applications from running in your environment, contact On Target today to learn more.

May 11, 2011

23,000 File Sharers Targeted In Latest Lawsuit

Subpoenas are expected to go out to ISPs this week in what could be the biggest BitTorrent downloading case in US history. At least 23,000 file sharers are being targeted by the US Copyright Group for downloading The Expendables. The Copyright Group appears to have adopted Righthaven's strategy in blanket-suing large numbers of defendants and offering an option to quickly settle online for a moderate payment. The IP addresses of defendants have allegedly been collected by paid snoops capturing lists of all peers who were downloading or seeding Sylvester Stallone's flick last year.

Read more here.

On Target can help protect your business by preventing these applications from running in your environment, contact On Target today to learn more.

May 10, 2011

Facebook Caught Exposing Millions of Credentials

Facebook has leaked photographs, profiles and other personal information for millions of its users because of a years-old bug that overrides individual privacy settings, researchers from Symantec said. The flaw, which the researchers estimate has affected hundreds of thousands of applications, exposed user access tokens to advertisers and others. The tokens serve as a spare set of keys that Facebook apps use to perform certain actions on behalf of the user, such as posting messages to a Facebook wall or sending RSVP replies to invitations. For years, many apps that rely on an older form of user authentication turned over these keys to third parties, giving them the ability to access information users specifically designated as off limits.

Read more here.

May 9, 2011

File-hosting Sites Not a Safe Haven For Private Data

Academic researchers say they've uncovered weaknesses in dozens of the most popular file hosting sites that allow people to gain unauthorized access to data that's supposed to be available only to those selected by the user.

Read more here.

If you need a hosted file solution to provide content to your employees or customers, contact On Target today so we can design a solution that fits your needs.

April 28, 2011

Free anti-virus for Mac named Best Anti-Malware solution at SC Awards

Over 530 of the industry's top companies saw Sophos Anti-Virus for Mac Home Edition successfully beat rivals including products from McAfee, Kaspersky and Symantec to win the coveted title of Best Anti-Malware Solution, at the glittering awards dinner.

If you are unfamiliar with installing antivirus software and require assistance to ensure your programs run properly after installation, contact On Target today.

Read more here.

April 25, 2011

Bizarre Porn Raid Underscores Wi-Fi Privacy Risks

Lying on his family room floor with assault weapons trained on him, shouts of "pedophile!" and "pornographer!" stinging like his fresh cuts and bruises, the Buffalo homeowner didn't need long to figure out the reason for the early morning wake-up call from a swarm of federal agents. That new wireless router. He'd gotten fed up trying to set a password. Someone must have used his Internet connection, he thought. Sure enough, that was the case. Law enforcement officials say the case is a cautionary tale. Their advice: Password-protect your wireless router. If you are unsure if your router is password protected, or if you need assistance in setting up the wireless security, contact On Target today.

Read more here.

April 22, 2011

AT&T Admits Network Can't Handle iPhone, iPad Traffic

AT&T has admitted that the rise of tablets and smartphones like the iPad and iPhone has taken a major toll on its network. In its public filing to the Federal Communications Commission yesterday, the company admitted that its network has been under increasing strain as more and more high-bandwidth devices have been connected. This not only includes smartphones like the iPhone, but tablets like the iPad as well. AT&T says that in many cases tablets put a greater stress on their network (PDF) than smartphones do.

Read more here.

April 14, 2011

Adobe To Patch Flash 0-Day Friday

Adobe is planning to patch the recently disclosed Flash Player vulnerability on Friday — just four days after it was disclosed — for users on Windows, Mac OS X and Linux. The vulnerability is being used in targeted attacks right now that use malicious Word documents. Adobe said it plans to push out the Flash Player patch for Google Chrome today, as part of the Chrome release channel, but Reader X users will have to wait till June for a fix.

Read more here.

April 11, 2011

Personal Info of 3.5 Million Texans Was Publicly Accessible

The Houston Chronicle reports, 'Personal information of about 3.5 million Texans — including names, mailing addresses and Social Security numbers — was posted on a publicly accessible server at the state comptroller's office, much of it for more than a year.' Many of the records were for retired teachers and the unemployed, and they sometimes included Date of Birth and drivers license numbers.

Read more here.

April 11, 2011

Remembering the Apple I

This month marks the 35th anniversary of Apple--and the 35th anniversary of the Apple I, its first computer. It was a single-board computer that was unimaginably more rudimentary than any modern Mac — it didn't even come with a case and keyboard standard — but in its design, sales and marketing, we can see the beginnings of the Apple approach that continues to this day.

Read more here.

April 4, 2011

Epsilon Breach Affects JPMorgan Chase, Capital One

Marketing services provider Epsilon, the largest one in the world, has notified its customers of a breach that likely compromised all of their mailing lists. Among Epsilon's customers are US Bank, JPMorgan Chase, TiVo, Capital One, the Home Shopping Network, LL Bean Visa Card, Ritz-Carlton Rewards, Best Buy, Disney Destinations, Walgreens, and many more.

Read more here.

April 4, 2011

RSA release a few details on their big security breach

In mid-March, Naked Security reported that RSA's executive chairman, Art Coviello, had revealed a doozie of a cyber-attack story: hackers had broken into RSA servers and stolen information related to the company's SecurID two-factor authentication products.

Read more here.

March 31, 2011

Massive SQL Injection Attack Compromises 380K URLs

A massive SQL injection attack campaign has been spotted by Websense researchers, and the number of unique URLs affected by it has risen from 28,000 when first detected yesterday, to 380,000 when the researchers last checked. The injected script redirects users that have landed on the various infected pages to the domain in the script, which then redirects them further to a website simulating an anti-malware check and peddling a rogue AV solution.

Read more here.

March 29, 2011

50% of Tweets Consumed Come From .05% of Users

A mere 20,000 Twitter users steal almost half of the spotlight on Twitter, which now ropes in a billion tweets every week. That means only 0.05% of the social network's user base attracts attention, according to a new Yahoo Research study. From the article: 'Like findings in previous studies, the researchers for this one conclude Twitter resembles an information-sharing hub rather than a social network, with the top generators garnering huge follower tallies but not following their content consumers in return.'

Read more here.

March 23, 2011

Japanese Chip Shutdown Causing Shortages

Japan's natural disasters and nuclear crisis have already caused silicon wafer shortages that are rippling through the global supply chain of semiconductors for everything from your garden variety PC to the biggest Google server farm. The earthquake and tsunami in Japan have shut down 25 percent of the global semiconductor raw materials production, threatening to cause shortages and price hikes in everything from smartphones to supercomputers. Intel and Qualcomm are countering that they have stockpiles and alternative manufacturing plants that can pick up the slack, but dozens of other electronics makers require critical components only manufactured in Japan.

Read more here.

March 23, 2011

Half of Used Phones Still Contain Personal Info

More than half of second-hand mobile phones still contain personal information of the previous owner, posing a risk of identity fraud. A study found 247 pieces of personal data stored on handsets and SIM cards purchased from eBay and second-hand electronics shops. The information ranged from credit card numbers to bank account details, photographs, email address and login details to social networking sites like Facebook and Twitter. According to data security firm CPP, 81 percent of previous owners claim they have wiped personal data from their mobile phones and SIM cards before selling them. However, deleting the information manually is 'a process that security experts acknowledge leaves the data intact and retrievable.'

Read more here.

March 14, 2011

40th Anniversary of the Computer Virus

This year marks the 40th anniversary of Creeper, the world's first computer virus. From Creeper to Stuxnet, the last four decades saw the number of malware instances boom from 1,300 in 1990, to 50,000 in 2000, to over 200 million in 2010. Besides sheer quantity, viruses, which were originally used as academic proofs of concept, quickly turned into geek pranks, then evolved into cybercriminal tools. By 2005, the virus scene had been monetized, and virtually all viruses were developed with the sole purpose of making money via more or less complex business models.

Read more here.

March 14, 2011

41% of Facebook Users Willing To Divulge Personal Info

In an experiment, 41% of Facebook users were willing to divulge highly personal information to a complete stranger. This according to IT security firm Sophos, which invited 200 randomly selected Facebookers to befriend a bogus Facebook user named 'Freddi Staur' (an anagram of 'ID Fraudster'). Of those queried, 87 responded to the invitation, among them 82 people whose profiles included personal information such as their email address, date of birth, address or phone number.

Read more here.

March 12, 2011

Japanese tsunami disaster exploited by hard-hearted cybercriminals

Sick-minded scammers are up to their dirty tricks again, trying to make money out of the natural disaster in Japan which has shocked people around the world. In one example, Facebook users are being tricked into believing they are going to see a whale carried by the tsunami into a wrecked building. But the reality is that the scammers are trying to earn money by bringing traffic to online surveys. Sophos recommends that users who wish to keep abreast of the news only trust legitimate media sources.

Read more here.

March 10, 2011

Apple leaves iPhone 3G owners out in the cold when it comes to security patches

Apple's new iOS 4.3 update includes a number of critical security patches - some of which are designed to prevent vulnerabilities being exploited that could lead to malicious code being run on your iPhone or iPad. But how are iPhone 3G users supposed to protect themselves?

Read more here.

March 1, 2011

New Mac OS X backdoor Trojan discovered

A new remote access Trojan for Mac OS X has surfaced, showing malware authors are actively developing malware for Apple Mac computers. Read on to learn the malware's capabilities and how it works.

Read more here.

February 28, 2011

Infected Androids Run Up Big Texting Bills

Computerworld reports that a rogue Android app is hijacking smartphones and running up big texting bills to premium rate numbers before the owner knows it. Chinese hackers grabbed a copy of Steamy Windows, a free program, added a backdoor Trojan horse to the app's code, then placed the reworked app on unsanctioned third-party "app stores" where unsuspecting or careless Android smartphones find it, download it and install it.

Read more here.

February 25, 2011

HIPAA fines prove the value of data protection

A hospital has been fined over $1 million fines under the HIPAA act. Now that they have proven they mean business, other health care organizations need to be sure they have the proper protections in place. Learn more about data loss prevention and encryption can help your organization.

Read more here.

February 18, 2011

Americans Trust Docs, But Not Computerized Records

A soon-to-be-released survey from CDW shows that Americans trust their physicians to use their health information responsibly, but they're very concerned that once in electronic format, their personal health information may suddenly show up on the Internet. Their fears may not be unfounded. CDW said that survey data showed 30% and 34% of doctors lack basic anti-virus software and network firewalls, respectively. Most amusingly, however, nearly a quarter of the 1,000 patient respondents said they don't even trust themselves with access to their own electronic health records.

Read more here.

February 18, 2011

New Android Malware Robs Bandwidth For Fake Searches

We've been hearing about various Android malware spreading through the Chinese markets. Well, here's another one to look out for: meet ADRD (aka Trojan:Android/Adrd.A) which is expert in sucking your bandwidth. The malware downloads a list of search URLs and then performs those searches at random in the background, which as the screen shots [in the linked article] show leads to excessive data charges. Similar to other Android malware this too is distributed through wallpapers which are infected repackaged versions of legit wallpapers.

Read more here.

February 17, 2011

10% of IT Pros Can Access Previous Jobs' Accounts

According to a survey that examines how IT professionals and employees view the use of policies and technologies to manage and protect users' electronic identities, the sharing of work log-ins and passwords between co-workers is a regular occurrence. It's no wonder then that half of them are concerned about insider threats to network security in their company's current infrastructure! But one of the most surprising results shows that one in 10 IT professionals admit they have accounts from previous jobs, from which they can still access systems even though they've left the organization.

Read more here.

February 17, 2011

Confidential Data Not Safe On Solid State Disks

Researchers at UCSD's Non-Volatile Systems Laboratory have torn apart SSDs and have found remnant data even after running several open source and commerical secure erase tools. They've also proposed some changes to SSDs that would make them more secure. Makes you think twice about storing data on SSDs — once you put it on, getting it off isn't so easy.

Read more here.

February 10, 2011

IPhone Attack Reveals Passwords in Six Minutes

Researchers in Germany say they've been able to reveal passwords stores in a locked iPhone in just six minutes and they did it without cracking the phone's passcode. The attack, which requires posession of the phone, targets keychain, Apple's password management system. Passwords for networks and corporate information systems can be revealed if an iPhone or iPad is lost or stolen.

Read more here.

February 7, 2011

NASDAQ reports hackers broke into its servers

The NASDAQ stock exchange has called in investigators from the FBI after discovering it had become the target of hackers. It says that "at no point" were its trading systems compromised, but major Fortune 500 companies may still have cause for concern.

Read more here.

February 4, 2011

Verizon To Throttle High-Bandwidth Users

Verizon has enacted a new policy today that allows them to throttle 'high' bandwidth users on their network. We're not sure exactly what 'high' means but it is probably over 2GB of data per month. This comes as the iPhone launches on Verizon's network. The policy is said to only affect the top 5% of data users on the network. When these 5% of users hit the soft limit they will be throttled during peak times of the day. From the note sent to customers: 'Verizon Wireless strives to provide customers the best experience when using our network, a shared resource among tens of millions of customers. To help achieve this, if you use an extraordinary amount of data and fall within the top 5% of Verizon Wireless data users we may reduce your data throughput speeds periodically for the remainder of your then current and immediately following billing cycle to ensure high quality network performance for other users at locations and times of peak demand. Our proactive management of the Verizon Wireless network is designed to ensure that the remaining 95% of data customers aren't negatively affected by the inordinate data consumption of just a few users.'

Read more here.

January 25, 2011

Death Knell Sounding: Number of Traditional Phone Lines Plummets

In a report released earlier this month, the Federal Communications Commission disclosed that switched access lines – traditional telephone connections – decreased by 10 percent in 2009 from 141 million to 127 million lines. Meanwhile, interconnected VoIP subscriptions rose 22 percent from 21 million to 26 million subscriptions during the same period. But as of 2009, VoIP still comprised only 17 percent of the total telephone lines in the United States. Of the 153 million total connections in service at the end of 2009, 83 percent were residential (45 percent) and business (38 percent) switched access lines. Fifteen percent of the connections were residential interconnected VoIP subscriptions while 2 percent comprised business interconnected VoIP lines, according to the FCC. Cable operators, traditional phone companies and specialized VoIP providers like Vonage sell IP phone service over broadband connections. The FCC’s report summarized data that the agency collected as of Dec. 31, 2009.

Read more here.

January 18, 2011

Attack Toolkits Dominating the Threat Landscape

The ease-of-use and ability to amass great profits through the use of easily accessible 'attack toolkits' are driving faster proliferation of cyber attacks and expanding the pool of attackers, opening the doors to more criminals who would likely otherwise lack the required technical expertise to succeed in the cybercrime underground. The relative simplicity and effectiveness of attack kits has contributed to their increased use in cybercrime — these kits are now being used in the majority of malicious Internet attacks.

Read more here.

January 18, 2011

Facebook Suspends Personal Data-Sharing Feature

Facebook has 'temporarily disabled' a controversial feature that allowed developers to access the home address and mobile numbers of users. The social network suspended the feature, introduced on Friday, after only three days. The decision follows feedback from users that the sharing-of-data process wasn't clearly explained and criticism from security firms that the feature was ripe for abuse.

Read more here.

January 17, 2011

Facebook Opens Up Home Addresses and Phone Numbers

Do you really want third-party app developers on Facebook to be able to access your mobile phone number and home address? Facebook has announced that developers of Facebook apps can now gather the personal contact information from their users. Security firm Sophos describes it as 'a move that could herald a new level of danger for Facebook users' and advises users to remove their home address and phone numbers from the network immediately.

Read more here.

January 13, 2011

Pentagon Credit Union Database Compromised

The credit union used by members of the U.S. armed forces and their families has admitted that a laptop infected with malware.was used to access a database containing the personal and financial information of customers. The Pentagon Federal Credit Union (PenFed) issued a statement to the New Hampshire Attorney General that said data, including the names, addresses, Social Security Numbers and PenFed banking and credit card account information of its members were accessed by the infected PC.

Read more here.

January 12, 2011

Spam Volume Spikes After Holiday Respite

The amount of spam hitting users' inboxes fell off a cliff in late December, with many security experts attributing the decline to the sudden disappearance of the Rustock botnet and other networks from the spam business. But the level of spam has begun to gain back some of the ground it lost today as other spammers have taken up the slack. Researchers say that after the sudden drop-off in spam volumes, things stayed fairly quiet for a time, but now it seems that other spammers have picked up where Rustock and the other spamming operations left off. The volume of spam took a big jump upward in the last 24 hours, according to researchers at Websense. The volume of spam hasn't made it all the way back to the levels of the last few months of 2010, but it seems to be on the way.

Read more here.

January 4, 2011

Spoofed White House Card Dupes Many Gov't Employees, Steals Data

A run-of-the-mill malware-laced e-mail that spoofed seasons greetings from The White House siphoned gigabytes of sensitive documents from dozens of victims over the holidays, including a number of government employees and contractors who work on cybersecurity matters, writes krebsonsecurity.com. The story looks at several victims who fell for the attack, and suggests it may be related to a series of similar document-harvesting runs throughout 2010. Government security vendor NetWitness notes that these types of incidents are blurring the lines between online financial fraud and espionage attacks.

Read more here.

December 30, 2010

Mobile security firm warns of new Android Trojan

Lookout Mobile Security, which just raised fresh capital to boost its fight against mobile malware, said it has identified the peskiest cell phone threat to date. The Android Trojan, dubbed Geinimi, has cropped up in China and is capable of taking a significant amount of personal data and sending it to remote servers. Lookout said Geinimi displays botnet-like qualities and is the most sophisticated wireless malware it has seen. Thus far, infected programs have only been seen on various Chinese app stores.

Read more here.

December 23, 2010

New Internet Explorer Zero Day

Microsoft has released a notice about a new zero day attack against Internet Explorer. Guess it's going to be more a 'Script Kiddie Christmas,' less of a 'White Christmas.' 'Ok, fess up — who asked for an IE 0 day for Christmas? I'm guessing Santa got his lumps of coal mixed up with a bag of exploits. This exploit has been discussed over the last day or so on full disclosure and a number of other sites. Metasploit already has a module available for it (just search for CSS & IE). Microsoft has put out an advisory 2488013 regarding the issue which manifests itself when a specially crafted web page is used and could result in remote code execution on the client.'

Read more here.

December 21, 2010

SMBs Increase Migration to VoIP, IP PBX

Research firm AMI-Partners has released a report forecasting growth in the VoIP market among small and medium businesses (SMBs). The report states that more than 30 percent of small businesses (SBs, 1 – 99 employees) and 50 percent of medium businesses (MBs, 100-999 employees) say that VoIP will become critical to their business operations.

AMI’s 2010 VoIP Update – U.S. SMB Market report provides an in-depth analysis of Voice over IP usage by U.S. small and medium businesses. AMI believes that the market for IP-based voice communications, i.e. VoIP, IP PBX, will eventually merge.

Read more here.

December 15, 2010

Microsoft Patch Tuesday Review

Who decides which patches will be installed on your computers? Will thery help, or hurt, your computer systems? If you are in doubt, let On Target help by managing your patches. Today Microsoft has released 17 security patches including four patches for the exact same issue in four different products.

Read more here.

December 14, 2010

Hand-Off, Reconnect To Verizon LTE Can Take 2 Minutes

Verizon Wireless admits that laptop users with USB modems on its new high-speed LTE network may experience up to a two minute delay when switching over from a 3G coverage zone. 'Hand-offs can take up to a couple minutes, but that was expected and a fix is in the works,' Verizon spokesman Jeffrey Nelson told Computerworld. Also, to get back on LTE once already having been in an LTE zone, one tester said it was necessary to unplug the modem and plug it back in again. Nelson said that was not necessary, although he did say it could take up to two minutes to reconnect to LTE. Nelson said Verizon was working with a modem maker on the hand-off problem, but didn't say which maker. Business Insider said the hand-off problem occurred with an LG model. 'We're working with the modem maker for quick update, but no ETA yet.' Nelson said. A Mac OS version was also said to be close.

Read more here.

December 13, 2010

Two Major Ad Networks Found Serving Malware

Two major online ad networks — DoubleClick and MSN — were serving malware via drive-by download exploits over the last week, experts say, after a group of attackers was able to trick the networks into displaying their ads by impersonating an online advertising provider. The scheme involved a group of attackers who registered a domain that was one letter away from that of ADShuffle.com, an online advertising technology firm. The attackers then used the fake domain — ADShufffle.com — to dupe the advertising networks into serving their malicious banner ads. The ads used various exploits to install malware on victims' PCs through drive-by downloads, according to information compiled by security vendor Armorize.

Read more here.

December 6, 2010

Researchers Tracking Emerging Darkness Botnet

Researchers are tracking a new botnet that has become one of the more active DDoS networks on the Internet since its emergence early last month. The botnet, dubbed 'Darkness,' is being controlled by several domains hosted in Russia and its operators are boasting that it can take down large sites with as few as 1,000 bots. The Darkness botnet is seen as something of a successor to the older Black Energy and Illusion botnets and researchers at the Shadowserver Foundation took a look at the network's operation and found that it is capable of generating large volumes of attack traffic. 'Upon testing, it was observed that the throughput of the attack traffic directed simultaneously at multiple sites was quite impressive,' Shadowserver's analysts wrote in a report on the Darkness botnet. 'It now appears that "Darkness" is overtaking Black Energy as the DDoS bot of choice. There are many ads and offers for DDoS services using "Darkness." It is regularly updated and improved and of this writing is up to version 7. There also appear to be no shortage of buyers looking to add "Darkness" to their botnet arsenal.

On Target IT Solutions can scan your network for any existing infections and can help protect you against other potential attacks.

Read more here.

November 18, 2010

Stuxnet Virus Now Biggest Threat To Industry

A malicious computer attack that appears to target Iran's nuclear plants can be modified to wreak havoc on industrial control systems around the world, and represents the most dire cyberthreat known to industry, government officials and experts said Wednesday. They warned that industries are becoming increasingly vulnerable to the so-called Stuxnet worm as they merge networks and computer systems to increase efficiency. The growing danger, said lawmakers, makes it imperative that Congress move on legislation that would expand government controls and set requirements to make systems safer.

Read more here.

November 11, 2010

Apple Releases Mac OS X 10.6.5 and Security Update 2010-007

Apple today released Mac OS X 10.6.5, the fifth maintenance update for Snow Leopard, via Software Update. The update offers a number of fixes implemented since the release of Mac OS X 10.6.4 in mid-June. The 10.6.5 Update is recommended for all users running Mac OS X Snow Leopard and includes general operating system fixes that enhance the stability, compatibility, and security of your Mac.

Read more here.

November 8, 2010

New variant of cross-platform Boonana malware discovered

Mac user? Windows user? It doesn't really matter when it comes to cross-platform malware. A new version of the Boonana Trojan horse has been discovered.

Read more here.

November 5, 2010

Researcher To Release Web-Based Android Attack

A computer security researcher says he plans to release code Thursday that could be used to attack some versions of Google's Android phones over the Internet. The attack targets the browser in older, Android 2.1-and-earlier versions of the phones. It is being disclosed Thursday at the HouSecCon conference by M.J. Keith, a security researcher with Alert Logic. Keith says he has written code that allows him to run a simple command line shell in Android (video) when the victim visits a website that contains his attack code. The bug used in Keith's attack lies in the WebKit browser engine used by Android. Google said it knows about the vulnerability. 'We're aware of an issue in WebKit that could potentially impact only old versions of the Android browser,' Google spokesman Jay Nancarrow confirmed in an e-mail. 'The issue does not affect Android 2.2 or later versions.' Version 2.2 runs on 36.2 percent of Android phones, Google says.

Read more here.

November 2, 2010

Yes, you need anti-virus on your Mac.. and now it's free

In a pretty exciting move, antivirus manufacturer SOPHOS is making a version of their Mac anti-virus product (used by big companies around the world) available for free download to home consumers. That means your home Macs can be protected automatically in-the-background with the latest anti-virus protection, checking every program you run, every file you download, every USB stick you insert, completely free.

Read more here.

October 29, 2010

New Adobe Flash Bug Being Exploited

On the same day that it plans to release a patch for a critical flaw in Shockwave, Adobe confirmed on Thursday morning that there is a newly discovered bug in Flash that is being actively exploited already in attacks against Reader. The vulnerability affects Flash on all of the relevant platforms, including Android, as well as Reader on Windows and Mac, and won't be patched for nearly two weeks.

Read more here.

October 27, 2010

How To Protect Your Login Information From Firesheep

On Monday a FireFox extension named Firesheep was released which essentially lets you eavesdrop on any open Wi-Fi network and capture users’ cookies. As the author explained “As soon as anyone on the network visits an insecure website known to Firesheep, their name and photo will be displayed” in the window. All you have to do is double click on their name and open sesame, you will be able to log into that user’s site with their credentials. There is protection ALREADY available and On Target IT Solutions recommends ALL mobile users install, configure, and utiize this extension for the protection of their personal data.

Read more here.

October 21, 2010

You can no longer rely on encryption to protect a BlackBerry

Did you think your BlackBerry data was safe because it's encrypted on the phone, over the airwaves, and in its backup form? Think again. Russian software developer ElcomSoft, which, with its Russian competitor AccentSoft, has developed effective password-cracking programs for most common desktop encryption formats, is at it again. Now, it's targeted the BlackBerry with a Phone Password Breaker that was previously limited to Apple mobile devices.

Read more here.

October 20, 2010

Google releases stable version of Chrome 7

Google pushed version seven of its Chrome browser into the company’s stable channel of releases yesterday, which means features tested in beta and developer builds are now available to the masses. A number of nasty security bugs have been fixed in Chrome 7.0.517.41 for Windows, Mac and Linux machines, including a horrible glitch that caused the browser to crash when the autofill form was used.

Read more here.

October 13, 2010

It's Microsoft Patch Tuesday: October 2010

This month’s patches represent a new record. Microsoft kept the out-of-band patches to a minimum, and did respond very, very quickly to a top-tier .NET vulnerability mid-month, by issuing manual fix information within a day or two, and a patch a few days later.

Read more here.

October 12, 2010

Survey Shows How Stupid People Are With Passwords

Another study was released to today, that once again, shows how careless people really are online. When it comes to safeguarding personal information online, many people don’t seem to care very much, or don’t think enough about it.

The password study, commissioned by Internet security firm Webroot, uncovers some scary common password practices. In the survey of more than 2,500 people, Webroot found some interesting trends in how users handle their online passwords.

Read more here.

October 11, 2010

71% of all tweets are ignored

Are you considering social networking as a tool for your website? Sysomos, a provider of social media monitoring and analytics technology, recently reported that 71% of all Tweets are ignored. On Target IT Solutions can help you tailor your messaging to ensure they are both timely and relevant.

Read more here.

October 6, 2010

Internet Keeps Growing! Traffic up 62% in 2010

Whether it’s Hulu, or 85 million-plus daily tweets or millions of photos being uploaded to Facebook, Internet traffic keeps growing and growing. That’s not going to change any time soon, mostly because the Internet is now becoming a crucial part of our daily lives. In some parts of the world, it’s hard to escape the ‘net, so to speak. Soon, thanks to the mobile Internet revolution, a massive new majority is going to join the Internet. Data from research firm Telegeography shows that Internet traffic has grown 62 percent in 2010, after logging a 74 percent growth in 2009.

Read more here.

October 5, 2010

Fake browser warnings dupe users into downloading 'scareware'

Computerworld - Scammers are spoofing the anti-malware warnings of popular browsers to dupe Windows users into downloading fake security software, Symantec said Monday. Several malicious Web sites are displaying phony versions of the alerts that Google's Chrome and Mozilla's Firefox present when users encounter pages suspected of hosting attack code, said Symantec researcher Parveen Vashishtha in a post to the firm's blog.

Read more here.

September 28, 2010

Microsoft To Release Emergency Fix For ASP.NET Bug

Microsoft on Tuesday will release an emergency out-of-band patch for the ASP.NET padding oracle attack that was disclosed earlier this month. The patch will only be available on the company's Download Center for the time being, however. The company is taking the step of releasing an emergency fix for the bug because of the seriousness of the vulnerability — which potentially affects millions of Web applications — and the fact that there are attacks ongoing against it already. The patch will fix the flaw in all versions of the .NET framework. Although Microsoft issued guidance about workarounds to defend against attacks on the ASP.NET bug shortly after it was publicly disclosed, the researchers, Juliano Rizzo and Thai Duong, said that the workarounds did not fully protect users against their attack.

September 23, 2010

Study: Data Loss Affects Nearly One-Third of Enterprises

Nearly one-third of organizations with more than 1,000 employees were affected by data loss events in the past 12 months, according to a study recently released by cloud-focused security firm Proofpoint. "Data loss and data exposure events are far from rare," said Keith Crosley, director of market development at Proofpoint. "Around a third of organizations suffered a data loss event in all of these categories."

Read more here.

September 20, 2010

Google Apps Gets Two-Factor Security

Passwords alone are not enough to secure access. Many organizations require two-factor authentication with a token. Google just added free two-factor verification to Google Apps, sending a one-off token to the user's mobile phone. It's good to have this for free, and it backs up Google's assertion that cloud apps are more secure — but it doesn't answer how it helps if an intruder is getting into Apps through a lost or stolen phone.

September 17, 2010

Security a Concern As HTML5 Advances

Every technology innovation has its coming out party, and Google Inc.'s recent 'dancing balls' logo experiment was widely interpreted as a high-impact debut for HTML5. But web security experts are warning that the sprawling new web standard may favor functionality over security, enabling a new generation of powerful web-based attacks. They agree that there are security enhancements in HTML5, but all expressed the same concern: that the new specification will greatly increase the 'attack surface' of HTML — providing more avenues by which malicious code can be delivered through the web. 'HTML5 has an enormous amount of functionality. The (specification) is just huge,' said Jeremiah Grossman of security firm WhiteHat. The breadth of the new specification gives him concern. 'I know that we're still finding vulnerabilities in HTML4,' Grossman said.

September 16, 2010

One Million Sites Infected With Malware In Q2

More than one million Web domains were infected with malicious code in the second quarter of 2010 — around one percent of all active Web domains, according to new data. The number of infected domains was extrapolated from data gained through a sample scan of what Dasient describes as 'millions of Web sites,' as well as from customer deployments. It suggests that compromises of Web sites are on the rise, as attackers look to push out malicious programs through so-called drive by download attacks.

September 14, 2010

Criminals Steal House Thanks To Hacked Email

An international cybercrime investigation is underway into a sophisticated scam network that used email and fax to sell an Australian man's AU$500,000 property without his knowledge. The man was overseas when the Nigerian-based scammers stole his credentials and amazingly sold two houses through his real estate agent. He rushed home and prevented the sale of his second home from being finalized. Australian Federal Police and overseas law enforcement agencies will investigate the complex scam, which is considered the first of its kind in Australia. It is alleged scammers had stolen the man's email account and personal property documents to sell the houses and funnel cash into Chinese bank accounts. Investigating agencies admit the scammers hoodwinked both the selling agents and the government, and said they had enough information to satisfy regulatory requirements. The police did not rule out if the scammers had links to the man.

September 9, 2010

New Adobe PDF Zero-Day Under Attack

Adobe has sounded an alarm for a new zero-day flaw in its PDF Reader/Acrobat software, warning that hackers are actively exploiting the vulnerability in-the-wild. An Adobe spokeswoman described the attacks as 'limited' but warned that that could change with the availability of public samples and exploit code."

August 31, 2010

Misconfigured Networks Main Cause of Breaches

Responses to a survey from attendees of the DEFCON 18 conference revealed that 73% came across a misconfigured network more than three quarters of the time – which, according to 76% of the sample, was the easiest IT resource to exploit. Results revealed that 18% of professionals believe misconfigured networks are the result of insufficient time or money for audits. 14% felt that compliance audits that don't always capture security best practices are a factor and 11% felt that threat vectors that change faster than they can be addressed play a key role.

August 27, 2010

A Conference For Malware Writers

There is a security conference being held in Mumbai later this year called MalCon, and the organizers say it's the first ever conference dedicated to the 'malcoder community.' Brian Krebs interviewed one of them and got this gem: 'Just like the concept of "ethical hacking" has helped organizations to see that hackers are not all that bad, it is time to accept that "ethical malcoding" is required to research, identify and mitigate newer malwares in a "proactive" way.' Bruce Schneier is speaking at a sister MalCon event in Pune, India two days later, and he said he doesn't agree with the organizer's premise that more malware is needed to build better security tools.

August 26, 2010

Pentagon Confirms 2008 Computer Breach — 'Worst Ever'

The New York Times reports that the Pentagon has confirmed that, in 2008, a foreign agent instigated 'the most significant breach of US military computers ever' using a USB flash drive. While the breach was previously reported on Wired and the LA Times, this is the first official confirmation of the attack that led to the banning of USB drives on government computers."

August 26, 2010

25% of Worms Spread Via USB

In 2010, 25 percent of new worms have been specifically designed to spread through USB storage devices connected to computers, according to PandaLabs. This distribution technique is highly effective. With survey responses from more than 10,470 companies across 20 countries, it was revealed that approximately 48 percent of SMBs (with up to 1,000 computers) admit to having been infected by some type of malware over the last year. As further proof, 27 percent confirmed that the source of the infection was a USB device connected to a computer.