Sunday, August 31, 2008

Internet Explorer 8 - Beta

5 reasons why you should try it

The biggest news this morning is that Internet Explorer 8 Beta 2 is out. It's still a developer's preview version, but it seems stable enough for consumers to test. I'll cut to the chase - you can get it here.

Internet Explorer is still used by a whopping 73% of internet users, and 47% of Tech Digest readers (42% Firefox, 7% Safari, 4% other, in case you were wondering). Why do so many people use it? Well, almost certainly because it comes as standard on Windows machines. Many people can't be bothered to change the default. At one point in 2003, IE had 95% market share.

A little history, then. IE6, released in 2001, was a big pile of awful. It was insecure and heavily criticised, which let Firefox (and Apple, too) take quite a big chunk of market share. IE7 was playing catchup, adding tabs and better security, but IE8 looks game-changing, and a strong challenger for Firefox 3.0. Click over the jump to find out why.

One: Safety and Security

Safety has always been the number one concern about Internet Explorer, and Windows in general. Because Windows has such a huge market share, there's a motive for hackers and script kiddies to target it over other platforms. IE8 is the first version of the browser that I've felt genuinely safe in. Two features in particular, I'd like to highlight:

SSBlockingPage.pngFirstly, Smartscreen Filter. Smartscreen filter is basically a virus scanner for websites. Any time you go to a dodgy site, RED ALERT! It'll allow you to continue, or give you the option to go to your homepage instead. You can also on-demand scan individual sites, much like you'd scan individual files with a virus scanner, and if you try to download dodgy files when a download site has been reported, it'll alert you too.

Secondly, tabs are "loosely coupled". That means that each page in each tab is isolated from the others, and from the main browser. A single dodgy page won't crash the browser, or any of your other tabs. It'll just sit there crashing on its own while you carry on doing whatever you like in your other tabs.

Two: New Tab Behaviour

tabgrouping.png
While we're talking about tabs, it seems only fair to discuss some of the more navigational aspects of IE8. Microsoft are talking a lot about the "flow" of navigation, and not interrupting that, and the tabs behaviour backs that up. It's really easy to bring back tabs you've closed. Tabs are colour-coded, too - depending on where the site has come from. In the image above links in the search results page are grouped together and colored differently from the headlines the user followed off another page, which are different from links the user followed off other pages. Oh, and there's now a big X button on each tab, which is a Firefox feature that I was missing.

Three: Accelerators

A snazzy word for "plugins" really. Accelerators were formerly known as "Activities", and they cut out a bit of the copy and pasting that's so endemic in current browsing habits. Instead of the "select, copy, new tab, go to site, paste" routine that you'd invoke if you were trying to look up an address on Google Maps, you can simply select the address and right-click to bring up a map on the site of your choice.

Plenty of different accelerators are already available for a bunch of big sites, and I suspect they're not too hard to code if you want to make one yourself.

Four: InPrivate (or "Porn Mode")

inprivate.png
IE8 will feature a mode called "InPrivate" which will let you browse without recording anything. New cookies don't get stored, history doesn't get recorded, temporary internet files are deleted when the window is closed, form data, passwords, and addresses aren't stored, and nor are search queries. Brilliant. Just the thing for a night in, manipulating the mango.

Oh, and while we're talking about cookies and temporary internet files, there's a lovely feature that lets you keep cookies for websites that are in your "Favourites" while deleting other ones. This is just a quality-of-life feature, but it's the little (almost Mac-like, dare I say it) touches like this that make me really excited about IE8's release.

Five: The Platform

IE8 is enormously standards-compliant, supporting CSS2.1, and Microsoft have submitted a tonne of test cases to the W3C to help increase interoperability between browsers. They've also included a "compatibility view" button, much like the Windows Vista's own compatibility mode, that'll let you view a page as if it were rendered in IE7. Some websites might be slow to adapt, after all!

Conclusions

Even though this is only an early beta, I'm already very impressed. This really ups the ante on what a browser can be, and I think it genuinely offers plenty of new ways of interacting with the internet. It's faster, better and more secure.

Please refer here for more details by Roger Halbheer.

Wednesday, August 27, 2008

Hackers have hijacked your baby

"Sick" hackers claim to have kidnapped babies

A despicable new spam attack is fooling people into installing a Trojan Horse by claiming to have "hijacked" their baby.

The email arrives with the subject line "We have hijacked your baby" and demands a $50,000 ransom for the return of the child.

It then claims to have a photo of the baby attached to the email. The file, entitled photo.zip, is in fact the Troj/Resex-Fam Trojan, which drops malware on to the affected PC. Aside from the odd terminology of "hijacking" a baby, the email provides other telltale signs that it might not be genuine, with the message reading: "We have attached photo of your fume"

Security firm Sophos, which discovered the attack, has condemned the perpetrators. "There's no other way of putting it - this attack is sick," says senior technology consultant, Graham Cluely.

"Hackers have no qualms about exploiting a family's natural instinct to defend its most vulnerable members. Hopefully people will pause before opening the attachment, but the reflex action of some may be to click first and think later.

Like always my advice will be same, Don't open the attachments unless you know the sender and use little bit of your common sense. :)

Tuesday, August 26, 2008

Using your browser URL history to estimate gender

This is purely for fun

Rsnake's blog, pointed me to a interested post from Mike On Ads. A page that attempts to calculate your gender based on a portion of your history.

I quote from the post:

The script analyzes the css color of various links to determine whether or not the user has been to that site. If the link has the “visited” style, then he marks the user as having been to that site. Now the Social History implementation of this is rather innocuous — it’s a clever way of only displaying only the sharing buttons of sites that the user is an active participant of. Of course there are far more interesting applications for advertising.

So, check yourself and see if your browser history can tell about your gender or not?


Users trust all messages in their inbox on social networking sites

Facebook Reports Malware Attack

Facebook is warning about a couple of scams directed at its users over the last few days.

One nasty bit of malicious software attempts to lure users in with messages ranging from "You've been catched on hidden cam" to "Paris Hilton Tosses Dwarf On The Street." The messages contain a link that can take unsuspecting users to a Web page that looks like it's on YouTube. The page tells visitors that, to view the page's video, they need to click on another link to download and install updated software. Those who fall for the scam are actually installing malicious software on their systems.

The worm, called "Koobface," turns compromised computers into "zombie" machines that can be used in other types of online attack. The malicious software may also include "keylogger" software which can records a computer user's keystrokes - and potentially grab passwords when they are entered on a computer. The scam is also circulating on MySpace.

Refer here to read full details.

Sunday, August 24, 2008

A Solid, Up-to-Date Linux Desktop

OpenSUSE 11.0

openSUSE 11.0 is based on the Linux kernel version 2.6.25 and provides a cornucopia of features. If you choose to download the full DVD, you can expect a whopping 4.5 GBs for the iso-format file. Other options include a Live CD and over the network. The good news is that you can use a BitTorrent client to get the iso file.

So what differentiates openSUSE from Novell's other distributions, namely SUSE Linux Enterprise Desktop (SLED) and SUSE Linux Enterprise Server (SLES)? To quote from the openSUSE FAQ:

"openSUSE, created and maintained by the openSUSE project, is a stable, integrated Linux operating system that includes the latest open source packages for desktop productivity, multimedia, Web-hosting, networking infrastructure and application development. It contains everything you need to get started with Linux and is ideal for individuals who wish to use Linux on their personal workstations or to drive their home networks."

To find out more details please refer here.

Vista Blown Open By Unstoppable Hack

The genius of this is that it's completely reusable...That's completely game over.- Dino Dai Zovi

Search Security reports during a charged presentation at the Black Hat hacking conference last week Mark Dowd of IBM Internet Security Systems (ISS) and Alexander Sotirov of VMware Inc revealed a fatal flaw in Windows Vista which potentially blows the OS wide open and in such a way that it cannot be fixed.

Their method involves using scripting systems such as Java and elements of the .NET framework to run malicious code. This code attacks Vista's Address Space Layout Randomization (ASLR) and Data Execution Prevention (DEP) technologies and allows the hackers to load any content they desire to any location on a user's machine.

"The genius of this is that it's completely reusable," said Security specialist Dino Dai Zovi to Search Security. "They have attacks that let them load chosen content to a chosen location with chosen permissions. That's completely game over. "What this means is that almost any vulnerability in the browser is trivially exploitable."

Naturally enough the entry method of choice is through Internet Explorer but it is not limited to this. The approach can also potentially be applied to other operating systems such as Windows XP and Mac OS X.

Unsurprisingly Microsoft has yet to comment on this as it no doubt takes a long hard look at Dowd and Sotirov's findings. Of course these are likely to go public soon so expect this to be a red hot topic over the comings months.

Please refer here for more details.


Thursday, August 21, 2008

RBA goes after Ebay & Paypal

Paypal is only safe payment method? Ebay Claims!

THE Reserve Bank has issued a stern warning to online auction giant eBay Australia, urging it to stop forcing PayPal onto its sellers.

In late July, the seller group wrote to the RBA requesting the bank block eBay from mandating the use of PayPal on every (sales) listing. They claimed eBay duped customers into thinking that PayPal was the only safe payment method available.

Throughout the site eBay portrays PayPal as the only safe payment method and inferring that all other methods are unsafe. Further, this message is reinforced through media advertising and statements in media interviews.

They advertise a buyer protection scheme for PayPal that is entirely illusory. Protection in the form of reimbursement of lost funds is only forthcoming if PayPal can recover it from the seller.

In the past eBay users have complained to the competition regulator that the website allegedly misled users into thinking that PayPal, owned by eBay, was the only payment method by displaying it prominently.

"Consistent with this, the bank will shortly be holding discussions with PayPal with a view to seeking the removal of these rules," the RBA said today. - Source - Australian IT

Well Done Reserve Bank Australia!

Wednesday, August 20, 2008

Oracle Password Checker (Cracker)

Checkpwd 1.23 (free)

Checkpwd 1.23 is (AFAIK) the fastest (see Benchmark) dictionary based password checker for Oracle databases. This is a useful tool for DBA's to identify Oracle accounts with weak or default passwords.

Version 1.23 contains a version which only shows that a password is weak but not the password itself.

Checkpwd reads the password hashes from the view dba_users and compares the hashkeys with the hashkeys calculated from a dictionary file. Details about Oracle (database) passwords are available here:

Fact Sheet about Oracle database passwords.

Downloads

Checkpwd 1.23 (for Windows) + default passwords + libaries + wordlist with 1.5 Mio words + Oracle Instant Client 10.2
(35 MB, MD5SUM: d41737cca1b07d66bd134c53989fa1b5 *oracle_checkpwd_big.zip)

Checkpwd 1.23 (for Windows) + default passwords + libaries
(1.5 MB, MD5SUM: 17a00e28b9ff0e6bed45554b43f62b06 *oracle_checkpwd.zip)

Checkpwd 1.23 - passwords not displayed - (for Windows) + default passwords + libaries
(1.5 MB, MD5SUM: 6638b0c82dea7685b6e045c9f7136168 *oracle_checkpwd_nopw.zip)

More information can be found here.

Symantec to buy PC Tools

Symantec buying another security company...

Symantec is buying PC Tools, which sells PC utilities software designed to boost the security and privacy of Windows-based computers, Symantec said on Monday. Terms of the deal were not disclosed. The transaction is expected to close by the end of the year. The purchase will allow Symantec to expand its reach in emerging regional markets, the company said in a statement.

Source: Yahoo! News

Don't forget to logout from Skype

Neglecting to logout from Skype means sharing your Instant Messages

I was researching and found out:


Six months ago, I briefly used Skype on a friend's laptop. Yesterday, that very friend -- who is not very computer-savvy -- told another friend of mine that she had found a way to read other people's Skype messages. The other friend looked into the matter -- turns out that I had remained logged in on her laptop for the past six months and that she had read every single of my instant messages during that time. Obviously, I had not noticed that the"Automatically log this user on" box was ticked when I logged on and had forgotten to log out.

The RISKS are obvious. So are possible fixes: The "Automatically log this user on every time Skype starts" box should never be active by default and a confirmation should be requested. Also, Skype should make users aware if they are simultaneously logged into the same account from different machines. The only way out at the moment is to change the Skype password frequently as this will terminate all sessions you may have forgotten to log out from yourself.

According to several messages on the Skype Community forum, Skype considers the ability to remain logged in to the same account on several machines a"feature" and sees no need to fix anything.

Sunday, August 17, 2008

Play DVDs on your Nintendo Wii

Wii can finally play DVDs thanks to hackers

The DVDX installer will install a small, hidden, channel on your Wii that allows you to read DVDs on an unmodified system. It is not an installer for a patched IOS. You may however need one, depending on your system.

Usage of this package is fairly simple. Run the installer.dol found in the package, follow the onscreen instructions, and you’re done.

Once you’ve done that, you can enjoy the splendor of mplayer. That what started out as a simple proof of concept has rapidly turned into a full-featured media player, under the nourishing hands of dhewg. The main aim of the mplayer project was to get DVDVideo going, but it also supports reading video files off the SD card. (Experimental).


A patch for Wii64, the N64 emulator for the Wii, will also be available shortly. This patch will allow you to read games off a DVD.

Download links:

DVDX installer (end users)
libdi (developers)
mplayer

If you have a modchip, you also need patchmii, in addition to the DVDX stub installer.
patchmii_core

Friday, August 15, 2008

BeAware of new Facebook Virus

Facebook virus infecting 'Friends' lists

Warning to all Facebook users: a new virus is going around that appears to infect the Facebook users' Friends lists. It sends out an email message with a link that asks you to download a plug-in to view a video. One word: don't.

I've received this email message, or a variation of it, from Facebook "friends":

Jeff sent you a message.

Subject: Hey friend. "You've been catched on hidden cam, yo."

As with any other email you receive within Facebook, users will get this message in their Facebook email inbox as well as their default email program, such as Outlook or Outlook Express.

Following this messages is a long URL (website address) that, when clicked, takes you to what appears to be a YouTube video. This is not YouTube. When you click the video to begin, a message pops up and says you first need to download a newer Flash player to play the video. Do not do this. It's a virus.

Symantec's Norton Antivirus software has flagged this as a "high risk" Infostealer.Gampass virus. More info on this particular Trojan vius is here. (Note: Symantec warns the risk level is "low," since it originated in 2006, but this new Facebook email is a new iteration of the same virus.)

You might be inclined to click on this link because it's from a friend, but they did not intentionally send it to you -- and yes, their Facebook photo is attached, too.

What to do if you downloaded the virus?

Unfortunately, there's no quick fix if you run this virus, says Marc Fossi, manager of system development, at Symantec's security response team:

"The Trojan is not new -- it’s only the attack mechanism that is. Clicking the link won’t infect anyone. The threat is only installed if the user downloads and executes the “codecsetup.exe” file he refers to. Since Gampass can also download and install other threats onto the computer there is not a single disinfection procedure available. The user should download the latest virus definition files and run a full scan of their computer. Always keep antivirus definition files up to date is the only thing that will warn the users ahead of time. This doesn’t exploit a vulnerability so there isn’t a patch available. But the full system scan should disinfect Gampass and any other threats it downloads and installs."


Thursday, August 14, 2008

Sharing Files can help hackers to hack your computer

µTorrent a leaky ship for file sharers

TorrentFreak, claimed that 19 percent of Windows desktops run either the official BitTorrent client or µTorrent application.

A massive hole in the popular peer-to-peer (P2P) client µTorrent has put the computers of millions of file sharers at risk of hijacking. The vulnerability allows hackers to execute code on remote systems, and opens the targeted system to further exploitation.

Hackers can create a stack-based buffer overflow by enticing users to open dodgy .torrent files, the format in which BitTorrent data is stored for distribution. A boundary error caused by the way µTorrent processes .torrent files occurs on execution, opening a backdoor for malicious code execution.

The hole also affects the official BitTorrent client, version 6.x.x

Both the affected BitTorrent release and µTorrent version 1.7.7 remain unpatched. µTorrent users have been advised to upgrade the current 1.8 release, which has reportedly patched the hole, while BitTorrent users should avoid opening unknown .torrent files.

Wednesday, August 13, 2008

Wireless Auditor Assistant - Pen Testing Utility

Organizational Systems Wireless Auditor Assistant

The
OSWA-Assistant™ is a self-contained, freely downloadable, wireless-auditing toolkit for both IT-security professionals and End-users alike. This toolkit is our contribution to the wireless security/auditing community and, as the "Assistant" moniker implies, and is designed for the following groups of people:

IT-security auditors and professionals who need to execute technical wireless security testing against wireless infrastructure and clients;

IT professionals who have responsibility for ensuring the secure operation and administration of their organization's wireless networks;

SME (Small & Medium Enterprise) and SOHO (SmallOffice-HomeOffice) businesses who do not have either the technical expertise or the resources to employ such expertise to audit their wireless networks;

Non-technical-users who run wireless networks at home and who would like to audit the security of their wireless home networks and laptops but don't know how.

Please refer here for further details and click here to download.

Alert over air ticketing scam

Air ticketing scam includes malicious download

Australian consumers are being warned of a ticketing scam which causes malicious software to be downloaded to their computers.

The Australian Competition and Consumer Commission (ACCC) has received a number of complaints about a bogus email claiming to be from an airline company.

The email, which has a bogus ticket and receipt attached, advises consumers they have been charged about A$500. Opening the attachment runs the risk of activating malicious software, which could infect the computer, the commission said.

Opening the attachment runs the risk of activating malicious software, which could infect the computer, the commission said.

Scammers use malicious software programs to retrieve personal details including online banking passwords or personal records stored on a computer's hard drive.

If consumers receive such emails, they should delete them straight away or contact the airline by phone to confirm the purchase, the commission said.

Friday, August 8, 2008

MUST-HAVE Free Privacy Security Tools

15 Great, Free Privacy Downloads

One of the worst privacy invaders the world has ever seen is the Internet. When you surf, Web sites can find out where you've been and can gather other information about you. Trojan horses and spyware
can snoop on you. Key loggers can capture your keystrokes as you type. Eavesdroppers can steal your passwords.

It doesn't have to be that way. The 15 downloads presented here can protect you. You'll find firewalls, password protectors, rootkit killers, trace cleaners, anonymity securers, and more. So check them out, and help yourself to a safer online experience. (Note that the 15 downloads we look at here don't include any antivirus and antispyware programs. We figured that we've covered those packages well enough elsewhere. So instead, we focus on tools you might not have heard about.)

Firewalls

A firewall is one of the most basic pieces of software you can get for protecting your privacy. Any decent firewall shields you from inbound snoopers, and the better ones also prevent sneaky software from sitting invisibly on your PC and making outbound connections to tell others about your activities.

Comodo Firewall Pro
If you have Windows XP or Windows Vista, you have a firewall on your PC courtesy of Microsoft, so you may figure that you're perfectly safe. Wrong--the firewalls built into both of those operating systems have problems. The Windows XP firewall, for example, lacks outbound protection. And the Windows Vista firewall is exceedingly difficult to customize.

Vista Firewall Control
Windows Vista's firewall is better than the one built into Windows XP because it includes outbound protection as well as inbound protection. Outbound protection is vital, because Trojan horses and spyware often use silent outbound connections to do their damage. In addition, some surreptitious software uses invisible outbound connection from your PC to send out spam or malware without your knowling it.

Password Protection

Password theft is one of the greatest privacy dangers that an Internet user faces online. With the following downloads, you'll be able to keep your passwords private and yet still keep track of them

KeePass Password Safe
Most people have dozens of passwords that they use for Web sites, Web-based mail, ATMs, and more. They have become a fact of automated life. But it doesn't matter how much antivirus software and antimalware you use; if your password is stolen, you're in trouble.

KeePass Password Safe offers a simple way to keep track of all your passwords while keeping them safe. It lets you store all of your passwords in a lightweight, simple-to-use database, and it encrypts the database so that only you have access to it. You can lock it with a master password or with a file key.

KeyScrambler Personal
One of the biggest dangers you face online is theft of your user name and passwords for logging into commercial Web sites (such as banking and financial sites) and Web-based e-mail accounts. A criminal who steals that information could empty your bank account and use your e-mail address to pose as you.

This add-in to Internet Explorer and Firefox promises a simple way to keep you safe. As you type your password, KeyScrambler Personal scrambles it so that the information sent out over the Internet doesn't match what you type. That way, a lurking crook won't be able to steal your private information.

Cleaning Your Traces

As you surf, your web browser leaves traces of your travels on your PC. Web sites can look into some of those traces. And if other people use your PC, they can easily look at those traces as well. Luckily, there are tools that can get rid of the tracks you leave behind.

Another privacy problem relates to Microsoft Office documents containing private information (unbeknownst to the sender) that get sent out via e-mail. A download helps here, too, removing information that you don't want made public from the Office documents where it appears.

Free Internet Window Washer
Worried that Web sites may snoop on your Internet activities, or that someone else who uses your PC can see where you've been and what you've done? If so, you need an Internet washer--a tool that will delete your Internet Explorer browsing history, recently typed URLs, browsing history, and so on.

That's what Free Internet Window Washer does--for free. Click Wash Settings, then click Browsers, and then select what you want the program to clean. Back on the main screen, click Wash Now and the program will remove everything you've asked it to. If you prefer, click Test Now to see a preview of what the program will do.

CCleaner
Here's another great tool--and a longtime favorite of ours--for cleaning up all traces of your Internet activities. CCleaner cleans Internet Explorer and Firefox, of course, but also Adobe Acrobat, Adobe Flash Player, Google Toolbar, and Windows Media Player. It even picks up after major applications such as Microsoft Office, and it includes a Registry cleaner and an uninstaller.

SendShield
A lesser-known privacy problem may be among the most dangerous: hidden information in Microsoft Office documents that becomes exposed after the documents are made public.

This problem has struck some of the best-know enterprises in the world. In 2006, for example, Google publicly posted a PowerPoint presentation that contained notes disclosing highly sensitive financial projections to the world. Even worse, in 2003, Alistair Campbell, top communications aide to then-Prime Minister Tony Blair of the UK, released a Word document whose hidden information revealed that the British government had used plagiarized documents to justify its involvement in the Iraq war.

Rootkit and Malware Killers

Even the best antivirus and antispyware tools can't keep you completely safe. Rootkits often escape detection, and once they lodge on your PC, they give an outsider the power to take control of your system and help themselves to whatever private information they want. These two rootkit and malware killers, though, tip the odds in your favor.

F-Secure Blacklight Rootkit Eliminator
One dangerous type of malware that might infect your system is a rootkit. It hides deep in your system, using tricky techniques to shield itself from many antispyware, antimalware, and antivirus programs. With a rootkit in place, a malicious person can take complete control of your PC without your knowledge. Rootkits spread online in various ways, such as by riding along on another download.

HijackThis
If spyware or a Trojan horse slips past your defenses despite your best efforts, your best bet is to download HijackThis. It can help detect problems that other malware detectors can't find, and then will advise you about what to do.

Browsing Privacy and Security

Looking for multipurpose tools for protecting your privacy and security? The following three can help you surf anonymously, avoid trouble at wireless hot spots, and receive alerts about certain sites that may host malware designed to invade your privacy.

Tor
A surprising amount of information about you can be gathered as you surf the Web--including the operating system you use, the sites you've visited recently, your geographic location, and possibly your company (based on your IP address).

Hotspot Shield
Some of the most nefarious online dangers arise when you're away from your home or office: Wi-Fi hacking and snooping. In a hotspot at a public location, a bad guy can set up a sniffer to snoop on all the data sent by everyone nearby. The snoop can see all of the information you send and receive over the Internet, including your user names and passwords.

McAfee Site Advisor for Firefox
One of the best ways to protect your privacy is to avoid getting infected by malware. These days, most people get infected by downloading infected software or by visiting a Web site that installs malware without their knowledge. So you'd like to know whether a site you visit is likely to infect you directly or to harbor malware.

Firefox Add-Ons

One great thing about Firefox is the large number of add-ons available to improve your browsing experience. The options include plenty of privacy-related add-ons. These three are among the best.

NoScript
The Web is built on interactivity, but those wonderful interactive features can be used to attack and damage your PC. JavaScript, plug-ins, Java, and other kinds of scripts and code on Web sites are hazardous. But here's the problem: If you turn them off completely, you lose some of the nicest things on the Web; and if you keep them, you expose yourself to danger.

WOT
This Firefox add-in works in much the same way as the McAfee Site Advisor. WOT rates sites according to their privacy, security, and trustworthiness, from Excellent reputation to Very Poor reputation, and it displays an icon next to the Address Bar indicating how it rates a particular site. As you search, you'll be able to see the icon as well, so that you can decide before visiting a site whether you want to go there.

Secure Login
Little surprise that Secure Login provides a way to log you in to Web sites securely. It integrates with Firefox's password list--so when you visit a site, you can log in by clicking a button instead of having to type in your user name and password. Beyond that, Secure Login keeps your passwords safe in various ways. It stops any malicious JavaScript code from stealing your password, and it can block other password-stealing attacks, such as cross-site scripting (XSS) attacks.

Please refer below for more security tools posted by me:

Westpac gives away free security software
Personal Computer Security
MUST-HAVE Free Security Utilities
Turning FireFox To An Auditing Platform

Malware Attack through Facebook

Malicious Hackers Use Facebook Wall for Malware Attack

Facebook users are being targeted by malicious hackers through postings on the popular Wall section of the social-networking site, security company Sophos said Thursday.

The Wall, a core feature of Facebook profile pages, is used by members to leave each other messages that in addition to text can also contain photos, videos, music and links to Web sites.

The malware attack comes in the form of a Wall message supposedly posted by a friend that urges members to click on a link to view a video on a Web site supposedly hosted by Google, said Graham Cluley, senior technology consultant for Sophos. However, the link takes users to a Web page that isn't hosted by Google, where they are told they need a new version of Adobe's Flash player and are urged to download an executable file to watch the video.

Please click here to read full details.

Saturday, August 2, 2008

Westpac gives away free security software

Australian Bank "Westpac" new initiative towards security....

Banks offering security software is not exactly a new development, but Westpac's arrangement has an interesting twist: customers can download a free copy of PC Tools' anti-malware, firewall and privacy protection packages. There doesn't seem to be any validation process to confirm if you're a Westpac customer or not, so in effect anyone can get a free copy of these programs.

Westpac, in partnership with online security specialist PC Tools, is offering 12 months free access to the following software products to help keep you secure online. When you download the software, you can choose to purchase an additional 12 months protection upfront, or you can renew the subscription at the end of your free 12 months.

Spyware Doctor with AntiVirus™ (Free for the first 12 months)

Award-winning spyware and virus protection to help secure your PC against privacy, tracking and virus threats. Spyware Doctor is an utility which detects and removes malicious software and spyware. Protect your privacy and computing habits from prying eyes and virtual trespassers with the help of Spyware Doctor.

Privacy Guardian (Free for the first 12 months)

Privacy Guardian
helps protect your privacy by ensuring all traces of your online Internet and computer activities are erased and unrecoverable on your PC. Information from every website you visit is stored on your computer and recorded in hidden Windows® locations including temporary files, cookies, system registry and the index.dat file. Privacy Guardian securely cleans the data out of hidden files that may be overlooked by clearing your Web browser.

PC Tools Firewall Plus™ 3.0 for Windows® (Free for the first 12 months)

PC Tools Firewall Plus
is a powerful personal firewall Designed for Windows® Vista™, XP, Me, 98 and 2000 that helps protect your computer from intruders and controls the network traffic in and out of your PC. By monitoring applications that connect to the network, Firewall Plus can stop Trojans, backdoors, key-loggers and other malware from damaging your computer and stealing your private information.

So, grab yourself a free copy and protect yourself. Now, this is what we need from banks. Stepping Up! :)

Facebook and Myspace Worm & Viruses

Web worms squirm through Facebook, MySpace

People at Kaspersky Lab have intercepted two new worms squirming through MySpace and Facebook, using social engineering lures to plant malware on Windows systems.


The worms propagate via the comments features on the two popular social networks, using video lures and fake Flash Player downloads to trick end users into installing malicious executables.

Some of the messages and comments posted to the social network sites include:

* Paris Hilton Tosses Dwarf On The Street
* Examiners Caught Downloading Grades From The Internet
* Hello; You must see it!!! LOL. My friend catched you on hidden cam
* Is it really celebrity? Funny Moments and many others.

Please refer here for full details.