Friday, July 31, 2009

Hotmail account is easy to claim, reset the password and effectively hijack the account?

Dormant Hotmail Accounts Easy Prey for Hackers

One of the most effective means of warding off spam messages and phishing scams is to
create multiple, disposable e-mail addresses. Typically, one address should be for personal matters, such as correspondences between family and friends, and at least one should be used for paying bills, subscribing to online newsletters, registering for message board activities, and other such pursuits.

According to Download Squad, if one of those accounts is through Windows Live Hotmail,
maintaining that address, and actively using it, is an absolute necessity. The Windows Live help files state that if the account remains inactive for over 270 days (or if it isn't used during the first 10 days following activation), then the account will become inactive and all information contained within the account's files will be deleted. If the account remains inactive for one year, then the address is reentered into circulation.

This means anyone can claim it, reset the password, and effectively hijack the account. By accomplishing this, the hackers can pose as the original account holder and request other password resets in order to gain access to any service (bank account, bill pay) that might have been previously subscribed to with the address.

Compromised e-mail accounts certainly aren't uncommon, even plaguing professional techies as scammers recently employed similar techniques to
take over personal accounts of Twitter employees. For protection against such hostile e-mail takeovers, regularly check all accounts so that none of them become dormant, and definitely take measures to fortify account passwords so that Web deviants can't easily gain access to personal information.

Wednesday, July 29, 2009

Top 10 Windows 7 features

The best things about Microsoft's latest Windows 7

Windows 7 has now been released to manufacturing, and the much-anticipated next version of Windows will be available for TechNet subscribers and enterprise Software Assurance customers to download within weeks. With this in mind, here is the list of the top 10 reasons for upgrading to Windows 7.

  1. 'Available networks' tool on taskbar
    If you're a laptop user, it's almost worth installing Windows 7 for this feature alone. Like all great ideas, it's disarmingly simple: put a control on the taskbar, accessed via a single mouse click, that shows available Wi-Fi networks and lets you choose which one to connect to. It's a world away from the hoops Windows Vista makes you jump through to get a Wi-Fi connection

  2. Fewer annoying pop-ups
    Vista users will be familiar with the constant barrage of pop-up messages the system subjects them with: 'Windows Defender needs your attention', 'Check Windows Firewall settings', 'Updates available for your computer', and so on. In Windows 7, most of these messages appear instead in a notification area on the taskbar, so you can deal with them at your leisure.

  3. HomeGroup
    HomeGroup should make it much easier to share files and other content such as music and pictures among all computers connected to a home network. It lets each user control what they want to share from their own computer, and any new Windows 7 PC connecting to the network will automatically find the HomeGroup, but needs a password to join.

  4. Device Stage
    Device Stage is a new user interface for working with peripherals like phones, cameras or printers in Windows 7. It not only shows all the information about your device, but brings together all the applications and services you can use with it in one place.

  5. BitLocker support for removable storage
    The Bitlocker encryption tool was introduced in Vista, but only in some editions and only for the boot drive of a PC. In Windows 7, BitLocker to Go lets you encrypt and password-protect USB devices such as Flash memory sticks to secure files in case you misplace the drive.

  6. Speedier boot-up
    With some PCs that we've seen running Vista, you could hit the on switch then go away and make a cup of tea before being able to actually use the system for anything. By contrast, Windows 7 boots up and is ready in about 30 seconds flat. In fact, Windows 7 seems more responsive than Vista all round, even on the same hardware.

  7. Libraries
    Libraries are like folders, except they conveniently bring together content from multiple locations into one place. For example, the Pictures library lets you see all photos and images to which you have access, whether they are spread across several folders on your hard drive or even on a network share.

  8. User Account Control is less in-your-face
    The User Account Control (UAC) feature was introduced in Vista to improve security but has proved extremely annoying, popping up and asking for confirmation whenever you want to open Device Manager, add drivers, or dozens of other tasks. In Windows 7, UAC has been reworked so that users can carry out a greater range of tasks without a UAC prompt asking them for confirmation or administrator credentials.

  9. Multi-touch
    On systems with a compatible touch screen, Windows 7 supports gesture-based input and control, like you might see on Apple's iPhone, but it works with pretty much all applications, not just those created for Windows 7. This means you can tap on the screen to launch applications, use your finger to scroll up and down in Internet Explorer and Word documents, and doodle using your fingertip in Paint.

  10. It's not Windows Vista
    Enough said.


Saturday, July 25, 2009

Debunking Rumors about Advertising and Photos on Facebook

FACEBOOK has agreed to let third party advertisers use your posted pictures WITHOUT your permission

In the past couple of days, a rumor has begun spreading that claims Facebook have changed their policies for third-party advertisers and the use of users photos. These rumors are false, and Facebook have made no such change in their advertising policies.

If you see a Wall post or receive a message with the following language or something similar, it is this false rumor:

FACEBOOK has agreed to let third party advertisers use your posted pictures WITHOUT your permission.

The advertisements that started these rumors were not from Facebook but placed within applications by third parties. Those ads violated our policies by misusing profile photos, and we already required the removal of those deceptive ads from third-party applications before this rumor began spreading. This has been confirmed by
Barry Schnitt on Facebook's Blog.

I quote from his blog entry,

We are as concerned as many of you are about any potential threat to your experience on Facebook and the protection of your privacy. That's why we prohibit ads on Facebook Platform that cause a bad user experience, are misleading, or otherwise violate our policies. Along with removing ads, we've recently prohibited two entire advertising networks from providing services to applications on Facebook Platform because they were not compliant with our policies and failed to correct their practices.

Facebook have confirmed that their are committed to remain vigilant in enforcing their policies to prevent bad ads from appearing on Facebook—whether served by themself or a third party. They have advised that if any user see a misleading ad or believe it violates their policies, report it to them.

If it's one of their ads, you can simply click the thumbs-down icon that appears above or below the ad to report it. If the ad is from a third-party application, click the "Report" link at the bottom of the page to report it to the developer and Facebook.

Wednesday, July 22, 2009

Sophos slams US for again topping spam ranking

The US should clean up its own computers before looking to fight overseas hackers and spammers

One in six spam emails come from the US, according to a report from a security firm.
Sophos ranked the US as the top source of the unwanted messages around the world, sending 15.6 per cent of all spam globally for the second quarter of the year.

Sophos security researcher Graham Cluley called for the US to clean up its spam problem.
"Barack Obama's recent speech on cybersecurity emphasised the threat posed by overseas criminals and enemy states, but these figures prove that there is a significant problem in his own back yard,” he said in a statement.

Sophos also said that spammers are taking to social networking sites, such as Twitter, using URL shortening services such as TinyURL, and others.

The 140 character limit on Twitter means many users turn to such services to shorten long URLs, but the shortened links obscure the actual target, letting spammers and malware writers send users to sites they might not otherwise visit.

“This is being exploited by hackers that will use the services to obscure links to offensive material or malicious websites, and then distribute the links in spam emails, as well as posting them on Twitter and other networks,” Sophos said.

The top 12 worst countries for spam distribution:

1. United States (15.6 per cent)

2. Brazil (11.1 per cent)

3. Turkey (5.2 per cent)

4. India (5.0 per cent)

5. South Korea (4.7 per cent)

6. Poland (4.2 per cent)

7. China (4.1 per cent)

8. Spain (3.4 per cent)

9. Russia (3.2 per cent)

10. Italy (2.8 per cent)

11. Argentina (2.5 per cent)

12. Vietnam (2.3 per cent)

Tuesday, July 21, 2009

Future cars will communicate to avoid collisions

Robotic cars to communicate with each and avoid collisions

The recent First Rim Mathematical Association (PRIMA) conference in Sydney featured a demonstration of how the flocking technique could be used to control cars. Bhibhya Sharma and Utesh Chand, researchers at the University of the South Pacific's School of Computing, Information, and Mathematical Sciences, presented a computer simulation of how merging traffic would be controlled by a centralized brain and a series of algorithms. The researchers say that flocking, inspired by biology, is a common robotics strategy. "One of the advantages of flocking is that robots can work together and achieve what would take individuals far longer," Sharma says. The centralized brain would tell cars how to move in formation together, and the algorithms would create targets that they must move toward and maintain to avoid moving outside of their lanes and crashing into each other. The team is testing the technique on two-wheel robots.

Please refer here to read full interesting research.

Sunday, July 19, 2009

In future, we might not have time to eat food with our hands?

Too busy to eat? Try this bag on for size

In today's hurry-up world, who doesn't eat on the run? We drive, talk on the phone, catch up on e-mail, and do almost any other task while trying to consume a meal. Multitaskers take note: genius inventors have made eating even less of a hassle.

Introducing … the fast-food feedbag!

To allow hands-free eating of your favorite fast-food meals, just slip the device over your ears and enjoy a pouch that blends your favorite menu choices together into an easy-to-eat mixture. For an extra 50 cents, you can throw in a beverage — literally. So stop by a participating Taco Bell, KFC, or Pizza Hut, grab a feedbag, and get busy!

I find this quite interesting because in future we might not even have time to eat food with our hands?

Thursday, July 16, 2009

Cyber War - Ten thousands of computers infected, N.Korea suspected!

S.Korean police: Hackers extracted data in attacks

Hackers extracted lists of files from computers that they contaminated with the virus that triggered cyberattacks last week in the United States and South Korea, police in Seoul said Tuesday.

The attacks, in which floods of computers tried to connect to a single Web site at the same time to overwhelm the server, caused outages on prominent government-run sites in both countries.
The finding means that hackers not only used affected computers for Web attacks, but also attempted to steal information from them. That adds to concern that contaminated computers were ordered to damage their own hard disks or files after the Web assaults.

Still, the new finding does not mean information was stolen from attacked Web sites, such as those of the White House and South Korea's presidential Blue House, police said. It also does not address suspicions about North Korea's involvement, they said.

Police reached those conclusions after studying a malicious computer code in an analysis of about two dozen computers — a sample of the tens of thousands of computers that were infected with the virus that triggered the attacks, said An Chan-soo, a senior police officer investigating the cyberattacks. The officer said that only lists of files were extracted, not files themselves.

Refer here to read full details.

Wednesday, July 15, 2009

Brain hacked due to buffer overflow or DOS attack?

The Next Hacking Frontier: Your Brain?

Some scientists are concerned that as brain-computer interfaces become widely used and incorporate wireless technologies, "brain hacking" could become a reality. Neural devices are innovating at an extremely rapid rate and hold tremendous promise for the future. But if we don't start paying attention to security, we're worried that we might find ourselves in five or 10 years saying we've made a big mistake.

University of Washington computer security expert Tadayoshi Kohno and his colleagues say most devices currently carry few security risks, but as neural engineering becomes more complex and widespread, the potential for serious security breaches expands significantly.

For example, the next generation of implantable devices used to control prosthetic limbs will likely include wireless controls that enable physicians to remotely adjust settings. If hackers were to access this system they could take over a robotic limb. There is a precedent for using computers to cause neurological harm, including the November 2007 and March 2008 hacks of epilepsy support Web sites in which malicious programmers added flashing animations to cause seizures in photo-sensitive patients.

Patients also may want to hack their own devices. For example, hacking deep brain stimulators, which already use wireless signals, could enable patients to "self-prescribe" elevated moods or pain relief, which is similar to abusing traditional medications.

Please refer here to read this interesting article on Wired News.

Monday, July 13, 2009 stole the identities of more than 60 million

60 million users in social networking rip-off - Be Careful

New York's attorney general says that stole the identities of more than 60 million internet users worldwide - by sending emails that raided their private accounts. Andrew Cuomo, said he plans to sue the social networking website for deceptive marketing and invasion of privacy.

"This company stole the address books and identities of millions of people," Cuomo said in a statement. "Consumers had their privacy invaded and were forced into the embarrassing position of having to apologise to all their email contacts for Tagged's unethical - and illegal - behaviour."

Started in 2004 by Harvard math students Greg Tseng and Johann Schleier-Smith, Tagged calls itself a "premier social-networking destination." The California-based company claims to be the third-largest social networking site after Facebook and MySpace, with 80 million registered users.

Tagged acquired most of the identities fraudulently, sending unsuspecting recipients emails that urged them to view private photos posted by friends.

The message read: "(name of friend) sent you photos on Tagged."

When recipients tried to access the photos, they would in effect become new members of the site - without ever seeing any photos. Tagged temporarily suspended its online campaign last month, in response to user complaints. Email and telephone messages to the company were not immediately returned. This very virulent form of spam is the online equivalent of breaking into a home, stealing address books, and sending phony mail to all of an individual's personal contacts,.

The system was set up so that a user was asked whether the sender of the photos was a friend, then suggesting that if the recipient didn't respond, the friend "may think you said no". Every person on a user's contact list received an email that again read, "(name of user) sent you photos on Tagged." The site then released a flood of offers for everything from sweepstakes to other services.

By the time a recipient realised there were no photos, it was too late.

Please be careful out there and ensure you don't register or click on any links sent to you by Tagged claiming to be sent by your friend.

Please refer here to read full details.

Wednesday, July 8, 2009

Microsoft issues rare security warning

Hackers are launching attacks against an unpatched vulnerability in the Microsoft Video ActiveX Control

Microsoft has released an out-of-band, emergency security advisory and also investigating attacks targeting a vulnerability in Microsoft Video ActiveX Control that could allow a hacker to gain complete control of a system. This news is already making headlines in Information Security world.

An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. When using Internet Explorer, code execution is remote and may not require any user intervention. At this stage, no security patch has been made available by Microsoft.

In this security advisory, Microsoft workaround refers to a setting or configuration change that does not correct the underlying vulnerability but would help block known attack vectors before you apply the update. Microsoft has tested the following workarounds and states in the discussion whether a workaround reduces functionality:

• Prevent Microsoft Video ActiveX Control from running in Internet Explorer - See Microsoft
Knowledge Base Article 972890 for information on how to implement this workaround automatically.

Popular IT news website,
eWeek has already confirmed that:

"Hackers are launching attacks against an unpatched vulnerability in the Microsoft Video ActiveX Control that could allow an attacker to take full control over the system. When using Internet Explorer, code execution is remote and requires no user interaction, Microsoft says."

Please refer
here to read the news on eWeek and refer here to read article on ComputerWorld, who claims Microsoft may have known about critical I.E bug for months.

The unpatched vulnerability in the Video ActiveX control that Microsoft has warned about was reported to the company in 2008, but one of the security researchers who found it refused to criticize Microsoft's response to the threat.

The bug was uncovered by researchers Alex Wheeler and Ryan Smith, who at the time both worked at IBM's ISS-X-Force. A Microsoft spokesperson said the company first learned of the vulnerability in 2008 and immediately began an investigation.

Sunday, July 5, 2009

Hackers used Michael Jackson to hijack Sydney website

Global Michael Jackson spam storm

A Sydney radio show has been caught up in a global Michael Jackson spam storm, after its website was hijacked in a bid to infect users with malware.

Cyber criminals hacked into the web server of Beatz Radio, a weekly dance music show that airs on Friday nights on FM 99.3, and used the site to host a file that purported to be unseen videos and pictures of Jackson. But the file was actually a password-stealing trojan that surreptitiously loads itself on to the victim's computer and sends back to the hackers a log of every keystroke made.

Links to the bogus YouTube clip were then sprayed out across the world as part of an email spam campaign that sought to exploit the immense interest in Jackson following his death. But Beatz Radio chief Tim Little had no idea until he was contacted by AusCERT, the national Computer Emergency Response Team for Australia.

My advice, don't click on any videos until you are fully satisfied that the website is trusted and most important keep your computer upto date with anti-virus, security patches and anti-malware softwares.

here to read more details.

Thousands of Web Sites Stung by Mass Hacking Attack

Watch out, thousand of legitimate website might be hosting malicious software...

Up to 40,000 Web sites have been hacked to redirect unwitting victims to another Web site that tries to infect PCs with malicious software, according to security vendor Websense.

The affected sites have been hacked to host JavaScript code that directs people to a fake Google Analytics Web site, which provides data for Web site owners on a site's usage, then to another bad site.

Those Web sites have likely been hacked via a SQL injection attack, in which improperly configured Web applications accept malicious data and get hacked. Another possibility is that the FTP credentials for the sites have somehow been obtained by hackers, giving them access to the inner workings of the site. It appears the hackers are using automated tools to seek out vulnerable Web sites.

Refer here to read full details.

Wednesday, July 1, 2009

CBA website crashes amid hacker scare

4.5 million customers fearing for their account security

Commonwealth Bank's internet banking website has buckled under record levels of unexplained traffic, leaving nearly 4.5 million customers fearing for their account security.

The bank admitted that it was forced to shut down its website in order to investigate the traffic, some of which "appears to be malicious". Customers were locked out of the CBA's NetBank internet site on Monday and Tuesday, with the bank as yet unable to identify the source of the traffic influx.

The scare comes just as the financial year draws to a close, leaving millions of CBA's registered online customers at a loss as they process the end of the tax year.

A spokesman for CBA insisted that customer account details were safe and it was still possible to make transactions. I qoute from NineMsn News.

It has been confirmed by spokesman Steve Batten, "There have been no security breaches and no customer information, money or accounts have been accessed or compromised. We are currently experiencing exceptionally high volumes of traffic, some of which appears to be malicious."

The bank recorded 1.2 million transactions by 3.30pm this afternoon - the number it usually processes in an entire 24-hours. As a precaution to protect its customers, the bank shut down access to its site while it investigates a slew of messages from unidentified senders.

"The CBA will continue to prioritise workload in this manner until we are able to identify beyond any doubt the source and type of this unusual traffic," Mr Batten said. "Customer information and privacy must be secured at all times. If that is ever under threat we must forgo convenience for a short time whilst services are assured," he added.

NineMsn News