Monday, September 28, 2009

Accident Ahead? New Software Will Enable Cars To warn Drivers?

'Intelligent Car' Able to Learn From Owner's Driving and Warn in Case of Accident Hazard

Scientists from six European countries have designed a new automatic driving assistance program called
DRIVSCO. The program studies the car owner's driving pattern over time and if the car moves unusually when approaching a curve, intersection, person, or other vehicle at night, DRIVSCO issues a warning alarm. DRIVSCO, which features a night vision system, assumes that a night-time driver cannot see the road well due to poor lighting and the limited range of low beams. According to the European Union Car Council, 42 percent of car accidents occur at night. DRIVSCO project leaders say that cars installed with night vision and a sophisticated driving assistance system will reduce the number of night-time accidents on the road. Initial tests of the system were successful.

The DRIVSCO system features an electronic chip with artificial vision developed by University of Grenada researchers. The chip's system interprets images' outlines, depth, and movement. Because its hardware is reconfigurable, the chip could be used for other types of cars as well as other applications.

Refer here to read more details.

Friday, September 25, 2009

The future in the fast lane

On the road to secure car-to-car communications

The European SEVECOM project is developing ways to keep car-to-car communications private and secure from hackers. Vehicle-to-vehicle and vehicle-to-infrastructure communications should make driving safer, but there are concerns over whether those communication links are safe from outside influences.

Hackers could cause catastrophic damage by sending false messages to vehicles, or they could track individual cars to follow a specific person, such as a public official or celebrity. The SEVECOM project is working with industry participants to create a security architecture that everyone could apply to proprietary car-to-car applications. "There's plenty of secure encryption methodologies, but what doesn't exist is the architecture," says SEVECOM project coordinator Antonio Kung. "SEVECOM brought together stakeholders to agree what building blocks to use, where they should go, and when they should be used."

One important proposal of the project is that car communication should not use a fixed ID tag in its transmission, which would allow individual cars to be tracked. Instead, vehicles should use pseudonyms that change several times, such as every time the ignition is turned on or at regular intervals during a trip.

The research is complicated because an international standard protocol for car-to-car communications has still not been established. "We had to design a flexible architecture so that it could easily be adapted to conform to a standard once it has been agreed," Kung says. "The security module had to be independent of all the other communication technology and protocols involved in transmitting data."

Refer here to read the full details on the research.

Wednesday, September 23, 2009

New Web-based attacks target Windows Media holes

Browsing without new patch could be hazardous

Three separate browser vulnerabilities make you susceptible to drive-by exploits from otherwise-trustworthy Web sites. These threats affect you even if you never use Windows Media Player or Internet Explorer, so you should definitely apply this week's Windows patches. This month's security patches for Windows are a reminder that even the sites we trust can be sources of malware infections.

Microsoft security bulletin MS09-047 (973812) patches a hole that allows infected, downloaded media files to gain complete control of your system.More and more sites — even popular ones such as Facebook — have unknowingly hosted malicious banner ads, which is one way these media files can infect you.

Microsoft's Security Research & Defense blog predicts that this vulnerability will likely be targeted by such exploits within the next 30 days.Vista and Windows 7 have some protection against these attacks, but you should download and install MS09-047 immediately to stymie them completely, especially if you use XP.If, for some reason, you can't install this patch, remember that even sites you think of as trustworthy might serve a malicious banner ad from a third-party ad host.

The safest course of action is for you to apply this patch and use a browser other than IE, such as Firefox, Chrome, or Opera.

Monday, September 21, 2009

Hackers exploit FTP flaw in Microsoft's IIS

Sites running the FTP service on Microsoft's Internet Information Services (IIS) Web software may be vulnerable to attacks.

Microsoft says FTP service versions 5 and 6 are affected, but claims version 7.5 is unaffected on Vista and Windows Server 2008.

Webmasters take note: if you use Microsoft's FTP service, attackers could plant code on your servers or launch a denial-of-service (DoS) attack against your site.According to Microsoft, a newly discovered set of FTP flaws allows an attacker to install unauthorized software on an Internet Information Services (IIS) server or to crash the box.The vulnerable versions of the FTP service shipped on several flavors of Windows and Windows Server over the years.

Microsoft says the latest version of the FTP service, 7.5, is safe on Vista and Windows Server 2008.The remote-execution vulnerability, which was first described on the Milw0rm security site on Aug. 31, could allow an attacker to run malicious code. Modern versions of Windows have a feature called /GS (a buffer security check) that protects them from remote-code execution, but earlier versions do not.The newly announced vulnerabilities include a buffer-overflow flaw, which could lead to a DoS attack against any of the affected versions of Windows.

Buffer-overflow attacks use an anonymous account that has both read and write permissions. The threat, however, isn't limited only to anonymous users.

Microsoft has updated security advisory 975191 to discuss all the known unpatched FTP exploits in IIS.

Saturday, September 19, 2009

One wrong digit and you could be waving goodbye to your money

Online banking loophole risk

Shifting funds online is an increasingly popular trend among internet bank account users, but people are at risk of losing their cash if they accidentally move it to the wrong account.
A loophole in e-banking law means that if, say, you enter a single digit in error and a stranger finds their bank balance boosted, you have no guarantee your money will be returned, warns personal finance website

Clare Logie, 39, a bank worker, lost £2,000 through moving money to the wrong account in April, but the recipient is refusing to respond to requests for the money back. "I feel sick to have lost so much money," she says. "With the concern about jobs at the moment no one wants to lose cash, so this couldn't have come at a worse time."

Interesting and worth reading, Please refer here.

Thursday, September 17, 2009

Google Chrome 3.0 arrives with 3,505 bugfixes - Whoaaa!

Google's Chrome browser grows faster and more stable - Really? :)

Google Tuesday launched Version 3 of its Chrome Web browser, which keeps the pressure on competing tools by boosting JavaScript performance by 25% vs. the latest stable release. Improvements to tabs and video/audio handling round out the major new features in the release of Google Chrome, which can be downloaded here. The update comes about a year after Google Chrome made its debut. "This release comes hot on the heels of 51 developer, 21 beta and 15 stable updates and 3,505 bugfixes in the past year," Google writes on its blog.

Refer here to read the review on NetworkWorld.

Wednesday, September 16, 2009

Printers at risk of Conficker worm

IT managers should re-examine their network layout and ensure that they isolate any networked machines they do not have full control over..

Printers and other Windows-based devices are as at much risk of threats to the network – such as the Conficker worm that attacked Ealing Council's IT systems earlier this year – as any other component in an organisation's IT estate.

Some printers run Windows-based operating systems to contact suppliers when cartridges run low, even though they are not classified as computers on the network. This makes them vulnerable to the virus. Businesses cannot afford to relax their vigilance over the worm, says Rodney Joffe, director of the Conficker Working Group, an industry group set up to combat the worm.

Cleaning up and re-installing an organisation's computers is a costly exercise, but IT managers may be overlooking potential sources of rapid re-infection. Rodney Joffe says IT managers should also think about other devices, such as printers, that are permanently connected to the network.

Refer here to read the full details.

Monday, September 14, 2009

Finally! Smart Grid development will get a high priority on cybersecurity.

Security is a top concern with smart electric grid

Security specialists are working to make sure the Obama administration's plans to develop a smart electric grid that relies on the Internet to supply and monitor power across the country will include security standards for reducing vulnerabilities to cyberattack.

President Obama spoke about "building a smart electric grid to deliver energy more efficiently" in his remarks on Friday about securing the nation's cyber infrastructure, noting that "protecting the [digital] infrastructure will be a national security priority." Nearly $3.3 billion will be invested in smart grid technology development grants and $615 million technology testing as part of the American Recovery and Reinvestment Act.

A smart grid would rely on real-time, two-way communication to allow power customers to connect directly with electricity suppliers. A report from the Global e-Sustainability Initiative, created by information and communications companies to foster economic growth through technology, said, "A smart grid would work the same way that the Internet does. The difference is that while the Internet optimizes the routing of information, the smart grid optimizes the routing of electrons."

Interesting and highlighting part from the news:

"Smart grid development will require a high priority on cybersecurity to ensure hackers don't access the computer systems that control the power grid through the Internet and cause service outages or worse. The threat against the nation's power grid was first widely realized in March 2007, when researchers at the Idaho National Laboratory demonstrated to the Homeland Security Department how they could go online to hack into the programs that control a generator and manipulate settings so it would self-destruct. In April, sources from the intelligence community revealed that spies from China, Russia and other countries had penetrated computers that control the nation's power grid."

Please refer here to read more details.

Saturday, September 12, 2009

MUST-Use Privacy Plug-In "FaceCloak" for Facebook Users

FaceCloak lets users hide sensitive updates from prying eyes, including Facebook's

University of Waterloo, Ontario researchers have developed FaceCloak, a browser plug-in that shields social network users' private data from both malicious users and social network providers.

Waterloo professor Urs Hengartner says the plug-in replaces sensitive information in a user's profile with news feeds and meaningless text that can only be unscrambled by trusted friends and contacts. Carnegie Mellon University (CMU) professor Alessandro Acquisti says most users are unaware of the privacy implications of posting personal information on social networking sites such as Facebook and MySpace.

In 2005, Acquisti and fellow CMU researcher Ralph Gross found that almost 80 percent of Facebook users revealed their birthday and the majority provided public access to their real-world address, which could provide enough information to commit identity theft. Acquisti says users have recently started changing their access options to protect their information more carefully, but social network providers have not been good at protecting user privacy because monetizing personal information could result in millions of dollars in revenue.

FaceCloak allows users to designate what information should be encrypted and made available only to friends. The user receives a secret access key and sends two other keys to friends. The keys are used to access the real information, which is stored on a separate server.

Similar tools are being developed by other academic teams, including a Cornell University plug-in called None of Your Business that encrypts profile information so it can be read only by a small group of friends.

Refer here to read full details.

Friday, September 11, 2009

“Typing Arabic has never been this easy!”

Microsoft Maren

Roger's recent post pointed me to an interesting software recently released by Microsoft. I quote from the website:

Lack of access to an Arabic keyboard or lack of familiarity with one are two of the most common problems preventing Arabic users from communicating in their own language.

Microsoft Maren is a Windows extension that comes to the rescue, allowing you to type Arabic in Roman characters (Romanized Arabic, Arabizi, Arabish or Franco-Arabic) and have it converted on the fly to Arabic script.

Maren integrates seamlessly with Windows and works in most Windows applications and websites.

It is very interesting and handy application if you type or use arabic all the time. Don't forget to watch a very good video on the page.

Tuesday, September 8, 2009

Ignore - Notification from MasterCard

SCAM ALERT - Mastercard international Mega Jackpot

I have received this email in my inbox, If you see similar email in your inbox, please ignore it and don't respond with any details.

All the emails are spoofed, if you see "Reply-to", you will notice, using common sense, Mastercard International will never send an email and will definitely not advise to reply to a hotmail email address. Secondly this email has been spoofed using email address, which is again not correct Mastercard International domain address.

It is safe to say that this is some what similar to Negerian SCAM we have seen in the past.

Please IGNORE such emails and ensure you don't respond with any sort of information.

Wednesday, September 2, 2009

Security Suites are better or individual security programs?

Security suites are simple and all-in-one

The most straightforward approach to PC security is to use a security suite — such as Symantec's Norton Internet Security or Norton 360, McAfee's Internet Security or Total Protection, and Kaspersky's Internet Security — that protects your PC from viruses, Trojans, spam, and other malware. You benefit from having to install and maintain only one application, as opposed to the best-of-breed approach to security software that requires multiple installations and updates.

Many experienced PC users prefer to pick and choose their security programs so they get just the features and interfaces they prefer. Also, security suites have a reputation for being difficult to uninstall. Most importantly, many top-rated specialty apps are free. The suites cost from $30 to $70 a year for up to three PCs.

The benefit of a security suite for a home user is convenience. Only a single product needs to be purchased, configured, and updated.

Having achieved top or first-runner-up honors from the editors of
PC World, PCMag, Maximum PC, and other reviewers, today's consensus security-suite selection is Symantec's Norton Internet Security 2009. The program pairs excellent malware detection with a good range of features. The latest release continues to be faster and less resource-hungry than previous versions, according to PCMag and other testers.

If you're one of the many people who've sworn never to install a Norton or McAfee security product again, however, there are a lot of other strong contenders for security-suite top dog:

For those who'd rather select their security program solely on the results of independent antivirus test labs, visit's list of recently tested antivirus apps,'s comparison of AV test results, or Virus Bulletin's summary of AV test results (free registration required). Many people rely on ICSA Labs' AV test reports, but ICSA's certification testing can be less stringent than the testing performed by the three antivirus test labs cited above.

If you choose a specialty antivirus program over a suite, you'll need to download and install a good software firewall as well. (This is in addition to the firewall built into your network hardware.) The free Comodo Internet Security combines a firewall and antivirus app; more information and a download link are on the vendor's site. An alternative is Agnitum's Outpost Firewall Free; Agnitum's site provides more information about the product.

One of the highest-rated free antivirus programs — by PC users and software reviewers alike — is's AntiMalware, available for download from the company's site.