TechBlog

In the Pwn2Own hacking contest at the CanSecWest security conference in Vancouver, Canada, security researchers and hackers quickly hacked three of the major browsers to take control of the underline operating systems. — A German hacker who goes by the handle “Nils” used a previously unknown vulnerability in Mozilla’s Firefox to gain control of a 64-bit Windows 7 machine. — Peter Vreugdenhil an independent researcher from the Netherlands, used several vulnerabilities in Internet Explorer to take control of a machine running a patched 64-bit Windows 7 implementation. ...

**Computer security category of risk: human factors? ** The Sofia, Bulgaria, news site novinite.com is reporting that a city councilor in Bulgaria’s second largest city of Plovdiv was voted out of a city council committee because he wouldn’t stop playing Farmville during meetings. The Plovdiv city hall recently got wireless Internet and city councilors got laptop computers. Two weeks ago council chairman Ilko Iliev started to get irritated by council members playing Farmville during budget hearings. ...

In the security industry we often focus heavily on new technologies and shiny new software, and forget that so much of what we see is dependent on the person behind the computer. Today, a co-worker of mine was sent an email from someone she doesn’t know, with the following text: “I’m writing this with tears in my eyes,my fam and I came down here to Wales,United Kingdom for a short vacation unfortunately we were mugged at the park of the hotel where we stayed,all cash,credit card and cell were stolen off us but luckily for us we still have our passports with us. ...

There is a risk to computer security from governments. Regulatory changes, even if they are very positive measures, can impose huge demands on an enterprise (i.e. HIPPA, Sarbanes-Oxley, California’s law requiring notification of customers whose personal information is hacked on company sites.) The “government” risk can get no bigger than the clash of Google and the government of China over the censorship issue. The world suspects that the Chinese government or its proxies were behind a campaign of hacking against Google and other major U.S companies several months ago. Google reacted to the hacks by saying in January that it would stop censoring search results for web users in China. Monday it said it would move to Hong Kong. ...

In spite of the polarized, poisonous atmosphere in Washington, D.C., generated by President Barak Obama’s health care reform campaign, two Senators from very opposite ends of the political spectrum are co-sponsoring a bill to fight international cybercrime. U.S. Senators Kirsten Gillibrand (D-NY) and Orrin Hatch (R-UT) have cosponsored a bill aimed at fighting international cyber crime: the International Cybercrime Reporting and Cooperation Act. If enacted into law, the bill would give the U.S. government the power to help countries that need assistance in their fight against cyber crime. It also gives the U.S. government the power to cut off financial assistance to countries that don’t crack down on net criminals. ...

Today at CanSecWest I stopped by the Google booth and picked up a yo-yo. As I was about to open the package, something struck me: ‘Google… Made in China’ Oooops…….

“Dirty” or “Flirty” Ok. It’s an old formula for a successful business: pay girls to have fun with you. This time the schtick is getting on-line gamers to pay $8.25 (US) to play an online game with a female for 10 minutes. The women get to keep 40 percent. The site is GameCrush. It just opened last night and it seems to be a success (screen shots below.) “GameCrush is being touted as the first social site for adult gamers with the women online able to set their gaming mood to either ‘flirt’ or ‘dirt’, IGN reports. _ _ “The men online are known as Players and the women as PlayDates and Players pay to play while PlayDates get paid to play. _ _ “Players browse PlayDate profiles — of which there are currently 1200 — view photos and even chat with girls for free.” _ _ “At the moment it only supports Xbox 360 and some games on the GameCrush website. GameCrush plans to support PlayStation 3, Wii and World of Warcraft.” ...

We’ve previously listed many official themes for Windows 7, presented by Microsoft at Windows 7 Personalization Gallery. Here are 2 more new themes which truly depicts the prominent beauty of Taiwanese mountains ‘Syue & Nenggao’ in Taiwan. Syue or Hsuehshan or Snow Mountain is the second highest mountain in Taiwan with its main peak at 3,886 m (12,749 ft) above sea level. Nenggao is a mountain in Taiwan whose southern peak has an elevation of 3,349 m. Its main peak lies at 3,261 m. ...

Not so long ago, examples of fake Firefox websites / downloads were in the news with the sites involved serving Hotbar installs. It seems the tactic of offering up Firefox (but giving you something else entirely) is going to be around for a little while. Below is a site promoting a Firefox .xpi called “The Dislike Button”, designed to let you add an “I dislike this” note to Facebook posts: ...

Mozilla Foundation has released version 3.6.2 of its Firefox browser a week early. The group had said the update would be available March 30. The update fixes a widely reported vulnerability (CVE-2010-1028) that prompted Germany’s CERT to advise Web users to switch to another browser until a fix was made. (My blog post “Germany’s CERT warns against Firefox use” ) Intevydis researcher Evgeny Legerov had found that Wide Open Font Format decoder in Firefox had an integer overflow in its font decompression mechanism. The flaw involved a memory buffer that was too small to handle a downloadable font. Legerov had found that exploiting the vulnerability could crash a victim’s browser making it possible to run arbitrary code on the system. ...