TechBlog

Windows Live is dead, long live Windows Live

Published: May 3, 2012 Reading Time: 2 min

Cross-posted from BetaNews: In a blog post on Wednesday, President of Microsoft’s Windows division Steven Sinofsky announced the seven-year old Windows Live brand is being retired. Do not be mistaken, there are more than 500 million users of the various Microsoft services that fall under the general classification of Windows Live. They are alive and well. The brand and the concept of Windows Live as a whole, however, is antiquated in this mobile-driven era, and Microsoft is finally halting the differentiation. ...

Continue Reading

Firefox WebSocket bug compromises Tor anonymity

Published: May 3, 2012 Reading Time: 1 min

The current versions of the Tor Browser Bundle (TBB) include a bug that makes it possible for information about visited web sites to leak out of the anonymising layer. On version 2.2.35-9 of TBB for Windows and version 2.2.35-10 for Mac OS X and Linux, the included version of Firefox does not send DNS requests over the Tor network if the browser is using the WebSocket protocol. This means that an attacker listening in on the connection will be able to identify the servers the user is visiting. ...

Continue Reading

Iran makes its own anti-virus software – would you buy it?

Published: May 3, 2012 Reading Time: 2 min

SophosLabs: According to reports, Iran has started making its own anti-virus software. It is said that experts from Shiraz Computer Emergency Response Team of APA (Academic Protection and Awareness) of Iran have been working on the project to help better protect the country’s digital defenses. Of course, Iran is no stranger to malware. It found itself thrust into the spotlight in 2010 when the infamous Stuxnet worm was widely reported to have infected industrial plants (including nuclear plants) in the country with the seeming intention to target and sabotage SCADA systems. ...

Continue Reading

OONI maps internet censorship on a global scale

Published: May 3, 2012 Reading Time: 2 min

The H-Online: Tor developers Arturo Filasto and Jacob Appelbaum have been working on a new tool they call the OONI-probe. OONI stands for Open Observatory of Network Interference and is designed to help map internet censorship across the global network. The open source tool gives users the ability to check their internet connection for censorship, selective bandwidth throttling, surveillance and other interferences. This data can then be shared freely with other users, creating a global overview of the state of censorship of the network. ...

Continue Reading

Phishers Offer Fake Storage Upgrades

Published: May 3, 2012 Reading Time: 2 min

Symantec Connect: Customers of popular email service providers have been a common target for phishers for identity theft purposes. Phishers are constantly devising new phishing bait strategies in the hope of stealing user email addresses and passwords. In April 2012, Symantec observed phishing pages that mimicked popular email services in an attempt to dupe users with attractive storage plans. Customers were flooded with fake offers of free additional storage space for services such as email, online photo albums, and documents. In the first example, the phishing site was titled “Welcome to New [BRAND NAME] Quota Verification Page”. According to the bogus offer, the additional storage plan ranged from 20 GB to 1 TB per year, at no extra cost. The phishing page boasted that the free additional storage plan will help customers prevent loss of data and the inability to send and receive emails due to exhausted storage space. It also stated that the plan will auto-renew each year and the customer can choose to cancel at any time by returning to the same page: ...

Continue Reading

Privacy concerns over popular ShowIP Firefox add-on

Published: May 1, 2012 Reading Time: 3 min

Cross-posted from SophosLabs: A popular Firefox add-on appears to have started leaking private information about every website that users visit to a third-party server, including sensitive data which could identify individuals or reduce their security. Naked Security reader Rob Sanders alerted us to the activities of the recently updated ShowIP add-on for the Firefox browser. According to the description on the Mozilla add-ons website, ShowIP is designed to “show the IP address(es) of the current page in the status bar. It also allows querying custom information services by IP (right click) and hostname (left click), like whois, netcraft, etc. Additionally you can copy the IP address to the clipboard.” ...

Continue Reading

Chrome 18 update closes high-risk security holes

Published: May 1, 2012 Reading Time: 1 min

The H-Online: Google has released a new update to the stable 18.x branch of its Chrome web browser to close a number of security holes found in the application. The update, labelled 18.0.1025.168, addresses a total of five vulnerabilities, three of which are rated as “high severity” by the company. These include use-after-free problems in floating point handling and the XML parser; all of these bugs were detected using the AddressSanitizer. As part of its Chromium Security Vulnerability Rewards program, Google paid a security researcher by the name of “miaubiz”, who is number three in the company’s Security Hall of Fame, $1,000 for discovering and reporting one of the float handling problems. Two medium risk problems related to IPC validation and a race condition in sandbox IPC have also been corrected. ...

Continue Reading

Skype divulges user IP addresses

Published: April 30, 2012 Reading Time: 2 min

The H-Online: According to a blog post, a modified version of the Skype VoIP software can be used to easily find out the IP address of any valid Skype user. No contact has to be made with the user in order to get the information. This IP could then be used to find out other personal details about the user, such as their location or even their employer. With a certain registry key, the manipulated version of Skype will create a log file with information including other users’ external and internal IP addresses. These IPs can be retrieved simply by opening up a user’s profile with the Skype client. In a test conducted by The H’s associates at heise Security, the log file always showed the correct IPs – and when a user was logged in with multiple clients, the IP addresses for all the clients were visible. ...

Continue Reading

Mozilla to auto-upgrade Firefox 3.6 users to version 12

Published: April 30, 2012 Reading Time: 2 min

H-Online: Soon, users running Firefox 3.6.x will start being automatically upgraded to the current version 12.0 release of the open source web browser. The plan to auto-update these users has been being discussed since the end of March, when Mozilla Release Manager Alex Keybl proposed the move on a Mozilla planning discussion thread. According to Keybl, Firefox 3.6.x users with updates enabled should start being upgraded in early May – the specific date has yet to be confirmed. The 3.6.x branch of Firefox, the first release of which arrived in January 2010, reached its end of life last week on 24 April; the last update to the 3.6 series was version 3.6.28 from early March. ...

Continue Reading

Warning: Fake Biophilla app on Android is malware

Published: April 27, 2012 Reading Time: 2 min

Corss-posted from ZDNet: Summary: Cyber criminals have created a fake Biophilla app for Android that is really just malware in disguise. Your first red flag should be that Biophilla is officially available on iOS, but not on Android. During April alone, we’ve already seen malicious versions of Angry Birds Space and Instagram in the wild. Both are Android apps that are really just malware designed to generate money from unsuspecting users by sending expensive international text messages. Now the same is happening with the popular Biophilla app. ...

Continue Reading