TechBlog

I’ve owned up to some of the great loves of my life in the past. For instance, I’m a music lover and I’m very partial to board games (even during a denial-of-service attack). Today I can also share that I like The Beatles. In particular, anything from “Rubber Soul” and later when the “Yeah yeah yeah” turned into something rather more “Yeah man. Dig it”. I’ve simply never come across a more talented combination of musicianship and songwriting abilities – for me, you can kick The Stones, The Who, Cream and.. yes.. even MeatLoaf to the kerb, as Lennon, McCartney, Harrison and Starr are the guv’nors. ...

Google Operation System Blog: Back in November 2010, a comment from the Google Docs source code revealed some new features that will be available: third party apps, Cloud Print integration and sync. It turns out that the upcoming Google Drive release will add support for third party apps and Google will also include a SDK for developers. This way, you’ll be able to open the files stored in Google Drive using non-Google apps. The Google Docs source code mentions “SDK” several times in connection with Google Drive and the “open with” feature. ...

Sunbelt: Twilight fans who normally frequent the official website of Stephenie Meyer, infamous writer of the said book and saga, may have found their systems captured by a “being” that is neither a blood-sucker or a giant, feral dog. It might be something supernatural, but not in the security world: zombies. Our friends at avast! have unearthed a recent attack on the author’s website not so long ago:www.stepheniemeyer.com had been hosting Crimepack, an exploit kit that takes advantage of known vulnerabilities of various Web browsers and the Windows OS to install malware. Brian Krebs of_KrebsOnSecurity.com_ took a closer look at this particular exploit pack back in 2010, and it is indeed a nasty one. Not only is it capable of targeting holes of software installed on your system, it also “lets customers [buyers of this Crimepack exploit kit] test various Web reputation services to discover whether any include their exploit sites.” Computers successfully exploited by the Crimepack exploit kit are eventually turned into zombies, which online criminals use to do malicious tasks, such as spamming and launching denial of service (DoS) attacks. ...

SophosLabs: Want a free password for one of the world’s most popular adult websites? YouPorn, one of the world’s most popular porn video websites and one of the top 100 websites of any kind in the world, appears to have been caught with its pants down – after a list of many of its users’ email addresses, passwords and dates of birth were left exposed on a public-facing server. ...

Sunbelt: Be wary of emails claiming to be from AICPA – as per their alert here, these are not real and any mention of “unlawful tax return fraud” is just a bait to convince the end-user to open up a malicious attachment (in this case, a .doc file although there are rogue PDF files in circulation too). As with many of the malicious spam campaigns doing the rounds at the moment, this one will use the Blackhole exploit kit to serve up zbot from multiple compromised domains. Worse, a Sakura kit (typical example here) will download Sirefef / ZeroAccess , which as we’ve seen elsewhere is not a good thing to have on your system. ...

Symantec Connect: Maslenitsa (Маслница) is a religious holiday celebrated in Russia and Ukraine during the last week before Lent, i.e. the seventh week before Pascha (Easter). This festival is also known as Pancake week or Butter week. During this week people enjoy the social activities that are forbidden during the prayerful Lenten season, such as partying, dancing etc. This year the Maslenitsa will be celebrated from February 20 to February 26. ...

SophosLabs: Scammers are up to their old tricks on Facebook, tricking users into visiting revenue-generating survey scam websites by appearing to offer sex videos. Using a thumbnail which suggests a link to a sex video, messages posted on compromised Facebook users’ walls attempt to lure their unsuspecting Facebook friends into clicking to see more. And if the use of a saucy snapshot of a naked man and woman in an intimate pose wasn’t enough, the messages also include a variety of names (obscured in the images below) – presumably these are the names of the afflicted users’ Facebook friends. ...

The H-Online: Google’s solution for the problem of getting better passwords on the net – a combination of browser sign-in andOpenID – will take some time to implement as it involves persuading sites to switch to using OpenID. The developers on the Chrome project think that they can at least improve the security of passwords on sites, by generating passwords for the user. A new Password Generation proposal for the Chromium and Chrome browsers attempts to address that by assuming that once the user is signed into the browser, it can take over the handling of password creation. ...

H-Online.com: Following the revelation that Google and other online marketing companies have been bypassing the mechanism for blocking third-party cookies in Safari, the Internet Explorer development team asked themselves whether Google might be doing the same thing in IE. As they detail on IEBlog, they discovered that this was the case – Google circumvents Internet Explorer’s cookie policy by subverting the browser’s P3P-based privacy protection mechanism. P3P stands for Platform for Privacy Preferences Project and is an open W3C standard. It is intended to help both users and programs determine what sites do with personal data. The cookie management system in Internet Explorer blocks third party cookies from sites that do not supply a P3P policy statement telling it how cookies are used. ...

from Asa Dotzler: Firefox and more I’m not going to apologize for complaining about the terrible, awful, horrible, no good, very bad experience I had when I decided to give LibreOffice a try. It was abysmal and improving that experience should be a top priority for that team if they care about expanding LibreOffice beyond the few Linux users who get it pre-installed. But, I do think I could have done more to propose fixes rather than just rant about the brokenness of the experience so I’ve done just that. ...