TechBlog

SophosLabs: The United States, which currently forbids government workers or soldiers to use smartphones to send classified messages, is preparing a modified version of Google’s Android operating system that will meet its security certifications. According to CNN, the army has been testing touchscreen devices at U.S. bases for almost two years. Forty phones were sent to soldiers overseas last year, and another 50 phones and 75 tablets are scheduled to ship to soldiers in March. ...

Mashable: Google just debuted a project dedicated to attacking some of the biggest problems facing civilization, such as global warming, and proposing “radical” ideas for solving them. Solve for X Called “Solve for X,” the idea resembles TED (Technology Entertainment and Design), the series of conferences that feature industry leaders exploring big-picture ideas and how they can improve society. Solve for X, however, appears to be more focused on global problems, using them as opportunities to encourage “moonshot” thinking. ...

The H-Online: The German Federal Office of Information Security (BSI (German), BSI English) has compiled security recommendations for Windows PCs that will probably sound familiar to regular readers of The H: Anti-virus software – including free solutions –, backups, security updates, an alternative browser such as Google Chrome and “a healthy level of mistrust” are the main components of its proposal for a secure Windows PC. As the UK lacks a governmental organization that makes such recommendations, as usually such organizations recommend policy for public projects, it is worth seeing what Germany’s BSI suggests. ...

gHacks: Users of the popular Bittorrent indexing website BTJunkie who try to access the site’s content in a web browser are not seeing the usual site layout, but a goodbye message instead. The message states that the site operators have decided to close down the service voluntarily after more than seven years of operation. No reason other than that is provided, but it is likely that the decision is linked to recent events, in particular the Pirate Bay case in Sweden where founders of the site recently lost the final appeal and are looking at prison time, and the Megaupload takedown and the fallout that followed. ...

SophosLabs: Beware of malware lurking on news websites claiming to containing breaking news stories. I’ve seen a worrying number of Facebook users posting the same status messages today, claiming that the United States has attacked Iran and Saudi Arabia in a move heralding the beginning of World War 3. Well, that would certainly get your attention, wouldn’t it? A typical status message looks like the following: U.S. Attacks Iran and Saudia Arabia. F**k 🙁 [LINK] The Begin of World War 3? ...

Mashable: Skype for Windows version 5.8 is out, bringing several interesting features, including full HD video-calling, group screen sharing and Facebook integration. Full HD video calls will be most useful to those who own a HD webcam, for example Logitech C920 which does the video encoding itself thus improving HD video quality on older computers. Video calling for Facebook works even with users who don’t use Skype. To start a video call with a Facebook buddy, select the person in your list and click “video call.” ...

The H-Security: Unknown attackers have tried to use an invitation to a prestigious conference to inject a Trojan into companies in the defense sector. The security firms Seculert and Zscaler report that opening an attached PDF flyer caused recipients’ computers to be infected with spyware via a previously undisclosed hole in Acrobat Reader. According to the report, the attack mainly targeted government-related organizations, including military and aerospace contractors, in Europe and in the US. The security firms said that the attacks started back in 2009 and peaked in autumn 2010. Talking to The H’s associates at heise Security, Seculert CTO Aviv Raff added that compromised computers, some of which had been infected for two years, were only discovered a few weeks ago. ...

The H-Security: The PHP developers are working to fix a critical security vulnerability in PHP that they introduced with a recent security patch. The current stable release is affected; however, it is not yet clear whether the questionable patch was also applied to older versions. The cause of the problem is the security update to PHP 5.3.9, which was written to prevent denial of service (DoS) attacks using hash collisions. To do so, the developers limited the maximum possible number of input parameters to 1,000 in php_variables.c using max_input_vars. Because of mistakes in the implementation, hackers can intentionally exceed this limit and inject and execute code. The bug is considered to be critical as code can be remotely injected over the web. ...

SophosLabs: Facebook users are innocently sharing advice with their online friends about how women can avoid being kidnapped and raped, not realizing that they are perpetuating a hoax. Here’s a typical message that is being shared, which comes attached to an image of a young woman gagged and tied up in the trunk of a car. PLEASE READ CAREFULLY This message is for every Girl Who Goes to college or office alone.If u find any child carrying on road showing his/her address n asking u to take him/her to that address,take that child to police station n plz don’t take it to that address . IT IS A NEW WAY GANGS TO STEAL,RAPE and KIDNAP GIRLS .plz circulate to all .don’t feel shy to copy This as ur status . OUR ONE MESSAGE MAY SAVE A GIRL ...

The H-Security: Following the release of new versions of its open source Firefox web browser, Thunderbird email client and SeaMonkey suite, Mozilla has detailed the security fixes included in each of the updates. According to the project’s Security Center page for Firefox, version 10.0 closes a total of 8 security holes in the browser, 5 of which are rated as “Critical” by Mozilla. The critical issues include an exploitable crash when processing a malformed embedded XSLT stylesheet, potential memory corruption when decoding Ogg Vorbis files, XPConnect security checks being bypassed by frame scripts, a use after free error in child nodes from nsDOMAttribute and various memory safety hazards. These vulnerabilities could be exploited remotely by an attacker to, for example, execute arbitrary code on a victim’s system. ...