SophosLabs wrote: Do you want to know the total number of times that your Facebook wall has been viewed? Are you curious as to who may be stalking you on Facebook? If so, you’re a prime candidate for scammers who are exploiting that desire to put money into their own pockets. Here are the latest messages spreading virally between thousands of Facebook users who have fallen for the scam: ...
from Schneier on Security by Schneier: This isn’t good: The hacker, whose March 15 attack was traced to an IP address in Iran, compromised a partner account at the respected certificate authority Comodo Group, which he used to request eight SSL certificates for six domains: mail.google.com, www.google.com, login.yahoo.com, login.skype.com, addons.mozilla.org and login.live.com. The certificates would have allowed the attacker to craft fake pages that would have been accepted by browsers as the legitimate websites. The certificates would have been most useful as part of an attack that redirected traffic intended for Skype, Google and Yahoo to a machine under the attacker’s control. Such an attack can range from small-scale Wi-Fi spoofing at a coffee shop all the way to global hijacking of internet routes. ...
Thanks to my friend, Pondus! Ars Technica: Hundreds of thousands of URLs have been compromised—at the time of writing, 694,000 (it’s over millions of site when you are reading this)—in an enormous and indiscriminate SQL injection attack. The attack has modified text stored in databases, with the result that pages served up by the attacked systems include within each page one or more references to a particular JavaScript file. ...
Google Operation System: Until recently, Google Bookmarks and Chrome Bookmarks were two separate features that didn’t speak the same language. Even if you could save your Chrome bookmarks to a Google account, they weren’t saved to Google Bookmarks. For some reason, your bookmarks are available in a special Google Docs folder. Chrome bookmarks have a web interface, but it’s likely that the obvious will happen: Chrome bookmarks could be saved to Google Bookmarks. Jérôme Flipo noticed that the Google Bookmarks OneBox already includes Chrome bookmarks. I’ve tried to find SmallNetBuilder.com and Google’s OneBox returned it even if it was starred in Chrome, not in Google Bookmarks. ...
Google Operation System: Google +1 is yet another attempt to make Google more social. It’s Google’s version of the Facebook “likes”, a simple feature that’s very powerful because it’s part of a social network. Google will show +1 buttons next to all search results and ads, while encouraging other sites to include the buttons. All +1’s are public and they’re tied to Google Profiles. The goal is to use this data to personalize search results and ads by recommending sites +1’d by your friends. Google Social Search already does this, but there’s no support for Facebook likes, so Google had to come up with a substitute. ...
Google Talk Guru is a new Google bot that lets you ask simple questions. It’s “an experimental service that allows people to get information like sports results, weather forecasts, definitions etc via chat. It works on many popular chat applications that support Google Talk.” Send an invitation to **guru**@googlelabs.com in Gmail Chat, Google Talk or any other Jabber client and find simple facts like “weather in London”, “amplitude definition”, “translate souris”, “2^8”, “web stanford” (which returns the top Google result for [stanford]). ...
Avira TechBlog: SpyEye is a malware family which we are monitoring for some time. Today we are analyzing a sample which is detected as TR/Spy.SpyEye.flh by Avira products. The Trojan is able to inject code in running processes and can perform the following functions: Capture network traffic Send and receive network packets in order to bypass application firewalls Hide and prevent access to the startup registry entry Hide and prevent access to the binary code Hide the own process on injected processes Steal information from Internet Explorer and Mozilla Firefox A detailed analysis of this malware by Liviu Serban, Virus Researcher at Avira. ...
Avira TechBlog: It looks like new Chrome releases aren’t due every six weeks as Google announced a few weeks ago, but once a week now – the company just released Chrome 10.0.648.204 and fixes 6 highly critical security vulnerabilities with it. Those security vulnerabilities allow attackers to smuggle in malware like Trojans without the user noticing. That is why the automatic update mechanism is so important: When clicking on the tool symbol and choosing the “About Google Chrome” menu entry, the version check should show that Chrome is already on the current release – or offer to download and install the update in case that didn’t happen yet. ...
Cnet: A malicious attacker that appears to be the Iranian government managed to obtain supposedly secure digital certificates that can be used to impersonate Google, Yahoo, Skype, and other major Web sites, the security company affected by the breach said today. Comodo, a Jersey City, N.J.-based firm that issues digital certificates, said the nine certificates were fraudulently obtained, including one for Microsoft’s Live.com, have already been revoked. A fraudulent certificate allows someone to impersonate the secure versions of those Web sites–the ones that are used when encrypted connections are enabled–in some circumstances. ...
Google Chrome Blog: Today, we’re updating the Chrome beta channel with a couple of new capabilities, especially for web developers. Fresh from the work that we’ve been doing with the HTML Speech Incubator Group, we’ve added support for theHTML5 speech input API. With this API, developers can give web apps the ability to transcribe your voice to text. When a web page uses this feature, you simply click on an icon and then speak into your computer’s microphone. The recorded audio is sent to speech servers for transcription, after which the text is typed out for you. Try it out yourself in this little demo. Today’s beta release also offers a sneak peek of GPU-accelerated 3D CSS, which allows developers to apply slick 3D effects to web page content using CSS. ...