Blog

Hi,/ You may have noticed that part of my blog posts are copied from other source as I name them (and link them) in beginning of my posts, for example “Naked Security” (SophosLabs). Just today I noticed a message from “Graham Cluley”, one of the Authors in “Naked Security” blog which asked me to don’t re-post his articles. In the past I had checked with many of my other sources and they have always gave me permission to share their articles as long as it comes with a link to the source too and I thought “Naked Security” blog follow same rule, but seems they don’t, no problem. ...

The H-Online: The updates to PHP versions 5.3.12 and 5.4.2 released on Thursday do not fully resolve the vulnerability that was accidentally disclosed on Reddit, according to the discoverer of the flaw. The bug in the way CGI and PHP interact with each other leads to a situation where attackers can execute code on affected servers. The issue remained undiscovered for eight years. The best protection at present is offered by setting up filter rules on the web server. However, the RewriteRule workaround described on PHP.net is also, according to security expert Christopher Kunz, inadequate. He suggests a slightly modified form of the rule as an alternative. ...

The H-Online: Adobe has released a security advisory relating to an object confusion vulnerability which allows an attacker to crash the player or take control of an affected system. Adobe says that there are reports of this vulnerability being exploited in the wild as part of targeted email-based attacks which trick the user into clicking on a malicious file; this exploit only targets Flash Player on Internet Explorer on Windows, though the vulnerability exists on Windows, Mac OS X, Linux and Android versions of the player. ...

TheHackerNews: Google got Pwned ? NO Few Algerian Script Kiddies try to spread fake rumors that they Hack and Deface the Giant Search engine “Google Iranian” domain http://www.google.co.ir/ . As the screenshot shown a Algerian flag on it and Page Titles : **“**H4Ck3D By vaga-hacker dz and DR.KIM”. As mentioned by hacker, the team include hackers named : “V4Ga-Dz,Dz0ne,DR-KIM King-Dz,BroX0 aghilass elite jrojan password kha&mix wasim -dz” . It is not confirmed that, either these are member from some Anonymous Hackers but they try to use Anonymous Hackers Tag line : We Dont Forget , We Dont Forgive, Expect Us! to get some publicity. ...

Cross-posted from BetaNews: In a blog post on Wednesday, President of Microsoft’s Windows division Steven Sinofsky announced the seven-year old Windows Live brand is being retired. Do not be mistaken, there are more than 500 million users of the various Microsoft services that fall under the general classification of Windows Live. They are alive and well. The brand and the concept of Windows Live as a whole, however, is antiquated in this mobile-driven era, and Microsoft is finally halting the differentiation. ...

The current versions of the Tor Browser Bundle (TBB) include a bug that makes it possible for information about visited web sites to leak out of the anonymising layer. On version 2.2.35-9 of TBB for Windows and version 2.2.35-10 for Mac OS X and Linux, the included version of Firefox does not send DNS requests over the Tor network if the browser is using the WebSocket protocol. This means that an attacker listening in on the connection will be able to identify the servers the user is visiting. ...

SophosLabs: According to reports, Iran has started making its own anti-virus software. It is said that experts from Shiraz Computer Emergency Response Team of APA (Academic Protection and Awareness) of Iran have been working on the project to help better protect the country’s digital defenses. Of course, Iran is no stranger to malware. It found itself thrust into the spotlight in 2010 when the infamous Stuxnet worm was widely reported to have infected industrial plants (including nuclear plants) in the country with the seeming intention to target and sabotage SCADA systems. ...

The H-Online: Tor developers Arturo Filasto and Jacob Appelbaum have been working on a new tool they call the OONI-probe. OONI stands for Open Observatory of Network Interference and is designed to help map internet censorship across the global network. The open source tool gives users the ability to check their internet connection for censorship, selective bandwidth throttling, surveillance and other interferences. This data can then be shared freely with other users, creating a global overview of the state of censorship of the network. ...

Symantec Connect: Customers of popular email service providers have been a common target for phishers for identity theft purposes. Phishers are constantly devising new phishing bait strategies in the hope of stealing user email addresses and passwords. In April 2012, Symantec observed phishing pages that mimicked popular email services in an attempt to dupe users with attractive storage plans. Customers were flooded with fake offers of free additional storage space for services such as email, online photo albums, and documents. In the first example, the phishing site was titled “Welcome to New [BRAND NAME] Quota Verification Page”. According to the bogus offer, the additional storage plan ranged from 20 GB to 1 TB per year, at no extra cost. The phishing page boasted that the free additional storage plan will help customers prevent loss of data and the inability to send and receive emails due to exhausted storage space. It also stated that the plan will auto-renew each year and the customer can choose to cancel at any time by returning to the same page: ...

I’m not going jump off from the tower, I’m not going to overdoes any drug, I’m not going to cut my Wrist, I’m not going to drive high speed against a wall without seatbelt (but I’ve to claim that’s fun if do it with a good music!), I’m not going to burn myself with gasoline, not drowning too, I’m not going to turn on my car in the garage with the doors closed, I’m not going to headshot myself (I don’t have a gun), I’m not going to lock myself in a very cold place, I’m not going to hug a high voltage wire, not hanging myself too, I’m not going to jump in front of metro, train or a car in highway…! no! I’m not going to suicide! ...