Blog

H-Online: Version 2.0 of the HTTPS Everywhere browser extension has been released. Where possible, the add-on automatically redirects users to more secure HTTPS connections when they access certain web pages. HTTPS Everywhere 2.0 includes an optional “Decentralised SSL Observatory” feature that detects weaknesses in encryption. When the extension detects an encryption issue, such as weak keys, it notifies users that the site they are visiting may contain security vulnerabilities that could be used to for man-in-the-middle (MITM) attacks. “This is an extra level of protection that we encourage Firefox users to download, install, and use” said Electronic Frontier Foundation (EFF) Technology Projects Director Peter Eckersley. ...

Google is to offer up to a million dollars in rewards for Chrome exploits at the CanSecWest conference. Previously, Google has sponsored the Pwn2Own competition which is held at CanSecWest, but has decided that this year it will directly reward exploits. “We discovered that contestants are permitted to enter Pwn2Own without having to reveal full exploits (or even all of the bugs used!) to vendors” says Google in a blog post. In previous years, full details have been handed over, but the revised rules make it “an explicit non-requirement in this year’s contest” – a change that Google calls “worrisome”. The organizers revised the rules to make the contest “more fair” and “more of a competition”. ...

Oops indeed. At least if you were one of the Facebook users who believed that a hidden camera video had leaked onto the net of Justin Bieber sharing some intimate moments with his girlfriend Selena Gomez. Of course, Bieber’s typical fans – or those who would delight in his public humiliation by a hungry paparazzi – are probably unlikely to think twice about clicking on a link shared with them by their Facebook friends, claiming to leak to a sex video. ...

I’ve owned up to some of the great loves of my life in the past. For instance, I’m a music lover and I’m very partial to board games (even during a denial-of-service attack). Today I can also share that I like The Beatles. In particular, anything from “Rubber Soul” and later when the “Yeah yeah yeah” turned into something rather more “Yeah man. Dig it”. I’ve simply never come across a more talented combination of musicianship and songwriting abilities – for me, you can kick The Stones, The Who, Cream and.. yes.. even MeatLoaf to the kerb, as Lennon, McCartney, Harrison and Starr are the guv’nors. ...

Finally first level of my German class at Goethe-Institut finished (Read here when it begin) and I’m so sad, I will miss all my great classmate and teacher, we have been a great group, really a perfect group together and it was not easy to say Bye. I passed the A1.1 level with “satisfactory” score (Evaluation), yeah I know I could do better but… I will try to practice at home too for the next level. ...

Google Operation System Blog: Back in November 2010, a comment from the Google Docs source code revealed some new features that will be available: third party apps, Cloud Print integration and sync. It turns out that the upcoming Google Drive release will add support for third party apps and Google will also include a SDK for developers. This way, you’ll be able to open the files stored in Google Drive using non-Google apps. The Google Docs source code mentions “SDK” several times in connection with Google Drive and the “open with” feature. ...

Sunbelt: Twilight fans who normally frequent the official website of Stephenie Meyer, infamous writer of the said book and saga, may have found their systems captured by a “being” that is neither a blood-sucker or a giant, feral dog. It might be something supernatural, but not in the security world: zombies. Our friends at avast! have unearthed a recent attack on the author’s website not so long ago:www.stepheniemeyer.com had been hosting Crimepack, an exploit kit that takes advantage of known vulnerabilities of various Web browsers and the Windows OS to install malware. Brian Krebs of_KrebsOnSecurity.com_ took a closer look at this particular exploit pack back in 2010, and it is indeed a nasty one. Not only is it capable of targeting holes of software installed on your system, it also “lets customers [buyers of this Crimepack exploit kit] test various Web reputation services to discover whether any include their exploit sites.” Computers successfully exploited by the Crimepack exploit kit are eventually turned into zombies, which online criminals use to do malicious tasks, such as spamming and launching denial of service (DoS) attacks. ...

SophosLabs: Want a free password for one of the world’s most popular adult websites? YouPorn, one of the world’s most popular porn video websites and one of the top 100 websites of any kind in the world, appears to have been caught with its pants down – after a list of many of its users’ email addresses, passwords and dates of birth were left exposed on a public-facing server. ...

Sunbelt: Be wary of emails claiming to be from AICPA – as per their alert here, these are not real and any mention of “unlawful tax return fraud” is just a bait to convince the end-user to open up a malicious attachment (in this case, a .doc file although there are rogue PDF files in circulation too). As with many of the malicious spam campaigns doing the rounds at the moment, this one will use the Blackhole exploit kit to serve up zbot from multiple compromised domains. Worse, a Sakura kit (typical example here) will download Sirefef / ZeroAccess , which as we’ve seen elsewhere is not a good thing to have on your system. ...

Symantec Connect: Maslenitsa (Маслница) is a religious holiday celebrated in Russia and Ukraine during the last week before Lent, i.e. the seventh week before Pascha (Easter). This festival is also known as Pancake week or Butter week. During this week people enjoy the social activities that are forbidden during the prayerful Lenten season, such as partying, dancing etc. This year the Maslenitsa will be celebrated from February 20 to February 26. ...