Blog

SophosLabs: Scammers are up to their old tricks on Facebook, tricking users into visiting revenue-generating survey scam websites by appearing to offer sex videos. Using a thumbnail which suggests a link to a sex video, messages posted on compromised Facebook users’ walls attempt to lure their unsuspecting Facebook friends into clicking to see more. And if the use of a saucy snapshot of a naked man and woman in an intimate pose wasn’t enough, the messages also include a variety of names (obscured in the images below) – presumably these are the names of the afflicted users’ Facebook friends. ...

The H-Online: Google’s solution for the problem of getting better passwords on the net – a combination of browser sign-in andOpenID – will take some time to implement as it involves persuading sites to switch to using OpenID. The developers on the Chrome project think that they can at least improve the security of passwords on sites, by generating passwords for the user. A new Password Generation proposal for the Chromium and Chrome browsers attempts to address that by assuming that once the user is signed into the browser, it can take over the handling of password creation. ...

H-Online.com: Following the revelation that Google and other online marketing companies have been bypassing the mechanism for blocking third-party cookies in Safari, the Internet Explorer development team asked themselves whether Google might be doing the same thing in IE. As they detail on IEBlog, they discovered that this was the case – Google circumvents Internet Explorer’s cookie policy by subverting the browser’s P3P-based privacy protection mechanism. P3P stands for Platform for Privacy Preferences Project and is an open W3C standard. It is intended to help both users and programs determine what sites do with personal data. The cookie management system in Internet Explorer blocks third party cookies from sites that do not supply a P3P policy statement telling it how cookies are used. ...

from Asa Dotzler: Firefox and more I’m not going to apologize for complaining about the terrible, awful, horrible, no good, very bad experience I had when I decided to give LibreOffice a try. It was abysmal and improving that experience should be a top priority for that team if they care about expanding LibreOffice beyond the few Linux users who get it pre-installed. But, I do think I could have done more to propose fixes rather than just rant about the brokenness of the experience so I’ve done just that. ...

WebTrickz: VideoLAN has finally released the much awaited 2.0 version of “VLC Media Player”, the best and most popular media player for Windows, Mac OS X and Linux. VLC is a free and open source cross-platform multimedia player that plays most multimedia files including DVD, Audio CD, VCD, and various streaming protocols. VLC 2.0.0 “Twoflower” is a major release, presented after 485 million downloads of VLC 1.1.x versions. It efficiently plays most codecs (MPEG-2, H.264, DivX, MPEG-4, WebM, WMV player) without requiring any codec packs. ...

The H-Online: The Mozilla Project has released updates to Firefox and Thunderbird. According to the release notes, the version 10.0.2 updates to the open source web browser and the news and email client address a security vulnerability; however, at the time of writing, the project’s security pages provide no details of what has been fixed; these releases came soon after a Chrome update which closed 13 security holes and took the version number to 17.0.963.56. ...

The H-Online: Google and other advertising companies have been found to be deliberately evading the privacy controls of Apple’s Safari browser. The evasion was revealed in a report in the Wall Street Journal and was based on work by Stanford researcher Jonathan Mayer. He found that the “+1” button code added to DoubleClick advertisements also allowed a Google DoubleClick tracking code to be installed on desktop Safari on 22 of the top 100 web sites. The same happened with 23 of those 100 sites when using Safari on the iPhone. ...

The H-Online: Tenable has released version 5.0 of Nessus, its popular vulnerability scanner. The new version of the tool includes an updated installation wizard that is said to make installing and configuring the server and client easier and quicker than before. Scan policies can now be created substantially faster than with previous versions, and the developers have also improved the way users navigate through the results of a vulnerability audit. ...

Symantec: The world is mourning the loss of another legendary pop singer also known as the queen of pop – Whitney Houston. Spammers are paying homage to the icon with a wicked malware. The malicious email shows a video of the last appearance of the star in a Los Angeles night club and also downloads an executable binary. This file is detected by Symantec Antivirus as WS.Reputation.1. ...

SophosLabs: Here’s a spam message I received today: Hi GCLULEY, Hi. Why the caps? And just “Graham” would be fine. Do you find ONLY having a South African passport limiting? I don’t have a South African passport, but I haven’t found its absence very limiting. Do you find your travel choices abroad restricting and visa applications frustrating? Not particularly. Do you have an exit strategy if South Africa becomes the next Zimbabwe? ...