Blog

The Register: YouPorn nabbed in real-world privacy sting Boffins from Southern California have caught YouPorn.com and 45 other sites pilfering visitors’ surfing habits in what is believed to be the first study to measure in-the-wild exploits of a decade-old browser vulnerability. YouPorn, which fancies itself the YouTube of smut, uses JavaScript to detect whether visitors have recently browsed to PornHub.com, tube8.com and 21 other sites, according to the study. It tracked the 50,000 most popular websites and found a total of 46 other offenders, including news sites charter.net and newsmax.com, finance site morningstar.com and sports site espnf1.com. ...

Wired: SAO PAULO — Despite widespread speculation at the time, a massive power outage that left 18 out of the 26 Brazilian states in the dark for up to six hours last year was not the result of a cyber attack, according to a classified diplomatic cable published by WikiLeaks last week. The Nov. 10, 2009, blackout came just two days after the CBS News magazine 60 Minutes reported that an earlier outage in the Brazilian state of Espirito Santo in 2007 was the work of hackers. And it came just one day after Threat Level reported that, no, it wasn’t. ...

The Register: Windows source code tapped, say WikiLeaked docs The Chinese government may have used its access to Microsoft source code to develop attacks that exploited weaknesses in the Windows operating system, according to a US diplomatic memo recently published by WikiLeaks. The June 29, 2009 diplomatic cable claims that a Chinese security firm with close ties to the People’s Republic of China, got access to the Windows source under a 2003 agreement designed to help companies improve the security of the Microsoft operating system. Topsec allegedly worked with a government organization known as CNITSEC, short for the China Information Technology Security Center, which actively worked with “private sector” hackers to develop exploits. ...

Google has upgraded its Priority Inbox, a recently launched Gmail feature that automatically places important mail on top of your inbox, with a couple of improvements based on user feedback. The Priority Inbox now reacts much faster to users’ manual corrections. Furthermore, if you hover the mouse cursor over the importance marker of individual emails, you’ll see a short explanation of why that message is considered important. As far as what kind of impact the Priority Inbox has had on Gmail users, Google claims that typical Priority Inbox users spend 43% more time reading important mail compared to unimportant, and 15% less time reading email overall, when compared to Gmail users who don’t use the Priority Inbox. ...

The latest W32.Yimfoca.B variants can target malicious links in no fewer than 44 countries and nearly 20 different languages. It has also increased the number of instant messaging applications (previously Yahoo! Messenger) to include the following popular IM clients: Msn Messenger Google Talk ICQ Paltalk Skype XFire Here is a code snippet from W32.Yimfoca.B: This picks the desired messages based on a comparison with the full list of countries listed below: ...

The U.S. Federal Trade Commission (FTC) has accepted a preliminary staff report that lays out a framework for Internet privacy and suggests a “do not track” mechanism – possibly a persistent cookie installed on browsers. The agency was careful to point out that the commissioners see privacy measures as a balancing act. The news release quotes FTC chairman Jon Leibowitz: “Technological and business ingenuity have spawned a whole new online culture and vocabulary – email, IMs, apps and blogs – that consumers have come to expect and enjoy. The FTC wants to help ensure that the growing, changing, thriving information marketplace is built on a framework that promotes privacy, transparency, business innovation and consumer choice. We believe that’s what most Americans want as well.” ...

According to The Telegraph, German prosecutors are accusing two local hackers of breaking into the computers of over 50 pop stars, including Lady Gaga, Kelly Clarkson, Justin Timberlake and Ke$ha. (Wouldn’t you have to be pretty brave to blackmail Lady Gaga? She can be, um, scary. ) Ralf Haferkamp, from the Duisburg prosecutor’s office, said in an interview with Deutsche Welle that the hackers, two boys of 17 and 23 from the West of Germany, infected the machines with malware in order to steal all sorts of files. ...

Here’s the latest twist in the “membership” site scam: spam emails that tell potential victims to update their Adobe Reader include links to a web site intended to look like something related to Adobe products, but is selling “memberships.” The REAL way to update your Adobe software is on the help menu: help | check for updates (see the end of this blog piece for details). The spam email: ...

You’ve locked down your computer. Nothing is going to bypass your privacy shielding programs. AdBlock is fully loaded, NoScript is ready to roll and RefControl is sending “Party on, Wayne” as your custom referrer to all and sundry. However, you really want to hide your IP address too and decide to load up one of the many web-based proxy services available. Something humorous I’ve noticed across many web-based proxies recently is that they’re jumping on a marketing strategy that might be slightly at odds with their attempts at privacy for the end-user. In order to keep your private details private, you have to _fill in a survey and hand over a bunch of information to third party marketers. _ Type in a URL, hit the “Go” button on the proxy and you’ll see one of these: ...

You might be seeing something on your Facebook wall today: Sadly, it’s not a fun video. It’s just a phish. The link goes to apps. facebook.com/ lookatuhah, which then redirects to a phishing site: In other words, if you’re absent-minded enough to enter your credentials again, they will be used to then send more of these stupid fake videos posts to others — or do any of a number of other rather nefarious things.