TechBlog

VirtualBox is a general-purpose full virtualizer for x86 hardware. Targeted at server, desktop and embedded use, it is now the only professional-quality virtualization solution that is also Open Source Software. Some of the features of VirtualBox are: Modularity. VirtualBox has an extremely modular design with well-defined internal programming interfaces and a client/server design. This makes it easy to control it from several interfaces at once: for example, you can start a virtual machine in a typical virtual machine GUI and then control that machine from the command line, or possibly remotely. VirtualBox also comes with a full Software Development Kit: even though it is Open Source Software, you don’t have to hack the source to write a new interface for VirtualBox. Virtual machine descriptions in XML. The configuration settings of virtual machines are stored entirely in XML and are independent of the local machines. Virtual machine definitions can therefore easily be ported to other computers. ...

The Google Chrome dev channel has been updated to 5.0.322.2 for Windows, Mac and Linux platforms All [r38242] Don’t crash when a theme specifies a nonexistent image. (Issue: 31719) Mac [r38319] Honor modifiers for clicks on home button – cmd-clicking the home button now opens your home page in a new tab. (Issue: 34900) [r38204] Implemented writing direction context menu in text input fields. [r38504] Add local storage nodes to the cookie manager (Issue: 33068) Linux ...

(BBC) Lonely internet users are being warned about Fembot, a piece of malicious software that poses as a flirtatious woman looking to chat on instant messaging services. Victims are persuaded to give out personal information that could be used for fraud or identity theft, according to security experts. Fembot was first spotted in 2007 but hasn’t been seen much since then. However, there are signs she may be back on the scene in time for Valentine’s Day. ...

At the ShmooCon hacker conference in Washington, D.C., last week two security researchers showed the very sensitive information that people inadvertently make available over peer-to-peer networks. In their presentation, “Information disclosure via P2P networks: Why stealing an identity via Gnutella is like clubbing baby seals,” pen testers Larry Pesce and Mick Douglas said they found a lot of music, porn, malcode collections and the following: driver’s licenses, passport and tax return forms with Social Security numbers; someone’s will A retirement analysis form with savings account totals and income estimates; An IRS form with taxpayer identification number; A completed Turbo Tax form with personal information filled in. The two have started The Cactus Project to help security specialists do similar research to help organizations tighten up the information they share over P2P. They list best-of-breed tools for conducting the research, including Mutella and the Gnutella Protocol on their site http://pauldotcom.com/cactusproject.html. ...

Peter Coogan at Symantec put up a very interesting blog post yesterday about a crimeware kit called SpyEye v1.0.7 (on sale now on Russian sites — $500) that has a module that will kill a Zeus bot infection on a victim’s computer so the bot created by SpyEye can take it over. In September, Computer Weekly reported the Swedish telco Telia Sonera shut down the Internet connections of Latvian company Real Host after it was linked to the Zeus botnet. At the time, researchers said they believed Real Host’s servers had captured about 3.6 million PCs for the Zeus botnet. ...

A new user in the Netherlands became the 60 millionth person to sign up with LinkedIn, the professional social networking site. Facebook says it has 400 million users of whom half log in every day. Both are fabulous tools for communications and socializing, but making members’ identities and personal information so easily available carries some big risks. Our good friends at Sophos have pointed out that information can be harvested from LinkedIn for spear phishing. The site can contain enough information to be a virtual company directory. ...

A lot of Facebook members are becoming fans of “I don’t care about your farm, or your fish, or your park, or your mafia!!” This is basically a privacy issue I suppose. Shortly after noon today there were about 4,000 Facebook members joining every 10 minutes! If the surge continues it might become a Facebook denial-of-service issue! http://www.facebook.com/pages/I-dont-care-about-your-farm-or-your-fish-or-your-park-or-your-mafia/207382931457 The Wall Street Journal reported on this last night about 10 p.m. At that point they said 2,000 people were joining per minute. “Backlash Against Social Games Brews On Facebook”

At the BlackHat DC conference and SchmooCon, Nicolas Seriot, an independent researcher and Tyler Shields of Veracode have independently presented two very similar papers. The papers analyse weaknesses in security and application delivery models for iPhone and Blackberry and provide interesting read, especially if you are looking to write the next spyware application or a bot for one of the platforms. For me, the most interesting part of the papers is the one that shows that regardless of the implemented security mechanisms like data caging, providing applications with its own private storage, a third party application will be able to access a lot of potentially confidential data, like contact lists, sms and email storage and even the Blackberry’s microphone. ...

Many users have complained about Windows 7 strange Battery notification saying “Consider replacing your Batteries” on Laptops and there was a noise about it in Blogosphere but Microsoft has replied to it. There were many Forum posts and blog articles implying Windows 7 is falsely reporting this situation or even worse, causing these batteries to fail. After upgrading to Windows 7, Many users are seeing a** pop-up window that suggests they “consider replacing” their battery**, as capacity has slipped below the 40 per cent level. Butt, official MSDN blog has confirmed that Windows 7 isn’t killing Laptop batteries or causing them to fail but it’s a new intelligent feature of Windows 7. ...

“YOURLS is a small set of PHP scripts that will allow you to run your own URL shortening service (a la TinyURL). You can make it private or public, you can pick custom keyword URL. It comes with its own API.” http://yourls.org/ It’s installed on your web server (needs PHP 4.3 or better and MYSQL 4.1 with mod_rewrite enabled.) _“Benefits: Not reliant on third party service Sends link juice to your domain, not a service provider Customize your short links Build your brand (showing your URL)” Story here. ...