Join the God Side, Jesus is Coming…….

Archive for May, 2011

Windows 7 migration causes concerns for IT pros

Source: pcauthority

Moving to Microsoft’s newest operating system is proving troublesome for some businesses.

Nearly half of IT professionals planning Windows 7 rollouts for their organisations are concerned about migrations issues, specifically those of user profile migration.

This was the main finding of a survey from RES Software which polled over 1,500 IT professionals worldwide from a range of industries. It found 57 per cent were planning the move to Windows 7 this year, mostly down to Microsoft’s scheduled closure of Windows XP support in 2014.

However, 45 per cent were concerned with the migration of user profiles from Windows XP to Windows 7. Of those surveyed, 43 per cent said not only was it an issue establishing what permissions and applications required migration but they had “serious concerns” they were not properly equipped with tools and software to cope with the move

Android 2.3.3 Security Flaw Explosed! “Sidejacking” Using ClientLogin API

Source: crazyengineers

Talented engineers at ULM University Germany exposed a security flow with Google’s Android Operating System. The flaw apparently affects 97% of the Google Android users all over the world. Chances are that if you are using Google Android phone, your data may easily land in hacker’s hand without your knowledge. This data may be about your contact list, calendar events and other private information. The engineers toyed with Google’s ClientLogin API which apparently gives remote access to third party hackers enabling them to steal your data.

New malware tricks users into thinking hard drive failure

Source: geek.com

Scareware came by its name honestly (or perhaps dishonestly). The particular strain of malware we are looking at here (distributed as UltraDefragger and SystemRecovery) attempts to ensnare unwary users by displaying sensational and frightening alerts.

As Symantec recently discovered, the bad guys have added a new twist to their fake disk defragmentation tools: falsely notifying users that a hard drive is about to fail. Like so many other rogue applications, this “recovery tool” is designed to trick users into purchasing a paid application which can fix the problems that were detected. In truth, of course, there were no problems and thereis no fix.

This malware goes beyond mere sensational alerts, however. Symantec notes that it moves files from All Users and the current Windows user’s profile into a temporary location, making it appear as though problems with the hard drive are causing files to disappear. It also disables a user’s ability to change wallpaper images and sets registry keys to hide certain icons — giving the impression that programs are going missing as well (check out the video to see it in action).

If there’s one thing which incites panic in the average computer user, it’s the thought of losing important files. When a rogue application does as convincing a job as this one does, it’s really not surprising that the panic button gets pushed and purchases are made. So just how much would you have to shell out to undo the damage caused by this phantom hard drive crash? $79.50.

Facebook Prepares to Launch Bug Bounty Program

Source: news.softpedia

Facebook is working on setting up a bug bounty program that would encourage security researchers to discover vulnerabilities on its platform and report them responsibly.

Mr. Joe Sullivan, Facebook’s chief security officer, told us today at the Hack in the Box Amsterdam 2011security conference that the company is currently testing such a system and hopes to launch it soon.

Vulnerability reward programs are not new. In fact, they’ve been around since the Netscape era.

In 2004 Mozilla introduced a bug bounty system for vulnerabilities discovered in Firefox, then last year Google did the same for Chromium, the open source project behind Google Chrome.

However, it was Google that began rewarding vulnerabilities found in its web services first, a move that was mirrored by Mozilla a month later.

Bug bounty programs are not only about rewarding researchers, which is an honorable thing to do, but also about drawing security attention towards a particular product or service.

Since more people will be interested to poke around it and uncover flaws, the system will become more and more secure and there will be less flaws for cyber criminals to find.

No details about the program’s possible payouts or rules have been released, but we’re hoping the rewards will at least match those offered by Mozilla and Google.

Mac Seemingly as Susceptible to Malware as Windows

Source: blog.brickhoussecurity

When asked about computer security and virus protection, most people are under the assumption that a Windows computer is expected to be in constant battle against malware and viruses of all kinds, while the Mac is generally safe, allowing users to do or download whatever they wish without any repercussions. Well, this assumption is not only being challenged at this point, but is actively being proven false thanks to the “Mac Defender.”

Mac Defender is a trojan horse that is actively targeting Mac users and has already successfully infected hundreds of systems. The way this virus works, like a lot of Windows viruses, is by showing users a pop-up message that warns them that their system is infected by a virus and that they must install anti-virus software to get rid of it.

In reality, this pop-up is telling users that they would make great targets, and that they should install the virus, or at least this is how most tech-savvy computer users would see it and know to avoid it. However, many computer users still fall for this old scam, and once installed, the virus either loads porn websites on the computer like the Mac Defender appears to, or might do something much more malicious like steal personal information such as passwords, user names, or credit card numbers.

So what do you with your infected PC or Mac? For PC users, we would recommend installing a good anti-virus program and clean the system, or if possible (which might not be so with many viruses locking up certain computer features), try to run a system restore to a point in time before the virus was downloaded. As for infected Macs, try to contact Apple and see if they’d be able to help you with removing the virus, or if you have been using the “Time Machine” feature to back up your files, restore your computer to the last known good point before the virus was installed. And for those Mac users that don’t know what “Time Machine” is, it is an automatic back-up of all your files that creates restore points as you use your computer in case you somehow mess up the system or download malware, but it does have to be manually activated for the first time before it starts backing up your data.

Could 99.7% of Android devices be leaking personal data?

Source:tech.uk

Android phones could be offering up usernames and passwords to hackers, allowing sensitive data to be siphoned off.

Researchers from the Institute of Media Informatics at Ulm University have discovered that Android devices could offer up user’s Google Calendar, Contacts and Picasa information.

The research found that devices using Android 2.3.3 and older using ClientLogin (which is used to authenticate apps from a remote destination) could potentially be hacked if using a non-secure connection, such as open Wi-Fi hotspot.

This means up to 99.7% of devices could be open to the exploit, which works by sending a request for an authentication token (authToken) from the Google service with a user name and password over a secure connection, and the received item is then valid for 14 days.

Microsoft: One in 14 downloads is malicious

Source:computerworld

IDG News Service – The next time a website says to download new software to view a movie or fix a problem, think twice. There’s a pretty good chance that the program is malicious.

In fact, about one out of every 14 programs downloaded by Windows users turns out to be malicious, Microsoft said Tuesday. And even though Microsoft has a feature in its Internet Explorer browser designed to steer users away from unknown and potentially untrustworthy software, about 5 percent of users ignore the warnings and download malicious Trojan horse programs anyway.

Five years ago, it was pretty easy for criminals to sneak their code onto computers. There were plenty of browser bugs, and many users weren’t very good at patching. But since then, the cat-and-mouse game of Internet security has evolved: Browsers have become more secure, and software makers can quickly and automatically push out patches when there’s a known problem.

So increasingly, instead of hacking the browsers themselves, the bad guys try to hack the people using them. It’s called social engineering, and it’s a big problem these days. “The attackers have figured out that it’s not that hard to get users to download Trojans,” said Alex Stamos, a founding partner with Isec Partners, a security consultancy that’s often called in to clean up the mess after companies have been hacked.

Tag Cloud