Be careful PC users while you are coming across PDF files appearing to be your credit card report, personal financial statement or balance report. The security firm, F-Secure has found out the PDF files containing virus that poses security threat to your computer.

The security firm claimed that an anonymous has already sent tens of thousands of the contaminated files via email. These emails have no texts, only PDF attachments. Once you open them, the attachment uploads a malicious programme from a Malaysian server.

The security firm have received some of the attachments like report.pdf, debt.207.pdf and overdraft.2007.10.26 etc.

Mikko Hypponen, chief research officer at F-Secure said,

We are worried about this case, as PDF attachments are typically not filtered at e-mail gateways.

Via: Zdnet

Image: Abobe Reader

The hackers led a cyber protest at UN’s official website against the US and Israel for killing children in the Middle East. For which, they hacked UN Secretary General Ban Ki-Moon’s web page.

The self-proclaimed pro-peace hackers have left this message,

Hacked by kerem125 MOsted and Gsy That is CyberProtest Hey Ysrail and Usa dont kill children and other people Peace for ever No war.

The message was found in a UN web page, which is generally reserved for statements from UN Secretary General, Ban Ki-Moon.

The hackers identified themselves as kerem125, Gsy and M0sted. These groups have also attacked some other pages of UN web site.

The latest report adds that UN has repaired the affected pages.

Image:

An Austin based security researcher demonstrated how a software flaw, used to control oil refineries, power plants and other critical structures, can be hacked by terrorist groups or criminals.

The software is used to manage supervisory control and data acquisition, or SCADA, systems - computers that regulate the functioning of such important infrastructure as oil and gas pipelines, water treatment and power transmission facilities and the giant factories used by large technology companies.

Attendees at Defacon hackers conference on computer security were surprised as well anxious about vulnerabilities in infrastructures which affect our day-to-day life such as SCADA system.

The flaw can pose major problems, as it is capable of crushing SCADA computer systems, which carry mostly lightweight software, making it easy for intruders to cheat by sending a false request.

The main targets of attack are sensors within the facilities, linked to internet through encrypted connections, said Ganesh Devrajana, a security researcher with 3Com Corp.’s TippingPoint in Austin, Texas.

Authorities and other officials present at conference took it as a matter of great terrorism concern and emphasized the need to point out similar weaknesses existing in other programs.

Image Credit: ABC News

Via: Aviran

Social networking sites are supposed to provide us powerful platforms where minds share ideas, but they are now open for online criminals who can access to your sensitive personal information shared on the net.

The security experts have demonstrated the security flaws of Web 2.0 sites at the ongoing Black Hat and Defcon hacker conferences. They have shown how MySpace is vulnerable to online criminals who can play with your personal information.

Rick Deacon, a 21-year-old hacker who attended the conference revealed that he has found out a security flaw in MySpace. It is zero-day flaw that invites online frauds to take away your personal web pages and inject malicious code. However, it does not have any affect on the IE, only Firefox Web browser is prone to this threat, he said.

MySpace did not comment on the Deacon’s revelation saying that they have a powerful security team.

It is the rudimentary problem that the leading web 2.0 sites face today despite their denial.

Image:

House and Senate Democratic leaders must have got alarmed about the security of e-voting machines, as computer Scientists from California University were able to hack into three electronic voting systems used in California and elsewhere in nation.

Team of computer experts, acting on the request of state had hacked into systems from three most famous companies in the business: Diebold Election Systems, Hart InterCivic and Sequoia Voting Systems.

After the investigation, they found every system hack able in one or another way to affect the correct recording, reporting and tallying of votes. Hackers were able to gain physical access to the system, manipulate several; components networked to sever, loading wireless drivers onto the server used to access a wireless device plugged surreptitiously into the back of server and many more other ways.

Although in many cases it might be difficult to alter the results, however possibility of that cannot be denied.

Matthew A. Bishop, a professor of University of California, who led the team, said in the report, that it was surprising that how easily hackers broke not only the physical locks, but also the software defenses meant to block intruders. The addition of security measures after the basic system had been designed appeared to be the biggest problem with computerized touch screen machines, optical scanning systems and broader election-management software.

However, Industry executive criticized the report calling it unrealistic as it was not conducted in the realistic environment and no machine was known to be hacked in any election. He further added that report contains several inconsistencies, alternate conclusions and errors.

Whatever be the level of insecurities detected, what is the point in using these voting machines as pivotal and main source in voting, said Senate and Democratic leaders and proposed a shift to paper ballots and other backup records to increase confidence.

However, election supervisors are waiting for Secretary Bowen’s decision by Friday. Her decision will decide whether to ban these e-voting machines, which can pose problems for the upcoming Presidential elections in February.

Image Credit: MAIL

Via: TECHDIRT

Privacware, Corp. has launched an integrated desktop firewall and multilayer intrusion prevention software, Privatefirewall 5.0, which delivers signature less, zero hour protection from know or new spyware, viruses, hacking techniques and other intrusions on Windows desktops and servers.

Privatefirewall 5.0 solves the Windows vulnerabilities, which hackers exploit to gain unauthorized access and damages private systems and data. Privatefirewall 5.0 models and monitors system identifies block activity characteristic, known as malware, hacking and phishing, so that users and IT managers of small and medium enterprise can protect the environment and private data more effectively. The new software includes following protection layers, which are given below:

1) Desktop firewall
2) Port manager
3) URL filtering
4) Process monitor and application/system behavior modeling
5) Anomaly detection components

Privatefirewall 5.0 is integrated with eTrust Antivirus and eTrust PestPatrol Anti-Spyware solutions and also supports Windows XP, Windows 2000 and Windows 2000/2003 server. Privatefirewall 5.0 evaluates WinAPI calls and analyzes a variety of system variables, security-sensitive registry keys and alerts administrators. Currently, Privatefirewall 5.0 is available as a stand alone solution to use in home and small business.

Image Credit: PWI Corp.

Via: Managing & Automation

Well, imagine that your favorite media files are running on your computer and suddenly an ad page opens and says, “What old fashion music you are sticking to, we have something new for you.” Then you switch to find some books and again an ad hits your computer screen and giving you a list related to whatever you were typing. Furthermore, you will surely feel bewildered that ads will follow you in whatever context you use a window.

Isn’t it amazing that how an advertiser knows what is going on your computer screen?

Microsoft submitted an adware patent back in 2006 that will use your “context data” from your hard drive to select focus advertising for you to view while you are reading your e-mail, working on word and excel documents.

Yes, that’s true-now, no stone will be left unturned to get access to your data on your hard drive in order to flash an advertisement that matches your interest.

The present advertising relies on individual’s web browsing habits, the type of sites they visit, or kind of search engine used.

This adware framework would utilize almost all the data to assure they it targets the right individual for right product. It can collect data by inspecting your computer settings, user e-mail files, media files, status messages, and files that you download.

Ads would be limited to something around 4 per hour and will only support text or graphical ads, a little insurance that you won’t get tons of irrelevant ads popping up all over your computer screen.

Unfortunately, this patent application filed in February last year, was uncovered recently by InformationWeek, which mentions nothing in context of data security or how it will protect your personal data.

Of, course anybody would like to get rid of unwanted and irrelevant ads which this new patent promises. In reality, it seems nothing more than another method to get better hold on the users and score more points in order to sell their products.

It’s more or less like,”organized disturbance” and will follow you with every word you type or every file you open.

Image Credit: EECS

Via: Arstechnica

Now, mobile phone and smartphone users will receive same security features, as they are receiving on their PCs and laptops. Soon, Symantec Corp. will offer Symantec Mobile Security Suite 5.0, the designed is designed to provide the same security and data protection capabilities on their Windows Mobile smartphones and PDAs, which has become standard for laptop and other computing devices.

Symantec Mobile Security Suite 5.0 will include antivirus, firewall, anti-SMS spam, and data encryption technologies, which are easy to deploy, manage and maintain. It will provide several integrated security technologies for mobile devices, which are given below:

Antivirus: It immediately detects mobile threats and prevents users from accessing an infected file. Administrators can schedule regular virus scans and updates via Symantec LiveUpdate

Firewall: Symantec Mobile Security Suite 5.0 controls both inbound and outbound network traffic on the mobile device

Anti-SMS Spam: It automatically filters and deletes spam messages, or places them in a separate spam folder

Loss mitigation technologies: It encrypts data on the device and memory cards in case it is lost or stolen. A file activity log helps administrators determine if confidential files have been accessed, and a data wipe tool erases all data after a maximum number of consecutive failed login attempts

Phone Feature Control: It allows administrators to enable and disable certain device features, like Bluetooth, WiFi, and device synching. This limits security vulnerabilities and potential attack vectors by only providing access to those features required for business.

Symantec Mobile VPN: This optional add-on enables enterprise customers to connect to corporate networks through secure IPSec VPN tunnels in order to protect sensitive data and interactions

Network Access Control: When used with the Symantec Mobile VPN, this technology enables IT administrators to ensure only secure, policy-compliant devices can access the corporate network

Tamper Protection: Verifies that the device’s image and security applications have not been tampered with or altered prior to allowing network access

Enterprise Management: Provides a management console for IT administrators with customizable security policies and reporting

Paul Miller, managing director of Symantec’s mobile security group, said,

Many Symantec customers - IT departments and consumers alike - understand that mobile phones represent the new computing platform. Now that the dual-mode Windows Mobile devices permit users to communicate over both cellular and wireless local networks, more and more users are relying on their phones for their personal and business transactions. These ‘pro-sumers’ are looking to security leaders like Symantec to help them protect their information and interactions no matter where they reside – whether that’s on phones, laptops, or PCs.

Image Credit: Ameinfo & SCR

Via: SDA

You may believe or not, but it is true for McAfee. The security leader has claimed that the online search of latest movies or download of music poses greatest security threat than searching the X-rated items in the websites.

Nearly nine percent of adult sites cause web-security problems such as spyware, adware or spam in comparison to 19 percent of digital music sites or movie downloads.

In a common parlance, the search for nude items (Hot babes, Nude Britney Spears or Lindsay Lohan) is not so risky than searching for a latest music or download of a movie. Why?

McAfee says the porn sites are lesser risk because they are doing good business. So, they don’t want to involve in such practices. To the contrary, faced with a sluggish electronics market, the music companies are very much inclined to adopt additional ways to promote their products.

The study has further claimed that the search items like electronic gadgets and background “wallpaper” to decorate computer screens are also risky like music search and movie download.

Image:

Symantec spokesperson stated Tuesday in an E-Mail:

After some review, we’ve decided to integrate this product into the cycle of our 2008 Norton product line launching in the fall timeframe.

Symantec further maintained that nonetheless, the corresponding enterprise product, known as Symantec Mobile Security Suite 5.0, is even now planned to be rolled in June.

Symantec reveals that the Windows Mobile software will be integrated with anti-virus, anti-spam, firewall and data encryption capabilities, to carry on data secure, even if the smartphone is mislaid. Symantec is also said to put up for sale an optional VPN module for users who desire to securely hook up with their corporate servers.

Read

In creative crookedness, the spammers are genius. This is the stark reminder of recent arrest of Robert Alan Soloway in Seattle, Washington.

27-year old Alan Soloway, the high profile spammer whom Microsoft has portrayed one of top 10 spammers in the world was finally arrested by federal authorities for operating the fraudulent empire of mail fraud, wire fraud, aggravated identity and money laundering.

Soloway has been active in the infamous racket since 2003. He used zombies (computers infected with malicious codes) to send millions of junk mails and unsolicited bulk e-mails pursing people to use his internet marketing company to advertise their products.

The notorious spammer continued his illegal business even after loosing a $7 million lawsuit against Microsoft way back 2005. Soloway has the ability to send 20 million email advertisements in 15 days. So far, he has made a hefty amount of $773,000 out of illegal business.

The federal authorities are now planning to forfeit him from the money which he earned from his unfair business. He is kept in the federal detention for a hearing on Monday.

Image

David Ulevitch, the founder of OpenDNS, reported in company’s blog that Google and Dell have put in ’spyware’ on Dell machines. The claim was made on the base Ulevitch study of the activities of the Google Toolbar and homepage that gets in preinstalled on IE in new-fangled Dell machines. David Ulevitch also claims that a browser redirector relays users who go into fictional URLs to a Dell-branded page laden with Google ads.

David Ulevitch also reported in the blog that since the software meddle with his company’s ingenious, free DNS service, an opt-in DNS service which makes a small number of intelligent typo corrections, keeps tabs on identified phishing sites, and makes available search result pages for browser bar questions as hot sauce.

If you were to put a heatmap on the Dell-branded page… well, users can only look at ads. Dell and Google’s behavior here isn’t okay. Users never asked for this experience and they can’t get rid of it!

Moreover, this new “functionality” breaks things. Instead of making DNS requests, the address bar now sends single word queries to Google. This application breaks a lot of OpenDNS functionality our users love. Typo correction? Broken. Shortcuts? Broken. Google’s application breaks just about every user-benefiting feature we provide with client software that no user ever asked for.

We enjoy challenging problems at OpenDNS. But we’d rather spend our time making the Internet better rather than solving problems that shouldn’t have been created in the first place. We know that Google is capable of launching great products and services, but this isn’t one of them.

Image
Read

SenderBase.org, a free of charge service, can be utilized as a credit reporting service, giving detailed data that can be used by ISPs and firms to set apart legal senders from spammers and other invaders – providing system administrators an approach to help them take serious security decisions. The sender base can also be utilized by Consumers, media, and other parties to keep an eye on threat goings-on, verify their email reputation scores, and obtain immediate updates on the most recent virus spates.

Read

Sponsored by Zoe Lofgren, a California Democrat, and Bob Goodlatte, a Virginia Republican, the bill is reported to make it illegitimate to make access to a PC but for authorization to commit another federal crime, like a PC scam. Such crimes might bring about to up to five years imprisonment, while getting or relaying personal info so as to deceive or harm somebody carries a punishment of up to two years in jail, as does denting a PC.

The bill additional would endow the Department of Justice with US$10 million yearly for four years to handle phishing, or utilizing fake e-mail addresses or Web sites to bait unwary preys to give personal info like credit-card numbers and pharming, which is related with hackers redirecting traffic to bogus Internet sites to deceitfully gain personal data.

Read

1-2-3 Spyware Free spots and does away with all types of viruses, spyware, Trojan and detrimental modules that may creep into your computer through the usual undertaking of surfing the Net. 1-2-3 Spyware Free is operated from a devoted USB Flash Drive, making it not possible for nasty programs to contaminate or put out of action the anti-virus.

1-2-3 Spyware Free makes downloads of all updates itself on a schedule, offering crystal clear and unattended operation, which is generally overlooked in more difficult and much more costly products. 1-2-3 Spyware Free is trouble-free and out of harm’s way to be utilized. Real-time safety informs you of any wary behavior that could be tried by a nasty program, and lets users obstruct perilous behavior to put a stop to infectivity.

Read