It's Vista Day [wow]

After ten thousand years of beta testing, at a cost of gazillions, we are now being offered Vista - which is really not very much at all. Of course, we are told that it's the most secure release of Windows ever . I certainly hope so. I'd hate to think that all that time and money was spent for nothing - or was it. And how many new releases have had a service pack announcement before the release of the OS. Just like XP SP2 made things more secure, Vista will make things more secure. Five years from now, we will [again] be hearing the same message that Microsoft is prioritizing around security. Security for the Lowest Common Denominator. While we all realise that it's become very dangerous - in some areas - of the Internet, we are being forced into areas of usability because most people out there are to stupid to own a computer. Rant ends.

==============================================
The New Vista Waiting Game

Vista is a step forward in security, but many businesses will be stuck with Windows XP for years to come, due to the cost of upgrading, the value of existing assets, and compatibility issues that trump security features.

Read the article HERE.

==============================================
Don't buy Vista for the security

Windows Vista is a leap forward in terms of security, but few people who know the operating system say the advances are enough to justify an upgrade.

Read the article HERE.

==============================================
Buying Vista? Get a guarantee

Before spending the money for Windows Vista, set to debut this week, is there any guarantee that the software you buy will run as advertised on your PC? Not exactly, analysts say.

Read more HERE.

The Top 100 Alternative Search Engines

Ask anyone which search engine they use to find information on the Internet and they will almost certainly reply: "Google." Look a little further, and market research shows that people actually use four main search engines for 99.99% of their searches: Google, Yahoo!, MSN, and Ask.com (in that order). But in my travels as a Search Engine Optimizer (SEO), I have discovered that in that .01% lies a vast multitude of the most innovative and creative search engines you have never seen. So many, in fact, that I have had to limit my list of the very best ones to a mere 100.

Read the article [ and readers comments ] HERE.

eEye Enters Antivirus Business

The security research firm that first came to prominence in 2001 after having discovered the gaping security hole in Microsoft Internet Information Services exploited by the worm it dubbed "Code Red," has thrown its hat all the way into the security software ring. This morning, eEye becomes an anti-virus company, going to bat against Symantec and McAfee, and integrating Norman anti-virus technology into its Blink Professional security suite.

Read more HERE.

Stompy session analyzer tool released

Stompy is a tool to help penetration testers and security researchers reliably detecting anomalies that are not readily apparent at first-glance. Stompy gives security researchers the power to: find session IDs, run FIPS-140-2 PRNG evaluation tests, determine encoding and alphabet structures and more.

Read more HERE.

Vulnerabilities and asset management

There's a little buzz going around right now over Microsoft's latest Security Advisory - "Vulnerability in Microsoft Word 2000 Could Allow Remote Code Execution". A few people are irritated simply that there's an attack doing the rounds, and yet there's no patch to download. Sure there's a patch - it's called "Office 2003". And in a couple of days, it'll be called "Office 2007".

It's not a surprise, then, to find that Office 2000 is vulnerable, but Office 2003 is not.

But this vulnerability should serve to remind you of another issue - that of your software asset management. Office 2000 is past mainstream support. Sure, it's on extended support until July of 2009, and that does mean that you'll get security updates for free - but it means you will have to pay for all non-security support calls (even if you have some "free calls" left over), as well as all non-security updates.

Read more HERE.

Virtual Servers and Security

Virtualization creates the potential for more secure servers in a hosted environment, but it might all be an illusion. There's a good argument to make, and some experts make it, that virtualization is one of those technologies that's making a cyclical comeback. The whole VM thing, after all, was invented by IBM guys in the '60s, right?

Read more HERE.

Free Vista Drivers

Don't waste your time searching dozens of vendor websites every month for the driver updates you need. Just bookmark this page and come back whenever you need a new driver.

This page lists the latest Windows Vista drivers and provides direct links to the files for downloads. We're offering this as a free service to the community, to help you all get through this "challenging period" of Vista-transitioning.

Visit the website HERE.

419ers rifle through Ecademy.com

The growing popularity of Web 2.0 as a venue for viruses, pedophiles and other online nasties made it only a matter of time before sleaze oozed to professional networking sites, and sure enough, an Australian security firm is offering a detailed postmortem on an attempted Nigerian banking scam on Ecademy.com.

Read the article HERE.

Host-based IPS

There are numerous techniques for providing host-based intrusion prevention capabilities, but eWeek Labs believes there are two that will best complement enterprises' current strategies: vulnerability inspection and application and process vetting.

Read more HERE.

TomTom admits Satnav infected with virus

It started with an email from a worried satnav user, an IT consultant who knows his way around a computer and knows a virus when his AV software flags one up. The cause for his concern being a newly purchased TomTom GO 910 satnav unit that, once connected to his PC, immediately caused an anti-virus software alert. Not one, but two alerts in fact. The win32.Perlovga.A Trojan and TR/Drop.Small.qp were identified as being resident on the satnav hard drive, within the copy.exe and host.exe files.

That’s worth repeating, two Trojans resident on the hard drive of a brand new, straight from the shop, satnav unit.

Worth repeating, perhaps, that this was a unit connected to a PC already protected by AV software, a clean PC, a PC belonging to an experienced IT consultant. It was for this reason that I believed him, that I did not simply assume it was a case of mistaken identity as is so often the case with such reports where the infection was already there, or came via a route unconnected to the accused party.

Read more HERE.

Microsoft's Live OneCare Release

Microsoft said it will make available its Live OneCare updated version on Jan. 30 -- the same day that Windows Vista goes on sale. Microsoft's timing might be an attempt to have Live OneCare benefit from the coattail effect of the Vista release, suggested Jon Oltsik, senior analyst with Enterprise Strategy Group.

Read the article HERE.

Introduction to IP Version 6

Microsoft has recently updated (as of Jan 26th, 2007) this introduction to IPv6.
Yes, it really will be implemented in our lifetime.
It is worth a couple of minutes (or hours) to get started thinking about IPv6.

Download the guide at Microsoft HERE.

Source : Cluster Help

Strong Password Generator

Not for the faint hearted.

Take a look HERE.

Tough choices for home networking

Why PowerLine? Two reasons: Security and no interference. I don't have to worry about how far I'm blasting signal or if my neighbours see my access point or if some guy with a cantenna is doing a drive-by to see if he can crack my encryption. I also don't have to worry about extraneous RF sources such as cordless phones, microwave ovens, and all of my neighbour's Wi-Fi devices, clobbering out my theoretical max data rates.

Take a look HERE.

Company Throws Down Gauntlet for Hackers

Just a reminder - for those of you that are interesred - the contest begins this week.

It's a winner-take-all contest, and the prize is $40,000. It is slated to begin at [US] 6 p.m. EST Jan. 31 and end at 5:59 p.m. EST March 14 — or when someone defeats CodeMeter, Wibu's dongle-based anti-piracy tool, and shows the company how it was done.

Or for those looking for something easier to attack, don't forget that Vista is being released the same day! Happy hunting.

Read more HERE.

Competition to replace SHA-1

In light of recent attacks on the SHA-1 hash function specified in FIPS 180-2 , Secure Hash Standard, NIST is initiating an effort to develop one or more additional hash algorithms through a public competition, similar to the development process for the Advanced Encryption Standard (AES).

In addition, NIST has published its policy on the use of the current hash functions. Which essentially commands the federal agencies to stop using SHA-1, and instead use SHA-2 family of hash functions.

Take a look HERE.

Recuva

Recover deleted files with Recuva, a new utility from the developers who brought you the venerable system-scouring tool CCleaner.

Though currently in beta, the spit-polished program couldn't be much easier to use. Choose a drive to scan, wait a few seconds while Recuva looks for recoverable files (those that haven't been overwritten on your hard drive), then review the results. Select the files you want and click Recover. Presto: The lost files return.

Take a look HERE.

Other free options available are

PhotoRec
Restoration
Undelete Plus
GetDataBack
PC Inspector File Recovery

Open Password Protected PDF Documents

There are sometimes genuine reasons to unlock or crack a password protected PDF file. You have the legal right to open the encrypted PDF document but forgot the password like in the case below.

Disclaimer : This article is presented in good faith that the process is used legally. I do not condone using it for the "dark side". Unless of course, you have a very good reason for doing so - then I might make an exception - but only this one time.

Read the article HERE.

USB System Lock

USB System Lock(USL) is the solution to enhance system security. Beside of basic password authorisation, a physical key can provide extra security. This program is written in Visual Basic and run on Microsoft Windows. It can fully protect the system under normal boot.

Visit the website HERE.

Using SysInternals’ Process Monitor

Process Monitor is a useful tool to see what registry, file system and thread changes processes are making on your Windows system.

Watch the video [by clicking Next> in bottom right hand corner] HERE.

Weekend Reading

Microsoft accused of hijacking the web

Awde singled out XAML as an example of Microsoft's dire schemes. "Vista is the first step in Microsoft's strategy to extend its market dominance to the Internet," he said. "For example, Microsoft's 'XAML' markup language, positioned to replace HTML (the current industry standard for publishing language on the Internet), is designed from the ground up to be dependent on Windows, and thus is not cross-platform by nature."

Read the article HERE.

==================================================================
One quarter of all computers part of a botnet

The World Economic Forum takes place this week in Davos, Switzerland, and leaders around the world gather to discuss issues like the Iraq war, global climate change, and globalization—along with the incredible prevalence of botnets.

Read the article HERE.

==================================================================
Inside the Windows Vista Kernel

This is the first part of a series on what's new in the Windows Vista kernel. In this issue, I'll look at changes in the areas of processes and threads, and in I/O. Future installments will cover memory management, startup and shutdown, reliability and recovery, and security.

Read the article HERE.

==================================================================
Banks Report Fraud

Banking industry officials in Massachusetts are reporting that a string of local companies have already observed fraudulent activity related to the massive data breach reported by retail chain TJX Companies on Jan. 17.

Read the article HERE.

==================================================================
Poor Man's Greylisting

What is it?
Nolisting fights spam by specifying a primary MX that is always unavailable.

Read the article HERE.

==================================================================
The Problems With E-Mail

As e-mails multiply, so do the problems, from the unabated increases in spam to increasing scrutiny by regulators. A business user in the United States sends and receives, on average, 171 e-mails a day, and that volume is expected to double by 2010, according to the Radicati Group, a research firm. As e-mail proliferates, so does the number of ways for it to be misused and mismanaged. Out-of-control e-mail isn't only a cost burden and a time suck; it's also a legal and regula- tory liability.

[171 emails a day? That's over 20 an hour, every hour, in an 8 hour working day. Yep!]

Read the article HERE.

==================================================================
Quebec police cybercrime squad

Con artists, terrorists, pedophiles as well as 14-year-old hackers recruited by eastern European mobsters fill Frederick Gaudreau's day. "It's really important that when someone goes on the Internet and sees something related to hate crimes or terrorism, for example, he has to call the police," he said. "Even it's anonymous, we'll accept it and try to investigate it."

Sexual predators, for instance, can be reported at www.cybertip.ca

Take a look HERE.

Microsoft Word Execution Vulnerability

Symantec Corp. is reporting that it has spotted active exploitation of yet another undocumented security hole in Microsoft Word. If Symantec's report is correct -- this would mean we now have at least three known unpatched Word vulnerabilities that are currently being exploited by hackers to break into machines running the vulnerable software.

Read the article HERE.

==============================================
Secunia : Extremely critical

A vulnerability has been reported in Microsoft Word, which can be exploited by malicious people to compromise a user's system. Do not open untrusted Office documents.

Read more HERE.

Meet the Swedish bank hacker

For the price of 3,000 dollars, our reporter was offered his personal bank Trojan. In an interview with Computer Sweden, the hacker behind the recent Internet frauds against Sweden's Nordea bank claims responsibility for more intrusions. "99 percent of all bank intrusions are kept secret," he insists.

Read the article HERE.

Google defuses Googlebombs

Google has finally had it with Googlebombing, the act of hundreds of Internet users linking up specific words with certain web sites in order to produce a desired (and usually comical) search result. The company announced today via its corporate blog that they have finally altered their search engine algorithm to minimize the impact of Googlebombs by improving the way they analyze link structures on web sites.

Read the article HERE.

GoDaddy pulls security site

A popular computer security Web site was abruptly yanked offline this week by MySpace.com and GoDaddy, the world's largest domain name registrar, raising questions about free speech and Internet governance.

When asked if GoDaddy would remove the registration for a news site like CNET News.com, if a reader posted illegal information in a discussion forum and editors could not be immediately reached over a holiday, Jones replied: "I don't know...It's a case-by-case basis."

Read the article HERE.

The 'Free Wi-Fi' scam

The next time you're at an airport looking for a wireless hot spot, and you see one called "Free Wi-Fi" or a similar name, beware -- you may end up being victimized by the latest hot-spot scam hitting airports across the country.

You could end up being the target of a "man in the middle" attack, in which a hacker is able to steal the information you send over the Internet, including usernames and passwords. And you could also have your files and identity stolen, end up with a spyware-infested PC and have your PC turned into a spam-spewing zombie. The attack could even leave your laptop open to hackers every time you turn it on, by allowing anyone to connect to it without your knowledge.

If you're a Windows Vista user, you're especially susceptible to this attack because of the difficulty in identifying it when using Vista. In this article, you'll learn how the attack works and how to keep yourself safe from it if you use Windows XP or Vista.

Read the article HERE.

Kapersky on Vista vs. Viruses

Microsoft’s latest development, Windows Vista, is positioned as a system with enhanced security. The official release data is scheduled for 30th January 2007. However, questions as to how realistic the claims of enhanced security are were being raised by the computing community long before a beta version was made available for download. What exactly are the functions which are designed to offer the user security? And how effective will they really be? Is it true that once Vista is released an antivirus won’t be necessary? This article is designed to address some of these issues.

Read the article HERE.

UK Police overwhelmed by e-crime

The Metropolitan Police have warned that the UK's local police forces "can no longer cope" with e-crime, and have called for a national unit to be set up to address the problem.

Read the article HERE.

Quicktime - Update me and stay vulnerable!

On the 23 of January, Apple issued a Security Update for the Quicktime player to address a vulnerability, which was published on the first day of the year. A bit late, considering that the issue is fairly-straight forward to exploit (in fact, Secunia knows of at least two working exploits in the wild) and the fact that Quicktime is installed on more than 50% of private PCs*.

But now the patch is out, all is forgiven and everyone is happy, because now they can secure their system. Right?

WRONG!

Turns out, only Apple Mac OS X users can download the security update. Windows users, who download the latest version of Quicktime are (at the time of writing, 2 days after the Security Update was published by Apple) still vulnerable.

If you're a Windows user, you simply can't download a non-vulnerable version.


Read more HERE.

ActiveX flaw could affect up to 70 apps

A vulnerability within a software component used in more than 70 products could allow an attacker to remotely run malware on a targeted system. The vulnerability lies in 'NCTAudioFile2.dll', an ActiveX component used by Microsoft's Internet Explorer.

Read the article HERE.

CompUSA Guarantees Vista

CompUSA will guarantee that customers are satisfied with their Windows Vista update or the retailer will refund the purchase price and reinstall the PC's original operating system, the company announced.

Read the article HERE.

==============================================
Has CompUSA not thought this through?

All anyone needs to do is simply use some imaging software to image the Vista drive. So now the user has a copy of their Vista HD. Whats next? They would walk right back into CompUSA, stating they do not like Vista, and would like CompUSA to follow through with their guarantee.

Read the article HERE.

Cheery news for would-be crooks

The US Secret Service has a bottom limit of $2,000 before it bothers to investigate financial crime. Consumer watchdog the FTC has a similar limit. That still leaves it possible to local law enforcement agents to get involved, but if the crime originates from out of state, and involves a relatively modest amount, questions arise about whether they'd bother.

Read the article HERE.

Bug brokers offering higher bounties

Adriel Desautels aims to be the go-to guy for researchers that want to sell information regarding serious security vulnerabilities. Last week, he bluntly told members of SecurityFocus's BugTraq mailing list and the Full-Disclosure mailing list that he could sell significant flaw research, in many cases, for more than $75,000. "I've seen these exploits sell for as much as $120,000," Desautels told SecurityFocus in an online interview.

Read the article HERE.

Interview with muslix64

The next generation of optical disc technology holds the promise to change the way we interact with and store digital media. Perhaps the most exciting change is the arrival of High Definition (HD) video, with its glorious 1920x1080 pixel resolution. It’s a quantum leap forward in terms of watching digital content, as its vast resolution reveals a quality never seen before in such fine detail.

On December 26, 2006, a member of the Doom9.com forums named muslix64 introduced himself as circumventing the content protection – not the copy protection – of HD DVD. Additionally, he made available an open source program named BackupHDDDVD.

Read the article HERE.

The Zero-Day Dilemma

The recent surge in malware attacks against zero-day flaws in some of the most widely used software packages is confirmation of an IT administrator's worst nightmare: Stand-alone, signature-based anti-virus software offers no protection from sophisticated online criminals.

Read the article HERE.

Time to Reboot the Internet Again

Cisco Systems Inc., the company whose hardware routers are responsible for handling the majority of the world's Internet traffic, today issued patches to fix at least three very serious security holes in its products. This is generally not something that the average user needs to worry about, but I'm blogging on it because the flaws do have the potential to cause some problems that Internet users could experience in a very real way (i.e. e-mail and Internet access temporarily goes bye-bye).

Read the article HERE.

The woes of a Windows user

At the university where I work we try to be good citizens. We fight software piracy by offering all campus members "free" site licenses for Windows XP, Office, and Adobe Acrobat Pro.

When our computers get long in the tooth we sell them to students or give them away. And there's the rub, Microsoft and Adobe have made this process artificially difficult.

Read the article HERE.

Sun Releases Java Security Update

Sun Microsystems is urging users of its Java software (i.e., most computer users on the planet) to apply a security patch to fix a dangerous security vulnerability that exists in most versions of the program.

The vulnerability, according to the Sun security advisory, stems from a problem with the way that Java handles certain types of image files ending in ".gif." By convincing users to visit a Web page that hosted a specially crafted .gif image file, an attacker could take complete control of a vulnerable computer running vulnerable version of Java.

Read more HERE.

StolenID Search

StolenID Search is a free service that tells you if your personal information has been stolen or compromised. With our easy–to–use search engine, you can search more than two million pieces of compromised personal information—credit card and social security numbers—to see if your information has been misused.

Read the article HERE.

==============================================
Not Such A Wise Idea

While monitoring may be an important tool in combating identity theft, throwing a service out there as a come on for a specific identity theft solution, does not seem like a particularly good idea.

Read the article HERE.

MSN password stealer released as torrent

Malware designed to steal users' Windows Live Messenger password has been released onto the net. The password stealer was released for download via BitTorrent earlier this week by a hacker using the handle "Our Godfather".

The malware comes in the form of an IMB download confirmed by anti-virus firm Sophos as containing a password-stealing Trojan horse. Victims would need to be tricked into downloading and executing the malware, which might be renamed in a bid to disguise its identity, in order for the exploit to work.

Read more HERE.

Vista Service Pack 1 is coming

Reckon you won't upgrade to Vista until the first service pack is released? That's looking likely to be the second half of this year, according to Microsoft's latest email blast.

Read more HERE.

==============================================
The 5 sins of Vista

Since Vista was released to MSDN subscribers back in November I have started using it on my primary development laptop. It makes me angry because I am a big fan of Microsoft. In my mind, every version of Windows since 3.1 has gotten better with each release (I will kindly forgive them for Windows ME). Each day I feel that in many ways, Vista is a step back in the usability department.

Read the article HERE.

==============================================
And, of course, the debate continues...

10 reasons you should get Vista

10 reasons not to get Vista

==============================================
Vista comes to rip-off Britain

US Amazon Price of Retail Vista Ultimate = £195
UK Amazon Price of Retail Vista Ultimate = £352

As you can clearly see the price difference is some £157?

How can Microsoft justify a pricing structure at these inflated prices in the UK. Importing a version and paying import tax still leaves £100? This does nothing to endear the enthusiast to the great new OS and does nothing to encourage people to purchase genuine software.

Source : The Inquirer

Blu-ray DRM defeated

The copy protection technology used by Blu-ray discs has been cracked by the same hacker who broke the DRM technology of rival HD DVD discs last month. The coder known as muslix64 used much the same plain text attack in both cases. By reading a key held in memory by a player playing a HD DVD disc he was able to decrypt the movie been played and render it as an MPEG 2 file.

Read the article HERE.

Putting SHA-1 crack in perspective

Before I continue, I want to make it clear that the work of Professor Wang and her team is probably one of the biggest accomplishments in the field of cryptanalysis in recent years and is very well respected by her peers. But to put this event in the proper perspective, the finding of a hash collision does not mean the end of the world if your current security products use the SHA-1 hashing algorithm. Just because a hash collision is found doesn't necessarily mean hackers can start exploiting this. Not only does it still requires a massive amount of computing fire power to find a single hash collision but more importantly; finding a hash collision doesn't necessarily mean that a hacker has something useful.

Read more HERE.

Anti-Virus is Dead; Long Live Anti-Malware

Prevx today announced that industry researcher Yankee Group named it the leader in Anti-Malware Herd Intelligence for its approach to behavior-based security. In the report published this month, "Anti-Virus is Dead; Long Live Anti-Malware," Yankee Group analysts examined the current state of signature-based and behavior-based security performance and concluded that anti-virus and anti-spyware vendors are aware they're not providing enough protection.

Today's anti-virus products are overwhelmed by the sheer quantity of malware variants. By 2009, anti-virus as we know it will be dead, succeeded by a new generation of protection technologies.

Read more HERE.

Botnet Hunters in Closed-Doors Summit

Faced with arguably its biggest security crisis since the 2003 network worm attacks, Microsoft is throwing its support behind a high-level powwow to discuss the escalating threat from zombie botnets and zero-day malware attacks.

Read more HERE.

Microsoft to use comics in antipiracy campaign

Microsoft is expanding its fight against software piracy with a new educational effort that includes comics. The online campaign, set to start on Monday, is meant to tell people the benefits of using properly licensed software. It covers such aspects as awareness of intellectual property rights, risks of using pirated products, proper licensing practices and legalization of fraudulent products.

Read the article HERE.

British police hacked computers

Detectives in the cash-for-honours inquiry were forced to "hack" into Downing Street computers in the search for evidence, The Sunday Telegraph has discovered.

It is understood that John Yates authorised officers to use all lawful and legitimate means to discover whether information was being withheld. Police used computer experts to obtain confidential material, and are also believed to have approached Number 10's internet suppliers to gain access to government email records.

Read more HERE.

Wikipedia "hiding" links from search engines

Wikipedia,the online encyclopedia, has decided to tag all links on its site "nofollow," which will render those links invisible to Google and its search-engine brethren. Wikipedia says it's unavoidable because of the mischief caused on its site by spammers and search-engine optimization schemers.

Read more HERE.

Storm Worm using Rootkit techniques

The weekend has been very busy with Storm Worm. We have lately found out new variants that have started to use kernel-mode rootkit techniques to hide their files, registry keys and active network connections.

F-Secure BlackLight is able to detect the hidden files. These variants are now detected as W32/Stormy.AB and Trojan-Downloader.Win32.Agent.bet.

Source : F-Secure

Giveaway of the day

Every day we nominate one software title that will be a Giveaway title of that day. The software will be available for download for 24 hours (or more, if agreed by software publisher) and that software will be absolutely free. That means - not a trial, not a limited version - but a registered and legal version of the software will be free for our visitors.

Visit the website HERE.

==============================================
What is Pricelessware?

The Pricelessware slogan is "the best of the best in Freeware". Freeware is: Legally obtainable software that you may use at no cost, monetary or otherwise, for as long as you wish.

The Pricelessware List reflects the categories and programs favored by alt.comp.freeware newsgroup participants. It is not a comprehensive list; categories are included if a program is selected in that category. Some categories list several selections; others have only 1 or 2. Most programs are well known but there are also some hard-to-find goodies on the list.

Visit the website HERE.

Spam is back - worse than ever

If you feel like your inbox is suddenly overrun with spam again, you are right. Not long ago, there seemed hope that spam had passed its prime. Just last December, the Federal Trade Commission published an optimistic state-of-spam report, citing research indicating spam had leveled off or even dropped during the previous year.

Instead, it now appears spammers had simply gone back to the drawing board.
There's more spam now than ever before.

Read the article HERE.

IE7 Mystery Solved

Mystery solved: Why is the Internet Explorer folder in Event Viewer always empty (IE7)? This is because Application Compatibility Logging is not enabled on your machine. This is completely normal because, by default, IE7 does not enable Application Compatibility Logging. You can enable Application Compatibility Logging to have a look see at what happens by editing the Registry as follows:

Read more HERE.

Ubuntu Studio

Ubuntu Studio aims to be a multimedia editing flavor of Ubuntu for the Linux audio, video, and graphic enthusiast or professional who is already familiar with the Ubuntu-Gnome environment. Ubuntu Studio is currently in planning.

Visit the website HERE.

Review: Six rootkit detectors

The concept of the rootkit isn't a new one, and dates back to the days of Unix. An intruder could use a kit of common Unix tools, recompiled to allow an intruder to have administrative or root access without leaving traces behind. Rootkits, as we've come to know them today, are programs designed to conceal themselves from both the operating system and the user — usually by performing end-runs around common system APIs. It's possible for a legitimate program to do this, but the term rootkit typically applies to something that does so with hostile intent as a prelude toward stealing information, such as bank account numbers or passwords, or causing other kinds of havoc.

Read the article HERE.

Vista firewall: What you can expect

In the run-up to the launch of Windows Vista for home users, we’re taking a closer look at the firewall component to see what benefits the final version offers. This article also touches on some of the other security aspects of the new OS.

The firewall has three profiles, one for each type of network connection mentioned earlier, and you can assign specific settings to each profile. Clearly, you would want to assign the most secure configuration to the Public profile and use less secure settings for the Private profile, where a level of trust exists between members of the network to which you are connected. The advanced settings enable you to do this.

Read more HERE.

Wikiseek - A Wikipedia Search Engine

The search engine company SearchMe has launched a new service, Wikiseek, which indexes and searches the contents of Wikipedia and those sites which are referenced within Wikipedia. Because Wikiseek only indexes Wikipedia and sites that Wikipedia links to, the results are less subject to the spam and SEO schemes that can clutter up Google and Yahoo search listings.

If you use Firefox you can install the Wikiseek Search Extension to add Wikiseek to the search form inside all Wikipedia pages.

Read more HERE.

Sloppy configurations - unsecured VPNs

Virtual Private Networks (VPNs) can save a lot of money by using the Internet to transport data instead of expensive dedicated lines, and modern encryption and authentication methods can ensure the confidentiality of data sent across such public networks.

Currently, the most important protocol for the implementation of VPNs is IPSec, which is unfortunately also the most complex. IPSec can not only be used to link complete enterprise networks to the Internet, but also to connect mobile users to their company’s email and database server.

Read more HERE.

==============================================
CrossLoop - Simple Secure Screen Sharing

CrossLoop is a FREE secure screen sharing utility designed for people of all technical skill levels. CrossLoop extends the boundaries of traditional screen sharing by enabling non-technical users to get connected from anywhere on the Internet in seconds without changing any firewall or router settings. It only takes a few minutes to setup and no signup is required.

Read more HERE.

==============================================
iRemotePC

Connect to and take control of another PC with iRemotePC, the latest in an increasingly long list of remote-access programs. iRemotePC beats CrossLoop in the feature department, offering chat, file transfers, folder synchronization, PC monitoring (as opposed to control) and even guest access (meaning you can invite others to connect to your PC for live presentations, demos, etc.).

Interestingly, only the host PC requires the iRemotePC software. To connect to that machine, you simply log in via the iRemotePC site. I had trouble accessing a Vista system, but it worked fine on an XP box. However, I was a bit confused by the 30-day trial notice that appeared during installation; the iRemotePC site says the software (which requires Windows) is free.

Take a look HERE.

==============================================
Network Magic

Network Magic simplifies sharing printers and files across all of your home computers. No more emailing files to yourself just to print them out. Network Magic automatically links all of your computers, printers and other devices together over your wireless or wired network. Plus – it includes wireless network repair and protection features to keep you connected and secure.

Take a look HERE.

==============================================
Secure VNC With Hamachi

By pairing up VNC with Hamachi, a Virtual Private Network application, you can remote control any computer securely over your private network across any combination of operating systems. Today we'll cover how to drive a computer over the internet with the free, secure and cross-platform VNC and Hamachi, the chocolate and peanut butter of remote computing.

Take a look HERE.

Weekend Reading

Why do I need to upgrade to Office 2007?

Much has been said and written about Microsoft’s “bold”, “gutsy”, and “innovative” initiative of releasing Office 2007, an office productivity suite with a totally new user interface. However, the question that is bound to be on the lips of every user will be: “why do I need to upgrade?” Microsoft doesn’t really have a good answer.

[ Many people have suggested that Office 2007 is a contender for the least useful upgrade in the history of computing. It's expensive, has a steep learning curve, and it's default format is even less compatible with anything else. ]

Take a look HERE.

###########################
lazyron asks:

"I've been using Open Office a bit more lately, and got to thinking: this is much more like my current version of Microsoft Office than Office 2007 will be. Could it be time to try Open Office in the workplace, especially since there is still some time left before Office 2007 will be forced on us by the demands of the product cycle? Are there any IT admins out there thinking about trying Open Office, either with a few users or all of them?"

The discussion continues HERE.

==================================================================
Outlook 2007 change sends email back to the future

A major change to the way Outlook 2007 renders email has created quite a stir online, and Microsoft's plans have largely been met with derision and critique.

Take a look HERE.

==================================================================
Run Linux without partitions

Want to take Linux for a spin? Forget partitions, dual-boot setups and live CDs: The new Ubuntu Windows installer lets you run the Linux distro while keeping the rest of your system intact.

In other words, it's like a live CD without the CD. Just run the installer, which in turn downloads a disk image of Ubuntu (actually, your choice of four Ubuntu distros), and then reboot your PC. Choose the desired boot option from the menu that appears, and presto: You're running Linux. This is a working prototype, not a finished product, so user beware. It didn't work on my Vista box (I discovered after the fact that Vista isn't supported yet), but it ran like a gem on an XP system. Great way to run Ubuntu without the hassles of partitioning or burning a live CD!

Full details HERE.

Source : Lifehacker

==================================================================
'Oops, Darn It, We Lost Your PIN'

The new Cyber-Security Bill lets custodians of sensitive, personal, electronic data rely on the honor system when it comes to disclosing breaches in security

Take a look HERE.

==================================================================
How to Catch Computer Criminals

Ever wonder how the cops are trained to investigate computer crime? Now you don't have to. The FBI last week issued a 137-page report that offers guidelines, tips, and advice to local law enforcement agencies on how to respond to and investigate computer crime. The report offers descriptions of common computer crimes and how to detect them.

Take a look HERE.


==================================================================
Network Security Threats

We introduce you to 10 of the biggest and most dangerous threats to a business's network security to make you aware of security problems facing networks today.

Take a look HERE.

==================================================================
Professor Cracks Fifth Data Encryption Algorithm

In five years, the U.S. government will cease to use SHA-1 (Secure Hash Algorithm) and convert to a new and more advanced computer data encryption, according to the article "Security Cracked!" from New Scientist. The reason for this change is that 41-years old associate professor Wang Xiaoyun of Beijing's Tsinghua University and Shandong University of Technology has already cracked SHA-1.

Within ten years, Wang cracked the five biggest names in data encryption.

Take a look HERE.

Worm Hits Computers Around the World

Computer virus writers started to use raging European storms on Friday to attack thousands of computers in an unusual real-time assault. The virus, which F-Secure named "Storm Worm," is sent to hundreds of thousands of e-mail addresses globally, with the e-mail's subject line saying "230 dead as storm batters Europe."

Read more HERE.

Bank hit by 'biggest ever' online heist

A Swedish bank has fallen victim to what experts believe is the biggest online robbery ever. A Russian gang apparently used keylogging software to steal around one million dollars. It appears that most of the victims weren't running security protection. The bank is refunding everyone who lost money (even if they hadn't taken precautions) — good news for the victims, but not really an incentive to take more care in future.

Read more HERE.

ID theft nets £85,000 a head

Identity fraud can net criminals £85,000 for each identity stolen, research has found. That is the average amount criminals can expect to gain from impersonating someone in the UK, according to anti-ID theft company Garlik.

Read the article HERE.

Behind the scenes of MIT’s network

Network Manager/Security Architect Jeff Schiller on how the school is fending off hackers, cranking up its network to handle voice over IP and become a fiber network operator to link to other research institutions.

Read the article HERE.

SeaMonkey 1.1 released

Powered by the same engine as Firefox 2 and the upcoming Thunderbird 2, SeaMonkey 1.1 includes numerous enhancements including more visible security indicators in the browser and enhanced phishing detection for e-mail, a new tagging system for e-mail that supersedes labels, support for multi-line tooltips in web pages, and previews images in tab tooltips. Other changes include inline spell checking in the browser, an updated version of ChatZilla, and a significantly improved startup script on Linux.

Read more HERE.

UNINFORMED

Volume 6 is now out.

Subverting PatchGuard Version 2
Exploiting 802.11 Wireless Driver Vulnerabilities on Windows

Read more HERE.

Preventing Spam over IP Telephony

Spam filters can easily be trained to give better than 90% effectiveness with zero false positives, and for those who still suffer from a lot of spam in their inboxes, they are either not updating their spam databases often enough, or they just do not see the value of getting 90% fewer e-mail messages.

Read more HERE.

The New Threats Are on the Server

The really innovative cracking is happening on Web servers these days, and defensive research is moving in that direction too. There is another type of dangerous botnet out there where you might not expect it: in Web servers and hosting farms, typically Linux boxes. The Web server software on these servers typically runs PHP, the wildly popular Web scripting language.

If you follow vulnerability tracking, you've seen the name PHP a lot over the last couple of years. The number of vulnerabilities in it has been large, and the problem is long-standing

Read more HERE.

Ajax Sniffer - Proof of concept

Let’s take a look at how to create an ajax based sniffer.

In order to create a sniffer we need to do two things
1. Override the open and send function of XMLHttpRequest using javascript inheritance
2. Send the data to a program on the other domain

Read the article HERE.

Sun patches critical JRE security flaws

Sun Microsystems has issued a critical security patch to address vulnerabilities in Sun's Java Runtime Environment when it processes graphics interchange format, or GIF, images.

Read more HERE.

Microsoft Patches Buggy Excel Patch

Microsoft has re-released an update issued in its January 2007 patch batch to correct a glitch in the way Excel 2000 processes information.

"After you install [the patch], you can no longer open some files that you created by using any version of Excel," the company warned.

Read more HERE.

EBay Stresses Security

The online auction company's plans include eliminating one- or three-day auctions for certain categories. The chief executive of eBay's North American operations has put improved buyer and seller security at the top of the online auction site's priority list for 2007.

Read more HERE.

===============================================
Before You Buy Software on eBay

eBay can be a great place for finding great deals on software but before you place a bid on some software, here are a few important points you should take note of:

Take a look HERE.

MySpace offers parental notification software

MySpace.com, News Corp.'s popular online social network, plans to offer free parental notification software in a bid to appease government critics, The Wall Street Journal reported on Wednesday.

Parents will be able to use the software, named "Zephyr," to find out what name, age and location their children use to represent themselves on MySpace, the Journal said.

Read more HERE.

Retail Security: A Critical Need

[ We - that is, me and you, take security seriously. We run patched software, use secure passwords, encrypt our financial details on our hardrives, and are not to be put in the same category as the rest of the morons using the Internet. Yet we are constantly put at risk through others inability to do the same. Last year was a record breaker for lost or stolen laptops. Websites are regularly hacked for their customer details - read credit cards or identity theft. So, while we take every possible precaution, those to whom we supply that information, keep "giving it away". Take care out there. ]


Famous bank robber Willie Sutton, when asked why he robbed banks, responded plainly, "because that's where the money is." The emergence of the Internet as an important tool of commerce would have today's Willie Suttons forsaking bank robbery for Internet thievery, because today, that's where the money is. Nowhere is this more evident than in the retail sector.

Take a look HERE.

Computer Privacy in Distress

My laptop computer was purchased by Stanford, but my whole life is stored on it. I have e-mail dating back several years, my address book with the names of everyone I know, notes and musings for various work and personal projects, financial records, passwords to my blog, my web mail, project and information management data for various organizations I belong to, photos of my niece and nephew and my pets.

In short, my computer is my most private possession. I have other things that are more dear, but no one item could tell you more about me than this machine.

Yet, a rash of recent [US] court decisions says the Constitution may not be enough to protect my laptop from arbitrary, suspicionless and warrantless examination by the police.

Read more HERE.

Enjoying Technology's Conveniences

The tracking of Kitty Bernard begins shortly after she wakes up. All through the 56-year-old real estate agent's day, from walking in her building's lobby to e-mailing friends and shopping and working, the watchful eye of technology records her movements and preferences.

Welcome to the 21st century.

Read the article HERE.

Legal Codes Hinder Hacker Cases

As police around the world become more skilled at tracking down criminals who spread computer viruses, they are realizing there are some bugs in their own system: hurdles to trying their cases in court.

The problems lie in both building cases and securing stiff sentences, say legal and security experts. Prosecutors can have a hard time explaining the complex crimes to the courts. It often is difficult for law enforcers to quantify the damage caused by a virus that infects computer networks. And judges often hand down light sentences to the culprits, who typically are young, first-time offenders, among other factors.

Read more HERE.

Comparing the comparatives

The fact remains that traditional engines are insufficient against new malware. It's apparent that if you want protection nowadays you cannot rely on signatures and heuristics alone, regardless of how "leading edge" you're told it is. Use of behavioural analysis and other proactive techniques is an absolute must. Many leading solutions are finally starting to implement behavioural technologies in their solutions and that is A-Good-Thing.

Read the article HERE.

Sudden Rise in ActiveX Vulnerabilities

The year 2006 saw the rise of numerous security trends such as attacks against social networks, initiatives by researchers to sequentially disclose many flaws in Web browsers and operating system kernels, attacks being used for financial gain, and a dramatic increase in the number of vulnerabilities affecting Web applications. During the last few months of the year, I have noticed another trend that did not receive much attention. There has been a significant increase in the vulnerabilities that affect ActiveX controls. These vulnerabilities can facilitate an assortment of attacks that may simply cause the disclosure of sensitive information to an attacker or, in the worst-case scenario, allow them to execute code to gain unauthorized access to an affected computer.

Read more HERE.

Report Shows Spike in Online Identity Theft

A white paper from McAfee Avert Labs on global identity theft trends uncovered a dramatic increase in online and computer-based identity theft through the use of keyloggers.

[ Surprise - surprise. It's a report that may be of interest to some, so I have blogged it. I guess this is one of the many thousands of "reports" that will be released this year to justify an existence - be it a software provider, an online security website, or some other useless entity. I, of course, do not include the first release of genuine statiscal or information reports, just the rehashes of the same old topics [ insecure passwords, spam, identitiy theft] that keep appearing on a daily basis ].

The findings come on the heels of similar reports decrying the increase of spam and instant messaging attacks in 2006, including a study by San Diego-based Akonix Systems that uncovered nearly 20 percent more new IM-borne attacks last year than it did in 2005.

Read more HERE.

The Chilling Effect

How the Web makes creating software vulnerabilities easier, disclosing them more difficult and discovering them possibly illegal.

Read the article HERE.

Google’s Latest Security Hole

I’ve now received confirmation from Google’s Security Team that the latest vulnerability Philipp posted about has been fixed. After carrying out some investigations of my own, I believe this is the case – so I’m going to share with you what the problem was and how I was able to exploit it.

Read more HERE.

Brazilian and Russian Blackhats working together

Websense Security Labs has discovered that Brazilian-based malicious code authors are now utilizing a popular web exploit kit which originates in Russia. This combination of the groups working together is relevant because previously we have not seen such collaboration. The Web Attacker toolkit allows attackers to place code on their website to infect users when the site is visited. This toolkit is the most popular exploit kit on the web today.

Read the article HERE.

Could invisibility beat encryption?

PCMesh has unveiled software which it claims can hide any Windows file or directory, not only from other users - or thieves - of the same PC, but even from the operating system or a virus.

"Data that's protected by PCMesh Hide Files and Folders is not visible, so it can't be attacked," the company claimed. "In fact, the software itself does not even run continually, so it does not announce its presence to snoopers and hackers. The only time the software is active is when it's being used to hide or reveal protected files or directories."

Read more HERE.

And this is why you see so much spam

By infecting two machines with two different known spam Trojans (Trojan-Proxy.Win32.Lager.gen and FiveSec.Spam.Agent.vx), we were able to capture over 6,000 image spam messages in a period of only 35 minutes (the spam bots were running at different times). Incidentally, these trojans are coming through Vxgames installs (nasty malware distributors).

Read more HERE.

Get Better Passwords

An active scam Web site designed to look like the login page for social-networking site MySpace.com appears to have stolen user names and passwords from nearly 60,000 people, according to data in a file that was linked to today from a popular security mailing list.

Read the article HERE.

The most common hacker

I’m often asked: what’s the most common type of hacker and attack? Over time I’ve discovered that the general public holds a somewhat romantic image of hackers. One mental picture involves an emaciated young man in a poverty-stricken corner of the world. Greasy-haired and red-eyed, he types late into the night on an old TRS-80 workstation, trying desperately to get your American Express account number for nefarious purposes.

Another favorite image is of a cherub-faced pre-teen with extreme computer skills and little knowledge of law and order. Thanks to too much hardware and too little parental supervision, she creates a new virus that brings down every business on the Eastern seaboard.

Both images couldn’t be more wrong.

Read more HERE.

Want an iPhone? Beware the iHandcuffs

Steve Jobs, Apple’s showman nonpareil, provided the first public glimpse of the iPhone last week — gorgeous, feature-laden and pricey. While following the master magician’s gestures, it was easy to overlook a most disappointing aspect: like its slimmer iPod siblings, the iPhone’s music-playing function will be limited by factory-installed “crippleware.”

Read more HERE.

==============================================
Ten Myths of the Apple iPhone

With only a brief preview of its new iPhone, Apple has yanked the rug from under the rest of the industry. The talking heads desperately need to something to say. Here's what they'll all be saying, and why they'll be wrong.

Read the article HERE.

Windows Vista - A dog's breakfast

Opinion. It sucks. It's a complete mess; a dog's breakfast. It's bug-riddled; it contains legacy features that hark back to Windows 3.1, and, worst of all, it can't be trusted with your valuable data. The user interface only looks slick; underneath it's a slapped-together hotchpotch of brain-dead, dysfunctional and downright buggy features.

If you work in an office environment and hold a position of influence, you would do well to have anyone fired who suggests your organisation should move to Windows Vista.

Read the article HERE.

I'm An Idiot...

(And Other Lessons From The IT Department)

I mean, I know I’m not supposed to click on attachments. Clicking on attachments is bad. My IT department sent me an email explaining this. They were even kind enough to attach a Word document explaining how to set my computer up to prevent the spread of viruses through attachments like…well, like Word documents. I have to admit, that little irony had me scratching my head for a few minutes. Was this some sort of test for us lusers to see if we pay attention? Then I realized the message came from my IT department. And you can’t fake an email address. No way.

I think I passed their test.

Read more HERE.

Free Solaris 10 Software Media Kit

For a limited time, Sun is offering a free DVD media kit which includes the Solaris 10 Operating System for both SPARC and x86 platforms as well as Sun Studio 11 software.

Read more HERE.

Blu-ray and HD both doomed

When it comes to the HD-DVD versus Blu-ray battle, the winner is neither, they will both lose. Blu-ray will lose much quicker than HD, but neither will achieve the critical mass necessary to take off before the net overwhelms them.

The majority of this victory is due to one thing, Sony's arrogance.

Read more HERE.

==============================================
Flash will kill Blu-ray and HD DVD

So, what technology is going to win the optical standards war? The answer is flash memory. If you're asking yourself why, the answer is fairly simple and that's ease of use, plus a continuously falling price and sky high capacity.

Read the article HERE.

Spy guys

The anatomy of a covert wireless security assessment - Maybe I’m a little old for it, but I do enjoy the change of pace a big wireless security penetration project provides. Once or twice a year, I get to put down my thrill-a-minute governance frameworks, quit rockin’ out policy advice, and make like the black hats for a week or two.

Read more HERE.

Pay attention when installing software updates

Please let me make this perfectly clear. I hate software bundling, and have said so on this blog many times. I hate it that so many free products try to install toolbars or change my Web browser settings, whether it be Yahoo Messenger, or MSN Messenger, or Adobe Acrobat, or Sun Java or the myriad other products that try to do the same thing. The CNET article is right insofar as the default install of Yahoo Messenger changes your Web browsers home page and search engine settings an adds a toolbar and the Yahoo Messenger installation does NOT make it clear that these things will happen. It should NOT be necessary to select 'customise your install' or 'custom install' before you can see the tick boxes for the additional changes. But that being said, my strong dislike for bundling does not cancel out a similarly strong dislike for misinformation.

Read more HERE.

Hackers look for iPhone vulnerabilities

Technology fetishists aren't the only people itching to get their hands on an iPhone. Hackers want to play with Apple's new toy, too.

Read more HERE.

Computer Investigation Guide

The Fundamental Computer Investigation Guide for Windows is a concise collection of processes, tools, and best practice information. It is designed to provide standardized guidance for IT professionals who need to conduct investigations of Microsoft® Windows®–based computers in their organizations.

Visit the website HERE.

==============================================
USB PC Repair System

The Daily Cup of Tech computer help site put together a USB-drive based collection of software that'll help you resuscitate any ailing PC.

All wrapped up into one convenient, 14.2MB zip file, the USB PC Repair System contains 37 fix-it proggies, many of which we've recommended here on Lifehacker before, including: CCleaner, Eraser, ProcessExplorer and TweakUI. The PC Repair System is a free download, Windows only.

Read more HERE.

==============================================
Recover Deleted Files for Free

One of my worst nightmares is deleting a file from my PC just to realize that I still needed it. It has happened to me several times, especially since one of my favorite key combinations is Shift+Delete, which “permanently” deletes a file– bypassing the Recycling Bin.

I tested four freeware applications that are all designed to restore your files after they are supposed to be gone. The applications were as follows:

Read more HERE.

Weekend Reading

Cisco touts networked home of future

Cisco Systems CEO John Chambers took the stage at the Consumer Electronics Show in Las Vegas Tuesday to outline his company's vision of the networked home of the future and say how through partnerships and acquisitions Cisco will become a top player in the market.

He said that the consumer electronics market is at an important transition. The last decade was about moving entertainment from analog to digital. And the next few years will be about networking consumer electronics devices together to allow people to use any device anywhere and to be able to do this as easily and safely as possible.

Read the article HERE.

==================================================================
WEP Cracking Revisited

This is a tutorial on how to crack Wired Equivalent Privacy (WEP), whether it is 64-bit or 128-bit. Depending on whether there are clients connected to your Access Point (AP) or not will decide which method you need to use to generate wireless traffic. If you are looking for a Linux Distribution that contains all of the tools needed for this, I would highly recommend BackTrack 2. Not only does it contain hundreds of open source tools, but it is also based on the Slax Live CD, which has excellent modularity. To sniff for wireless networks and capture packets you can use a variety of different applications, but the most widely used are Airodump and Kismet. I would suggest using Airodump since it comes in the Aircrack Suite and is what I will be using in this tutorial.

Read the article HERE.

==================================================================
Microsoft will offer an Open Source OS

One of life's more pleasant surprises, akin to finding a £20 note in an old jacket pocket, is to receive an email from an INQ reader that isn't written entirely IN CAPITALS in green crayon and contains hardly any expletives or death threats. And when such a mail comes from a real email address, it actually becomes possible to have a sensible discussion.

Read the article HERE.

==================================================================
Conference encourages Linux in the bathroom

Australia's biggest Linux conference will kick off next week and the organiser has promised that attendees will get a lesson in how to control and monitor everyday objects -- including a toilet flush -- using the open source operating system.

Read the article HERE.

==================================================================
Logitech on cutting edge of keyboard design

No matter what other opinions you may have about Logitech's new diNovo Edge keyboard, I defy anybody to say it isn't as sexy as hell. Cut from a single piece of black Plexiglas and set into a thin brushed aluminium frame this keyboard just exudes class and a sense of minimalist chic.

Read the article HERE.

==================================================================
Worlds most expensive PC

HP has unveiled the most expensive PC in the world - under the CDW banner.

Take a look HERE.

Secure Passwords Keep You Safer

Ever since I wrote about the 34,000 MySpace passwords I analyzed, people have been asking how to choose secure passwords.

Read more from Bruce Schneier HERE.

==============================================
These articles keep appearing on a regular basis. I think that is a good thing - if they appeared in the correct media. As I have mentioned before, these blogs/publications/articles are preaching to the converted. Most computer users are totally ignorant of the dangers they face and educating them is a huge task. The print media are all to happy to sensationalise stories like the one below, but they would never consider an article on the dangers of going online and computer security on Page 3.

The recent case of Julie Amero, the hapless substitute teacher who has been convicted for a porn spyware infestation on a classroom computer and is now facing up to 40 years in prison highlights theproblem. Mixing an obvious abuse of the court system (the twinkie defense) with an arguably legitimate defense (spyware), an argument ignored by an apparently computer-illiterate court (and the defense lawyer admitted that he also is computer illiterate).

Read more HERE.

==============================================
Password checker - Microsoft Online Tool

Your online accounts, computer files, and personal information are more secure when you use strong passwords to help protect them. Test the strength of your passwords: Enter a password in the text box to have Password Checker help determine its strength as you type.

I tried a few of mine that I thought were pretty tight. Bill told me that they were only rated as "Medium" strength. I then told him what I really thought of him and his online checker. He did not respond. I strengthened my passwords.

Try your passwords HERE.

'Uncrackable' Encryption Scheme Created

A quantum cyptography developer has teamed with Australian cyptography company to create what the partners claim in the world's first 1- to 10-Gbit/s secure network that combines uncrackable quantum keys with classical encryption.

Read more HERE.

PayPal to combat phishing with key fobs

In an effort to protect users from fraud and phishing schemes, eBay subsidiary PayPal is preparing to offer secure key fobs. The devices, which display a six-digit code that changes every 30 seconds, will be made available free to all PayPal business users, and will cost $5 for all personal PayPal account users. Those who opt in on the key fob will have to enter the six-digit code when logging in to PayPal.

Read more HERE.

Macworld crack offers VIP passes

Alongside the VIPs and people who paid top dollar, a hacker claims he also got priority access to Steve Jobs' speech at the Macworld Conference and Expo this week.

Read more HERE.

Firefox 3 Plans and IE8 Speculation

While IE7 and Firefox 2 were more alike than different (feature-wise they're practically identical!), with IE8 and FF3 we will likely see the two biggest browsers head off into different directions.

Read more HERE.

Free Online Computer Tutorials

In Pictures has launched its new line of free computer how-to tutorials. There are 12 online tutorials on subjects such as Microsoft Office, OpenOffice.org, and Dreamweaver 8. The tutorials can be used by anyone, free of charge.

In Pictures tutorials are based on pictures, not text. They contain one-tenth as many words as a typical computer how-to book. How-to books typically contain 50,000-100,000 words of text, but these online tutorials contain only around five thousand.

Read more HERE.

==============================================
Download Videos from Google Video, YouTube, MySpace

This simple tutorial will show you how to download videos from the internet (MySpace, YouTube, Google Video, etc) and save them to your computer. The reason you have to go through this process to download the videos is due to the fact that content providers (YouTube, Google Video, and others) use special formats that do not allow playback in traditional media players (i.e. Windows Media Player, Itunes, and others); as such this method allows you to save the downloaded video files to a universal .avi file that you can play back on any media player.

Read more HERE.

==============================================
GMailUI

GMailUI is an extension to Thunderbird (versions 0.8 - 1.5.0.x) which add concepts inspired by GMail to Thunderbird, like archiving mail and powerful message searching across all folders. Select a folder to be your sole "archive" folder, or choose to have an archive folder in each of your multiple accounts. Then type "Y" to send your selected message(s) to the appropriate archive folder. Type "from:fred to:tom attachment:yes" to see all messages from Fred to Tom in the current view that have an attachment. Press Ctrl+Enter to have this search apply to all folders.

Read more HERE.

Exploit Released for Critical PC Hijack Flaw

A fully working exploit for a high-risk vulnerability fixed by Microsoft two days ago has been put into limited release, prompting new "patch now" warnings from computer security experts.

The exploit, which allows PC takeover attacks on Windows XP SP2, has been published to Immunity's partners program, which offers up-to-the minute information on new vulnerabilities and exploits to IDS (intrusion detection companies) and larger penetrating testing firms.

Read more HERE.

High-Tech Handsets are Hacker Bait

With mobile devices becoming smarter, security experts see a rising threat from hackers and spammers set to exploit a new entry point into the corporate network. But many see security offerings as a differentiation point for service providers

As mobile phones and devices become smarter and more complex, they are becoming a greater target for hackers and spammers, potentially creating a massive security threat for consumers and enterprises.

Read more HERE.

'Craplets' could damage Vista launch

A senior Microsoft Corp. executive says the company is concerned that uncertified third-party software loaded onto new computers by manufacturers could hurt the launch of consumer versions of its Windows Vista operating system later this month.

Read more HERE.

==============================================
$60 to keep crapware off of a Windows PC?

What can be done to stop it? It's a money problem, so it's going to take money to fix. At least, that was the message from Michael Dell earlier this week at CES. Our own Eric Bangeman sat in on a round-table with Mr. Dell, and one of the topics raised there was what do to about crapware. When asked about it, Dell responded by asking participants how much they were willing to pay to receive a computer sans crapware. It seems that, at the end of the day, OEMs want that money to come in somehow, someway.

Read more HERE.

Vulnerability reported in Snort

The problem is that the rule matching algorithm of Snort can be exploited to perform numerous time-consuming operations, which may lead to a decreased or zero detection rate via a specially crafted packet.

The vulnerability is reported in version 2.4.3. Other versions may also be affected. The vulnerability is rated "Less critical".

Read more HERE.

Malware: Windows is only part of the problem

We’ve all been hearing a lot about secure applications recently, or more accurately about insecure applications; specifically those that are exploited in identity theft raids or that we can be “tricked” into running on our PCs.

Insecure applications are such a problem that Microsoft has spent the last five years and many millions of dollars re-engineering its operating system and much of its other software in order to improve the situation

Read more HERE.

Hackers $8,000 Bounty on Vista and IE 7

VeriSign's iDefense Labs has placed an $8,000 bounty on remote code execution holes in Windows Vista and Internet Explorer 7. The Reston, Va., security intelligence outfit threw out the monetary reward to hackers as part of a challenge program aimed at luring researchers to its controversial pay-for-flaw VCP (Vulnerability Contributor Program).

Read more HERE.

Windows Vista Test Drive

Try Windows Vista without having to install it on your PC. The test drive requires Internet Explorer 6 or later, a browser plug-in, and a broadband Internet connection. A minimum 1024 x 768 screen resolution is recommended.

Take a look HERE.