Black Hat USA not so black

A presentation scheduled for Black Hat USA 2007 that promised to undermine chip-based desktop and laptop security has been suddenly withdrawn without explanation. A demonstration of a hack, which breaks Trusted Computing Group’s Trusted Platform Module and Vista's BitLocker has been dropped.

Nitin and Vipin Kumar were down to give a demonstration which promised to show a huge hole in chip-based desktop and laptop security. At the Black Hat conference in Amsterdam earlier this year the Kumars demonstrated a bootkit that can insinuate itself into the Vista kernel without setting off Vista security alarms.

Read the article HERE.

The important thing here is not that the demo has been dropped, but that this flaw in the technology may exist. As they have demonstrated a successful hack before, and given the Kumars' history, I am more than prepared to give this a 90+% credibility rating. The bottom line - do we again have to rethink our security policies?

Google Re-authentication Bypass

During a session, while performing a crucial operation Orkut requires a user to authenticate himself with his password in order to prevent walk-by attacks. If a user fails this authentication, he is redirected to login page, where he needs to re-authenticate himself. However, at this stage the session is not disabled temporarily at the server side. This can be exploited by an attacker to bypass re-authentication.

Read the article HERE.

'Blue Pill' Rootkit Detectable

Joanna Rutkowska, the security researcher who one year ago built a working prototype, code-named Blue Pill, of a rootkit capable of creating malware that remains "100 percent undetectable," has tacitly conceded to a group of security researchers that the detector code they cooked up in the past month will in fact ferret out Blue Pill.

Read the article HERE.

Solving the Web security challenge

The Web, for better or worse, has arguably become the equivalent of a massive public agency. It is the repository for consumer information and services of the most sensitive and important nature, ranging from medical records to financial investments.

Web-based services are supplanting traditional desktop software at a blinding pace, taking over terabytes of personal data in the process. Unlimited e-mail storage and Web 2.0-style start-ups will accelerate that trend even more.

Which raises an obvious question: Is that a good idea? The most disturbing answer, if history is any guide, is that we may not have much of a choice.

Read the article HERE.

Is Harry Potter dead?

Always ready to hitch their creations to current pop-culture events, malware writers have developed a new worm just in time for the release of the latest "Harry Potter" movie and novel.

Read the article HERE.

Prince Charles' identity not on looted laptop

A British payroll company that lost a laptop containing the identities of 500 people has denied that Prince Charles, Duke of Wales, was among those whose personal information was on the computer.

Read the article HERE.

Intel explains the Core 2 CPU errata

To get back to the story, at first Intel posted the details about these particular errata back in late April inside a Core 2 Specification Update PDF document, explaing how this error could cause memory leaks and ultimately, lead to crashes

Read the article HERE.

Intel Core 2
OpenBSD founder Theo de Raadt has posted details and analysis on outstanding, fixed, and non-fixable Core 2 bugs.

Read the article HERE.

Experts challenge claim of undetectable rootkits

Four well-known researchers challenged rootkit guru Joanna Rutkowska to prove that a rootkit can be made undetectable. The four researchers - independent Dino Dai Zovi, Peter Ferrie of Symantec, Nate Lawson of Root Labs and Thomas Ptacek of Matasano - stated that any rootkit that runs on the host of a virtual environment, leaves so many telltale signs that it can be detected.

Read the article HERE.

Dark Reading also takes a look at this Hacker Smackdown

Solving the Web security challenge

This is part four of a four-day series examining the state and future of Web security. Unprecedented amounts of data will need to be secured in new, untested ways. What's the best course in such uncharted territory?

Read the article HERE.

Google Desktop arrives on Linux

Google has finally released a long-awaited native Linux application: Google Desktop for Linux. As with the already shipping OS X and Windows versions, Google Desktop enables Linux users to search for text inside documents, local email messages, their Web history, and their Gmail accounts.

Read the article HERE.

Tips from one of the good guys

When it comes to computer security, your biggest vulnerability may be a bit of a surprise. “I’m sorry, but no-one vets the cleaner,” says Peter Wood, First Base Technologies‘ hacker-for-hire.

Unlike criminal hackers, Wood operates on a strictly ethical basis. He is Chief of Operations at a security consultancy and firms hire him to test their defences. But he uses the same sneaky tricks as the bad guys, which includes trying to infiltrate an office using bogus cleaners.

Read the article HERE.

More cooperation needed on security

The security chiefs of several large infrastructure and software vendors said they are doing all they can do to embed security into their products, but they agreed that more work must be done to improve security between their platforms.

While vendors have built in security controls to narrow the gap between their products and their partner products, gaps remain. That makes it difficult for IT security professionals to manage multiple platforms and secure transactions between various applications and servers.

Read the article HERE.

Demonoid Down: The Truth?

Demonoid is not down because of a crash, not at all. A Dutch-based law firm who call themselves BREIN have successfully gotten demonoid’s host, Everlasting.nu, to shut them down.

Read the article HERE.

NZ banks demand access to PCs in fraud cases

Banks in New Zealand are seeking access to customer PCs used for online banking transactions to verify whether they have enough security protection. Under the terms of a new banking Code of Practice, banks may request access in the event of a disputed transaction to see if security protection in is place and up to date.

Read the article HERE.

It was only a matter of time before someone took the first step. Expect this to be adopted by banks worldwide. Is this a bad thing? I think not. Something like this will make into the general news services. It may act as a wake up call for those people who don't know [or care] about personal PC security.

Critical update for Intel Core CPUs

We learned that the affected CPUs are the Core 2 Duo E4000/E6000, Core 2 Quad Q6600, Core 2 Xtreme QX6800, QX6700 and QX6800.

In the mobile world....Read the article HERE.

At the bottom of the page is a link to Microsoft that advises "A microcode reliability update is available that improves the reliability of systems that use Intel processors"

Worms 2.0!

Wade Alcorn recently published a [PDF] paper explaining the technical details behind Inter-protocol Exploitation. In his research he focused on using a web browser as a beachhead to launch Metasploit-style attacks. What this means is that any Javascript enabled web browser might be used to launch an attack against a service, for example a VoIP server, and gain complete control of the box.

Read the article HERE.

Web Worm Whacks MySpace Users

A complex, ongoing attack on MySpace.com users is turning victim's sites and computers into hosts for serving phishing scams and computer viruses. Earlier this week, some MySpace user pages were seeded with computer code seeking to exploit one of three recently-patched security holes in Microsoft Windows and Internet Explorer. MySpace visitors who browse one of these pages are redirected to a fake MySpace login page aiming to steal the visitor's MySpace user name and password.

Read the article HERE.

Microsoft's lessons from the desktop

This is part three of a four-day series examining the state and future of Web security. While similar rules apply to Web security, the differences are crucial and the stakes are high, says Microsoft senior security director.

Read the article HERE.

iPhone security

Few people standing in line to buy an iPhone Friday will be focusing on the security of Apple's new phone. But some influential security researchers already have given the matter lots of thought. Take Neel Mehta, a security expert at IBM's Internet Security Systems, which typically focuses on perimeter security for large corporations.

Read the article HERE.

Why We Click

Money is the motivation for scam-spam. The motivation for clicking on it is far less straightforward, and none of us are immune. While the motivations to click on spam aren't much different than those that motivate people to play Three-card Monte, the pool of potential marks—targets of a scam—is far larger on the Internet.

Read the article HERE.

Security Vendors Challenge Antivirus Tests

Antivirus software is frequently tested for performance, so picking a top product should be straightforward: Select the number-one vendor whose software kills off all of the evil things circulating on the Internet. You're good to go then, right? Not necessarily.

Read the article HERE.

Microsoft Security Bulletin MS07-022

Updated: June 26, 2007

Vulnerability in Windows Kernel Could Allow Elevation of Privilege (931784)
Who Should Read this Document: Customers who use Microsoft Windows
Impact of Vulnerability: Elevation of Privilege
Maximum Severity Rating: Important
Recommendation: Customers should apply the update at the earliest opportunity
Microsoft Windows XP Service Pack 2 — Download the update

Read the article HERE.

Voltage secures patents on ID encryption

Voltage Security has been granted five patents covering the core functionality of their "identity-based" encryption products, though they're keen to share the technology with everyone on a reasonable and non-discriminatory basis.

Most public-key encryption systems require an exchange of keys before data can be encrypted, but Voltage takes advantage of Elliptic Curve Cryptography (ECC) to create a system where knowing someone's email address, or any other unique identifier, gives access to their public key and thus enables encrypted messages to be sent to that person.

Read the article HERE.

'Vista-Only' Titles Cracked

Hacking group warez has released a patch allowing gamers to run Halo 2 and Shadowrun, both released by Microsoft as Windows Vista-only titles, on the firm’s older Windows XP operating system.

Read the article HERE.

An article at Ars Technica advises that the game will only work with single-player bot matches and LAN-based multiplayer, not online multiplayer. The retail game validates users over Windows Live in a manner similar to Blizzard games, so it is not surprising that a cracked version would be missing the ability to play online.

Social Networking on Internet Scammer Forums

With social networking sites like MySpace and Facebook all the rage among the 18 to 24 set, it's not hard to see why so many young people are drawn into hacking and online crime: After all, most criminal hackers learn the tricks of their trade at Web forums and online chat networks that also serve to connect buyers with sellers of stolen consumer data.

Read the article HERE.

Lax and Lazy At Los Alamos

Officials at the nuclear-weapons laboratory, already struggling to calm concerns over security lapses, now have two more breaches to explain. In late May, a Los Alamos staffer took his lab laptop with him on vacation to Ireland. A senior nuclear official familiar with the inner workings of Los Alamos—who would not be named talking about internal matters—says the laptop's hard drive contained "government documents of a sensitive nature." The laptop was also fitted with an encryption card advanced enough that its export is government-controlled. In Ireland, the laptop was stolen from the vacationer's hotel room.

Read the article HERE.

New crypto standards proposed

The [US] National Institute of Standards and Technology has revised two Federal Information Processing Standards specifying algorithms for cryptographic hashing. Drafts of FIPS 180-3 and FIPS 198-1 have been released for three months of public comment.

Read the article HERE.

At Yahoo, being paranoid comes with the job

This is part two of a four-day series examining the state and future of Web security. To Arturo Bejar, the name of Yahoo's security team made perfect sense when he came up with it eight years ago: the "Paranoids." Bejar, whose own title is "Chief Paranoid Yahoo," wanted his department's moniker to be disarming and give the security role a friendly face.

Read the article HERE.

Enterprise News

After my "It's not easy being an Englishman" post last Saturday, I noted that " My wife - who just happens to be a "pommy', has already inflicted all the real pain any man is entitled to endure." Also, as a penance, I have to appease my better half with this post. My lovely wife is involved with Corporate IT, and often remarks on the lack of posts in that area.

These are for you darling.....

KCpentrix 2.0
The Kcpentrix Project was founded in May 2005 , KCPentrix 1.0 was liveCD designed to be a standalone Penetration testing toolkit for pentesters, security analysts and System administrators

What's New in KcPentrix 2.0: Now release 2.0 is a liveDVD, It features a lot of new or up to date tools for auditing and testing a network, from scanning and discovering to exploiting vulnerabilities

Read more [and download ] HERE.

Security Appliances Sitting Ducks
Calyptix Security, has discovered that CSRF (cross-site request forgery), a type of vulnerability that typically concerns large sites like Amazon.com, Google and Digg, also affects a vast array of the security devices that enterprises plunk down at the heart of their defense systems.

Read the article HERE.

How to be a digital detective
What every network manager should know about computer forensics. Whatever the reason, it's possible at some point there will be an incident at your company that will require the IT department to conduct a formal investigation tracking the digital trail of an employee. Will you know what to do?

Read the article HERE.

The iPhone Enterprise Experience
Coming at it from a security standpoint, I'm appalled: How could anyone allow these strange, unmanaged things onto their network? There's point one about it all in my last sentence: If you have a management system of any kind to deal with security, it's unlikely to be able to manage an iPhone.

Read the article HERE.

Security guru Clarke: safe networks don't exist
Remember that 80's classic War Games? You know, the one with Matt Broderick and Ally Sheedy about a California teen who hacks into a Pentagon war simulation computer WOPR (for War Operation Plan Response)? Well, former White House cyber-security expert Richard A. Clarke told a gathering of enterprise executives and data protection specialists that they should load it up in their NetFlix queue and watch it...very carefully. Why? because the movie gives a good depiction of how porous most enterprise networks are these days, Clarke said.

Read the article HERE.

Users: Encryption No Silver Bullet
Encrypting data as it travels across corporate networks could be a distraction from the real security challenges facing organizations, warned IT managers at a security event here today. "Why would anyone attempt to attack an encrypted file when all they have to do is send out a phishing email or attach a keylogger and get the information that way?" he said. "You have got to worry about the endpoints -- criminals are going to go for the low-hanging fruit."

Read the article HERE.

Cyber Security Bulletins June 25, 2007

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cyber Security Division (NCSD) / United States Computer Emergency Readiness Team (US-CERT).

Read more HERE.

iPhone security: Nightmare for IT or no big deal?

Apple Inc.'s iPhone will prove to be a security "nightmare" to corporate IT when it debuts Friday. Or it may fuel a surge in mobile malware. Or it won't change the security landscape one whit. Take your pick, said security researchers and analysts today.

With details still unclear - Apple has said next to nothing about iPhone security - it's no wonder that the device's vulnerabilities are in the eye of the beholder, even if those beholders are professionals who make their living researching vulnerabilities and blocking exploits.

Read the article HERE.

Google: 'We all have to invent the wheel'

Douglas Merrill first learned about online security while growing up in Arkansas. A natural geek, he spent Saturdays putting together computers with his dad, a physics professor. As vice president of engineering at Google, Merrill stands at the forefront of a critical period in the Digital Age as so-called Web 2.0 technologies pose unprecedented challenges to online security.

Next to several cubicles that house other security experts stands a mannequin in full Darth Vader garb. Crew members joke that he's the "friendly face" of Google security.

Take a look HERE.

Don't be evil

A series of developments raise the specter that remotely stored or created documents may be subject to subpoena or discovery all without the knowledge or consent of the document's creators. I have been playing around recently with Google's Documents and Spreadsheets.

Put aside the security aspects of remote storage of documents. Remember, irrespective of the amount of physical and logical security on the Google servers, ultimately your documents are going to be only as secure as your GMail password - and if you store your password somewhere, maybe not even that secure.

Read the article HERE.

Rant : Vista's failures explained

Dear Microsoft, Please stop your whining, it is getting quite annoying. First, MeII [aka Vista] brings me as a consumer nothing but a pretty shell. There may be a bunch of nuance things that are better, but under the skin there is really nothing to write home about.

Read the article HERE.

OpenID - is it even useful?

There has been lots of speculation regrading whether OpenID is actually useful and I've often asked myself what can OpenID actually do for a company. If you're interested in what OpenID can do for SSO/trust/webapps, then have a read.

Read the article HERE.

New piracy concerns

It took Brian Baker only five minutes to persuade a major U.S. television network that it needed his company's technology to protect their programs from Web pirates.

Using software easily found on the Internet, Baker, chief executive of Widevine Technologies, recorded a video clip stream from that network's Web site, stripped out the commercials and sent the company back the altered video.

Read the article HERE.

How to revive an old PC

One of my interests is in recycling and reusing older computers. If a business has a room full of fairly recently-pensioned-off kit, I point them at ComputerAid, but it wants recent kit, preferably by the van-full, not the odd knackered-old one-off. I regularly take such doorstops that clients are discarding, upgrade them with some marginally newer bits, put a lightweight OS and apps on them and give them to impoverished - or just tightwad - mates. With the right choice of software, even a five-year-old computer can be a fast, responsive machine with bags of life left in it.

Read the article HERE.

A close friend of mine who uses his home computer for financial transactions, also has a young son who uses the same computer to download a variety of suspect programmes. I have had to rescue this computer more than once. But no more. Using a philosophy similar to the story above, I have created a "secure box" for him only to use. This computer is available to him only, and is used solely for financial transactions. No surfing, no email - just a secure money machine. Seems to be working.

When Computers Attack

Anyone who follows technology or military affairs has heard the predictions for more than a decade. Cyberwar is coming. Although the long-announced, long-awaited computer-based conflict has yet to occur, the forecast grows more ominous with every telling: an onslaught is brought by a warring nation, backed by its brains and computing resources; banks and other businesses in the enemy states are destroyed; governments grind to a halt; telephones disconnect; the microchip-controlled Tickle Me Elmos will be transformed into unstoppable killing machines.

Read the article HERE.

Holes in advanced authentication claims

Although they've been touted by banks as a security improvement over simple password protection, there's study data to indicate that image authentication systems aren't as useful or effective as some think. These systems (my own bank refers to them as "Personal Security Images") present the end user with a previously chosen image, typically at the same time password input is required.

Read the article HERE.

Are they winding us up ?

Spybot - Search & Destroy [1.5 Beta] detects and removes spyware, a relatively new kind of threat not yet covered by common anti-virus applications. Spyware silently tracks your surfing behaviour to create a marketing profile for you that is transmitted without your knowledge to the compilers and sold to advertising companies.

Now - am I over reacting or are they trying to extract the Michael [for US readers = taking the micky]. Is spyware a "relatively new kind of threat" or "threat not yet covered by common anti-virus applications". This was once a very popular product that was held in high regard by many, but I think it has now been surpassed by many superior products.

It's not easy being an Englishman

Half don't know what phishing is

Nearly half of people in the UK don't know what a phishing email is, with just 54 per cent understanding what the term means. And people in this country are so confused by the practice that only 42 per cent of them would feel comfortable explaining the concept to someone else.

Read the article HERE.

==============================================
UK surfers wide open to identity theft

And while we are on the subject of "pommy bashing", a very popular sport here in Australia, here's another interesting result.

One in four UK surfers has shared sensitive personal information with complete strangers on social networking sites including Facebook and MySpace, research warned today.

Read the article HERE.

==============================================
Who will be spying on your medical secrets?

A new NHS computer will carry all your most intimate medical details. Will it be safe from snoopers? Your doctor doesn't think so. Amid the furore over waiting lists, budget cuts and filthy hospital wards, the NHS's revolutionary £12 billion technology system looked like a guaranteed patient-pleaser.

But five years since its inception, the new system is causing growing concern - not only is it running nearly £1billion over budget, but critics claim it is riddled with problems and could put patient confidentiality at risk.

Read the article HERE.

==============================================
Cyber crime hitting small firms

Forty four per cent of small businesses in the West Midlands have been a victim of cyber crime, according to new research. The study, commissioned by the Get Safe Online campaign, showed the a wide number of SMEs were at risk from internet scams, identity fraud, phishing and data theft.

Read the article HERE.

==============================================
UK sets the pace when it comes to cyber crime

Identity theft, phishing and Trojan attacks are on the rise, and virtual worlds are being targeted by fraudsters, said a global online security firm. UK is a popular target because it was the pioneer for fast online payments, and consumers are used to easy and instant payment transfers, said Uriel Maimon, senior research scientist, RSA consumer solutions.

Read the article HERE.

==============================================
Small firms warned of data protection scam

The Information Commissioner's Office has warned UK businesses not to be misled by bogus agencies that send notices demanding money to register under the Data Protection Act 1998 (DPA).

The warning comes after Leeds Crown Court sentenced three men to prison on 8 June for their involvement in bogus data protection agencies.

Read the article HERE.

==============================================
Human error biggest threat to computer security

The biggest risk to an organisation's network security is human error, according to a new report. The study also found that nearly two-thirds of the 1800 UK adults questioned said they never changed their passwords.

Read the article HERE.

==============================================
AND - MY PERSONAL FAVOURITE

Bin police to enforce refuse rules

A council is to hide a camera in a bin bag to catch residents who do not follow new rules about putting out the rubbish. Householders in a seaside town have been told to put their bins out at the front of their homes and not in an alleyway to the rear.

Read the article HERE.

Humorous comments only may be left. My wife - who just happens to be a "pommy', has already inflicted all the real pain any man is entitled to endure.

Weekend Reading

Satire: Computers
The supervisor must have been having a bad day that day. She saw me using the smart-phone and promptly turned around and left the staffroom again, without saying a word. When I came back to my desk, there was an internal email waiting for me, which had been sent to all employees, stating that the use of personal computing devices on the premises of the company is henceforth prohibited.
Take a look HERE.

==================================================================
Plans for Ubuntu 7.10 (Gutsy Gibbon) revealed

Development plans for Ubuntu 7.10 (codenamed Gutsy Gibbon) were announced last night on the Ubuntu development mailing list. Scheduled for official release in late October, Gutsy Gibbon will include version 2.6.22 of the Linux kernel, GNOME 2.20, and Xorg 7.3. Kubuntu 7.10 will feature KDE 3.5.7 and offer optional packages for KDE 4.0 RC2. Ubuntu 7.10 Server Edition will feature some nice additions, including support for Novell's AppArmor security framework.

Take a look HERE.

==================================================================
Full Disclosure: Harry Potter 0day

A hacker posting on a full disclosure email list run by InSecure.org claims to have obtained a copy of a transcript of the forthcoming book Harry Potter and the Deathly Hallows.

Take a look HERE.

==================================================================
Everyone's a celebrity

Sites like Facebook, Photobucket and Flickr are enjoying surging popularity for allowing people to control their online identities in ways that make the danger of revealing too much information a constant worry--and all part of the game.

Take a look HERE.
==================================================================
Bundled Products: Where the heck did this come from?

Having a need to consolidate all of my instant message friends, I recently downloaded Trillian v3.2.5.1 . Of course, I quickly clicked past the license agreement. Who has time to read ALL that? I clicked Agree and moved on.

Read the article HERE.

==================================================================
Social networks geared for offline success?

Social sites are turning to a new strategy to keep their services "sticky" and their users satisfied: They're not just encouraging them to network online, but to attend offline events and parties in the real world as well.
The jury's still out on whether sites like Going and I'm In Like With You will be able to develop a core base as loyal as Yelp's.

Read the article HERE.

Leaked Leopard Loose

The beta copy of Leopard [scheduled to be legally released in October], the next version of Mac OS X handed to developers last week by Apple, is available on a file-sharing site for downloading.

Read the article HERE.

Elcomsoft cracks Quicken "backdoor"

Russian security software firm Elcomsoft announced on Friday that the company's researchers had cracked the master password that secures encrypted Quicken files and which allows the software's developer, Intuit, to retrieve lost passwords.

Calling the existence of a 512-bit encryption key a "backdoor," Elcomsoft said the master key could be used by the federal government to access taxpayer records.

Read the article HERE.

iPhone Has Neither Security nor Relevance

Apple's upcoming iPhone: It's a "security nightmare," it will "turn your security team into zombies," and Apple is possibly "using the Windows Safari Beta Test to stamp out iPhone security holes."

Or, then again, depending on which iPhone watcher you're paying attention to, the iPhone security is irrelevant compared with "insecure wireless access points, tape backups disappearing, wrapping your newspapers in customers' personal financial information, and stolen laptops."

Read the article HERE.

==============================================
Iphone a great target for hackers

According to IBM's security division, Internet Security Systems, the iPhone will have one thing going for it, at the same time it has one thing going against it, making for what should be an interesting product to track. The plus side is that it should take a pretty sophisticated hacker to break into the phone's system, but the negative is that all the frenzy that has been building up around the iPhone's release means many hackers will be inspired to try.

Read the article HERE.

Vista More Secure than Linux and Mac

News Analysis: Windows Vista only had 12 vulnerabilities in its first six months, making Linux distros look buggy by comparison, but analysts aren't convinced.

Read the article HERE.

==============================================
Microsoft better at patching XP than Vista

A Microsoft Corp. security executive released data Thursday showing that, six months after shipping Windows Vista, his company has left more publicly disclosed Vista bugs unpatched than it did with Windows XP.

Read the article HERE.

==============================================
No Vista SP1 This Year?

As we reported overnight, a recent court filing submitted by the Justice Department, state attorneys general and Microsoft revealed that Windows Vista Service Pack 1 will be available later this year as a beta. Will that mean final delivery in 2007 or 2008?

The theory is that Windows Vista update can fix any of the major bugs and besides Service Packs cause a lot more trouble to corporate users than they are worth.

Read the article HERE.

Trusted Storage now ready for your hard drive

After many months of deliberation, the Trusted Computing Group has finally announced that it has finalized the draft specifications for incorporating built-in encryption and security services directly into hard drives and other storage devices.

Read the article HERE.

What happened this week

Homeland Security

This seemed to be the big story grabbing the headlines this week. All the problems involved the department's unclassified computer networks, although DHS officials also have acknowledged to lawmakers dozens of incidents they described as "classified spillage," in which secret information was improperly transmitted or discussed over nonsecure e-mail systems.

DHS acknowledges own computer break-ins
DHS to Answer for Hundreds of Cyber Break-Ins
Homeland Security IT chief blamed for cyberwoes


============================================
And some things never change

As I've said before, a large number of Security News websites are obliged to publish every day [except weekends], keeping the advertisers happy, so the same stories keep appearing. Here's this weeks list :

Mobile Clinic: How do you make mobile data secure?
Locking down laptops before it's too late
USB flash drive worm arrives
Security in a flash

Phishing stories are always popular

New browsers fail to curb phishing
Phishers casting ever wider nets
Phishing sites on the rise
Phishermen, not zombies, causing biggest security woes
Phishing on the rise, but not Bots

BUT, someone always has to be different

Less spam, but threat grows - Bot nets spread viruses

Spam is always a good standby when news is slow

How much spam is your company sending?
PHP exploit code plants itself in GIF
[Image] Spammers get crafty and change operations
Gibberish Spams Have Devilish Purpose

AND, the "10 best" lists that appear on a weekly basis

Open source's hottest 10 apps
The ten most hated words on the Internet

All in all, I don't think I missed very much.

It's not easy being an Englishman

Half don't know what phishing is

Nearly half of people in the UK don't know what a phishing email is, with just 54 per cent understanding what the term means. And people in this country are so confused by the practice that only 42 per cent of them would feel comfortable explaining the concept to someone else.

Read the article HERE.

==============================================
UK surfers wide open to identity theft


And while we are on the subject of "pommy bashing", a very popular sport here in Australia, here's another interesting result.


One in four UK surfers has shared sensitive personal information with complete strangers on social networking sites including Facebook and MySpace, research warned today.

Read the article HERE.

==============================================
Who will be spying on your medical secrets?

A new NHS computer will carry all your most intimate medical details. Will it be safe from snoopers? Your doctor doesn't think so. Amid the furore over waiting lists, budget cuts and filthy hospital wards, the NHS's revolutionary £12 billion technology system looked like a guaranteed patient-pleaser.

But five years since its inception, the new system is causing growing concern - not only is it running nearly £1billion over budget, but critics claim it is riddled with problems and could put patient confidentiality at risk.

Read the article HERE.

==============================================
Cyber crime hitting small firms

Forty four per cent of small businesses in the West Midlands have been a victim of cyber crime, according to new research. The study, commissioned by the Get Safe Online campaign, showed the a wide number of SMEs were at risk from internet scams, identity fraud, phishing and data theft.

Read the article HERE.

==============================================
UK sets the pace when it comes to cyber crime

Identity theft, phishing and Trojan attacks are on the rise, and virtual worlds are being targeted by fraudsters, said a global online security firm. UK is a popular target because it was the pioneer for fast online payments, and consumers are used to easy and instant payment transfers, said Uriel Maimon, senior research scientist, RSA consumer solutions.

Read the article HERE.

==============================================
Small firms warned of data protection scam

The Information Commissioner's Office has warned UK businesses not to be misled by bogus agencies that send notices demanding money to register under the Data Protection Act 1998 (DPA).

The warning comes after Leeds Crown Court sentenced three men to prison on 8 June for their involvement in bogus data protection agencies.

Read the article HERE.

==============================================
Human error biggest threat to computer security

The biggest risk to an organisation's network security is human error, according to a new report. The study also found that nearly two-thirds of the 1800 UK adults questioned said they never changed their passwords.

Read the article HERE.

==============================================
AND - MY PERSONAL FAVOURITE


Bin police to enforce refuse rules

A council is to hide a camera in a bin bag to catch residents who do not follow new rules about putting out the rubbish. Householders in a seaside town have been told to put their bins out at the front of their homes and not in an alleyway to the rear.

Read the article HERE.

Humorous comments only may be left. My wife - who just happens to be a "pommy', has already inflicted all the real pain any man is entitled to endure.

Mpack Exploit Tool

Mpack is another one of these toolkits enabling the attackers to manipulate infected machines through a spiffy, Web-based interface. Some other facts about Mpack illustrate just how brazen and organized the e-crime software business has become. According to detailed analysis by researchers at anti-virus maker Panda Software, the toolkit is being sold on Russian e-crime forums for roughly $700, includes a year's worth of free software support, and is guaranteed to bypass all anti-virus programs at the time of purchase. Extra exploit modules can be purchased for prices ranging from $50 to $150.

Read the article HERE.

Malware targets computer forensics tool

Virus writers have created a proof-of-concept virus that targets a widely-used computer forensics tool. Vred-A infects WinHex scripts, preventing these additions to forensics and data recovery tools from doing anything except infecting other scripts. The virus has not been seen in the wild, and probably never will be.

Read the article HERE.

Back on Saturday

To all the regular readers, a note to let you know that I am away for a few days, and my next blog will be Saturday, June 23

Adelaide : 9:30:00 AM

Los Angeles 5:00:00 PM FRIDAY
New York 8:00:00 PM FRIDAY
London 1:00:00 AM
New Delhi 5:30:00 AM
Singapore 8:00:00 AM
and in New Zealand it will still be 1996

Data on 64,000 [ + 54,000 + 75,000 ] Stolen

Information about thousands of teachers, vendors, school districts and local governments that conduct electronic transactions with the state are on a backup computer storage device stolen from the car of a state agency intern, Gov. Ted Strickland said Saturday.

Strickland announced the device was missing on Friday. It also included the names and Social Security numbers of all 64,000 state employees. His staff also confirmed the storage device also held information on 53,797 participants enrolled in the state’s pharmacy benefits management program, as well as names and Social Security numbers of about 75,532 dependents — a finding the governor’s office first warned of in a statement late Friday.

Read the article HERE.

Is It OK that Google Owns Us?

Google's continuously raked over the coals regarding the massive amounts of PII (personally identifiable information) it collects, what it does with it, how long it retains that data and what the company might do with it if its merger with DoubleClick goes ahead.

That's all been ratcheted up to fever pitch over the past few weeks, with two new privacy headlines: complaints being voiced about Google's new Street View service's photographs getting too close for comfort and Privacy International's having flunked Google on its privacy policies and procedures in a report published June 9.

The fury boils down to one question: whether or not it's OK for Google to own us.

Read the article HERE.

Warnings of 'internet overload'

As the flood of data across the internet continues to increase, there are those that say sometime soon it is going to collapse under its own weight. But that is what they said last year.

Back in the early 90s, those of us that were online were just sending text e-mails of a few bytes each, traffic across the main US data lines was estimated at a few terabytes a month, steadily doubling every year.

But the mid 90s saw the arrival of picture-rich websites, and the invention of the MP3. Suddenly each net user wanted megabytes of pictures and music, and the monthly traffic figure exploded.

Read the article HERE.

Google Video

Google Video has been transformed into a video search service that provides links to hosted and offsite video content. The new Google Video service can index media from YouTube as well as an assortment of YouTube rivals, including Metacafe, MySpace, BBC, and Yahoo Video. Previews are available next to search results that are hosted on YouTube or Google Video and thumbnail snapshots are available for content hosted by other providers. Much like Google image search, a frame with relevant Google-provided functionality appears at the top of the window when the user clicks through a search result.

Read the article HERE.

Cheat Sheets

You never know when a good cheat sheet will come in handy.

BOOKMARK this page to keep our treasure trove of useful information at your fingertips!

Is Vista's anti-malware enough?

Microsoft has built comprehensive anti-malware capabilities into its new Windows Vista operating system in the hopes that enterprises will forego third-party applications. But is the protection up to the standards that enterprises demand?

Read the article [and watch the video] HERE.

Kaspersky confirms "Google Block"

Kaspersky has confirmed that Google can "lock out" users due to "suspicious" search queries, as one of the firms' customers started getting the same error message that we reported earlier this week.

Read the article HERE.

How victim snared ID thief

A woman who turns detective and takes justice into her own hands!
A street chase involving cabs and buses!
An evil bank!
A purse full of cards… with the victim’s name on!

Read the article HERE.

A trip down memory lane

It's rare for us to spend an hour-long staff meeting in nonstop laughter. But that's pretty much what happened when we gathered to go through old print issues of Computerworld as part of our 40th anniversary celebration. The original idea of hauling those Computerworld issues out of storage was to look at important stories and people throughout the years. But we couldn't get over the ads!

You can purchase this 80MB disk system for less than $12k - and even better, 300MB for under $20k.

Read the article HERE.

Spyware Sucks

And so it does. A blog that not only covers the spyware issue, but also advises on all the MS software problems you may [ and probably will ] encounter. A great Sunday read.

Read the blog HERE.

Weekend Reading

Hacker thanks Yahoo for the help

Yahoo Inc was quick out of the gate and released a fix for the vulnerabilities last Friday, just two days after the flaws were publicly disclosed. The trouble is that Terrell Karlsten, a spokeswoman for Yahoo, apparently disclosed too much information about the bugs in an interview with InformationWeek.

And that information helped lead a hacker, who identifies himself only as "Danny," right to the flawed code.

Take a look HERE.

==================================================================
Dell Responds to the Crapware Column

There really are a lot of configuration options when you set up a Dell system, yet there are things you can't configure. It's no surprise that people at Dell were bothered by my column two weeks ago about "crapware" on their systems. They responded in e-mail. What the hey, I'll include their entire e-mail from Anne Camden of Dell's Corporate Communications:

Take a look HERE.

==================================================================
How Organized Crime Uses Technology to Make Money

Most of the guys I work with, they don’t like computers. They get frustrated. Lots of times they want to shoot their computers, like that guy in Colorado did. I printed out that story and gave it to one of my guys. He loved it, especially the part where the guy hung the dead computer on the wall of his bar. “I love this Colorado guy,” he said. And he passed it around to all the guys.

Take a look HERE.

==================================================================
Five things you never knew about flash drives

Flash drives only look like disks. In fact, nothing works the way you’d think. Flash is really different from magnetic recording, and those differences have a big impact on flash drive performance. How well vendors manage flash oddities has a huge impact on performance and even drive lifespan.

Take a look HERE.

==================================================================
What the world needs now is Google Linux

If anyone can take on Microsoft it's Google. Both companies make squillions out of doing not much at all, which is the key to having your share price sit on top of the roof.

And the latest battleground the pair are marking out centres on Linux, the open-sore on the hide of the Vole's cash cow.

Take a look HERE.

==================================================================
What's behind Microsoft's open-source deals?

Microsoft views its string of deals with Linux vendors--the latest being Linspire, announced this week--as part of a broader companywide push to improve interoperability.

Take a look HERE.

==================================================================
Site Exposed More Than Paris Hilton

The operators of an X-rated Paris Hilton web site exposed the credit card numbers and identities of about 750 subscribers who signed up after the site recently returned online in the face of a federal court injunction.

Take a look HERE.

==================================================================
Four deadly security sins

Organisations should not rely on their staff to ensure their network is secured as employees are not infallible and one slip is all it takes for cybercriminals to launch a vicious attack.

Read the article HERE.

###################################
Top 10 Network Utilities

Today we've picked out 10 of our favorite, free, point and click software applications and webapps that help you make the most of the giant web of connected computers that is your network.

Read the article HERE.

###################################
Tools that manage PC's and Macs at the same time

As computing environments become larger, particularly those that are multisite and multiplatform, the need for a solid Macintosh/Windows remote deployment, management and troubleshooting package can start to seem like the Holy Grail. Much time can be spent by administrators having to go to a user's desk and then wait as any new or updated software is loading.

A number of packages offer remote troubleshooting and deployment options. Some are based on open standards, but many are commercial, Windows-specific or Mac-specific tools. In environments containing a mix of both Mac and Windows computers, having a single tool that supports all users and workstations, regardless of platform, is key. The packages discussed here all offer some level of cross-platform support and can help you efficiently manage the clients in your network.

Take a look HERE.

==================================================================
So You Want To Hack For A Living?

OK... so I want to be a professional hacker. Where do I start? Who offers this training? With all popular IT fields, there are a multitude of certifications. Which one do I choose? If I have no experience, how do I start? If I have IT experience, where do I jump in? Well, without causing a huge debate, a lot of companies now use the format of sending their staff to a highly regarded training facility with the end goal of attaining some type of certification.

Read the [old but interesting] article HERE

==================================================================
Why is Hotmail so bad at spam?

I'm trying very hard to be sympathetic towards Hotmail, and I'm failing, badly. It's not the Microsoft connection that makes me fed up, it's just Hotmail.
Here's today's inbox:
From my contacts: 2 (2)
Marquita@viagra.com RE: Online Canadian Pharma... admin@speedtrader.co... RE: Daily News

If you believe I have a contact called Marquita at viagra dot com, you're mad.

Read the article HERE.

==================================================================
Spam is good

Spam clogs up web servers, inboxes and promotes Viagra, Nigerian banks and farm animals in a way no one ever dreamed possible. But is it really so bad?

If you have more than a modicum of good sense, you won’t buy into the offers that are made. If you know your way around an inbox, chances are you will have set things up so that you don’t even see most of it. The battle between spammers and those who would filter them out of existence seems eternal, but the spammers do not have it all their own way.

While network admins will complain about the volume of spam that clogs up and drains resources, for the average Joe, this is not such a problem.

What no one ever points out, however, is that there is another form of spam, a much older form of spam, that is alive and well. And it is a much bigger drain on resources. It’s what I think of as ‘paper spam’.

How many times at the end of a working day have you gone to grab the (increasingly slim) paper mail in the letter box, only to find it overwhelmed by catalogues advertising power tools, bras, over-priced electronic equipment and pizzerias? Yet production continues unabated.

I recently came across this Australian site which is surely a step in the right direction for all the Dougies and Dorises of this world who do like their catalogues, but who don’t want to waste paper.

Think about it for a moment. What goes into the production of ‘paper spam’? Trees. Printing with poisonous inks and dyes. Trucks to distribute it. Warehouses to hold it. People paid a pittance to shuffle about, sticking it in out letterboxes. And if, as inevitably happens, we don’t want it, how much of it ends up not being recycled, possibly thrown onto the street, and washed down into our sewers. Which leads to where? Our oceans, rivers and seas.

Yet no one seems half as concerned with ‘paper spam’ as they do with electronic spam, despite the production costs involved. Where are the environmental reports? Where are the corporate social responsibility acts? And how often, really, does anyone ever pick one of those catalogues up and think "Ooh, I’m going to go to Best Buy now and buy the USB Toaster in that catalogue."

For the rest of us, and for our increasingly degraded environment, it is also about time.

Source : The Inquirer

Microsoft Vulnerabilities

Secunia Advisory: SA25619 - HIGHLY CRITICAL
Secunia Advisory: SA25640 - HIGHLY CRITICAL
Secunia Advisory: SA25620 - HIGHLY CRITICAL

Read more HERE.

Blocking Online Porn

Many readers have asked for advice on how to protect their kids from accidentally or purposefully viewing Internet porn. One ingenious approach comes from OpenDNS. It offers a service to help filter out porn without installing software. Because the service works on a network level, it can easily be deployed across any operating system or network.

Read the article HERE.

Microsoft mystery trio thwarts disk pirates

Microsoft Corp. has clarified the identity of the mysterious trio on the installation disks for the business version of Windows Vista. And no, you can't play the installation DVDs backwards and hear the devil talking, either.

Read the article HERE.

Zero-Day Threats - Part 2

In part 1 of this blog series, I presented a definition for zero-day threats. Now that we know what they are, let’s explore how they come to be–why they exist.

Read the article HERE.

Yahoo fixes bug

Yahoo has [finally] plugged a site-wide coding error that made it possible for miscreants to gain complete access to a user's account simply by convincing the holder to click on a booby-trapped link.

Read the article HERE.

Security Reseacher Has iPhone Exploit Ready

Like many geeks, security researcher David Maynor is eager to get his hands on an iPhone. Unlike many geeks, Maynor also has harsh feelings about the Think Different company and what he says is an undisclosed vulnerability in Apple's Safari browser that he hopes will let him hack into the hugely anticipated device.

Read the article HERE.

Computer Security Research

McAfee Avert Labs Blog has 2 intersting items today.

When Is WhenU MeMe?
Running the Grey Mail Gauntlet

Read more HERE.

[US] TorrentSpy ruling a privacy threat

It was a pro-copyright ruling that stunned nearly everyone dealing with the issue of online piracy. In a decision reported late Friday by CNET News.com, a federal judge in Los Angeles found that a computer server's RAM, or random-access memory, is a tangible document that can be stored and must be turned over in a lawsuit.

Read the article HERE.

Another new searchengine - or is it ?

Last Monday I blogged about Ask.com having a facial, and Sputtr entering the contest. We now introduce, in the red corner, searchboth.com. Red because this thing is going to start bleeding from day one. Searchboth, and the other new contender Sputtr, are not in fact new search engines, but a feeble attempt at enticing searchers to a mediocre offering.

Google and Yahoo search results

Toll Free Yellow Pages today announced the launch of SearchBoth.com.au, the nation's first Web site that enables users to search both Google.com and Yahoo.com at the same time [excuse me - see below].

Both Google and Yahoo are placed side by side on a split screen in order for users to easily compare results of both Web sites.

The company has also launched the same service for the UK with SearchBoth.co.uk,
the U.S. with Searchboth.com, and Canada with SearchBoth.com.ca, which has been down for the past 2 days.

Read the article HERE.


GahooYoogle.com

The option of running both search engines alongside one another has been available for some time. I am sure the legal department of searchboth.com .au will claim that because GahooYoogle.com does not have an Australian based website [.com.au] it is "the nation's first Web site that enables users to search both Google.com and Yahoo.com at the same time". They may be correct, but the product they are promoting is not the equal of their legal language manipulation.

Safari's best features in Firefox

As we're all aware by now, Safari is now available for Windows, and Apple has already patched some of the Windows Safari bugs. So the question is, is there any compelling reason you might want to switch from the venerable Firefox to Safari?

The Safari feature most-touted by Steve Jobs at the WWDC keynote was its speed, claiming Safari beats out Internet Explorer and Firefox at rendering web pages. According to Wired, however, that's not necessarily the case. To its credit, though, Safari does have several enviable features. Rather than suggesting anyone move to Safari (why would we do that?), here's a list of Safari's best features and the Firefox extensions that bring them to our favorite browser

Read the article HERE.

Black Hats have us outgunned

10 reasons why the Black Hats have us outgunned.

HERE they are.

Investigating suspicious Office files

A major step in incident handling is to confirm whether a security incident is in fact taking place. Excessive handling of false positives can also cost an organization dearly in the long run. Recently, attacks using Office (or other office applications such as Ichitaro) as a vector have become more popular, making this identification stage a bit more difficult.

Read the article HERE.

FBI Unveils 'Operation Bot Roast'

The FBI said today it has identified more than 1 million personal computers that have been infected with computer worms enabling the attackers to control PCs for criminal purposes such as sending spam, spreading spyware and attacking Web sites.

Read the article HERE.

XML Controlled Trojans

I recently came across an interesting sample. The sample installs a rootkit. So far nothing interesting, since lots of malware installs a rootkit. The interesting part is how it communicates with a remote site, and how it works.

Read the article HERE.

ZoneAlarm for Windows Vista Released

For the millions of computer users who purchased a new PC during the past five months, there have been precious few options for true, two-way firewall software on Windows Vista. At the moment, hardly any security vendors offer firewall protection for Windows Vista users, let alone free versions.

Read the article HERE.

First look: Safari 3 vs. Firefox 2 and IE7

We put Apple's browser to the test and discovered that it falls short of Firefox and Internet Explorer 7. Far from being "the world's best browser" as Apple claims, Safari 3 suffers from usability deficiencies, text readability issues, and security flaws. It's not all bad, though.

Read the article HERE.

Pfizer Falls Victim to P2P Hack

A telecommuter's casual link to a file-sharing network leaked personal information on more than 17,000 current and former employees at pharmaceutical giant Pfizer. In a letter to employees dated June 1, Pfizer privacy officer Lisa Goldman states that the data was stored on a Pfizer laptop used in an employee's home.

Read the article HERE.

I think this person is a worhy recipient of the "Vanish" award :-

The seemingly boundless capability of people to invent new ways of being stupid will never, ever cease to astound me.

Microsoft Plugs 15 Security Holes

Microsoft issued free software updates today to fix at least 15 separate security flaws in its Windows operating system and other software. Nine of the 15 flaws earned Microsoft's "critical" rating, its most severe.

Read the article HERE.

Windows recovery loophole lets hackers in

Windows Vista may be Microsoft's most secure operating system to date, but researchers are still finding some glaring loopholes for hackers to exploit. Here is the latest: all you need is a Vista Install DVD to get admin level access to a hard drive.

Read the article HERE.

Safari for Windows has rocky start

I'd like to note that we found a total of 6 bugs in an afternoon, 4 DoS and 2 remote code execution bugs. We have weaponized one of those to be reliable and its diffrent that what Thor has found. I can't speak for anybody else but the bugs found in the beta copy of Safari on Windows work on the production copy on OSX as well (same code base for alot of stuff). The exploit is robust mostly thanks to the lack of any kind of adanced security features in OSX.

Read the article HERE.

Thwarting a large-scale phishing attack

Not all phishing attacks target sites with obvious financial value. Beginning in mid-March, we detected a five-fold increase in overall phishing page views. It turned out that the phishing pages generating 95% of the new phishing traffic targeted MySpace, the popular social networking site.

Read the article HERE.

Windows Home Server on track

Windows Home Server is moving quickly through testing, with Release Candidate 1 being made available today. RC1 brings a little more polish to the OS, with a handful of bug fixes and an improved setup wizard that streamlines hardware setup and networking configuration, especially for uPnP-aware networks.

Read the article HERE.

Cyber Security Bulletins June 11, 2007

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cyber Security Division (NCSD) / United States Computer Emergency Readiness Team (US-CERT).

Read more HERE.

Computer Security Research

At McAfee Avert Labs Blog today...

Zero Day Threats: Part 1 - What They Are, and What They’re Not
Phishers like URL multiplying techniques
MS07-027: Revenge of the Script Kiddies

Read more HERE.

Cyber criminals get visual on YouTube

Web users are being warned that hackers are using a new crimeware technique that attempts to dupe users into viewing a YouTube video masquerading as a Trojan horse.

In what is an ironic twist on the current situation that sees music companies and sports TV firms suing YouTube for allegedly distributing stolen content, users who download the mysterious file end up seeing their own information being stolen.

Read the article HERE.

Apple announces Windows browser

Apple has launched a version of its web browser Safari for Windows, competing head to head with Microsoft's Explorer and Mozilla's Firefox.

Read the article HERE.

6 Burning Questions About Wireless Networks

What impact will 802.11n have?
Which wireless security threats are scariest?
What of wireless VoIP?
Will your organization need to change to support enterprise mobility?
How do you control costs in an expanding mobile and wireless environment?
What can you do to stop wireless denial-of-service attacks?"

Read the article HERE.

New Tests to Fool Automated Spammers

Captchas are the puzzles on many Web sites that present a string of distorted letters and numbers. These are supposed to be easy for people to read and retype, but hard for computer software to figure out.

Most major Internet companies use captchas to keep the automated programs of spammers from infiltrating their sites.

There is only one problem. As online mischief makers design better ways to circumvent or defeat captchas, Web companies are responding by making the puzzles more challenging to solve — even for people.

Read the article HERE.

Hacking Contactless Payment Cards

Contactless payment cards, which use embedded radio frequency identification technology to complete credit and debit transactions wirelessly, may offer more security than the traditional magnetic stripe card, but they’re not impervious to attack.

That’s not to say that strong countermeasures aren’t available in cards issued by the major credit card brands. The key security elements in use today include methods of validating the card and reader as well as the use of triple DES encryption of message data and issuance of a dynamic card verification value (DCVV) that securely validates each transaction with a unique code.

Read the article HERE.

SiLK 0.11.1 - Traffic analysis tools

SiLK, the System for Internet-Level Knowledge, is a collection of traffic analysis tools developed by the CERT Network Situational Awareness Team (CERT NetSA) to facilitate security analysis of large networks. The SiLK tool suite supports the efficient collection, storage and analysis of network flow data, enabling network security analysts to rapidly query large historical traffic data sets. SiLK is ideally suited for analyzing traffic on the backbone or border of a large, distributed enterprise or mid-sized ISP.

Read more HERE.

Ask.com

Search engine Ask.com has launched a new user interface that includes an assortment of new features and integrates image, video, and music content into basic search results.

Read the article HERE.

Many, many years ago, when this search engine was known as "Ask Jeeves", it was - without doubt - the best search engine available. I would even go so far as to say that if it had not been "molested" by its new parents, it would today rank on a par with Google.

The Internet Archive Wayback Machine shows you how the "old Ask" looked back then,
[March 22, 1995], but sadly the old engine is no longer there and all search queeries divert to the new Ask.com.

So, Ask.com has given us a new look for the search results with a facelift that is is slick and impressive, the results themselves still aren't. It is still no better than, and probably worse, than many other players in this field.


==============================================
Sputtr

And I had no sooner finished typing, and the new kid on the block raises his hand.

Try Sputtr HERE.

For F-Secure, it's all about the safety net

There may be a dearth of dire news reports these days about worms rampaging around the Internet, but there's still plenty to occupy the time of a security company CEO. Especially a new one, like Kimmo Alkio, the chief executive of F-Secure. Alkio recently rejoined the antivirus vendor from fellow Finnish company Nokia.

Sister site silicon.com recently caught up with Alkio to discuss the security landscape, how governments should handle hackers, the need for a dot-bank domain name and his company's much-criticised stance on the potential threat of mobile phone viruses.

Read the article HERE.

OpenID

Leo and I examine the open, platform agnostic, license free, OpenID secure Internet identity authentication system which is rapidly gaining traction within the Internet community. It may well be the "single sign-on" solution that will simplify and secure our use of the world wide web.

Read the article [ Episode #95 ] HERE.

Google suspects users are not human

In a fine twist of irony, the software algorithms at Google's planet-wide cluster interrupted my peaceful web searching experience to tell me I looked more like a virus rather than a human being.

Read the article HERE.

Googles privacy practices slammed

Google Inc.'s privacy practices are the worst among the Internet's top destinations, according to a watchdog group seeking to intensify the recent focus on how the online search leader handles personal information about its users.

In a report released Saturday, London-based Privacy International assigned Google its lowest possible grade. The category is reserved for companies with "comprehensive consumer surveillance and entrenched hostility to privacy."

Read the article HERE.

How to Opt Out of Yahoo!'s New "Web Beacons"

In the privacy policy at the Yahoo website, scroll down to

[b]Cookies, and the third bullet point item is Yahoo! uses web beacons.

Read it and decide if you want to play the game. Underneath that is :
Your Ability to Edit and Delete Your Account Information and Preferences

You can edit your Yahoo! Account Information at any time.

Visualizing Akamai

Akamai handles 20% of the world's total Web traffic, providing a unique view into what's happening on the Web - what events are generating traffic, how much, from where, and why. Bookmark this page to get a feel for the world's online behavior at any given moment - how much rich media is on the move, the sheer volume of data in play, the number and concentration of worldwide visitors, and average connection speeds worldwide.

Visit the website HERE.

OpenOffice worm hits Mac, Linux and Windows

Malware targeting OpenOffice documents is spreading through multiple operating systems including Mac OS, Windows and Linux. According to the Symantec Security Response Web site, the worm is capable of infecting multiple operating system platforms and is spreading.

Read the article HERE.