Hosting user-generated content is a very dangerous thing

Michal Zalewski of the security department Google: hosting user-generated content is a very dangerous thing

Google has been doing this for many years and has accumulated a lot of experience from which to draw definite conclusions. The main conclusion that the voice of Michael, - hosting user-generated content is a very dangerous business.

Historically, all browsers and browser plug-ins are designed in such a way as to show multiple types of content, ignoring any errors on the website. In the days of static HTML and simple Web applications, this approach was normal, because all the content was controlled by the webmaster.

VIPRE Internet Security 2013 Beta Review

VIPRE Internet Security 2013 6.0.5419 Beta

VIPRE Internet Security 2013 includes all the features VIPRE Antivirus, and firewall to protect against internal and external Internet threats, anti-spam, web filtering for protection against malicious websites Easy Update and to protect against the vulnerabilities of Windows and applications.

Program Description

VIPRE Internet Security 2013 - comprehensive antivirus, marked by numerous awards in independent testing, which includes a personal firewall, antispam, web filtering, component VIPRE Easy Update in one easy solution for complete protection from malware and Internet threats.

VIPRE antivirus engine combines antivirus, antispyware, anti-rootkit and proactive technologies.

Emsisoft Anti-Malware 7 Beta

Emsisoft Anti-Malware - anti-virus and anti-spyware to protect your computer from various types of malware

Application Control blocks any malicious actions, web protection stops Internet threats when you are online.

Program Description

Emsisoft Anti-Malware detects and safely cleans viruses, trojans, worms, spyware, adware, rootkits, keyloggers, dialer, bots and other Internet threats. The technologies used allow you to remove malicious software before it will cause any harm. Antivirus is updated daily and easy to use.

Second cyber attack on Saudi Aramco

Hackers have repeatedly declared about second cyber attack on Saudi Aramco

After the second break hackers managed to steal confidential information from the company systems.

The oil giant Saudi Aramco again became the target of hackers. The report of the burglary was posted on Pastebin, and the company did not provide any comments.

In a statement hackers stated: "We think it's funny and strange that there is no news from Saudi Aramco at the Saturday evening." Hackers claim to have fulfilled his promise to re-break-in, and as evidence published e-mail address and password, Khalid A. Al-Falih, and the credentials that grant access to the information about the main the form of the company. In addition, the attackers claim that all tools for computer security companies were set default passwords.

Fake Facebook notifications

Fake Facebook notifications contain viruses

Mass mailings to offer sacrifices to view archive of photos, in which she was allegedly observed friends.

On Facebook users targeted another spam submissions. This time, attackers send a notification that someone from the contact list of the victim said it in the photo. In an email, which at first glance resembles a notification from social network services, attackers report that the user can see the photo, which it said represented using an archive file.

In fact, zip-archive is malicious, and contains a sample of the Trojan Troj / Agent-XNN, providing hackers remote control over an infected computer. As experts Sophos, malware, which is simultaneously a Trojan horse and backdoor copies itself to the directory C: \ Documents and Settings \ All Users \ svchost.exe. Then, the virus adds itself to the system folder Windows, to boot each time the operating system starts.

Exploit the vulnerability of 0-day in Java

Exploit the vulnerability of 0-day in Java can cost $ 100,000

Exploit module is already available in Metasploit, and possibly in the BlackHole.

For the past few days on the Internet is discussed actively zero-day vulnerability in the environment Oracle Java, which is actively maintained during targeted attacks. First reported the vulnerability of experts FireEye, who talked about what address the server is used by an exploit.

In its notification expert FireEye, Atif Mushtaq noted that in the near future to exploit vulnerabilities in Java will become widely available, and attackers can use it very actively. Total overnight company Rapid 7 introduced a module exploit platform Metasploit. This module exploits a vulnerability in JRE for the latest versions of browsers Mozilla Firefox, Internet Explorer, and Safari on platforms Linux, Windows and Macintosh.

SmartScreen sends to Microsoft information about each application

Windows 8 Microsoft sends information about all installed programs

Hidden feature in Windows 8 called Windows SmartScreen sends to Microsoft information about each application that the user has downloaded from the internet, tried to install or installed in the operating system, according to Boy Genius Report, citing a programmer Nadim Kobeissi, who first discovered the function .

SmartScreen is the purpose of protecting the user from malicious software. Data is sent when the user runs the installer. Once Microsoft receives the data, it checks if the program certification. If not, the message that the launch of this program can damage, then the user is prompted to not install.

Free purchases in Apple Store

A Russian hacker has figured out how to bypass Apple's in-app purchasing

Alexey Borodin Russian hacker has created a lot of headaches by Apple, when carried out to reverse-engineer the protocol AppStore and issued instructions how to forge checks In-App purchases within applications.

That is to  say "to buy free" content within any application, such as new levels, bonuses, and so on. Borodin himself compares the In-App purchase to "cheating" and "selling air", because it really takes money to unlock content that is already present on the phone.

It way universal and works with virtually any application, you only need to carry out an attack like MITM on your own phone, the addition of a two false CA-certificate (first, second) and prescribing fake DNS, which supposedly caches responses from the server Apple, confirming your spending .

Symantec Norton Internet Security 2012 review

Norton Internet Security 2012 - fast and light comprehensive antivirus

Symantec Norton Internet Security 2012 - fast and light comprehensive antivirus with firewall and innovative technology provides a powerful and effective protection against all types of Internet threats.

Norton Internet Security 2012 Program Description

Norton Internet Security 2012 provides a quick and easy protection against online threats. Comprehensive antivirus and firewall protects your computer, local network, online activities and your identity with innovative technology to fight modern aggressive threats.

Trojan Loozfon aimed at Female Japanese users Android-devices

Symantec: Trojan Loozfon aimed at women users Android-devices

The malware steals the victim's phone number and contact list, which is stored on the mobile device.

Representatives of the company Symantec documented Trojan, which is aimed at women users Android-devices. Victims of a malicious program called Loozfon become a resident of Japan.

The flaw in Windows 8 allows you to track installed program

The flaw in Windows 8 allows you to track every installed user program

Exploitation of the vulnerability carries a double threat: Microsoft will keep track of every downloaded program and attackers can compromise the database user IP-addresses.

According to the student and software developer Nadim Kobeissi, operating system Windows 8 contains a vulnerability that allows Microsoft's track each set by the user program.

In Germany, will publish the names of "porn-pirates"

In order to prevent the public disclosure of the name, the pirates asked to pay a fine of $ 815

German law firm Urmann, which tracks Internet pirates, intends to publish the names of some of them. In particular, on September 1 will be published the names of individuals who downloaded pornographic content. Reported by the BBC.

It should be noted that representatives of the alleged pirates Urmann sent out letters of notification in 2006. The notice indicated that if the recipient will pay a fine of $ 815, it will compensate for breach of copyright and its name will not be in the published lists.

Apple Vs Samsung, Jury finds in favour of Apple

Samsung was ordered to pay Apple $1.05-billion (U.S.)

Federal court in San Jose, California, awarded by Samsung to pay 1.05 billion dollars to Apple for illegal use of its software patents and design of smartphones.

The conflict between Apple and Samsung in the mobile phone industry is the most resonant as the sum of the claims, and as a legal precedent.

U.S. court in San Jose, Calif., to disassemble the patent dispute between Samsung and Apple, ruled that the South Korean company copied the technology used to create the iPhone and iPad. Coglasno court, Samsung will have to pay compensation in the Apple 1.05 billion.

App «Find My iPad» helped find the stolen tablet

The owner used Apple's in-built Find My iPad service and his GPS to track down the iPad

According to the offender, the victim had no right to use the application «Find My iPad» to find a lost device within his property.

According to the publication «The Sydney Morning Herald», Australia app «Find My iPad» calculate robber and helped find the stolen tablet.

Bitdefender Sphere Security - universal antivirus solution

Bitdefender Sphere - multiplatform license that allows to save on your personal protection devices

Bitdefender Sphere - universal antivirus solution for simultaneous three safety devices: a computer with Windows and Mac OS, Android-Smartphone or Tablet.

Buy 1 license and protect against cyber threats to your home computer using Windows Bitdefender Total Security 2013, PC Mac - Bitdefender Antivirus for Mac and Android-smartphone (Tablet) - Bitdefender Mobile Security.

Microsoft has patented technology total surveillance

Microsoft has patented technology total surveillance for people

Microsoft has patented technology Life Streaming, which can continuously record the important events in life.

Microsoft has patented technology Life Streaming, which allows you to monitor anyone. The official purpose of the development of this technology is the "instant impressions". It is reported CNews referring to the U.S. Patent Office.

Plan X - the secret U.S. program

Plan X - the secret U.S. program to dominate the cyber battlespace

Agency Defense Advanced Technologies DARPA announced the launch of the program, code-named «Plan X». The purpose of this program - to provide "dominance in theater in cyberwar". In order to collect prospective developers in September, held a special event entitled «Proposers' Day Workshop».

Efficiency creating signatures viruses

Efficiency creating signatures directly affects the detection of viruses

Company Carbon Black, which is engaged in the development of solutions for the detection of viruses using the online services, conducted an interesting study. According to the findings Carbon Black, if the signature of the virus just misses the virus database product for the first six days after the first detection, is likely the virus will never appear in the database, so that it will be impossible to detect.

Google Red Team - Rapid Response Team

Google creates the structure of the Audit department of food safety

Recently, Google increasingly comes under fire for its methods of work with personal data, as well as the controversial company policy to collect information. Just recently, the Internet giant resolved claims by the U.S. Federal Trade Commission, having paid for the unauthorized collection of A 22.5 million.

On the trail of these events, the company today announced the creation of the so-called rapid response team Google Red Team, which will be in real-time to deal with the privacy of data and prayvisi-risk for corporate and private users working with the products of the company.

Fake Flash Player for Android-devices

GFI Labs found the fake Flash Player for Android-devices

Attackers offer SMS-Trojans and adware programs under the guise of Flash Player.

Employees GFI Labs found fake Flash Player software for mobile devices based on Android, which are actually SMS-trojans and adware. Note that Adobe has discontinued development of Flash Player for mobile devices 15 August.

Trojan Crisis can get into a virtual environment

Symantec researchers published a report on a detailed analysis of the malicious application

About a month ago, the company Intego, specializing in computer security, reported the discovery of a new worm for Mac, creates a backdoor on the infected system. It was also reported that the virus is able to monitor the activities of the user, including the tracking of the cursor movement, keystrokes, intercept messages of different IM-client record from web-camera and microphone to send malicious data from the clipboard, calendar, address book, etc.

The devices RuggedCom found the secret key

In SCADA systems from RuggedCom found dangerous vulnerability

American organization to respond to cyber threats ICS-CERT said that in a system of encryption devices on the network infrastructure of RuggedCom is vulnerable. This vulnerability allows an attacker to view the contents of network packets that sends and receives a device-based operating system Rugged.

The operating system RuggedOS (ROS) production of Canada's RuggedCom (a subsidiary of Siemens) found embedded secret key used to encrypt the SSL. Operating system RuggedOS installed in a variety of mission-critical systems, such as routers and systems SCADA, and if all the devices in the network use the same secret key, the compromise of one device makes it possible to exploit the rest.

Access to information about daily transactions

British authorities have mechanisms in place to provide users with access to information about daily transactions

The new project includes the transfer of businesses to store data in machine-readable format to facilitate consumers' access to information.

According to a government project Midata, all British companies providing public services, web-shops and companies have until September 10 of this year, go to the storage of data in machine-readable format. This will help each user to access the information on completed transactions it and get a detailed report about the purchase. The new rules, which are set out in the bill of entrepreneurship and reform in the regulation (the Enterprise and Regulatory Reform Bill), may become the norm of the law next year.

Kaspersky Lab notes decline in the share of spam

Steady decline in the amount of spam

Beginning in March of this year, the experts "Kaspersky Lab" has been a steady decrease in the number of spam. Last month the amount of spam has decreased to 71.8%, but in half the share of emails with malicious attachments.

In mid-summer, a marked increase in the number of spam messages that use the theme of the economic crisis. The vast majority of these messages are advertising various seminars for accountants and business leaders on the topic of crisis management actions.

A new version of McAfee Mobile Security

McAfee has announced improvements to McAfee Mobile Security

Now, users of smartphones and tablet computers with Android can use the extra privacy, prohibit applications to access personal data without the user's knowledge.

With these new features consumers have access to an additional layer of protection to ensure that their privacy, and protection against financial fraud, identity theft and viruses. In the McAfee Mobile Security uses technology App Alert - the only commercially available technology, which not only tells the user the powers granted to applications, but also sends a query to the database network McAfee Global Threat Intelligence, containing information about the reputation of URL-addresses, to inform the user about the applications that are associated with dangerous Web sites, and (or) suspected of sending personal data to dangerous Web sites (for example, Web sites used by spyware and adware).

Famous hacker found a vulnerability in iOS

Apple has turned to iPhone owners with a request to be wary of SMS-messages

The warning was issued after a known hacker pod2g found a vulnerability in the mobile operating system iOS, with which criminals can use any phone number in the sender SMS.

According to pod2g, this vulnerability has existed since the first version of iOS and is still relevant in beta iOS 6. Attackers can exploit the vulnerability by sending a user, for example, an email with instructions on behalf of the bank.

New Frankenstein Virus Can Build Itself

Frankenstein virus creates malware by stitching itself together

Scientists commissioned by the U.S. Army to develop a model of the virus that self-assembled from fragments of the software installed on the victim's computer. Conceptual design was given the name Frankenstein, says the magazine New Scientist. The scientists have set the task to create code that is difficult to detect with an unknown virus. Solved by the modular design of the virus.

Once installed on the victim machine, the virus constructs a working body of the so-called "gadgets" - small pieces of source code, each of which performs a specific narrow task. Gadgets are borrowed from programs that are installed on your computer, such as Internet Explorer or Notepad. A typical Windows-program contains about 100,000 gadgets unique building blocks for the assembly. For example, explorer.exe - 127,859 gadgets, gcc.exe - 97,163 gadgets, calc.exe - 60390, cmd.exe - 25008, notepad.exe - 6974.

Trojan for Linux and Mac OS X

Trojan for Linux and Mac OS X steals passwords

Trojan keylogger has the functions and steals passwords typed by the user in almost all popular browsers.

Experts of "Doctor Web" found Trojan-oriented operating systems Linux and Mac OS X. The activities of malware is to steal passwords from some of the most popular Internet applications. Experts note that BackDoor.Wirenet.1 is the first of its kind with a similar Trojan functionality, which also works in the listed operating systems.