Sophos: Do you support Facebook’s proposed privacy policy changes?

continue reading.....

New York Times: Journalists E-Mails Hacked in China "involved Yahoo e-mail accounts"

continue reading.....

David Neal, V3.co.uk, Wednesday 31 March 2010 at 11:46:00

A Google security expert has warned that the attacks against its systems in
January, which kicked off
worldwide
discussions on cyber freedom and government control of communications,
represent a far wider “general threat” to the internet.

Neel Mehta, a researcher with Google’s security team, said in a
blog
post that, while malware is the root of the problem, it becomes truly
destructive when used to “suppress opinions of dissent”.

To show that it is not just about Google, Mehta has gathered information
about other attacks which, despite being less sophisticated, still had a widely
felt impact.

The attacks in question were targeted against Vietnamese citizens, and used
malware in an attempt to infect the computers of a “potential” tens of thousands
of users across the world.

The route for infection was a Vietnamese language keyboard driver. Mehta said
that, although the malware itself was not particularly harmful, it had been used
for “damaging purposes”.

The infections were used to spy on users in the same way as the hacks on
Google, which have been traced back to China, while also forming part of a
denial-of-service (DoS) attack.

“These infected machines have been used to spy on their owners as well as
participate in distributed DoS attacks against blogs containing messages of
political dissent,” said Mehta.

“Specifically, these attacks have tried to squelch opposition to bauxite
mining efforts in Vietnam, an important and emotionally charged issue in the
country.”

Security firm McAfee was responsible for tracking the infection to its root,
and the firm’s chief technology officer, George Kurtz, has been quick to add to
the discussion.

“This incident underscores that not every attack is motivated by data theft
or money,” he said in a
blog
post. “This is likely the latest example of ‘hacktivism’ and politically
motivated cyber attacks, which are on the rise.”

Kurtz said that an investigation of the attacks had led McAfee to believe
that the perpetrators were associated with the government of the Socialist
Republic of Vietnam.

continue reading.....

Buck-Security is a security scanner for Debian and Ubuntu Linux. It helps you to harden your system by running some important security checks. For example, it finds world-writable files and directories, setuid and setgid programs, superuser accounts, and installed attack tool packages. It also checks your umask and checks if the sticky bit is set for /tmp, among other checks.

continue reading.....

HP Security Bulletin – A potential security vulnerability have been identified with HP-UX with AudFilter rules enabled. The vulnerability could be exploited locally to create a Denial of Service (DoS).

continue reading.....

A group of grassroots leaders are demanding that the President fire John Morton, the head of the U.S. Immigration and Customs Enforcement (ICE).

continue reading.....

SANS Forensics: Custodians of Digital Evidence

continue reading.....

The concept of open IT standards, which is central to the European Interoperability Framework (EIF), is to be watered down to such a degree that it will fade into insignificance. At least that’s the impression given by a current EIF 2 release leaked to the Free Software Foundation Europe.

continue reading.....

Multi-Mirror suffers from a remote shell upload vulnerability.

continue reading.....

My School Script suffers from a remote database disclosure vulnerability.

continue reading.....

Yamamah version 1.00 suffers from administrative reinstall and blind SQL injection vulnerabilities.

continue reading.....

The rumors keep circulating. The latest came yesterday when the Wall Street Journal reported that Apple was working on a CDMA version of the iPhone. To most people, that means one thing. No, not a Sprint version of the iPhone (though I suppose that’s possible too), a Verizon version of the iPhone.

The problem is that these rumors have been circulating almost as long as the actual iPhone itself. And the WSJ report isn’t exactly a slam dunk by only citing the ever-anonymous “people briefed by the company.” But, more so than ever, the timing does appear to be right for Apple to break its AT&T exclusivity.

First of all, this Verizon iPhone would not launch alongside the other new iPhone hardware due this Summer. The WSJ report has manufacturing on the CDMA iPhone ramping up in September, but also notes that the phones may not be available to consumers immediately. This means at the earliest, we’re looking at a Fall release, or possibly even a holiday release for the device (if not later depending on several factors). That means that AT&T would still get the supposed “iPhone HD” all to itself for several months at least.

continue reading.....

Solaris 10, the official stable version of Sun’s UNIX operating system, is no longer available to users at no cost. Oracle has adjusted the terms of the license, which now requires users to purchase a service contract in order to use the software. Sun’s policy was that anyone could use Solaris 10 for free without official support. Users could get a license entitling them to perpetual commercial use by filling out a simple survey and giving their e-mail address to Sun. Oracle is discontinuing this practice, and is repositioning the free version as a limited-duration trial.

continue reading.....

VMware Security Advisory – A cross-site scripting vulnerability in WebAccess allows for disclosure of sensitive information. The flaw is due to insufficient verification of certain parameters which may lead to redirection of a user’s requests. This vulnerability can only be exploited if the attacker tricks the WebAccess user into clicking a malicious link and the attacker has control of a server on the same network as the system where WebAccess is being used.

continue reading.....

In a previous MTE article, you learned how to create a unified desktop using the KDE 4 Oxygen themes for KDE, GTK, and Firefox. Oxygen is clean, simple, and visually pleasing, but some people want a little more flexibility. QtCurve is a theming system that gives you the configuring power to have varieties of themes, from downright plain to shiny eye candy.

continue reading.....

The jQuery library provides several techniques for adding animation to a web page. These include simple, standard animations that are frequently used and the ability to craft sophisticated custom effects. In this article we’ll closely examine each of the effect methods, revealing all of the mechanisms jQuery has for providing customised visual feedback to the user.

continue reading.....

Over the last few months we’ve seen quite a few international startups that are looking to capitalize on the success of Groupon, the deal-a-day startup that has been getting quite a bit of buzz lately. Europe has already seen many similar sites, and tonight, Brazil is getting its due: Peixe Urbano (which means “Urban Fish” in Portuguese) has just launched to the public, offering daily deals to Brazil’s nearly 70 million Internet users.

Founder Julio Vasconcellos concedes that Peixe Urbano has many similarities to Groupon — it sends users one great deal per day (generally offering 50-90% off) via Email, Twitter, or Facebook. And, like Groupon, a certain number of people have to sign up for the deal before it “activates”, which gives users an incentive to tell their friends. But Vasconcellos says that he and co-founder Alex Tabor have made some key changes to better adapt the new site to Brazilian culture.

continue reading.....

France Telecom / Orange is partnering with OpenX to launch Orange Ad Market, a brand new online advertising marketplace tailored to the European digital industry.

Orange Ad Market will be operated by Orange and powered by OpenX in exchange for a share on every transaction that is made through the platform. The marketplace will allow all classes of buyers to compete for targeted impressions in real-time auctions and help sellers of online display advertising inventory from all over the globe maximize revenue.

The partnership between Orange and OpenX spans multiple years and is mutually exclusive to all regions Orange operates in.

continue reading.....

An unauthenticated remote attacker without any kind of credentials can access the SMB service under the credentials of an authorized user.

continue reading.....

Hacker Geohot claims he has a plan to permit PlayStation 3 (PS3) users to continue running Linux on the gaming system, despite Sony’s announcement that it will block alternate operating system installs. On Sunday, Sony announced that a 3.21 update due on April 1 will prohibit the installation of alternate installations, due to security concerns. Sony’s upcoming April Fool’s Day update, which prohibits alternate OS installations on systems prior to the new “Slim” models launched in September, is no laughing matter to Linux hackers who have enjoyed a four-year run of loading distributions such as Yellow Dog Linux on the gaming box. Yet the last laugh may be on Sony if well-known hacker Geohot (George Hotz) gets his way.

continue reading.....

HP Security Bulletin – Potential security vulnerabilities have been identified with Insight Control for Linux (IC-Linux). The vulnerabilities could be remotely exploited to allow remote execution of arbitrary code, local unauthorized elevation of privilege.

continue reading.....

OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cryptography world-wide.

continue reading.....

Kora suffers from an unauthenticated administrator reinstall vulnerability.

continue reading.....

Easy-Clanpage versions 2.1 and below remote SQL injection exploit.

continue reading.....

The Joomla Spec component suffers from a remote SQL injection vulnerability.

continue reading.....

IBM and Indian company Simmtronics are marketing their 10″ netbook at a cost under $200. The Simmbook netbook with a 10.1″ screen at 1024 x 600 pixels (VSVGA) works with the Atom N270 processor (1.6 GHz and 533 MHz FSB), a GByte of DDR2 RAM (maximum 2 GBytes with a slot) and a 160-GByte SATA hard drive.

continue reading.....

HP Security Bulletin – Potential security vulnerabilities have been identified with HP SOA Registry Foundation. The vulnerabilities could be exploited remotely to gain unauthorized access to data, for cross site scripting (XSS), or to escalate privileges.

continue reading.....

The Joomla Television component suffers from a remote SQL injection vulnerability.

continue reading.....

React Software suffers from a local file inclusion vulnerability.

continue reading.....

Free MP3 CD Ripper version 2.6 buffer overflow exploit.

continue reading.....