New Symbian Trojan Variant Discovered

mardi 6 juillet 2010

Trend Micro researchers detected the spread of a new variant of Flock, a Trojan for Symbian systems a year ago found that robs the user of the phone small amounts of money through SMS.

This new variant is passed through an application called 'ZvirOK'. Once installed on the device, it sends a message to a four-digit number with the text "xxx mumym joker90." Although researchers are not clear, it appears that the purpose of the trojan is still the same: to transfer a small sum of money through each of the messages sent.

"SYMBOS_FLOCK.I" as has been bautilzado such malware is desktop Python and affects phones that use Symbian. In addition, we found a different variant of the Trojan that runs on Java platforms (J2ME) and may affect a larger number of mobile devices.

SYMBOS_FLOCK.I being circulated on websites and can only be installed manually by the user. As always we recommend, very careful when downloading software (any kind) from untrusted sites.

via:
Softpedia


Read More


Check how secure is your password

vendredi 2 juillet 2010

Passwords are an important part of anyone on the Internet. It is the way to protect our information. Unfortunately for some, when creating passwords do not get very creative, paving the way easy for miscreants who are responsible for stealing passwords.

It is important to note that when choosing a password, jeopardizes the security of information that can be sensitive. How good is your password?. With the help of a site you can measure how difficult it would try to figure out your password, as well as the estimated time it would take a computer to achieve the objective. The site is called How secure is my password, and as you type your password, you'll see at the bottom of an estimate of the time it would take to "guess" your password. Words such as "password", "test", "abcde" or "12345" are automatically classified as easy to guess.

Here are some general recommendations on the use of passwords, especially if you have an account at many web:

• Use a different password for each Web site.
• Use special characters (#, @,!, _, -, Etc.)
• Use numbers.
• Use at least one capital letter.
• Do not use personal information such as date of birth or telephone number.

Enlace
How secure is my password?
Vía
Lifechacker


Read More


Hackers target Microsoft Windows XP support system

jeudi 1 juillet 2010

Windows XP is a product with a large user base. Despite being an old operating system there are millions of users around the world whose primary operating system to Windows XP. In recent days have seen an unprecedented rise in attacks is concerned: the target of these attacks is precisely the Microsoft operating system. Microsoft has reported that the attacks have been more than 10,000 PCs, but now the figure may be much higher since not found a solution to this problem.

A Google engineer reported finding a vulnerability in Windows XP to be allowed total control of a PC, using the capacities of this to receive help from another computer remotely.

Researchers from security firms like Trend Micro, say it is a serious problem for many developers of malware and viruses are being targeted on users of Windows XP. It is expected that in next few hours there is a more specific answer from Microsoft.

This breach of security does not affect Windows Vista or Windows 7.

Vía
gHacks
Link Hackers target Microsoft Windows XP support system


Read More


Google adds new alerts of suspicious activity



A few months ago, Google reported that it would be adding alerts on suspicious activity in the accounts of users. And for suspicious activity relating to unusual patterns in the sessions: if a person logs on to Madrid, and in half an hour from Los Angeles does, surely there is something to be suspicious. Are those situations that cause the above warning. This only happened when working in the environment of GMail, because it is currently the most used services. Due to the good results obtained from this practice, Google has incorporated this alarm system in more pages, now in the homepage of the Dashboard (board) where they are shortcuts to the links on Google, you can see notifications this style.

It seems that it is a new layer of protection for users, which may expand to other services later. Until that comes, now there are two places where we can check for suspicious activity in the accounts. Congratulations to Google for this initiative.

Via
Download Squad


Read More


Norton produces a false alarm after upgrading Firefox

mercredi 30 juin 2010

For users of Symantec Norton antivirus company can give an alarm after upgrading to the latest version of Mozilla Firefox. Several readers who use Norton Antivirus and Internet Security Symantec's 2 detected this error after upgrading to the latest version of Firefox. In addition to several files in quarantine, all caused by a malfunction of the popular browser.

In the Symantec forums has been given more information about errors and error occurs when you upgrade to Firefox 3.6.6 and the files involved are:

• freebl3.dll
• softokn3.dll
• softokn3.dll
As we say it is not dangerous files, if not the facility of the browser.

Symantec systems in the cloud as detected these files are files that have not been so never sets on a suspect but is not really such. A Symantec employee has given notice of false alarm about this event and for the comfort of its users.

Source:
h-online


Read More


Google Chrome is updated again this month

mardi 29 juin 2010

Google has released a second update this month of June for Google Chrome browser is Google Chrome 5.0.375.86 for all 3 platforms (Windows, Linux and Mac) and fixes five security bugs that could allow an attacker to perform cross techniques -site scripting, denial of service and other techniques are not provided by Google.

Also in this update includes Flash in Chrome by default. Since so far there was no addition is activated for immediate use.

According to sources Hispasec responses can be used "application / json" for attacks on cross-site scripting. Also with this update corrects bugs that would enable other attacks related to video processing and other related subrecursos (omnibox load) and other treatment of pointers in response x509-user-cert.


Read More


OpenBook - now it is time to review your privacy on Facebook

jeudi 10 juin 2010

OpenBook is a search engine that only shows you the great results of Mark Zuckerberg's social network. This network is constantly attacked by their privacy policy, although this simply must do a little research on your favorite search engine and you'll see that thousands of threads open about that.

Well, OpenBook with almost the same design of
Facebook, lets you search specific, resulting in thousands of user updates are not properly activated your privacy and may make public statements which should not come to light, say as examples statements to your boss, photographs and personal information compromised.

In this way, the creators of Facebook active users OpenBook want mentalicen current users of all I could come to light with a simple search.


Read More


Mozilla Plugin Check now for all browsers

vendredi 14 mai 2010

Having all the plugins to date, is a sign that your computer will work well and by the way, we have a more secure and stable. Mozilla already had a tool called Plugin Check, which will alert users of its Firefox browser, for when they had new versions of Flash, DivX, Java, QuickTime, among others.

But being a tool that helps us have a safer computer, Mozilla opens the doors to other browsers such as Opera 10.5, Safari 4, Chrome 4 and Internet Explorer either version 7 or 8.

Once you get into the tool, start the search and verification of the installed versions. Let you know whether you're a day or you need to update, in which case we will provide a button from which we sent to the download page, so that everything is as simple as possible.

More information:
The Mozilla Blog
Official site:
Check Plugin


Read More


Cyberattack Targeted Google Password System

lundi 3 mai 2010

There continue to be more details on the attacks on Google in China, this time are more specific and relate to the safety of all users of Google services. Here is a brief account of the facts:

• Chinese Hackers attempt an attack on Google.
• Noticing this, the Mountain View company ceases to
censor their search results.
• Start the bickering. The Chinese government warned Google to comply with its rules and if he leaves.
• Representing U.S. interests outside the White House position on the facts.
The Chinese government denies any connection with the attacks.
• It is found that the Asian nation's government is lying. They start out the first names.
• As highlighted, the Beijing government promises to punish those responsible.
• The tension grows and
Google takes a defiant stance predicting his departure from the Chinese market.

It has been much criticism of Google for defending their interests in such a way, but to learn more about the role of attack, we note that no wonder. Now comes to light that the real objective of the hackers was not simply attacking dissent, the jackpot was violating the Google login system called Gaia and serves as identification for many sites such as GMail.The problem is that there are Google services for which people pay, which means that billing information (credit cards, bank accounts) could be exposed and used in ways harmful to users. The sensitive data here is that the attack was possible to obtain the source code for Gaia with which the security of our data is in doubt.

Although until now nothing has happened relevant to this situation, we should not be so trusting. Google does not officially pronounce, so it is speculated that there is already a backup plan to ensure the protection of user data. In any way change the password regularly is not a bad idea, whether or not hackers.

Via
Download Squad
Link New York Times


Read More


BlogVault.net - Back Up Your WordPress Blog

lundi 26 avril 2010

We never tire of recommending services like this to blogVault, a service which enables you to backup your Wordpress blog hosted on is that losing everything you've written for years and all the feedback we've received while everything worked properly, can be lost in no time.

blogVault offers you a backup service for your WP blog, copies of which will be hosted on Amazon S3 servers and copied your blog to complete, ie, style sheets, comments, themes, plugins, images.

BlogVault service offers three types of contracts, all with annual payments that are:

Basics: a blog, 1GB of space, $ 29 per year
Plus: 5 blogs, 5GB space, $ 49 per year
Pro: 50 blogs, 20GB of space, $ 99 per year
Remember that this service is only compatible with Wordpress and if you decide on any payment plans, you have the option to try for 30 days for free before spending money.


Read More


Caution: WordPress blogs are being attacked

jeudi 22 avril 2010

It has raised a new alarm that affects many thousands of people around the world with a blog runs on WordPress (the latest version, 2.9.2 is vulnerable too) and several blogs have been attacked and are now infected distributing malware without the operators of these sites have been noticed. The worst thing is that it affects self-hosted version (installed on your own server) of WordPress.

Apparently this vulnerability has to do with SQL injection or some failure of a theme or plugin, it could also be because of some outdated as Magpie library that ships with WordPress. For now only speculation because the problem has not been fully identified.

The problem arises when the field in the table wp_options siteurl is replaced by a HTML code. This field holds the URL of the blog (ie, that field is not designed to accommodate HTML code), so that being accomplished the attack, possibly the affected site longer to load.

The highest number of cases that have been presented so far has to do with the company Network Solutions, although other sites have also been affected VPS.net so probably this attack is independent of the company that provides hosting for the hole security is in the same WordPress and not a default configuration or hardware.

It is important to be vigilant and continuously review the sites to ensure there are no problems, in case of finding an abnormal behavior, it is advisable to check the database and especially the siteurl field.

For now Sucuri Security Labs and Trend Micro have reported this attack, Trend Micro announced that its antivirus detects the problem as TROJ_BUZUS.ZYX (see more information on this virus), which leads to malware infection, and in some cases may install a fake antivirus on the computer of users.

Update: In addition to spreading malware, the infection can get them to generate backdoor Trojans (backdoors), ie that administrators and users could see a normal version of the site, but search engines actually could be seeing another version of site , which is especially dangerous and harmful to the issues related to SEO.

Via Download Squad


Read More


Yahoo Mail Gets Unrestricted API Access with OAuth

jeudi 15 avril 2010

Yahoo does not want to stay behind other companies (like Google), and which is also catching up on technical issues and improvements to the user experience, this time it is reported that OAuth access through the API, has been released, but its use is also available without restriction, regardless if the account is free or premium. OAuth has become an ideal for developers because it is a useful resource, for example, can grant permission to third party applications with a single click. The advantages are many but to name one could access the entire contents of your account (email, calendar, notes, etc..) From another application, such as Facebook.

The message was given through the group of Yahoo Mail Developer Community, where he announced that the API is kinder now that you can use 100% even with the free accounts. This is good for the user base of Yahoo Mail, who could see new additions and / or applications compatible with Yahoo Mail accounts.

Link
Post in Yahoo Mail Developer Community
Via RWW


Read More


Google lets you know if you have intruders in your Gmail account

jeudi 25 mars 2010

Theft of mail accounts are quite common and the truth is that even if we find someone outside us is swarming our domains.

Google for its part is trying to increasingly less the accounts that are stolen and if it already had a section where we could see the activity of our own in recent sessions, whether by phone or a computer, now it will alert differently and more graphically, without you to be the need to go to the location of the tool.

From now on, Google will notify you with a message highlighted in the header of your account, where he also will inform you what part of the world are accessing. This function can be enabled or not, because the tool is that if you enter the account from a geographic area far from the usual, so if you're traveling, it is normal to skip the ad.


Read More


iPhone hacked, SMS database hijacked



This week is taking place in Vancouver on Pwn2Own 2010, a competition in which participants compete for great prizes to exploit security problems in smathphones and web browsers.

On the first day of the event two European security experts, Vincenzo Iozzo, Ralf Philipp Weinmann, exploited a known vulnerability in the iPhone with which you made the SMS database in 20 seconds, including text messages that had been previously eliminated.

While obviously not been given details of the exploit, Weinmann explained that by visiting a malicious site can capture the SMS database and sent to a remote server for checking. He also said the same bug can be exploited to extract the list of phone contacts, like emails, photos and music stored.

The expert duo won a prize of $ 15,000. And the event sponsor, TippingPoint, has become the sole owner of the rights of the vulnerability, which will be reported to Apple to be solved.


(via: ZDNet)


Read More


SQLFury, application to see if your site is protected

lundi 22 mars 2010

A recurrent form of attack sites that interact with SQL databases is called SQL injection is to modify the normal behavior of a routine, either to obtain or delete information without the permission or knowledge of managers. It is considered a vulnerability that is exploited widely in many places. SQLFury is an application made in Adobe AIR that allows you to test the safety and stability of a site. Through a series of tests trying to find vulnerabilities in a site (for example by contact or registration form) and where to find them, is notified by a message.

The application requires only the URL to be analyzed as an input parameter. Clicking the Test button starts the analysis of possible failures (can get all the information in the database). SQLFury supports MySQL, Oracle, PostgreSQL and Microsoft SQL Server. Esra application is free and runs on Windows XP/Vista/7 and Mac OS X 10.4/10.5.

Link
SQLFury


Read More


New Phishing Attack on Twitter, is spread by direct messages



Hackers continue to target users of Twitter with some deceptive practices in order to steal their login details. A new phishing attack (phishing) is underway and there are many users who have been affected by this attack. The contents of DM (direct message) has the phrase "You're on here?" (Are you here?). Reading the rest of the message we are informed that someone spoke to us in a blog. The attack occurs when the user clicks on the URL of the message, which leads to a site where your information is asked to identify themselves Twitter. When the user fills, is stolen the password.

The suggestion is that if someone receives a message with the above features, not even risk it and not click on the link. The thing to do is delete the message and alert other users about this attack. We recommend browsing with care and not delivering the data to any site that asks for it compromises safety.

Via
Mashable


Read More


Adobe Updates could be distributed through Windows Update

samedi 20 mars 2010

Microsoft and Adobe have decided to work together to distribute security updates for their products. Although as yet few details are known, everything suggests that the objective is that through Windows Update so users can download security updates for Adobe products.

This partnership comes on account of delicate moment in which Adobe is in regard to safety. Reader is currently one of the most attacked, and obviously this is not only concerned about Adobe, but Microsoft, as its operating system is also affected.

Could you open Windows Update Microsoft products that are not theirs? So far the company has only confirmed it is collaborating with Adobe to make its updates can be distributed through tools like System Center Configuration Manager or System Center Essentials.

Microsoft also said that for now there is no consolidated and still has many things to analyze. Let's wait to see how it ends.


Read More


PenSecurity, securely manages USB drives on your computer

jeudi 18 mars 2010

USB sticks are a great way to convey information quickly and easily. But then again, that too has its "disadvantages". Without realizing it in a couple of seconds, someone can connect a memory in your computer and steal a large amount of information. I do not even be said of the many threats that spread through these devices.

To protect ourselves from these potential hazards there
PenSecurity. It is a very simple tool that offers .various security features to manage USB devices that connect to our team

The application can block write-all units, thus preventing anyone to steal information using his memory. It also prevents the automatic execution of files, thus preventing the entry of viruses and other malware that spreads via USB sticks.

Without doubt an excellent tool we can use to supplement our antivirus. PenSecurity is free and supports Windows XP/Vista/7.


Read More


Apple does not allow developing Kaspersky security suite for iPhone

lundi 15 mars 2010

Eugene Kasperksy, leading security company with the same name, says that long ago that Apple consistently blocked attempts to create a security suite for iPhone, so something has never seen the light in the App Store.

He explains that although contacts with Cupertino extend over 2 years, the company has never allowed to use the SDK to develop a security application. The very founder of Kaspersky says that the chances of a virus to infect an iPhone are practically nil, but also notes that the app I want to develop will focus on data security at each terminal.

Here again we would enter into the debate about whether Apple is following the right path when it is prohibited to use the SDK to develop very specific apps, though in this case perhaps how you would use the SDK attack Apple's policies while on the other hand, are allowed to create applications that are totally and absolutely absurd. The issue becomes more thorny when it comes to the theory that law is equal for all, we all know that this is not true, even remotely.

I personally believe that this is another example that Apple does not like to improve their products, because by extension mean that these are not entirely good.


Read More


Hackers are looking for U.S. safety

samedi 13 mars 2010

To hide it, governments of different countries are and will be subject to cyber attacks, but as you know: "If you can not beat your enemy, Team up" and that is what is intended with this type of competition that take out.

In the U.S., both government and private companies want to know the behaviors and the modus operandi of these cybercriminals and the best way is to take a group of great minds of the scene and "converted" to the right side of the law.

Moreover, I have been amused by the comparison made in
Newsweek with Professor Charles Xavier X-Men and Alan Paller, Director and Co-founder of the Sans Institute, which has over 20 years trying to re-educate young cybercriminals to serve their country and protect it from such external attacks.


Read More


 

Our Partners

© 2010 hh All Rights Reserved