The DNS system is essentially the Internet’s phone book that allows your computer to resolve a URL to the IP address of the server that hosts its contents. By changing a computer so that it uses a rogue DNS server, the DNSChanger malware was thus able to redirect valid URLs (such as those for banking institutions) to malicious Web sites in order to steal personal information.

Read this full article at CNET

Only registered users can write comments.
Please login or register.

Powered by AkoComment!

Article source: http://www.linuxsecurity.com/content/view/156718?rdf

He agreed to be our ‘bad guy’ in an experiment to show how easy it is to hack into someone’s computer using public Wi-Fi. “Wireless is fairly secure if you use it properly,” said DeWoskin.

Read this full article at KARE 11

Only registered users can write comments.
Please login or register.

Powered by AkoComment!

Article source: http://www.linuxsecurity.com/content/view/156706?rdf

Check out the Kinect for Xbox 360 Super Sunday challenge. In an effort to inspire the masses to get off the couch this Sunday, Kinect for Xbox 360, the official console sponsor of the NFL, and NFL PLAY 60 recently announced a challenge to fans and gamers across the country to help make Feb. 5, 2012, “The Most Active Super Bowl Sunday Ever.” Earlier this week, NFL PLAY 60 ambassador and Super Bowl XLIV MVP Drew Brees were joined by kids from an Indianapolis-area middle school in a press conference from the NFL’s Super Bowl media center to outline the details of the “Kinect for Xbox 360 Super Sunday Challenge.” Read this press release on the Microsoft News Center for the rest of the story.

New version of Skype for Windows now available. We released an updated version of Skype for Windows (version 5.8) Thursday with a few improvements we want to tell you about. Download the latest version of Skype for Windows and start Group Screen Sharing. Share photos with a group of friends and family or share your screen to display a presentation with up to 10 people. Group Screen Sharing is available with Skype Premium, which also includes Group video calling and live chat customer support. Read this post on The Big Blog for the rest of the story.

Kinect for Windows: Game on for commercial use. A journey was completed Wednesday, and another began, as Kinect for Windows officially became available. Little did we know that just over a year on from shipping Kinect for Xbox, we’d be inviting the commercial world to show us what’s possible with Kinect. Now, it’s here. For more detail on this story, read this post on the Next at Microsoft Blog.

Lots of Windows Phone news this week. If you’re in the market for a new smartphone, we urge you to consider Windows Phone. To see what others are saying about Windows Phone, check out these reviews from The Boston Globe, All Things D, Wired and Geekwire, among others. And don’t miss this beginner’s guide on the best way to pick a smartphone. Windows Phone also made plenty of news on the app front this past week or so too. Check out this post on the seven best Windows Phone apps for staying green, a profile on the new Vimeo app and this great story on how Windows Phone can help fight malaria.

Gone Google? Got concerns? We have alternatives. During the last week or so, there has been a fair amount of discussion about how Google is making some unpopular changes to some of its most popular products. You can see some of the concerns and worries about lack of choice and so on in these links. The changes Google announced make it harder, not easier, for people to stay in control of their own information. We take a different approach – we work to keep you safe and secure online, to give you control over your data, and to offer you the choice of saving your information on your hard drive, in the cloud, or on both. You can read more about some of the great products Microsoft offers on The Official Microsoft Blog, including Hotmail and Office 365 and Internet Explorer and Bing. Don’t miss ‘em.

Our favorite Bing features. This week, we’ve been encouraging people to take another look at Bing. To help folks who may not have used Bing in a while find some of our favorite features, we’ve pulled together a quick list of some cool things you can do on Bing that you won’t find other places. Check out today’s post on the Bing Search Blog, which features a short video that encapsulates some of Bing’s best features.

MSN Living launches at Living.MSN.Com. Whether you’re interested in celebrity fashion, the latest beauty trends, or budget solutions for your family, MSN Lifestyle has always been your go-to destination with great content from your favorite brands like Allure, Glamour, Cosmopolitan, InStyle, Good Housekeeping, GQ, Real Simple, Parenting and more. On Wednesday, MSN Lifestyle transformed into MSN Living – a completely new site that delivers a brand new visual design, fresh original content, and experiences that speak to the varied facets of your life. Read this post on The MSN Blog for the whole story.

That’s it for this edition of Weekend Reading! Enjoy the Super Bowl and see you back here on The Official Microsoft Blog next week!

Posted by Jeff Meisner
Editor, The Official Microsoft Blog

Article source: http://blogs.technet.com/b/microsoft_blog/archive/2012/02/03/weekend-reading-feb-3rd-edition-don-t-miss-the-kinect-super-sunday-challenge-the-new-version-of-skype-for-windows-plus-windows-phone-bing-amp-msn.aspx

Contrary to some reports, Kaspersky and Microsoft have no evidence that the botnet that was taken down in September has returned to the control of cybercriminals or is spamming again at this time. However, we have seen evidence of distribution of new malware that appears to be a slightly updated variant of the malware that built the original Kelihos botnet. This does not mean that the Kelihos botnet we took down is back in operation, but that a new version of Kelihos malware known as “Backdoor:Win32/Kelihos.B” is being used to create a new botnet. Microsoft has already made protection from this new malware variant available in the Malicious Software Removal Tool (MSRT). This kind of effort by botherders to try to rebuild a botnet from the ashes of the old is not new.

In fact, it is believed that Kelihos itself may have been built based at least in part on code from Waledac, the first botnet Microsoft took down. Malware authors often recycle previous versions of malware. The challenge for the ‘good guys’ is to stay on top of such emerging threats and continue to build protections for computer owners and strategies for further cybercrime disruption. This is why taking down a single threat has never been Microsoft’s ultimate goal in our fight against botnets, but rather to transform the fight against cybercrime by developing, testing and advancing impactful and disruptive strategies that can help the industry as a whole better fight those that attack our customers. This is a long term effort and, despite the constant evolution of cybercrime, we’ve seen strong positive progress in recent years.

Confusing media reports about the status of the botnet developed this week following a post from Kaspersky Labs that new samples of malware, built on code that is very similar to that used by Kelihos, had been detected. However, analysis of these samples and continuing observations of Kelihos-infected computers have demonstrated no known re-employment of the original Kelihos botnet by botherders. Microsoft took down the Kelihos botnet in partnership with Kyrus Tech, which served as a declarant in the legal case that made this takedown possible, and Kaspersky Lab researchers, who provided technical analysis to help dismantle the botnet.

Microsoft’s role in this operation was in coordinating the overall takedown, investigation and legal case, taking down the command and control (CC) and backup domains associated with the botnet’s operations and working to make sure affected computer owners could clean the malware from their computers. Kaspersky’s role, as outlined previously by its researchers, included peer-to-peer disruption and sinkholing the botnet – a process that reroutes all botnet traffic toward Kaspersky-controlled machines, or “nodes,” and away from the network of infected machines. Kaspersky has reported no loss of control of the peer-to-peer operations and Microsoft researchers have confirmed this week that the original Kelihos CC and backup infrastructure remains down, but it appears new botnet infrastructure may be being built with the new variant of Kelihos malware.

In terms of the scope of the threat this represents, it is worth noting that the size of the original Kelihos botnet taken down was relatively small. At the time of the takedown, the Kelihos botnet was estimated to include approximately 41,000 infected computers worldwide. Of course, botnet malware continues to spread and need cleaning over time, so the overall size of a particular botnet might fluctuate.

However, since the time of the takedown, we know MSRT alone has cleaned nearly 28,000 infected computers. Based on Kaspersky’s analysis this week, they estimate that the size of the botnet has gone down by approximately 25 percent in just the last two months. Since the time of the original takedown in September, we estimate that the botnet is less than a quarter of the size it was and now involves less than 10,000 infected computers. We have no statistics to share at this time with respect to the size of the new botnet in development, but while those numbers are likely small as well, it is a threat we will continue to monitor. We are also continuing our efforts to clean the computers that are infected with all known forms of Kelihos malware, including this new variant.

Fighting cybercrime, including botnets, requires a collaborative effort among industry, academia and the public sector, and as we learn more about the status of the Kelihos malware, we will apply those lessons to future takedowns. To date, our collaborative approach has produced key victories, including the previous takedowns of Waledac and Rustock botnets. Again, no single action or takedown will put an end to malware or cybercrime, but through continued cooperation, creativity and vigilance we can help prevent and disrupt it.

Microsoft, as ever, remains committed to following botnet cases wherever they lead us and to holding those responsible accountable for their actions. As you may have seen, Microsoft recently named a new defendant in the legal case on Kelihos and we continue to move forward with those legal proceedings. We will continue to provide updates as the ongoing Kelihos investigation unfolds.

For free tools and information to remove Kelihos or other botnet malware from your computer, go to http://support.microsoft.com/botnets. And, to stay up to date on the latest developments on the fight against cybercrime, follow the Microsoft Digital Crimes Unit on Facebook and Twitter.

Posted by Richard Domingues Boscovich
Senior Attorney, Microsoft Digital Crimes Unit

Article source: http://blogs.technet.com/b/microsoft_blog/archive/2012/02/03/update-on-kelihos-botnet-and-new-related-malware.aspx

One of the critical vulnerabilities opens users up to cross-site scripting attacks because the browser did not run proper security checks, Mozilla said in its security advisory.

The flaw “allows for cross-site scripting attacks through web pages and Firefox extensions. The fix enables the Script Security Manager to force security checks on all frame scripts”, Mozilla explained.

Read this full article at Infosecurity US

Only registered users can write comments.
Please login or register.

Powered by AkoComment!

Article source: http://www.linuxsecurity.com/content/view/156707?rdf

The cause of the problem is the security update to PHP 5.3.9, which was written to prevent denial of service (DoS) attacks using hash collisions. To do so, the developers limited the maximum possible number of input parameters to 1,000 in php_variables.c using max_input_vars. Because of mistakes in the implementation, hackers can intentionally exceed this limit and inject and execute code. The bug is considered to be critical as code can be remotely injected over the web.

Read this full article at H Security

Only registered users can write comments.
Please login or register.

Powered by AkoComment!

Article source: http://www.linuxsecurity.com/content/view/156708?rdf

Read this full article at InfoWorld

Only registered users can write comments.
Please login or register.

Powered by AkoComment!

Article source: http://www.linuxsecurity.com/content/view/156709?rdf

So to wrap up the week, we’re highlighting Internet Explorer and Bing. Great products on their own, each clearly different than what Google offers, each designed with people first.

Download Internet Explorer 9, and install an appropriate Tracking Protection List from the Internet Explorer Gallery. You can also find Tracking Protection Lists created by well-known privacy experts at http://privacyonline.org.uk/about.html. That way, you can browse the Web without simultaneously being “browsed” by others. It’s unique to IE9 in that, regardless of the privacy policy of the site you happen to be visiting, Tracking Protection helps ensure your information stays with you…not with the third parties whose content is on the websites you visit. In fact, the privacy protections in IE9 are so extensive that two of the world’s leading privacy researchers, Simon Davies and Alexander Hanff of Privacy International, said:

“IE9 Tracking Protection has huge potential and is a powerful tool for providing verifiable privacy protections for consumers. Alex and I were delighted when Microsoft decided to heavily support this area, since it has empowered independent parties like us to author rich Tracking Protection Lists—available free to consumers—that span Child Protection, Analytics and general Behavioral Profiling.”

And for a great search experience, all you have to do is click on Bing.com. Over the past two-plus years, it’s really matured into a great search engine – relevant results, experiences designed to help you do more, as opposed to searching more, and we think it’s every bit as good as any search product out there. I’d encourage you to try it for a day or a week or a month, really get to know it, and see what you think.

The overall theme we hit in our ads and here on this blog has been that while Google has one customer – its advertisers – we have many customers. Of course we have advertising customers, and we love them and are working to make sure we improve the advertising experience for you, and for them. But we think of YOU as our customer as well, customers for Office and Windows and Windows Azure and Bing and Internet Explorer and Hotmail and so on – and because we have a big view of who our customers are, we naturally make some different choices than Google does.

We think you care about this difference. And of course, all of Microsoft’s products and services, like Internet Explorer or Bing or Hotmail, are designed to put you first. And that’s a great experience, one you don’t have to “share” with Google.  

We had some fun this week. But the choices you make really do impact how your personal information is treated. So, thanks for thinking it over, and I want you to know that Microsoft remains committed, as always, to designing products for you, our customers. 

Posted by Frank X. Shaw
Corporate Vice President, Corporate Communications, Microsoft

Article source: http://blogs.technet.com/b/microsoft_blog/archive/2012/02/03/looking-for-options-try-the-dynamic-duo-of-ie9-and-bing.aspx

According to information released by VeriSign in October 2011, “we have investigated and do not believe these attacks breached the servers that support our domain name system network.” But the company didn’t rule out that information relating to the DNS network wasn’t stolen in the attacks, which occurred before some assets of the company were acquired by Symantec in 2010.

Read this full article at Information Week

Only registered users can write comments.
Please login or register.

Powered by AkoComment!

Article source: http://www.linuxsecurity.com/content/view/156704?rdf

The conversation concerned a young member of another hacking collective who was cooperating with the police in Britain.

The attack on the FBI was initially announced with a text post on the website Pastebin. A link to an MP3 recording of the conference call was later put up and publicised on numerous Twitter accounts.

Read this full article at The Telegraph

Only registered users can write comments.
Please login or register.

Powered by AkoComment!

Article source: http://www.linuxsecurity.com/content/view/156705?rdf