Today, Apple released a security update for Quicktime 7.1.6, further removing a vulnerability first used by a security researcher in April to win $10,000 and a new Macbook in the "PWN 2 0WN" contest at CanSecWest 2007. This security update complements an earlier bug patch for Quicktime 7.1.6 released by Apple on May 1, 2007. The 1.1Mb Windows Quicktime 7.1.6 update affects users of Windows 2000 SP4, and Windows XP SP2. The 1.4 Mb Mac Quicktime 7.1.6 update affects users of Mac OS X v10.3.9 … Read more
Google's purchase of GreenBorder Technologies--a browser virtualization software company that creates a sandboxed environment for your existing Firefox or Internet Explorer browse--follows on the heels of Google announcing a blog from its nascent antimalware team. With rumors of a possible forthcoming antivirus acquisition, the Mountain View search giant has jumped into the Internet security business feet first.
Nerves must be raw at traditional security vendors Symantec and McAfee. Last year Microsoft announced its own security suite, Microsoft Windows Live Onecare, and proceeded to capture a lion's share of sales in the Internet security suite space. Now Google … Read more
The acquisition, according to a posting Monday on the Google Operating System blog, should provide the Internet giant with a Web "sandbox" for its users. Basically users could enter the sandbox, search and interact with various Web sites, and leave any viruses they encounter back in the sandbox when they exit.
As it turns out, a couple weeks back GreenBorder customers had been wondering the company's discussion board if something was afoot.
On its Web site, the security software developer noted it would discontinue sales of its GreenBorder Pro products, … Read more
Although China's government has been mired in human rights problems for years, the bureaucrats do know a thing about customer service.
Communist party members have to undergo the "360" review process for promotions, the peer-review system that helps determine promotions at companies like Intel. (The party picked it up from U.S. corporations, Jian Daning, director of the Shanghai Waigaoqiao Free Trade Zone, told us a few years ago).
Want to open a company here? The system for tax breaks for exporters is well mapped-out, and there are several regions offering deals on land in industrial parks. … Read more
Apple today announced a new security update for users of Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.9, and Mac OS X Server v10.4.9. The most serious of these vulnerabilities is for CoreGraphics in which an attacker could entice a user to open a specially crafted PDF file, resulting in an application crash and an overflow allowing the execution of malicious code. Other serious patches include those for Bind, Fetchmail, and GNU Screen. The update is available from within Mac OS X via the Software Update pane … Read more
Spam, zombie robots, and the rest of the dark underbelly of the Internet has led to one of the Web's big annoyances: the captcha. That's the barely readable block of random letters you must translate in order to prove your humanness, and it's supposedly the one thing that separates us from the machines. It's also used in nearly every site registration process--and more recently at site logins. The bottom line is that it's annoying but also utterly necessary to keep evil at bay.
Enter reCAPTCHA, a project of the School of Computer Science at Carnegie Mellon University. A mix between disease-curing Folding@Home, and MyCroft [review], reCAPTCHA requires users to solve two jumbled words: one is the actual captcha, the other is just a word that needs to be translated into text. These words come from various scanned books and documents residing on the Internet Archive. Many of those books were written before computers and in their current state (PDFs and image files) are just glorified photographs--a medium that is still hard to sort through. Once complete, they'll be digital text, and completely searchable.
Words for translation are not just chosen by random. Documents that have been scanned, get checked by an Optical Character Recognition (OCR) engine, which is able to pick up many of the words. Those that are misspelled by OCR, or are impossible to read, are plucked and put into the ReCaptcha word pool. Sites can implement ReCaptcha several ways. There are plug-ins for WordPress, MediaWiki, phpBB, and PHP.
I've embedded a sample ReCaptcha below. You'll notice both words look similar, as ReCaptcha is using both words from the same source, so you can't tell which one has already been solved.
Security vendor Websense is reporting the return of a bogus Better Business Bureau e-mail. The attached Word document in this release contains a Trojan that, when opened, attempts to download and install a keylogger which then uploads stolen data from the compromised PC to an IP address located in Malaysia.
In March, the Better Business Bureau issued a warning. The new bogus message claims that a complaint has been filed against the recipient's company. Attached to the message is a Microsoft Word document (Document_for_Case.doc), supposedly containing additional details regarding the complaint.
LAS VEGAS--After three days here--about as much time as any sane person should spend in this town--I bid adieu to Interop.
I heard that there were 21,000 people in town for the Interop conference. Judging by the hoard of people leaving the Mandalay Bay convention center yesterday (and headed for the saloon for a little geek speak), I believe it. My takeaways from the show are as follows:
The buzzwords this year were network access control, wide-area network optimization and security. Security is a must-have. NAC is real and will go from concept to strategy in the next … Read more
If you've seen one too many reruns of the Thomas Crown Affair (the original version with Steve McQueen and Faye Dunaway was far superior), and you're of the paranoid ilk like us, you may very well be tempted to try out something like this to protect your precious oils and water colors. The "Guard Alarm" aims to provide security for hanging artwork directly at the source, rather than wiring the room they're in.
It screws into the wall, serving essentially as a "smart" hook--if a painting is removed, it sounds a "piercing, … Read more
Heard the one about the Skype worm? Actually, users of the popular VoIP service Skype have been contending with misleading and dangerous URLs for some time. Like worms spread by MSN Messenger and Yahoo Messenger, various Skype worms have been known to include a message such as "Give me your opinion" followed by a URL. Clicking the link then installs several malicious files including versions of the Warezov/Stration Trojan horse. Stration has been known to open remote access on infected machines.
Now, Chris Boyd, Director of Malware Research at Facetime Security Labs, has found a recent Skype … Read more