Monday, October 11, 2010

costly Samsung Tab, FB 'Group' flaw, Ubuntu 10.10, Windows7 Phones, 29 Java Vulns Patch

 Pop-Links@[11-Sep-2010]
==================================================


High Costs than Expected of Samsung Galaxy Tablet :
now Apple iPad costs $500 and the leaked cost of Samsung Galaxy Tab is $650 ($400 if you sign 2yrs long contract for services)... are they nuts or what, they got poor resolution and way poor brand-name than Apple... leave all that, its Android based tablet and even after using OpenSource platform they cost high

Link: http://www.itworld.com/mobile-amp-wireless/123579/samsung-galaxy-tab-price-leaked-it-too-high
==================================================

 Facebook flaw let you Add Anyone to Group :
 one more flaw recently noticed in Facebook is anyone could be added to a Facebook Group without the account owner's prior permission or choice. Suppose you create a Group and want anyone to be its member just add his/her name in members to be added and mark its 'Privacy' status as 'Closed'. Now, whom all you added as member will be directly added without any confirmation required... nice :)

Link: http://www.itworld.com/internet/123516/whats-wrong-facebooks-group-grope
==================================================

Ubuntu 10.10 released
newer version of Ubuntu has been relased on 10-10-2010... its giving games a next-gen graphics overhaul. The kernel 2.6.35 has seen graphics improvement and the OpenGL drivers included are DirectX 11 equivalent. When you will start playing a game or powerful HD Video, it will automatically shift onto nVidia or ATI(now AMD, :( ) card.



Link: http://www.ubuntu.com/desktop/get-ubuntu/download
==================================================

 First Look : Windows Phone 7 Hardware

Microsoft CVP Steve Guggenheimer tells how quick and easy Windows Phone 7 would be over newer fancy phone models displayed by him. He displays a Dell Phone (vertical slide-out tactile keyboard); HTC 7Surround, (slide-out speakers with surround sound, 720p video camcorder); and other models from LG, Smasung

Link: http://ecn.channel9.msdn.com/o9/ch9/3394/5cb9da58-c9f3-4001-9fee-9e0c002d3394/WP7Gugg_2MB_ch9.wmv
==================================================
 
Oracle made Java Critical Patch Update pre-release Announcement
The announcement is for 12th October 2010. The patch contains 29 security vulnerabilties fixes.
Products affected are
JDK, JRE 6 Update 21 and earlier for Windows, Solaris, and Linux
JDK and JRE 5.0 Update 25 and earlier for Windows, Solaris and Linux
SDK and JRE 1.4.2_27 and earlier for Windows, Solaris and Linux


Link: http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html

==================================================

Monday, September 27, 2010

Google API with OAuth, Apple wants 'Pod', ZoneAlarms scares, Microsoft shuts blog, and FBI cheats

Pop-Link@[27-Sep-2010]
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

Google Apps API now supporting the newer better OAuth mechanism for users to authenticate with the service via APIs instead of any need to provide its Credentials.
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

FBI Agent caught cheating in exams organized to evaluate their updated knowledge about security and globe... WOW!!!
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

Microsoft is shutting down Windows Live Blogs, asking to move it to Wordpress; or others if yout want.

Article: http://www.zdnet.com/blog/microsoft/microsoft-makes-it-official-windows-live-is-no-longer-a-blogging-platform/7487
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

Check-Point's ZoneAlarm just used to give nagging screens to buy but now it fall selfish-cheap scaring off its free version on name of malwares to buy off the product. No matter what I'll use its free version only to nag back.
Article: http://www.theregister.co.uk/2010/09/20/zonealarm_scareware_flap/
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

Apple is bringing Kokin to trial for using 'Pod' for his startup developing video projector called 'Video Pod'.
Article: http://arstechnica.com/tech-policy/news/2010/09/apple-startup-go-to-trial-over-pod-trademark.ars
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

Sunday, September 26, 2010

BruCon Destroy Companies, What Is Orkut XSS, Facebook outage cause, ASF Millionth Commit and e-Skin for Robo

Pop-Link@[26-Sep-2010]
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

@BruCon: Top 5 Ways to Destroy a company
Tarnish the Brand >> Alter Product >> Attack Employees >> Effect financial >> Your-Turn
Article: http://blog.c22.cc/2010/09/25/brucon-top-5-ways-to-destroy-a-company/
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

Orkut XSS demystified, gotta see the Javascript pattern used to launch 'Bom Sabado' attack on 25th Sep'2010
Article: http://antrix.net/posts/2007/orkut-xss/

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

Details on Facebook outage on 24-Sep-2010 for 2.5 hours.A flawed handling of error-handling via an automated system for configurations caused damage.
Article: http://www.facebook.com/note.php?note_id=431441338919&id=9445547199&ref=mf
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

Apache Software Foundation hits its MILLIONTH Commit on 22nd Sep'2010 by ASF Member Yonik on behalf of Apache Lucene Project. Congratulations!!! to ASF on awesome contribution to community.
Article: https://blogs.apache.org/foundation/entry/the_asf_hits_its_millionth

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

Pressure Sensitive 'e-Skin' for new generation Robotics has been fabricated by UC Berkley's Scientists using semi-conductor nano-wires
Article: http://www.associatedcontent.com/article/5803350/pressure_sensitive_eskin_revolutionizes.html?cat=15
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

Saturday, September 25, 2010

Orkut's Bom Sabado XSS, Stuxnet via Autorun, Nokia spends $10M on Symbian and NEW google, IBM

Pop-Link@[25-Sep-2010]
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

'Bom Sabado' bombs XSS attack over Orkut, just after Twitter XSS a similar spreading attack on Orkut, its actually a Portugese word meaning 'Good Saturday'...
Article: http://www.echoblogger.com/internet/cross-site-scripting-attack-on-orkut/

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

Stuxnet is using Autorun vulnerability to spread this .LNK File Vulnerability
Article: http://www.symantec.com/connect/de/blogs/stuxnet-lnk-file-vulnerability

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

Nokia is spending $10 million for Symbian to be popular, giving away money to several developers via online development contest
Article: http://www.colordev.com/50_links_in_a_day/2010/09/nokia-paying-10m-for-symbian-coders/

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

Get to know about all new Google Products being launched instead of wondering when it came anyway...
Article: http://www.google.com/newproducts/

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

IBM at new-pulsed-STM technique making DRAM cells about 200,000 times faster than before... SPEED <3 IT
Article: http://eetimes.com/electronics-news/4208749/IBM-characterizes-single-atom-DRAM

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

Friday, September 24, 2010

Interpol spoofed, Web Redirect-Hell, Context-aware UI, IBM DW Cloud Event and XSS

Pop-Link@[24-Sep-2010]
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-


Cyber Criminals spoofed INTERPOL Chief's identity on Facebook to gain information on International Fugitives, great is this how 'InterPol' is supposed to discuss such information on the first hand i.e. Socially...
Article: http://www.net-security.org/secworld.php?id=9884

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-


Short URLs and other web practices are increasing the hops between user and actual Web-content

Article: http://royal.pingdom.com/2010/09/22/is-the-web-heading-toward-redirect-hell/

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

Canonical's view about Ubuntu and Context-aware UI, they are working on features like video going full-screen mode automatically detecting user has laid back on chair in a resting position... nice :)

Article: http://www.thinq.co.uk/2010/9/14/canonical-designer-demos-context-aware-ui/


-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

The actual code style for Twitter XSS attack, here you could have a look over what kind of 'onmouseover' tweet acted as a malicious script

Article: http://h30507.www3.hp.com/t5/Following-the-White-Rabbit-A/Twitter-OnMouseOver-XSS/ba-p/82527#feedback-success



-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

IBM DeveloperWorks Virtual Event in October on Cloud for Developers, Register Now


-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-


Thursday, September 23, 2010

BAE wins, Google hunted down, Security Success, Firewall and giant Zynga

Pop-Link@[23-Sep-2010]
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

BAE Systems has won $40m for the deal to secure US Cyber Borders, covering FBI networks. What happened to Security Teams in US, and even if someOne hacks them after this.
Article: http://www.itnews.com.au/News/232968,fbi-awards-42m-cybersecurity-deal.aspx
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

Google revealed that its fiber cable at Oregon was shot down by hunters... OMG!!! my data was there, is this how they securely transfer it, anyways thanks for telling that your cables lie there ;)
Article: http://www.itnews.com.au/News/232831,us-hunters-shoot-down-google-fibre.aspx
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

Is Firewall required on individual Desktops? Is it an over-KILL? If your machine is sitting behind a secure server, then still you require Firewall or it is slowing you down? see someone else's perspective...
Article: http://www.pcpro.co.uk/realworld/361375/do-we-really-need-a-firewall-on-our-desktops
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

"HP Blog" on  how to measure success of a Security Program in your Organization. Some thoughts on reducing legacy defects and newer possible risks.
Article: http://h30507.www3.hp.com/t5/Following-the-White-Rabbit-A/Measuring-quot-Success-quot/ba-p/82522
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

Some details on fastest growing social-gaming giant Zynga... 10% of Internet Population has played their games
Article: http://techcrunch.com/2010/09/22/zynga-moves-1-petabyte-of-data-daily-adds-1000-servers-a-week/
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

Monday, September 20, 2010

Google 2x Security, UK Cyber, SNES on PS3, POET hack Oracle, childish MI5

Pop-Link@[20-Sep-2010]

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

image
Mr.Fox says UK Cyber Security should be handled by National Security Council also, it's not any small issue to be handed over to few officers.




Article: http://www.publications.parliament.uk/pa/cm201011/cmhansrd/cm100913/debtext/100913-0001.htm#1009137000024

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

image
Super Nintendo Emulator SNES9x pver PS3, some features yet to be supported.
Now go MARIO on your PS3 :)



Article: http://ps3-evolution.dcemu.co.uk/super-nintendo-emulator-snes9x-released-for-ps3-327501.html


-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

image
Oracle based services are vulnerable for side-channel attack for padding Oracle against CBC mode encryption... this was discussed once in 2002 at EuroCrypt conference, in 2010 again its still active demo was presented at a Hacking Conference, they ares supposed to affect 25% of Internet Infrastructure (ASP.net, JSF, etc.)
Article: http://threatpost.com/en_us/blogs/new-crypto-attack-affects-millions-aspnet-apps-091310
ALSO, a new ASP.net vulnerability responsible for Information Disclosure
https://www.microsoft.com/technet/security/advisory/2416728.mspx


-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

image
a Twitter User @PigSpotter warning motorists of SpeedTraps, tension for Cops.
Now when Cops are monitoring his acts so he has gone on break stating his BlackBerry is in for repair.


Article: http://www.iol.co.za/index.php?art_id=vn20100918083241209C425606&singlepage=1

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

image
MI5 states cyber made espionage more strong but is more straightforward in blocking data stealing... 
They Are KIDDING right, land-water-air are much more safer to identify enemy... in Cyber World anyone can be MI5.
Article: http://www.theregister.co.uk/2010/09/17/mi5_cyber/


-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

image
The leaked master key of HDCP (High B/w Digital Content Provider) cracked it to strip down encryption... and thus Intel HDTV code got cracked.
How many times shall we repeat that 'Security should not depend on obscurity'.

Article: http://www.foxnews.com/scitech/2010/09/16/intel-confirms-hdtv-code-cracked/

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-


image
2 Step Auth by Google, currently just for some App users... to protect you from phishing, you will also have to enter the sms-code sent to your phone number added to your Google Account [ but what if I loose my Mobile :), logged out till arrange new sim with same number ]
Article: http://techcrunch.com/2010/09/20/google-secure-password


-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

Sunday, September 19, 2010

Facebook Phone, Mandriva Forked, Social Spy, Suse on Sale, NetFlix Hit

Pop-Link@[19-Sep-2010]

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-


Facebook is up building a phone (android based), claiming to aim for a platform not just a phone...
Article: http://www.businessinsider.com/heres-why-facebook-is-secretly-building-a-phone-it-needs-to-be-a-platform-not-just-a-service-2010-9


-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-


A new Linux Distro forked from Mandriva... Mageia
Article: http://www.mageia.org/





-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-


Corporate web monitoring of their employees social activities, mail & chat habits
Article: http://www.darkreading.com/security_monitoring/security/vulnerabilities/showArticle.jhtml?articleID=227500152

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-



NetFlix causing big losses to Cable TV
Article: http://www.businessinsider.com/30-of-young-netflix-subscribers-are-cutting-the-cable-cord-2010-9



-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-



VMWare is trying to buy over SUSE Linux from Novell's Linux Software Unit
Article: http://online.wsj.com/article/SB10001424052748703440604575496053490383496.html

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

Saturday, September 18, 2010

faulty (Diaspora, CIA , Facebook, Adobe), MS Secured, Botnet Sales

Pop-Link@[18-Sep-2010]

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

The Open-Source initiative to replace Facebook, Diaspora isn't yet close to secure... need a lot more hardwork.


Article: http://www.thinq.co.uk/2010/9/17/alert-raised-over-diaspora-security/

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

Netezza bought geospatial softwares from IISI, reverse engineered it and sold flawed version to 'CIA' ...Big Daddy got Conned and used hacked software for its Drones

Article: http://www.aolnews.com/nation/article/cia-drone-program-using-hacked-software-company-claims/19638508

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

Facebook, turning out to be the second name for Social Networking is also turning out to be the biggest Malware Infection source.

Article: http://www.net-security.org/malware_news.php?id=1466

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

SpyEye, a famous botnet kit not only let botnet owners steal Credit Card information but also let them make fake sales from any site where the many can be transferred using a cart.


Article: http://krebsonsecurity.com/2010/09/spyeye-botnets-bogus-billing-feature/

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

'EMET' i.e. Enhanced Mitigation Experience Toolkit by Micorsoft to make your computing experience more secure computing by securing any kind of application running over Windows to be exploited for its vulnerabilties.

Article: http://blogs.technet.com/b/srd/archive/2010/09/02/enhanced-mitigation-experience-toolkit-emet-v2-0-0.aspx

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

I don't beleive Adobe is still caught in 'strcat' over 'strncat' issues for Security... well its a well big bloated organization with big bloated code.

Article: http://www.theregister.co.uk/2010/09/15/unofficial_adobe_reader_patch/

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

Just for fun and Self-reminder... Epic Failures : 11 Infamous Software Bugs

Article: http://www.itworld.com/software/120117/epic-failures-11-infamous-software-bugs


-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

Friday, September 17, 2010

Pigeon Vs Broadband, Futuristic Intel, Microsoft and Google defamed ...& more

Pop-Link@[17-09-2010]



to show state of woeful broadband speed in Rural parts of UK, ISP Timico snet 2 pigeons carrying 200MB microSD card... to check which transfer completes first. Any guesses who won, The Pigeon :)
Article: http://www.ispreview.co.uk/story/2010/09/16/uk-business-isp-timico-challenges-pigeon-to-beat-rural-broadband.html
Video:: http://www.youtube.com/watch?v=bI14QdKm3iA&feature=player_embedded



Phones sensing your mood, TV-Remote knowing your entertainment preferences... not a sci-fi movie; Intel is working for it ...but already dependency ratio is too high, would this extreme level of dependency good for the human perspective of humans, I'm sure of the doubt ;)
Article: http://www.ibtimes.com/articles/62682/20100915/intel-guru-future-phones-will-sense-your-mood.htm



Microsoft Exec 'Glyn Mody' says 'Open' means 'Incompetent'... and I say don't worry about frustration on open incompetency about things they can't tackle.
Only God can save Microsoft from such... you know what. 
 Article: http://lazarus.freepascal.org/index.php?topic=10523.0



Small-to-Medium sized Business greatly got infected my malware infection via social networking


Article: http://www.securityweek.com/smbs-embrace-social-media-and-pay-price



Google Engineer caught snooping on teenager's chat and data
still not handed over to Cops just fired... its a damn digital offense
China peaking in Google is a sin, Google peaking in Users data is Human-Error

Article: http://thenextweb.com/google/2010/09/14/ex-google-employee-dug-through-private-data-and-harassed-teens/