Security professionals fear smart phone threat …

 

Ninety per cent of security professionals believe that smart phones pose a significant risk to the enterprise, according to a new survey of over 2,000 members of security certifications organization ISC2.

Employees are increasingly bringing their own smart phones to work and using them for corporate purposes, but ISC2 explained that, instead of banning them outright, IT security chiefs should learn how to accommodate them safely into the organization.

"Internet phones are like wireless networks four or five years ago: security professionals are against them because of the security problems, but in reality people like to use them," said John Colley, European managing director at ISC2.

"We have to relax and find ways of making them secure, which will need a combination of rules, education and technology."

However, Colley warned that, aside from the BlackBerry, many smart phones "do not have a good security model behind them". He urged security professionals to engage with manufacturers and suppliers to address the problem.

"Targeted attacks represent a significant threat, but most losses come from the accidental threat - leaving handsets in taxis and so on - where password protection can help," he said.

Njoy …

Online Banking Fraud is at its peak !!!

 

Software allowing fraudsters to track what you type led to the level of online banking fraud more than doubling in 2008, according to a banking body.

Fraudsters use a device called keylogging - when keystrokes on a computer are tracked to gather passwords and credit card numbers.

Online banking fraud jumped to £52.5m last year, up from £22.6m in 2007, said UK payments association Apacs. Total fraud losses on UK debit and credit cards rose by 14% to £609m. Most victims of card fraud are not liable, so their money is refunded.

Malicious programs

Online banking has become increasingly popular in recent years, with consumers becoming more comfortable using their home computers rather than queuing at branches.

But fraudsters tend to adapt to new technology more quickly than consumers, so online banking fraud losses have been rising steadily in recent years. The £52.5m stolen from accounts in 2008 compares with £12.2m in 2004. Malicious computer programs, including those that track what users type without their knowledge, generally find their way onto computers when users click on an unsolicited e-mail. "The industry continues to remind customers to ensure that they have their computer's firewall switched on and anti-virus software up to date," said an Apacs spokeswoman.

Targeting cards

UK credit and debit card fraud had been falling following the introduction of chip-and-pin, but in 2007 and 2008 the figures have started to rise again. The biggest area of card fraud continued to be with goods bought over the internet, phone or by mail order - where chip-and-pin was not used. Fraud levels in these instances rose 13% to £328m. The most significant rise in 2008 was when criminals took over other people's accounts, known as card ID theft, with losses up by 39% to £47.4m.

Apacs said that, although card fraud losses had increased during the last year, losses as a percentage of card turnover were falling, dropping to 0.12% of turnover in 2008 from 0.14% in 2004. The group also stressed that over the last five years, the most rapid acceleration in fraud has not been in the UK, but by fraudsters using UK cards overseas. This was usually in countries where chip-and-pin technology was not in place. Apacs said it was putting pressure on countries such as the US to introduce chip-and-pin.

Anyone in the UK who is a victim of fraud is not liable, under terms outlined in the Banking Code. As long as they have not acted fraudulently or without "reasonable care", they will be reimbursed if somebody uses their card, steals it, or clones it. The code says that if somebody uses a card before it is reported lost or stolen, or somebody knows a Pin, then the victim could have to pay the first £50 that is lost.

from UK.BBC

Njoy …

Hackers start P2P Bank !!!

 

The hacking community and open source hardware developers have joined forces to create a funding source.
Usually when you think "open source", software comes to mind. However, in the background, the open source hardware market is booming.
The concept is great -- eventually there will be specs published for a variety of hardware ranging from graphic cards and CPUs to laptops and desktops. Anyone who wishes will have the ability to take the designs and build upon them. This would allow for individuals to make money based on free designs, while also giving back their improvements to the community that they've benefited from.
The downside is that open source hardware development needs a lot more money than software, due to the physical materials needed for test builds, and the services of the specialized plants used to build chips and printed circuit boards.

Hardware enthusiasts often find that they have a difficult time securing funding for their projects.
When Justin Huynh and Matt Stack met at a New York event they found that they had a major common interest: open source hardware. Huynh works as a pharmaceutical consultant and saw a need for community-funded open source projects. Huynh and Stack have now opened the Open Source Hardware Bank which they will utilize to fund hardware projects. Details of the bank and its concept are laid out in Stack’s blog.

Their new bank will work to raise capital from hardware enthusiasts and then share the wealth with developers. Much like any other social network or community, this group will work to finance one another. Currently the two manage the bank using Open Office Calc and a statistics program called R. Eventually they want to take the banking online via their website and provide a list of funded projects. "This speaks to the rise of the do-it-yourselfer, someone who is not just a consumer but also a producer, inventor and investor," Huynh told Wired.com. "But someone also ought to be thinking about the money problem when it comes to open source hardware and we are doing just that."

The Open Source Hardware Bank wants to deliver freedom from two financial issues faced by hardware developers: throwaway costs that come from having to repeatedly revise a product during the development process and the unfortunate inability to take advantage of reduced rates that come when one purchases in bulk.
Each project which the bank funds is provided with the funds to build twice as many units as there are potential buyers. This doubles the number of units which are developed, thus reducing production rates by 10 to 30 percent for each unit. The bank received some of its inspiration from peer-to-peer lending sites like Prosper and Zopa. Prior to the current credit crisis these sites delivered borrowers and investors with a connection tool that acted as a secondary market for funds and investments.

Currently, the Open Source Hardware Bank is not fully open for business. Additionally it is not yet a federally regulated lending institution. With 70 lenders signed up with the bank it does allow individuals with interest to make investments in specific products and then ideally reap the benefit of a 5 to 15 percent return for the successful project sales. For developers the bank is capable of delivering funds which could significantly reduce their project costs and push them to continuously be ingenious and create. For investors these returns are much greater than those you’ll find anywhere else in today’s economy.

The lenders are given their returns based on rolling six-month averages, meaning that projects that do not take off will be offset by those which flourish. The bank owners feel that it won’t take but a few deals to make great money and with the community which it is developed around being both knowledgeable and dedicated to their craft great projects will be funded with ease.

How Open Source Hardware Bank tells you to invest:

The SEC has many regulations which involve peer-to-peer lending and they are not always simple or cut and dry. Currently Open Source Hardware bank is working through these issues. Regardless the company is in business and ready to work.

from … APC Magazine …

Njoy …

Chrome … the safest browser … ( for now )

 

Browser vendors often make strong claims about their responsiveness to vulnerability reports and their ability to preemptively prevent exploits. Security is becoming one of the most significant fronts in the new round of browser wars, but it's also arguably one of the hardest aspects of software to measure or quantify.

A recent contest at CanSecWest, an event that brings together some of the most skilled experts in the security community, has demonstrated that the three most popular browser are susceptible to security bugs despite the vigilance and engineering prowess of their creators. Firefox, Safari, and Internet Explorer were all exploited during thePwn2Own competition that took place at the conference. Google's Chrome browser, however, was the only one left standing—a victory that security researchers attribute to its innovative sandbox feature.

The contest awards security researchers with hardware and cash prizes for finding efficient ways to trick browsers into executing arbitrary code. During the first day of the competition, the contestants are required to do this in default browser installations without plugins such as Flash or Java, which are commonly used as vectors for attacks. Researchers typically prepare for the event far in advance by finding zero-day exploits ahead of time.

Early this month, prior champion Charlie Miller told reporters that he would be attempting to exploit a Safari vulnerability on Mac OS X. Safari, he said, would be the first to succumb to the contestants. As he promised, Safari went down first: he was able to execute his prepared hack in only a matter of seconds. Another security expert known only as Nils took longer, but was able to successfully exploit all three of the most popular browsers.

These contests contribute to the growing culture of commercialism that surrounds the art of exploitation. In an interview with ZDNet, Miller said that the vulnerability he used in the contest was one that he had originally found while preparing for the contest last year. Instead of disclosing it at that time, he decided to save it for the contest this year, because the contest only pays for one bug per year. This is part of his new philosophy, he says, which is that bugs shouldn't be disclosed to vendors for free.

"I never give up free bugs. I have a new campaign. It's called NO MORE FREE BUGS. Vulnerabilities have a market value so it makes no sense to work hard to find a bug, write an exploit and then give it away," Miller told ZDNet. "Apple pays people to do the same job so we know there's value to this work."

Miller also told reporters that he targeted Safari on Mac OS X because he believes that it is the easiest to exploit. Windows, on the other hand, he claims is tougher because of its address randomization feature and other security measures. As for Chrome, he says that he has identified a security bug in Google's browser but has been unable to exploit it because the browser's sandboxing feature and the operating system's security measures together pose a formidable challenge.

The game isn't over yet. During the second day of the event, the focus will turn towards Chrome. Nils, who demonstrated impressive skill during the first day by conquering the three most popular browsers, might have a few more tricks up his sleeve. According to the official rules, the participants will be permitted to use plugins during the second day.

from arstechnica …

Njoy …

10 reasons to not to switch to LINUX !!!

 

My eyes caught this nice post on one of my regular visit site , this guy is explaining why one should not switch to LINUX …

1) You shouldn’t switch to Linux because… you actually enjoy paying for an operating system that is so mired with bugs and issues that it shouldn’t be even released as an alpha build. What recession?

2) You shouldn’t switch to Linux because… change is always scary. Look at Obama, he scares the shit out of me. I voted for him but he always talks about change and change is always scary even if that change will make things better.

3) You shouldn’t switch to Linux because… the only thing you use your computer is to play games. I mean people still use computer for anything other than games?

4) You shouldn’t switch to Linux because… You love to dedicate one whole day of your week just for scanning purposes. Anti-virus scan – Spyware Scan – Defragmentation scan – Registry Scan & defrag. What Fun!

5) You shouldn’t switch to Linux because… You love to pay for Anti-virus/spywares (with yearly subscription renewal) for protection that the OS should provide you in the first place. Even though Windows Defender does a fabulous job, its just not there yet.

6) You shouldn’t switch to Linux because… most people use Windows. If most people use windows it must be good!

7) You shouldn’t switch to Linux because… you realize that nothing lasts forever. Eventually your windows will succumb to a BSOD, while Linux has its version of kernel panic, you might have to wait couple of years to experience it, if at all.

8) You shouldn’t switch to Linux because… you LOVE Internet Explorer and you can only use the latest version of Internet explorer on windows. Imagine going online without IE?

9) You shouldn’t switch to Linux because… you have to be a geek to use Linux and we all know that geeks don’t have girlfriend.

10) Last but not least. You shouldn’t switch to Linux because… you don’t want to be a conformist and do what everyone tells you to do. You want to be unique, which is why you want to use windows. Oh wait…

from linuxhexor …

Njoy …

Tax Time Is a Feast for Identity Thieves !!!

 

The ease of filing income tax returns via the Internet or other electronic means is lulling consumers into a false sense of personal security , identity-protection experts warn.

A common misconception is that important files with sensitive information such as Social Security numbers stored on a home computer are risk-free, according to Todd Feinman, an identity-theft-prevention expert.

"Hackers may access your computer in various ways at any time via viruses, trojans and botnets," said Feinman, chief executive of Identity Finder software. "Confidential information on PDFs is not safe."

Many viruses are transmitted via e-mail attachments, though some data-stealing programs disguise themselves as trusted Web sites.

The explosion of online tax filing, coupled with residential broadband and wireless Internet connections, has created an abundance of opportunities for hackers to invade home computers that lack proper firewall protection.

Nationally, nearly 89.9 million taxpayers -- about 58 percent -- filed their 2007 returns electronically.

In 2008, a record 9.9 million adult Americans -- roughly one in 23 -- fell victim to identity theft, according to Javelin Strategy & Research.

Consumers have come to believe in several myths, including that electronic transmissions of confidential data to seemingly safe recipients such as the IRS are secure, Feinman said.

The best fix is to be sure your computer's firewall is working.

"Your personal information is at the greatest risk when it is en route from one location to another," he said.

Even paper copies of tax information are accessible to identity thieves. A common mistake is to leave tax filings in home mailboxes for collection.

Another identity-theft trick is to hack into public photocopiers at tax time, particularly those that store the image in memory.

"Identity thieves are incredibly creative," Feinman said.

from … enterprisesecurity..

Njoy …

Panda Anti-virus : ID theft Trojans on 1 in 100 PCs ???

 

Perhaps as many as 10 million PCs are infected with sneaky programs designed to steal sensitive financial information, anti-virus vendor Panda Security reports.The company found that just over 1 percent of systems belonging to the 67 million people who tried out its free ActiveScan test site last year were infected with malicious software designed to help thieves steal sensitive information about victims. If 1 percent of the world's 1 billion computers are infected, that would mean that this kind of software is on 10 million PCs worldwide, the company reports.

These identity-theft-focused Trojan programs are becoming more sophisticated and more common. Panda's detection rate jumped 800 percent between the middle of 2008 and the end of the year, according to Carlos Zevallos, a security evangelist with the security company. "The report shows a very sobering number," he said. "We don't want it to seem that it is a hopeless battle [but] all businesses innovate, and crime ware is a business."

Identity theft is a big problem. The U.S. Federal Trade Commission estimates that 9 million U.S. residents have their identities stolen each year through a variety of techniques, including dumpster diving, skimming credit card numbers at legitimate businesses, and phishing.

According to Panda, these Trojan programs are a now a serious threat too. Victims of the Trojans are usually tricked into installing the software themselves. They may think they're installing a new plug-in in order to view a video. Once the software is installed, it typically sends messages to a central command and control server.

Although banking Web sites have added a lot of features over the years to prevent hackers in another country such as Russia from logging into online accounts, these banking Trojans can be really hard to stop, Zevallos said. "They essentially have complete control of your machine, so they can send a request from your machine and the Web site will not know that it is not being initiated by the user."

Trojans can take screen shots of everything on your screen and search the machine for credit-card numbers, Social Security numbers, resumes -- anything that could be used in identity theft. Today's Trojans can even download software updates from their criminal masters.

Today's most common financial Trojans go by names like Cimuz, Sinowal, and Torpig.

Most of these programs come from China or Russia, but Panda says that a growing number are coming from Brazil and Korea too.

In the past few years, hackers have become very good at cranking out new, slightly altered, variants of their malware, designed to evade anti-virus detection. So anti-virus products will detect identity theft Trojans, but not all of them. Panda said that 35 percent of the infected PCs that it spotted last year were already using up-to-date anti-virus programs.

from … infoworld

Njoy …

Rigged Podcasts can leak your iTunes username/password !!!

 

Hackers can create malicious podcasts to hijack usernames and passwords from Apple’s iTunes software.

According to a warning from Apple, a “design issue” in the iTunes podcast feature can be abused via rigged audio files to cause an authentication dialog to be presented to the user.  From that dialog, a hacker can hijack iTunes credentials and upload it to the podcast server.

From Apple’s advisory:

• A design issue exists in the iTunes podcast feature. A subscription to a malicious podcast may cause an authentication dialog to be presented to the user. This dialog may entice the user to send iTunes credentials to the podcast server.

Apple has shipped a patch in iTunes 8.1 to clarify the origin of the authentication request in the dialog box.

The iTunes update also corrects a denial-of-service flaw that can be caused via maliciously crafted DAAP messages.

• An infinite loop exists in the handling of iTunes Digital Audio Access Protocol (DAAP) messages. Sending a message containing a maliciously crafted Content-Length parameter in the DAAP header may lead to a denial of service. This update addresses the issue by performing additional validation of DAAP messages.

The denial -of-service bug does not affect Mac OS X systems.

Njoy …

5 great Windows Web-services that we have never used !!!

 

Undoubtly google is the best for web-based services such as , e-mails or online document view or data storage or maps … right ?? but there is one thing to notice is that, there are other providers too are available that have good features and application integration with applications that we use on our desktop … here are some of the best web services that microsoft windows provides !!!

Windows Live SkyDrive

How's this for a deal: Get 25GB of online storage, at no cost, with no strings attached. That's whatWindows Live SkyDriveoffers. Just create folders on the site and upload files to it. You can share any of your folders with colleagues, as well. The site's design is simple and straightforward.

That isn't to say SkyDrive is flawless. You can't use it as a virtual drive--it won't appear on your PC as a drive, so you can't save files directly to it within a program like Microsoft Word. That's a minor point, though. You can't argue with 25GB of free storage, especially considering that neither Google nor Yahoo currently has this kind of service. While Google is rumored to be working on a similar service called GDrive, Yahoo's Briefcase provides only 25MB of space, and is shutting down at the end of March anyway. So right now Windows Live SkyDrive is as good as online storage gets.

Windows Live Sync

If you have more than one PC and you want to keep files and folders on them synchronized, you need this service. After you download and run a small piece of software on each PC, head to the Windows Live Sync Web site and tell it which folders on which PCs should stay in sync.

You can synchronize your personal folders as well as your shared ones. Whenever any of your PCs are connected to the Internet, they will automatically sync the specified folders with one another. In addition, you can connect to any synced computer from any other computer to browse through the remote system's entire hard disk and to download files.

Note that unlike some of the fee-based sync services we looked at last year, Live Sync does not keep copies of your files in the cloud: It merely serves as a conduit between PCs. Since it involves no online storage, however, it puts no iimit on the amount of data you can sync. And, of course, it's free.

Live Mesh

Here's a free Microsoft service for people who do want to keep their files in the cloud. Though Live Mesh is more powerful than Windows Live Sync, it's also a bit more complicated.

Rather than synchronize files and folders from PC to PC, you create folders in Live Mesh and then have all of your PCs synchronize with those folders. With this arrangement, you can access the files and folders from any Internet-connected computer. You have an exceptional amount of control over the synchronization, too--for example, you can choose to synchronize only the files modified in the last 30 days, or those under 500MB. Live Mesh supports remote control of any PC in your mesh, as well. So far, Microsoft has announced no plans to charge for storage--or to limit the amount of data you can store.

Microsoft Office Live Workspace

Office Live Workspace will help anyone with a small business or in a workgroup who needs a simple way to collaborate on projects. With this service you can create and share documents, schedules, to-do lists, and more.

You start by creating a shared "workspace." You can choose from 11 prebuilt ones--such as a Project Workspace, a Meeting Workspace, or a Travel Workspace--or you can create your own from scratch. Each workspace has templates already created for it, including PowerPoint presentations, Excel worksheets, and Word documents. Group members can work on the documents and save them for colleagues to see and edit. To edit the Office documents, you'll need to install a free Office add-in, although anyone can view them without the add-in or Office.

Why use this rather than Google Docs or Zoho? One big, exclusive benefit is its direct integration with Microsoft Office--right within the Office suite, you can save files to your workspace, and you can use the Office programs to edit files in your workspace. On top of that, the template-driven approach to creating documents and workspaces is superior to anything you'll find in Google Docs or Zoho.

Microsoft's Virtual Earth 3D

Okay, this one isn't a Web service, strictly speaking--it's a desktop app that works with a Web service. But it's a good one: Microsoft Virtual Earth 3D.

Because Google Earth is so predominant in this arena, not many people bother with Microsoft's product, and that's a shame. This downloadable application works in concert with Windows Live Maps to give you dramatic and compelling 3D views of places around the world. Using simple controls, you can fly in and out of cities in full 3D. You can also go on guided tours that other people create, and you can make tours of your own. You can save your tours for future visits, too, or share them with other users.

The views are richer and more compelling than what Google has to offer, so if you're looking for great 3D mapping, this is the service to try.

To use Virtual Earth 3D in concert with Microsoft's Live Maps service, you must download the Virtual Earth 3D software, from either Windows Live Maps or Microsoft's general downloads site.

Microsoft says that the software will work with a 1GHz processor and 256MB of RAM, but recommends a 2.8GHz or faster CPU and 1GB of RAM. Go with the recommended specs or better, or else you'll find the app very slow going.

from … pcworld

Njoy …

Netbooks … Sale Decliners of Micro$oft !!!

 

When Microsoft laid off 5,000 people in January, analysts and pundits pointed to plenty of reasons for the first major layoffs in the company’s history. The obvious culprits included the overall economic meltdown, Apple’s continued success and Wall Street’s desire to see a leaner Microsoft.

But the real cause of the layoffs can be summed up in a single word: netbooks. These lightweight, stripped-down laptops that sell for between $200 and $400 have taken a big chunk out of Microsoft’s bottom line. Unless the company comes up with a plan to handle them, its revenue will stagnate. In announcing the layoffs, Microsoft said that its revenue had increased an anemic 1.6 per cent in the quarter that ended 31 December compared to the same quarter a year earlier.

But that number doesn’t tell the whole story. Windows took the biggest hit, while systems for servers and related tools had hefty increases in sales. Windows sales were down an eye-popping 8 percent; server and related revenue grew 15 per cent. Microsoft clearly blames netbooks for the drop in Windows sales. Here’s what it said in its statement: “Client revenue declined 8 per cent as a result of PC market weakness and a continued shift to lower priced netbooks.” Netbooks have become the only bright spot for PC makers, with sales accelerating while the rest of the PC market stays in the doldrums. According to IDC, 10 million netbooks were sold in 2008 and that number should double to 20 million in 2009.

Why is all this bad news for Microsoft? First, an estimated 30 per cent of all netbooks ship with Linux. That means Microsoft doesn’t get a penny for Windows from 30 per cent of all netbooks being sold. Given that netbooks represent the fastest-growing PC market segment, the company’s problem may get worse with time. In addition, netbook owners who buy Linux machines won’t be buying Microsoft Office, handing Microsoft an additional revenue hit for every Linux netbook sold.

So it’s not surprising that in the most recent quarter, sales of Office were anemic. Overall, sales for Microsoft’s business division, which is in charge of Office, were up slightly, at 1.9 percent. But sales of the consumer version of Office plummeted 23 per cent—and consumers are the people buying netbook.

Microsoft faces other netbook-related woes as well. The company doesn’t get paid as much for a version of Windows sold on a netbook as it does for a version of Windows sold on a laptop or desktop PC. There’s very little margin on a machine selling for $200 to $400, and so Microsoft simply can’t charge full freight for Windows on one. And given the price that Microsoft charges for consumer versions of Office - usually about $200 for the lowest-priced version – netbook owners who use Windows aren’t likely to pay for Office either. It doesn’t make much sense to pay as much for a piece of software as you did for your entire PC. Microsoft clearly recognizes the problem and is taking action to try to solve it. First, it built windows 7 to run on netbook, something that Vista doesn’t do. When windows 7 ships, expect Microsoft to spend plenty of money promoting it for use on netbook, in an attempt to drastically cut into Linux sales.

In addition, Microsoft is working on low-cost, ad-supported, Web-based versions of Office. That way, it can start to get Office revenue from netbook owners. Will these steps be enough to make up for the overall shortfall in revenue caused by netbooks? Probably not. That’s why the company is desperate to figure out a way to make its online businesses succeed. If it can’t, the days of big revenue growth are behind Microsoft, thanks in part to netbooks.

from Macworld !!!

Njoy …