Tag Archive: Internet


Opera 11.60 For Windows, Mac & Linux Download Available. What’s New?

Filed under: Applications, Internet, Opera, Software by Ryan Boese — Leave a comment
December 6, 2011

Opera has always impressed us. The browser has maintained its own innovation cycle and continued to set new standards for the competition for a long time now. Opera’s shiny new version 11.60 is now available for download on Windows, Linux and Mac platforms (download links below). Opera fanatics will be pleased to know that Opera 11.60 offers quite interesting updates. The first thing you will notice in the latest version is the revamped URL address field. The URL address field will now offer search engine suggestions and bookmarking will be easier with just a click of the star towards the end of the URL field.

We know Opera for its obsession with speed. Keeping with the philosophy of faster is better, the latest version offers revamped HTML5 rendering engine. This means all modern HTML5 coded websites will work better than ever before. Opera claims that the websites using SSL technology will load faster than ever before. It also allows vector graphics to be mixed with HTML; which would open new possibilities for web applications.

Those who love the Opera’s inbuilt mail client will love the redesigned look which is faster and cleaner as well. The mail client now features mail grouping which is very useful when you have an influx of email messages every day.

Download Links: Opera for WINDOWS | MAC | Linux.

Source: CrazyEngineers

Tags: , , , , ,
Comment

German hackers crack mobile phone GPRS code

Filed under: Cybersecurity, GPRS, Hackers, Security, Technology, Telecom, Wireless by Ryan Boese — Leave a comment
August 10, 2011

The discovery of a way to eavesdrop so-called General Packet Radio Service (GPRS) technology allows a user to read emails and observe the Internet use of a person whose phone is hacked, said Karsten Nohl, head of Security Research Labs.

“With our technology we can capture GPRS data communications in a radius of 5 km,” he told the paper before heading to a meeting of the Chaos Computer Club, a group that describes itself as Europe’s largest hacker coalition.

Phones using the newer UMTS standard are safer, Nohl said, but the crack effects industrial equipment, toll systems and anything using GPRS — including newer devices like Apple Inc’s iPhone or iPad which switch to the older GPRS in remote areas.

Source: Reuters

Tags: , , , , , , , ,
Comment

Convenience over privacy: Is Dropbox watching you?

Filed under: Applications, Internet by Ryan Boese — Leave a comment
July 3, 2011

Like many others, I use Dropbox to synchronize files among my computers and iPad. Dropbox is especially useful when traveling, as I often do.

Lately, a kerfuffle has emerged regarding the company’s terms of service, which include particularly onerous language:

“You grant us (and those we work with to provide the Services) worldwide, non-exclusive, royalty-free, sublicenseable rights to use, copy, distribute, prepare derivative works (such as translations or format conversions) of, perform, or publicly display that stuff to the extent reasonably necessary for the Service.”

This statement says the company can use your data pretty much as it chooses, a position that the next sentence attempts to mitigate:

This license is solely to enable us to technically administer, display, and operate the Services.

That last sentence qualifies the core issue by saying they can only use your data to operate their service. However, this language is ambiguous and therefore subject to interpretation. For example, perhaps Dropbox will want to scan your files to provide context-sensitive ads like Google. That would certainly fit within the definition of “technically administering” the service, as would many other activities that you may or may not find acceptable.

Advice to enterprise buyers: Dropbox offers a great service and useful free accounts, which is an attractive combination. Unfortunately, the terms of service do not offer adequate protections against sensitive data. For this reason, I suggest you discontinue use of the product for applications where privacy and confidentiality are mission critical.

In practice, however, Dropbox is unlikely to read your “stuff” or prepare derivative works, despite what’s in the terms of service. Therefore, continue using Dropbox for everyday file transfers where you value convenience over an absolute guarantee of privacy.

Source: ZDNet / Michael Krigsman

Tags: , , , , ,
Comment

Where Have All the Spambots Gone?

Filed under: Computers, Cybersecurity, Exploit, Hackers, Internet, RootKit, Security, Technology, Trojan by Ryan Boese — Leave a comment
July 3, 2011

First, the good news:  The past year has witnessed the decimation of spam volume, the arrests of several key hackers, and the high-profile takedowns of some of the Web’s most notorious botnets. The bad news? The crooks behind these huge crime machines are fighting back — devising new approaches designed to resist even the most energetic takedown efforts.

The volume of junk email flooding inboxes each day is way down from a year ago, as much as a 90 percent decrease according to some estimates. Symantec reports that spam volumes hit their high mark in July 2010, when junk email purveyors were blasting in excess of 225 billion spam messages per day. The company says daily spam volumes now hover between 25 and 50 billion missives daily. Anti-spam experts from Cisco Systems are tracking a similarly precipitous decline, from 300 billion per day in June 2010 to just 40 billion in June 2011.

There may be many reasons for the drop in junk email volumes, but it would be a mistake to downplay efforts by law enforcement officials and security experts.  In the past year, authorities have taken down some of the biggest botnets and apprehended several top botmasters. Most recently, the FBI worked with dozens of ISPs to kneecap the Coreflood botnet. In April, Microsoft launched an apparently successful sneak attack against Rustock, a botnet once responsible for sending 40 percent of all junk email.

In December 2010, the FBI arrested a Russian accused of running the Mega-D botnet. In October 2010, authorities in the Netherlands arrested the alleged creator of the Bredolab botnet and dismantled huge chunks of the botnet. A month earlier, Spamit.com, one of the biggest spammer affiliate programs ever created, was shut down when its creator, Igor Gusev, was named the world’s number one spammer and went into hiding. In August 2010, researchers clobbered the Pushdo botnet, causing spam from that botnet to slow to a trickle.

But botmasters are not idly standing by while their industry is dismantled. Analysts from Kaspersky Lab this week published research on a new version of the TDSS malware (a.k.a. TDL), a sophisticated malicious code family that includes a powerful rootkit component that compromises PCs below the operating system level, making it extremely challenging to detect and remove. The latest version of TDSS — dubbed TDL-4 has already infected 4.5 million PCs; it uses a custom encryption scheme that makes it difficult for security experts to analyze traffic between hijacked PCs and botnet controllers. TDL-4 control networks also send out instructions to infected PCs using a peer-to-peer network that includes multiple failsafe mechanisms.

Getting infected with TDL-4 may not be such a raw deal if your computer is already heavily infected with other malware: According to Kaspersky, the bot will remove threats like the ZeuS Trojan and 20 other malicious bot programs from host PCs.  “TDSS scans the registry, searches for specific file names, blacklists the addresses of the command and control centers of other botnets and prevents victim machines from contacting them,” wrote Kaspersky analysts Sergey Golovanov and Igor Soumenkov.

The evolution of the TLd-4 bot is part of the cat-and-mouse game played by miscreants and those who seek to thwart their efforts. But law enforcement agencies and security experts also are evolving by sharing more information and working in concert, said Alex Lanstein, a senior security researcher at FireEye, a company that has played a key role in several coordinated botnet takedowns in the past two years.

“Takedowns can have an effect of temporarily providing relief from general badness, be it click fraud, spam, or credential theft, but lasting takedowns can only be achieved by putting criminals in silver bracelets,” Lanstein said. “The Mega-D takedown, for example, was accomplished through trust relationships with registrars, but the lasting takedown was accomplished by arresting the alleged author, who is awaiting trial. In the interim, security companies are getting better and better about working with law enforcement, which is what happened with Rustock.”

Attacking the botnet infrastructure and pursuing botmasters are crucial components of any anti-cybercrime strategy: TDSS, for example, is believed to be tied to affiliate programs that pay hackers to distribute malware.

Unfortunately, not many security experts or law enforcement agencies say they are focusing attention on another major weapon in battling e-crime: Targeting the financial instruments used by these criminal organizations.

Some of the best research on the financial side of the cybercrime underworld is coming from academia, and there are signs that researchers are beginning to share information about individuals and financial institutions that are facilitating the frauds. Recent studies of the pay-per-install, rogue anti-virus and online pharmacy industries reveal a broad overlap of banks and processors that have staked a claim in the market for handling these high-risk transactions. Earlier this week I published data suggesting that the market for rogue pharmaceuticals could be squashed if banks and credit card companies paid closer attention to transactions destined for a handful of credit and debit card processors. Next week, I will publish the first in a series of blog posts that look at the connections between the financial instruments used by rogue Internet pharmacies and those of the affiliate networks that push rogue anti-virus or “scareware.”

Source: Krebs on Security

Tags: , , , , , , , , ,
Comment

World IPv6 Day Signals Time to Modernize the Internet

Filed under: Internet, IPv6, Technology by Ryan Boese — 1 Comment
June 4, 2011

The Internet Society, an international nonprofit organization that advises on Web standards, policy and education, has declared June 8 World IPv6 Day to give enterprises and ISPs a chance to “stress test” the next-generation Internet protocol to see what works, what breaks and what they need to do to seamlessly migrate their networks to IPv6. It’s also a wake-up call that it’s time to upgrade the World Wide Web.

On that day, more than 200 Web companies—including giants Facebook, Google and Yahoo—will work with ISPs and content-delivery networks to conduct the first global-scale trial of IPv6. For a 24-hour period, participating companies around the world will enable IPv6 on their main services.

The need for an IPv6 day has been looming for years. Ever since the Internet Assigned Numbers Authority doled out the last remaining blocks of IPv4 addresses to the individual regional Internet registries in February—signaling the depletion of available IP addresses—there has been a lot of discussion about adopting the next-generation networking protocol, IPv6. While some major enterprises have already begun the transition, there’s still confusion about what they have to do.

Lest anyone think the IPv4-based Internet is about to come to a screeching halt, there’s still some time left, James Lyne, director of technology strategy at Sophos, told eWEEK. Organizations are actually pretty “IPv6-ready” because most modern networking equipment can support the IPv6 namespace.

Operating systems—including Apple Mac OS X, most versions of Microsoft Windows and most major Linux distributions—have supported IPv6 addresses for a number of years. In fact, since IPv6 addresses are enabled by default in the operating system, if the network has the capability to assign an IPv6 address, the user machine most likely already
has an IPv6 address, Lyne said. He added that being on IPv6 accidentally is not that unusual, if the organization has an IPv6 network running or if the Internet service provider has turned on IPv6.

At some point, the entire Internet infrastructure has to move to using the newer address space, since the differences in the protocols mean that computers with IPv4 addresses cannot communicate with machines with IPv6 addresses.

Two things will drive the push for IPv6 addresses: the continued explosion of mobile devices and more users coming online from emerging markets. With no more IPv4 addresses left, new mobile devices will all be receiving IPv6 addresses.

Businesses need to ensure that their Websites, customer portals and online services are accessible to their users with IPv6 addresses or new customers will not be able to find them online.

Companies need to make sure their external properties can “talk” IPv6, according to Lyne. E-commerce sites probably face the biggest pressure to make the transition, he said.

For many organizations, the biggest challenge is not getting the Website or the server ready, but ensuring the ISP has turned on IPv6 and can handle IPv6 traffic, Steve Garrison, vice president of corporate market at Infoblox, told eWEEK. Despite news from Verizon, Time Warner, Comcast and Hurricane Electric, “not all ISPs are ready for IPv6,” he said.

World IPv6 Day will test the global infrastructure to see what kind of problems may come up so they can be corrected, said Sophos’ Lyne. The average Internet user should not notice any issues, since most ISPs will be deploying a dual-stack configuration, where users will have addresses from both namespaces so they can access sites on both sides of the networking divide.

Organizations will use World IPv6 Day to learn what they are ready for, Qing Li, chief scientist and senior technologist at Blue Coat Networks, told eWEEK. Just by preparing for the “mass test,” some problems have already been highlighted, he said.

Li said that a Japanese ISP said “there will be a segment of IPv6 infrastructure that will be unavailable on IPv6 day.” The issue is specific to that ISP in the way the infrastructure was deployed and the addresses allocated, but it’s likely the problem would not have been uncovered if there hadn’t been all the preparation for World IPv6 Day, he noted.

Sophos’ Lyne also speculated that this kind of a joint test may uncover issues in the IPv6 protocol itself. For example, IPv6 originally had a capability that would allow network routers to specify how traffic should be routed. Essentially, organizations could say that traffic going to the data center in California should first go to this server in Virginia and then to that server in Chicago.

“On paper, it sounded like a good idea,” Lyne said. However, a few years ago, a French security firm testing out the capability realized that it could potentially be used by attackers to hijack and reroute user traffic through malicious servers. As a consequence, that capability is no longer supported in the modern IPv6 implementation.

Having more eyes on IPv6 will help uncover other problems, Lyne reported. In addition, it will highlight whether organizations are deploying the latest IPv6 implementation, or if anyone is still using the older versions with obsolete capabilities.

Source: eWeek

Tags: , , , , , ,
Comment

RockMelt Rethinks Web Browser With More Social Inside

Filed under: Applications, Internet, OpenSource by Ryan Boese — Leave a comment
April 3, 2011

Trying to get people to use a new web browser is a tough task. Others have tried and not quite made it. But RockMelt believes it can get the (mostly younger) demographic who lives and breathes social media to attach itself to RockMelt.

About 70% of RockMelt users are between 18 and 34, and 41% of its users are in high school or college. Unlike with loyalties for other Internet products such as search engines or email, it’s theoretically easier to switch web browsers, as Google Chrome has shown. But then again, that’s Google. If RockMelt can break through, it’s a big opportunity.

When it launched last fall, the company drew strong interest, partly due to its funding from Andreessen Horowitz, including Netscape co-founder Marc Andreessen. RockMelt integrates social networking services like Facebook and Twitter directly into the browser to make a more interactive and social experience. Facebook friends show up on the edge of the browser for quick chats, while updates from Twitter and Facebook are easily reachable on the other side of the browser.

The thinking is that these social services are used the most, so it makes sense to put them at your finger tips. Since people are using the web to communicate with friends and consume information, RockMelt is attempting to bake all these services directly into the browser. RockMelt has just released a new version of the browser, RockMelt Beta 2, with several changes in response to requests from users.

First it’s allowing multiple Facebook chats simultaneously by placing its chat bar on the bottom of the browser. It also added a new Twitter app that gives fuller Twitter functionality, such as replies and search. Interestingly, RockMelt has also added Instapaper support, which enables people to read articles later on their mobile devices or PCs by clicking a button. This read-it-later service has become a replacement of the traditional browser bookmark for the short-attention-span, digital generation.

Still, will people switch from established players in the space like Mozilla Firefox, Google Chrome or Microsoft’s Internet Explorer? These incumbents are increasingly becoming similar, which makes it easier for RockMelt to stand out, says with Eric Vishria, CEO and co-founder of RockMelt. “Most people have no idea what a browser is,” Vishria says. “If you look at the differences between the browsers on the market today they’re very small.

With RockMelt you can see it visually so it’s very different and you can quickly understand what it is.” Vishria said RockMelt has “ a few hundred thousand” users.

Source: Forbes

Tags: , ,
Comment

Mozilla unveils Firefox 4 beta 12

Filed under: FireFox, Internet, Mozilla by Ryan Boese — Leave a comment
February 26, 2011

It’s here, it’s finally here – Firefox 4 beta 12.  The announcement was made on the Mozilla blog:

The latest Mozilla Firefox 4 Beta is now available to download and test. This release delivers improved performance and responsiveness when watching videos on your favorite video websites. We are in the final stages of the Firefox 4 Beta cycle. The team has fixed more than 7,000 bugs since the first beta release.

There’s also a call for plug-in developers to finalize (or start!) preparations for the new release:

We are working closely with the community of add-on developers to ensure their Firefox Add-ons are ready to customize the features, look and functionality of Firefox 4 Beta. For more details on how to make your add-ons compatible with Firefox 4 Beta, read this blog post from Firefox Add-ons Developer Relations Lead, Jorge Villalobos.

Here’s what’s new in this release:

  • Increased performance while viewing Flash content
  • Improved plugin compatibility with hardware acceleration enabled
  • Hovering over links now displays the URL at the bottom of the window rather than in the location bar
  • General stability, performance, and compatibility improvements
  • See the complete changelist from the previous beta

Source: ZDNET

Tags: , , ,
Comment

Chrome Browser, Now Used By 120 Million People, Just Cranked Up Its Speed

Filed under: Chrome, Google, IE9, Internet by Ryan Boese — 2 Comments
December 7, 2010

Google’s Chrome browser is now being used by 120 million people on a daily basis, which is up from 70 million the last time the company disclosed internal usage numbers last May. The new figures were disclosed moments ago at Google’s Chrome event, which Jason is covering live.

The Chrome browser has been seeing big jumps in market share recently, currently taking the No. 3 spot with a 9.26 percent overall share according to Net Applications. On TechCrunch, it is now the top browser used among our readers.

Chrome product manager Sundar Pichai also announced today Google will be making the Chrome browser even faster with an enhancement called “Crankshaft.” He claims:

“When Chrome was first announced two years ago, its new javascript engine, V8, was 8x faster than the fastest existing engine. And it was 16x faster than IE. We’ve continued to improve, and today we are announcing an enchancement called Crankshaft. This makes the engine up to 2x faster than it is today depending on the benchmark. It’s 50x as fast as the fastest web browsers 2 years ago and 100x faster than IE was two years ago.”

It is curious that he is comparing Chrome to IE from two years ago. IE itself, specifically IE9, is also much faster than IE from two years ago. What he really should be comparing it to is the current version of Internet Explorer, IE9. I sense another browser marketing battle beginning. Your move, Microsoft.

Source:  TechCrunch

Tags: , , , ,
Comment

How to protect against Firesheep attacks

Filed under: Exploit, FireFox, Hackers, Internet, WiFi by Ryan Boese — 3 Comments
October 26, 2010

Security experts today suggested ways users can protect themselves against Firesheep, the new Firefox browser add-on that lets amateurs hijack users’ access to Facebook, Twitter and other popular services via Wi-Fi.

Firesheep adds a sidebar to Mozilla’s Firefox browser that shows when anyone on an open network — such as a coffee shop’s Wi-Fi network — visits an insecure site.

A simple double-click gives a hacker instant access to logged-on sites ranging from Twitter and Facebook to bit.ly and Flickr.

Since researcher Eric Butler released Firesheep on Sunday, the add-on has been downloaded nearly 220,000 times.

“I was in a Peet’s Coffee today, and someone was using Firesheep,” said Andrew Storms, director of security operations at San Francisco-based nCircle Security. “There were only 10 people in there, and one was using it!”

But users aren’t defenseless, Storms and several other experts maintained.

One way they can protect themselves against rogue Firesheep users, experts said on Tuesday, is to avoid public Wi-Fi networks that aren’t encrypted and available only with a password.

However, Ian Gallagher, a senior security engineer with Security Innovation, argued that tosses out the baby with the bathwater. Gallagher is one of the two researchers who debuted Firesheep last weekend at a San Diego conference.

“While open Wi-Fi is the prime proving ground for Firesheep, it’s not the problem,” Gallagher said in a blog post earlier on Tuesday. “This isn’t a vulnerability in Wi-Fi, it’s the lack of security from the sites you’re using.”

Free, open Wi-Fi is not only taken for granted by many, but it’s not the problem. There are plenty of low-risk activities one can do on the Internet at a public hotspot, including reading news or looking up the address of a nearby eatery.

So if Wi-Fi stays, what’s a user to do?

The best defense, said Chet Wisniewski, a senior security adviser at antivirus vendor Sophos, is to use a VPN (virtual private network) when connecting to public Wi-Fi networks at an airport or coffee shop, for example.

While many business workers use a VPN to connect to their office network while they’re on the road, consumers typically lack that secure “tunnel” to the Internet.

“But there are some VPN services that you can subscribe to for $5 to $10 month that will prevent someone running Firesheep from ‘sidejacking’ your sessions,” Wisniewski said.

A VPN encrypts all traffic between a computer — a laptop at the airport gate, for instance — and the Internet in general, including the sites vulnerable to Firesheep hijacking. “It’s as good a solution as there is,” Wisniewski said, “and no different, really, than using encrypted Wi-Fi.”

One provider, Strong VPN, prices its service starting at $7 per month or $55 per year.

Gallagher, however, warned that a VPN isn’t a total solution. “That’s just pushing the problem to that VPN or SSH endpoint,” he said. “Your traffic will then leave that server just as it would when it was leaving your laptop, so anyone running Firesheep or other tools could access your data in the same way.”

“A blind suggestion of ‘use a VPN’ doesn’t really solve the problem and may just provide a false sense of security,” he said.

Strong VPN disagreed. “Our servers are in a secure datacenter, so no one’s going to be able to ‘sniff’ the traffic coming in or going out,” a company spokesman countered. “All the traffic from, for example, your laptop in San Francisco, is encrypted when it goes to one of our U.S. servers.”

Storms echoed Strong VPN’s assertion. “I can see [Gallagher's point], that a VPN doesn’t solve the root problem, which is on the service end,” he said. “But although it’s true that the traffic would be clear text when it leaves the VPN server for the site, it’s very unlikely that someone would snoop that traffic.”

Sean Sullivan, a security advisor with F-Secure, recommended Comodo’s TrustConnect as “a VPN in all but name only.” Comodo, a rival of F-Secure, sells the service for $7 per month or $50 annually.

If free is the object, there are options there, too, said Wisniewski, Sullivan and Gallagher, who pointed to a pair of free Firefox add-ons that force the browser to use an encrypted connection when it accesses certain sites.

One of those Firefox add-ons, HTTPS-Everywhere, provided by the Electronic Frontier Foundation (EFF), only works with a defined list of sites, including Twitter, Facebook, PayPal and Google‘s search engine.

The other choice, Force-TLS, serves the same purpose as the EFF’s extension, but lets users specify which sites on which to enforce encryption.

However, other browsers, such as Microsoft‘s Internet Explorer and Google’s Chrome, lack similar add-ons, leaving their users out in the cold.

“I expect that [Firesheep] will spur the EFF or others, maybe in the open source community, to some additional development [of such add-ons], maybe Chrome ports of those extensions,” Sullivan said.

That could take months. In the meantime, Sullivan had another idea. “A MiFi device can encrypt [traffic], so with one you’re always carrying your own Wi-Fi hotspot with you,” he said.

MiFi isn’t cheap, however. Verizon, for example, gives away the hardware but charges between $40 and $60 per month for the access to its 3G network.

Ultimately, moves users make to plug the holes Firesheep exposes are stop-gaps. The elephant in the room, said Butler and Gallagher as they defended the release of the add-on, is the lack of full encryption. And only the sites and services can fix that.

“The real story here is not the success of Firesheep but the fact that something like it is even possible,” Butler wrote in his blog on Tuesday. “Going forward, the metric of Firesheep’s success will quickly change from amount of attention it gains, to the number of sites that adopt proper security. True success will be when Firesheep no longer works at all.”

But for the moment, even security professionals are worried. “I’m at the airport right now,” Wisniewski told Computerworld. “And I’m wondering if someone is using Firesheep here. Maybe I should do a little ‘shoulder browsing’ to see if anyone has it running.”

Source : ComputerWorld

Tags: , , , , ,
Comment