CyberAbc

Spam and several of the most common vulnerabilities are on the decline, according to a report issued this week, but there has been a marked increase in new types of attacks, such as shell command injection and automated password guessing. So says the IBM X-Force 2011 Trend and Risk Report, which was published on Monday by IBM's security research unit. The report revealed a 50 percent decline in spam email compared to 2010; more diligent patching of security vulnerabilities by software vendors, with only 36 percent of software vulnerabilities remaining unpatched in 2011 compared to 43 percent in 2010; and higher quality of software application code, as cross-site scripting vulnerabilities were half as likely to exist in clients’ software as they were four years ago. The report uncovers a rise in emerging attack trends, including mobile exploits, automated password guessing, and a surge in phishing attacks. An increase in automated shell command injection attacks against Web servers may be a response to successful efforts to eliminate other kinds of Web application vulnerabilities, IBM said. Approximately 30 percent fewer exploits were released in 2011 than were seen on average over the past four years, the report said. "This improvement can be attributed to architectural and procedural changes made by software developers that help make it more difficult for attackers to successfully exploit vulnerabilities," it said. IBM’s global spam email monitoring network has seen about half the volume of spam email in 2011 that was seen in 2010, according to the report. "Some of this decline can be attributed to the takedown of several large spam botnets, which likely hindered spammers’ ability to send emails," the company said. The number of SQL injection vulnerabilities in publicly maintained Web applications dropped by 46 percent in 2011, according to the researchers. "Some attackers have now started to target shell command injection vulnerabilities instead," they said. "These vulnerabilities allow the attacker to execute commands directly on a Web server. Shell command injection attacks rose by two to three times over the course of 2011." The report says that there is "a lot of automated attack activity on the Internet in which attacks scan the net for systems with weak login passwords." IBM observed a large spike in this sort of password guessing activity directed at secure shell servers (SSH) in the later half of 2011. Thanks to Original poster: Tim Wilson

The Pirate Bay goes to great lengths to keep itself widely available , but here's something it can't stop: Microsoft is now blocking links to the site in instant messages across all its systems. "We block instant messages if they contain malicious or spam URLs based on intelligence algorithms, third-party sources, and/or user complaints. Pirate Bay URLs were flagged by one or more of these and were consequently blocked," explained Microsoft . The Pirate Bay doesn't have a reputation for pushing more malware than any other torrent site, though—but Microsoft has declined to comment further on their banning of the site's URLs. The move signals Microsoft's joining of ranks with an already burgeoning collection of anti-Pirate Bay organizations. With a rumored police raid in the offing, this could be an interesting time for Pirate Bay. Solution: From the dashboard... Settings > Profile > Sign-in Preferences > Messenger Auto Sign-In switch to Off. Problem solved. :cwrocks:

bro really really gr8 share. :cwrocks:

>>>How To Delete The "Evil Undeletable" Files From Your Computer<<< Step 1 The easiest and simple way I could find for someone to delete one of these "evil" files form your computer. This will only take about 45 seconds to delete the file from your computer. Step 2 Start by simply open Notepad, Word, WordPad, or Paint on your computer. Step 3 Click File at the top left and then click Save As. Locate where the file you want to delete is located. Choose the All Files option from the drag down box File Type. Click once on the file so that the name of the file appears in the File-name box. Step 4 Put a " at both the start and end of the file name. Click save. It will ask you if you are sure you want to over right the existing file, choose yes. The "undeletable" file will be over writing(deleted) and simple delete the file that you put in its place. __________________

The US Department of Justice this week said it seized nearly $896,000 and seven domain names from online sites it said were selling counterfeit goods. According to court documents, the DoJ said individuals conducted sales and processed payments for the counterfeit goods using PayPal Private Ltd. accounts and then wired their proceeds to bank accounts held at Chinese banks. Under warrants issued by a US District Judge, law enforcement agents seized $826,883 in proceeds that had been transferred from PayPal accounts to various bank accounts in China. The funds were seized from correspondent, or interbank, accounts held by the Chinese banks in the United States, the DoJ stated. Under additional seizure warrants issued by a US Magistrate Judge, enforcement agents from the Department of Homeland Security's Immigration and Customs Enforcement (ICE) and National Intellectual Property Rights Center and ICE-HSI also grabbed $69,504 in funds remaining in three PayPal accounts used by the people involved. The investigation is a product of an ongoing initiative known as "Operation In Our Sites," which the DOJ says targets online commercial intellectual property crime. Operation In Our Sites targeted online retailers of an array of counterfeit goods, including sports equipment, shoes, handbags, athletic apparel, sunglasses and DVD boxed sets. To date, the investigation has claimed 758 domain names of websites engaged in the sale and distribution of counterfeit goods and illegal copyrighted works, the DoJ stated. The bust comes not long after ICE seized 307 websites and snatched up 42,692 items of phony Super Bowl-related memorabilia along with other counterfeit items for a total take of more than $4.8 million. Background: Is EVERYTHING made in China? Sixteen of the sites the agency shut down during this operation known as Fake Sweep, were illegally streaming live sporting telecasts over the Internet, including NFL games. Two hundred ninety-one website domain names were illegally selling and distributing counterfeit merchandise, ICE stated. Counterfeit merchandise seized included fake jerseys, ball caps, t-shirts, jackets and other football souvenirs. During this operation, an additional 22,570 items of counterfeit merchandise and clothing representing other sports leagues, including Major League Baseball, National Basketball Association and National Hockey League were seized by law enforcement. In total, this operation netted 65,262 counterfeit items worth $6.4 million, ICE stated.

You can win Nobel prizes for physics, chemistry, and medicine, but technology? No. There is, however the Millennium Technology Prize. This is the world's largest technology prize. It is rewarded ever two years for a technological innovation that significantly improves the quality of human life, today and in the future. This year, Linus Torvalds, Linux's creator, and Dr. Shinya Yamanaka, maker of a new way to create stem cells without the use of embryonic stem cells, are both laureates for the 2012 Millennium Technology Prize. This prize, which is determined by the Technology Academy of Finland, is one of the world’s largest such prizes with candidates sought from across the world and from all fields of technology. The two innovators will share over a million Euros. The final winner will be announced by the President of the Republic of Finland in a special ceremony on June 13, 2012. Gallery: The 20 most significant events in Linux's 20-year history Previous winners include Professor Sir Tim Berners-Lee, inventor of the Web; Professor Robert Langer for his invention and development of innovative biomaterials for controlled drug release and tissue regeneration; and Professor Michael Gratzel for his innovative developments in dye-sensitized solar cells. “The Millennium Technology Prize is like the Nobel Peace Prize of technology,” said Jim Zemlin, executive director at The Linux Foundation. “Linus Torvalds embodies the innovation and collaborative spirit that this award stands for, and we congratulate him on this tremendous honor.” In response to the reward, Linus said, “Software is too important in the modern world not to be developed through open source. The real impact of Linux is as a way to allow people and companies to build on top of it to do their own thing. We’re finally getting to the point where “data is just data”, and we don’t have all these insane special communications channels for different forms of data.” Is it deserved? Well, judge for yourself. Since Torvalds created Linux in 1991, it has become the world’s most ubiquitous operating system it powers the popular Android phones and eight out of 10 financial trades; it runs Amazon, Facebook, Google, Twitter and other major web networks. It is the dominant OS for supercomputers, supporting nine of 10 of these major systems, and is the preferable platform for cloud computing. Yes, I think we can safely say this award was richly deserved. Congratulations Linus!

i hav a differet choice and i will go for ist one for intel .for amd there may cause a heat prob in earlier.

hi guys its really paining for me to post my problem in the help section. prob:pc restarting after some and keep restarting. what i hav done: 1.changing the rams in different slot. 2.keep one ram there and take off another one .still hav problem. 3.changing cpu that is reinstalling the cpu.still hav prob. 4.removing hdd from pc and booting. still hav prob. 5.setting another hdd and booted still hav prob. 6.booting live os from pendrive still hav problem. (without any hdd atached) wat am i concluding: going to see service center for motherboard (intel dh67cl ) am i right? plz suggest me. :cwrocks:

bro i hav also checked the psu and i hav no graphics card intalled externally. thanks for ur cooperation.

ya bro i hav covered all in BIOS mode its still keep restarting ie without having any os. ram is mounted in correct slot. it doesn't give me any time to run AV cpu paste is there. SMPS turns to be ok as i hav checked with another one. Problem sorted:motherboard defected. going to service centre Thanks for ur co-operation. :cwrocks:

Hackers exploit weaknesses in Google's bot-detection system with 99% accuracy. Google revamped its reCAPTCHA system, used to block automated scripts from abusing its online services, just hours before a trio of hackers unveiled a free system that defeats the widely used challenge-response tests with more than 99 percent accuracy. Stiltwalker, as the trio dubbed its proof-of-concept attack, exploits weaknesses in the audio version of reCAPTCHA, which is used by Google, Facebook, Craigslist and some 200,000 other websites to confirm that humans and not scam-bots are creating online accounts. While previous hacks have also used computers to crack the Google-owned CAPTCHA (short for Completely Automated Public Turing test to tell Computers and Humans Apart) system, none have achieved Stiltwalker's impressive success rate. "The primary thing which makes Stiltwalker stand apart is the accuracy," wrote Adam, one of the three hackers who devised the attack, in an e-mail. "According to the lead researcher from the Carnegie Mellon study, the system we attacked was believed to be 'secure against automatic attack,'" he added, referring to this resume from a Carnegie Mellon University computer scientist credited with designing the audio CAPTCHA. Stiltwalker's success exploits some oversights made by the designers of reCAPTCHA's audio version, combined with some clever engineering by the hackers who set out to capitalize on those mistakes. The audio test, which is aimed at visually impaired people who have trouble recognizing obfuscated text, broadcasts six words over a user's computer speaker. To thwart word-recognition systems, reCAPTCHA masks the words with recordings of static-laden radio broadcasts, played backwards, so the background noise would distract computers but not humans. What the hackers—identified only as C-P, Adam, and Jeffball—learned from analyzing the sound prints of each test was that the background noise, in sharp contrast to the six words, didn't include sounds that registered at higher frequencies. By plotting the frequencies of each audio test on a spectrogram, the hackers could easily isolate each word by locating the regions where high pitches were mapped. reCAPTCHA was also undermined by its use of just 58 unique words. Although the inflections, pronunciations, and sequences of spoken words varied significantly from test to test, the small corpus of words greatly reduced the work it took a computer to recognize each utterance. Enter the neural network With the sounds isolated, the hackers then funneled each word into a battery of mathematical solvers to translate the characteristics of each isolated word into text that would solve the CAPTCHA puzzle. An early version of the attack worked by using the open-source pHash software library to generate a "perceptual hash" of each sound. Unlike cryptographic hashes, which typically produce vastly different ciphertext when even tiny changes are made to the plaintext input, pHash outputs vary minimally when generated by similar-sounding words. By comparing the perceptual hashes of the collected sounds to a table of hashes, the team could make educated guesses about which words were being included in the audio tests. But they ultimately scrapped the technique because its level of accuracy didn't break 30 percent. The hackers eventually devised a machine-learning algorithm that produced significantly better results. Their neural network was seeded with data from 50,000 reCAPTCHA utterances along with human-generated input for each corresponding word. They then combined the tool with a separate attack that exploited another weakness they discovered in the audio version—namely its habit of repeating the same challenges verbatim in pseudo-random fashion. By using cryptographic hashes to fingerprint 15 million of the estimated 25 million challenges in reCAPTCHA's repertoire, their attack was able to crack most of the tests. "The majority of the time, we can look at the challenge and not do any computation at all," Adam said. "It takes less than a second to get an answer with the MD5 solver." Their attack became all the more effective after discovering that Google's audio CAPTCHA accepted multiple spellings for many of the challenges based on the approximate phonetic sounds of each word. As a result, an audio test that included the word "boat" could be solved by entering "boat," but it could also be solved by entering "poate." Similarly, a test that included the word "plate" could be solved by entering "plate," but it too could also be solved by entering "poate." Tests for words that included "Friday," "fairy," or "four" were also solved by entering "Friay." By fashioning the same alternate spelling for a variety of different sounding words, the hackers could pare back the number of guesses required to solve a specific puzzle, a technique crackers call "reducing the keyspace." In the end, the hackers said their computer-generated attack solved 17,338 out of 17,495 challenges they attempted, a success rate of 99.1 percent. At one point, the attack was able to deduce answers to 847 tests in a row before being tripped up. The Googleplex strikes back About two hours before the hackers were scheduled to present the attack on Saturday at the Layer One security conference, Google engineers revamped reCAPTCHA. Suddenly, Stiltwalker, which the hackers had carefully kept under wraps, no longer worked. Adam told me that he has no proof anyone tipped off Google employees—but he doubts the timing was coincidence. The updated reCAPTCHA system uses a human voice uttering unintelligible sounds as background noise, making it impossible for Stiltwalker to isolate the distinct words included in each audio challenge. The puzzles have also been expanded from six words to ten words and each challenge lasts 30 seconds, compared with only eight seconds under the previous reCAPTCHA. A Google spokesman declined to offer specifics of the reCAPTCHA upgrade beyond issuing a statement. "We took swift action to fix a vulnerability that affected reCAPTCHA," it said, "and we aren’t aware of any abuse that used the techniques discovered. We're continuing to study the vulnerability to prevent similar issues in the future. We've found reCAPTCHA to be far more resilient than other options while also striking a good balance with human usability. Even so, it's good to bear in mind that while CAPTCHAs remain a powerful and effective tool for fighting abuse, they are best used in combination with other security technologies." While the changes stymied the Stiltwalker attack, Adam said his own experience using the new audio tests leaves him unconvinced that they are a true improvement over the old system. "I could only get about one of three right," he said. "Their Turing test isn't all that effective if it thinks I'm a robot."

bro give details of ur network. is it on lan or in router?

Apple develops tool to 'detect and remove' Flashback Trojan Apple products have previously been regarded as less susceptible to viruses than Windows PCs Apple has said it is developing a tool to "detect and remove" a Trojan that is said to have infected more than half a million Mac computers. It said it is working with internet service providers (ISPs) to disrupt the command network being used by hackers to exploit the malware. Trojans are infections that can expose computers to control by hackers. It is Apple's first statement on the threat. It issued patches to prevent the malware's installation last week. The two security updates were released eight weeks after Java's developer Oracle issued a fix for other computer systems. In a message posted on Apple's website's support section, the company said it had fixed a "Java security flaw for systems running OS X v10.7 and Mac OS X v10.6". It suggested users of Macs running earlier versions of its system software should disable Java in their web browser preferences. In addition, Apple said it was working with ISPs to shut down networks of servers hosted by the malware authors, which the code - known as Flashback - relies on "to perform many of its critical functions". Macs 'being targeted' Russian anti-virus firm Dr Web, which has tracked the scale of the botnet, said it believed around 650,000 machines had now been infected. The company's chief executive, Boris Sharov, told the BBC that since the Trojan was publicised, they have seen downloads of their anti-virus software increase by 28,000%. "The thing that we have proven to the community is that people should care about their security, even on Macs," he said. According to a timeline of events posted on its website, Dr Web said activity surrounding the virus began as far back as February. Traditionally, Apple has promoted the fact that its Macintosh line is largely free from viruses and other similar threats due to the fact almost all malicious software is designed to exploit computers running on Microsoft Windows. McAfee Labs' Dave Marcus told the AFP news agency: "All the stuff the bad guys have learned for doing attacks in the PC world is now starting to transition to the Mac world." "Mac has said for a long time that they are not vulnerable to PC malware, which is true: they are vulnerable to Mac malware." The security firm F-Secure has posted detailed instructions about how to confirm if a machine is infected and how to manually remove the Trojan.

Pclinux is also best for new use

u May also use live cd/usb instead of having install the Os.u can run ur os from cd/usb

100% working. Just follow dirtylow I hav used this method to make pendrive following the above method dirtylow u rock bro! :cwrocks:

Spam: India leads world in junk emails Many spammers have shifted their focus from email to social networks India has become the top spam-spewing nation on the planet, suggests a report. Compiled by security firm Sophos, the report ranks nations by the amount of junk mail routed through computers in each country. India has leapt to the top of the spam chart in less than a year, rapidly overtaking the US, said Sophos. About 10% of all junk mail sent across the web came from or passed through computers in India, said the firm. India's rapid rise up the chart of spam producers has been helped by the rapid growth of the web in the country, said Graham Cluley, senior technology consultant at Sophos. The inexperience of the many first-time net users in India had led many to fall victim to hi-tech criminals, he said. "The latest stats show that, as more first-time internet users get online in growing economies, they are not taking measures to block the malware infections that turn their PCs into spam-spewing zombies," he added. Social networks About 80% of all junk email is thought to be routed through PCs hijacked by hi-tech criminals who use computer viruses to seize control of the machines. Once a machine is under their control they use them to send out mail on their behalf, typically relaying it from another nation. Sophos estimates that about 9.3% of all junk mail travels through Indian computers. In second place is the US (8.3%) and South Korea (5.7%) is third. India's rise up the rankings was also helped by the ongoing shift away from traditional email by spammers. More and more of them, said Sophos, were using social networks as the route to spread their junk messages. Facebook, Twitter and Pinterest were all being hit with increasing regularity by spammers, said Sophos.

Bot:Short for robot, a computer program that runs automatically. Internet bots, also known as web robots, WWW robots or simply bots, are software applications that run automated tasks over the Internet. Typically, bots perform tasks that are both simple and structurally repetitive, at a much higher rate than would be possible for a human alone. The largest use of bots is in web spidering, in which an automated script fetches, analyzes and files information from web servers at many times the speed of a human. Each server can have a file called robots.txt, containing rules for the spidering of that server that the bot is supposed to obey. In addition to their uses outlined above, bots may also be implemented where a response speed faster than that of humans is required (e.g., gaming bots and auction-site robots) or less commonly in situations where the emulation of human activity is required, for example chat bots. Recently bots have been used for search advertising, such as Google Adsense. Commercial purposes Chatterbots are used in automated online assistants by organizations as a way of interacting with consumers and users of services. This can avail for enterprises to reduce their operating and training cost. A major underlying technology to such systems is natural language processing. There has been a great deal of controversy about the use of bots in an automated trading function. Auction website eBay has been to court in an attempt to suppress a third-party company from using bots to traverse their site looking for bargains; this approach backfired on eBay and attracted the attention of further bots. Charitable purposes Bots have also been known to fast-track the purposes of charities, one of which is FreeRice. On FreeRice Since FreeRice became well-known through Digg.com and other news sources, many programming-adept users created scripts to automatically play the game for them. The scripts operate far faster than humans alone and run for 24 hours a day. At first, the scripts got only ≈1/4 of the words correct by random chance. Eventually, these bots were adapted with automated online dictionary search, dictionary files, and word database dumps so the programs can choose the correct answers the first time more often. The word database dumps were created so when the incorrect answer was chosen, the bots would record the correct answer the next page would show. Thus, the bot would choose the correct answer whenever it happened upon the same words later. Due to the growing number of scripts used on FreeRice, the number of rice donated has remarkably risen. Currently there are no rules governing "ricebots", as they are called. Until those rules are formed, anyone is free to program and use the scripts. With a delay of about 3 seconds between iterations, it is estimated that a script can feed about 8 people per day, if running 24/7. The idea was taken even further to create a multi-threaded bot which can run fifty or more browser instances at a time, enough to liberate as much as 600,000 grains of rice per hour or to feed 720 people per day. One script with 1,000 threads was able to donate over 3,000,000 grains in just a few hours. Donated rice comes from the advertisements from sponsors, therefore abuse of scripts will likely lead to catastrophe, as advertisers prefer that actual people view their advertisements. Knowing the existence of the bots, FreeRice updated their FAQ explaining the potential damage of botting. Some bots have made changes to make sure they won't spoil the FreeRice spirit. Malicious purposes Another, more malicious use of bots is the coordination and operation of an automated attack on networked computers, such as a denial-of-service attack by a botnet. Internet bots can also be used to commit click fraud and more recently have seen usage around MMORPG games as computer game bots. A spambot is an internet bot that attempts to spam large amounts of content on the Internet, usually adding advertising links. There are malicious bots (and botnets) of the following types: Spambots that harvest email addresses from internet forums, contact forms or guestbook pages Downloader programs that suck bandwidth by downloading entire web sites Web site scrapers that grab the content of web sites and re-use it without permission on automatically generated doorway pages Viruses and worms DDoS attacks Botnets / zombie computers; etc. File-name modifiers on peer-to-peer file-sharing networks. These change the names of files (often containing malware) to match user search queries. Automating the entry of internet sweepstakes or instant win games to get an advantage Automating tasks on promotional web sites to win prizes Votebots which automatically cast votes for or againsts certain forms of user-contributed content such as videos on Youtube or reader comments on blog pages. Bots are also used to buy up good seats for concerts, particularly by ticket brokers who resell the tickets. Bots are employed against entertainment event-ticketing sites, like TicketMaster.com. The bots are used by ticket brokers to unfairly obtain the best seats for themselves while depriving the general public from also having a chance to obtain the good seats. The bot runs through the purchase process and obtains better seats by pulling as many seats back as it can. Bots are often used in massively multiplayer online role-playing games (MMORPG) to farm for resources that would otherwise take significant time or effort to obtain; this is a concern for most online in-game economies. The most widely used anti-bot technique is the use of CAPTCHA, which is a type of Turing test used to distinguish between a human user and a less-sophisticated AI-powered bot, by the use of graphically encoded human-readable text.As such, players are often banned from their respective MMORPG for going outside the programming and "cheating" as bots are not typically allowed because they give an unfair advantage. Bots in popular culture The 2006 Basshunter hit song "Boten Anna" is about a man who mistakes a female IRC user named Anna for an IRC bot. During the naming contest for a Hungarian bridge, Colbert Nation forum members developed a bot to stuff the ballot box. Stephen Colbert asked his viewers to cease their voting to name the bridge after him, and apologized to the Hungarians with a large segment on his show, The Colbert Report. Zombie computer A zombie computer is a computer connected to the Internet that has been compromised by a cracker, computer virus or trojan horse and can be used to perform malicious tasks of one sort or another under remote direction. Botnets of zombie computers are often used to spread e-mail spam and launch denial-of-service attacks. Most owners of zombie computers are unaware that their system is being used in this way. Because the owner tends to be unaware, these computers are metaphorically compared to zombies. (1) Spammer's web site (2) Spammer (3) Spamware (4) Infected computers (5) Virus or trojan (6) Mail servers (7) Users (8) Web traffic History Zombies have been used extensively to send e-mail spam; as of 2005, an estimated 50–80% of all spam worldwide was sent by zombie computers. This allows spammers to avoid detection and presumably reduces their bandwidth costs, since the owners of zombies pay for their own bandwidth. This spam also greatly furthers the spread of Trojan horses; as Trojans, they are not self-replicating. They rely on the movement of e-mails or spam to grow, whereas worms can spread by other means. For similar reasons zombies are also used to commit click fraud against sites displaying pay per click advertising. Others can host phishing or money mule recruiting websites. Zombies can be used to conduct distributed denial-of-service attacks, a term which refers to the orchestrated flooding of target websites by large numbers of computers at once. The large number of Internet users making simultaneous requests of a website's server are intended to result in crashing and the prevention of legitimate users from accessing the site. A variant of this type of flooding is known as distributed degradation-of-service. Committed by "pulsing" zombies, distributed degradation-of-service is the moderated and periodical flooding of websites, done with the intent of slowing down rather than crashing a victim site. The effectiveness of this tactic springs from the fact that intense flooding can be quickly detected and remedied, but pulsing zombie attacks and the resulting slow-down in website access can go unnoticed for months and even years. Notable incidents of distributed denial- and degradation-of-service attacks in past include the attack upon the SPEWS service in 2003, and the one against Blue Frog service in 2006. In 2000, several prominent Web sites (Yahoo, eBay, etc.) were clogged to a standstill by a distributed denial of service attack mounted by a Canadian teenager. An attack on grc.com is discussed at length, and the perpetrator, a 13-year old probably from Kenosha, Wisconsin, was identified on the Gibson Research Web site. Steve Gibson disassembled a 'bot' which was a zombie used in the attack, and traced it to its distributor. In his account about his research, he describes the operation of a 'bot'-controlling IRC channel. Beginning in July 2009, similar botnet capabilities have also emerged for the growing smartphone market. Examples include the July 2009 in the wild release of the Sexy Space text message worm, the world's first botnet capable SMS worm, which targeted the Symbian operating system in Nokia smartphones. Later that month, Charlie Miller revealed a proof of concept text message worm for the iPhone at Black Hat. Also in July, United Arab Emirates consumers were targeted by the Etisalat BlackBerry spyware program. At the present time, the security community is divided as to the real world potential of mobile botnets. But in an August 2009 interview with The New York Times, cybersecurity consultant Michael Gregg summarized the issue this way: "We are about at the point with phones that we were with desktops in the ’80s.”

The sophisticated program is a powerful weapon for cyber espionage, Kaspersky Lab experts say. Others warn that cyberspace has become the new battleground. Originall By Sergei L. Loiko, Los Angeles Times . MOSCOW — Computer virus experts at Kaspersky Lab, acting with the blessing of the United Nations, were searching for a villain dubbed the Wiper when they came across a much more menacing suspect requiring a new moniker: Flame. The malicious program left experts all but certain that a government sponsor intent on cyber warfare and intelligence gathering was behind some suspicious activity, in part because of the likely cost of such a sophisticated endeavor. "We entered a dark room in search of something and came out with something else in our hands, something different, something huge and sinister," Vitaly Kamlyuk, a senior antivirus expert at Kaspersky Lab, said in an interview Wednesday. Kamlyuk said Flame can copy and steal data and audio files, turn on a computer microphone and record all the sounds in its vicinity, take screen shots, read documents and emails, and capture passwords and logins. The program can communicate with other computers in its radius via the infected computer's Bluetooth capability and locate their whereabouts even without an Internet connection, he said. "We haven't figured out yet whether it can carry out some destructive actions but we can say with confidence that it is a powerful universal set of tools for cyber espionage," Kamlyuk said. "Many people still think that cyber warfare is a myth and a fantasy but as we reassemble and study one by one the numerous components and modules of this unique program we see that it is a real weapon of this undeclared war that is already going on." Experts worldwide have been surprised and impressed by the emergence of Flame, which Kaspersky Lab detected after being asked several weeks ago by the United Nations' International Telecommunication Union to check reports of suspicious computer activity. It is believed that a wide variety of computers belonging to individuals and state-related organizations were targeted in the Middle East and North Africa, including Iran, Syria, Lebanon and Sudan. Kaspersky Lab has uncovered damage to at least 189 computers in Iran, 98 in Israel and the Palestinian territories, 32 in Sudan, 30 in Syria, 18 in Lebanon, 10 in Saudi Arabia and five in Egypt. Many more computers may have been infected by Flame, Kamlyuk said. Experts are still studying the software program and trying to determine the point of entry. A previous worm-like malware known as Stuxnet targeted computers in Iran controlling centrifuges at nuclear facilities and was believed to be an effort by Israel, the United States or both. "Stuxnet's goal was to identify infrastructural ties with industrial systems of Iran and cause material damage," Kamlyuk said. "The malware could reprogram the control of [uranium enrichment] centrifuges, command the speed of the engine, keep it to the maximum without rest and eventually destroy the equipment." Kaspersky then found a way to oppose that threat and protect its clients but stopped short of identifying the culprit. Analyzing Flame, which is considered a far more powerful weapon than Stuxnet, may take many months, but Kaspersky experts have little doubt that it is a government-backed program carried out in secrecy. "Cyber weapons like Stuxnet and Flame can be potentially considered serious threats to national security," Kamlyuk said. "Humankind has entered a new era, the era of cyber war, but we don't want to paint scary scenarios and provide potential clues for current and future perpetrators of such attacks." Despite the accomplishments of a private company such as Kaspersky Lab, some analysts in Russia said the country remains unprepared for cyber war. "It is a natural process that all these new breakthrough technologies immediately attract military and intelligence agencies," Leonid Ivashov, vice president of the Academy on Geopolitical Affairs, a Moscow-based think tank, said in an interview. "And it would be rash and stupid to hope that those who still think of world supremacy will not try to take advantage of these new technologies, which can help them conquer the world without bombs and missiles." Russia does not have adequate industry, research centers, institutes or expertise to meet the challenges of modern cyber technology, said Ivashov, a former chief of the Russian Defense Ministry's international military cooperation directorate. Gennady Gudkov, deputy chairman of the security committee of the State Duma, the parliament's lower house, said the country's computer technology, largely dependent on foreign-made software and hardware, leaves it "extremely vulnerable and virtually defenseless in conditions of cyber warfare." :cwrocks:

Nearly two-thirds of IT security professionals worldwide believe their companies will be the target of a cyber attack in the next six months, and 61 percent say that Anonymous and other hacktivist groups will be most likely the ones to target their organizations. Cyber criminals, then "nation states," including China and Russia, are considered next on the list of likely attackers by 55 and 48 percent, respectively, according to the survey done by security firm Bit9. Only 28 percent think that "disgruntled employees" are the most likely to target their companies. "The survey results put a spotlight on an interesting contradiction: on the surface, people are most afraid of embarrassing, highly publicized attacks from hacktivist organizations like Anonymous, but they recognize that the more serious threats come from criminal organizations and nation states," said Harry Sverdlove, chief technology officer of Bit9. The company's 2012 Cyber Security Survey of 1,861 IT pros was done to "gauge the current state of enterprise security and identify the attack methods and cybercrimal groups that keep IT executives up at night." Among the other findings: 74 percent think "endpoint security solutions on their laptops and desktops are not doing enough to protect their companies and intellectual property (IP) from cyber attacks." 95 percent believe cyber security breaches "should be disclosed to customers and to the public," something that a hot-button issue for many businesses. The House is considering several cyber security measures, including a system that would let U.S. intelligence agencies and businesses share information about hackers and the techniques they use. 48 percent think companies that have cyber security breaches should not only disclose it, but also "provide a description of what is stolen, while nearly a third (29 percent) believes a description of how the attack occurred should also be shared. Only 6 percent felt that nothing should be disclosed." 62 percent are most worried about targeted attack methods, including malware (45 percent) and spear phishing (17 percent). Spear phishing is an attempt to hack an individual's computer or accounts by sending an email that's tailored to that person and his or her company. Only 11 percent said they worry about the attack methods that, so far, are commonly used by hacktivists, such as distributed denial-of-service attacks and SQL injection, a technique to attack databases through a website. The "good" news from the survey: 58 percent say that companies that put into place "best practices and better security policies are in the best position to improve enterprise security, and 19 percent believe individual employees play an important role in improving the state of security." No one is especially trustworthy of government efforts in the cyber security realm. "Despite current plans to implement cyber security legislation, only 7 percent believe that government regulation and law enforcement will best improve security," Bit9 found.

Google's latest Android mobile OS comes with features to divert hackers from installing malware that leads to information leakage, buffer overflows, and memory vulnerabilities. New features on Google's latest Android mobile OS -- Jelly Bean 4.1 -- beef up the system's security over all other past OS iterations. With Jelly Bean's design, Google has aimed to defend against hacks that install viruses and other malware on mobile devices using the system. "Android has stepped its game up mitigation-wise in the new Jelly Bean release," security researcher Jon Oberheide wrote in an analysis published this week. Oberheide notes that the central difference between Jelly Bean and other Android systems is that it incorporates Address Space Layout Randomization (ASLR), which randomizes locations in the devices' memory, along with another security feature called data execution prevention (DEP). This is crucial because one way hackers tend to break into handsets is via memory corruption bugs, according to Ars Technica, which first reported this news. When ASLR is combined with DEP, these types of attacks can be defeated because hackers cannot locate the malicious code in the device's memory. Besides ASLR and data execution prevention, Jelly Bean also has defenses against information leakage, buffer overflows, and additional memory vulnerabilities. However, according to Oberheide, Android has not yet added code signing, which would help fortify against unauthorized applications running on the device. Apple's iOS already has code signing, ASLR, and DEP. "While Android is still playing a bit of catch-up, other mobile platforms are moving ahead with more innovation exploit mitigation techniques, such as the in-kernel ASLR present in Apple's iOS 6," Oberheide wrote in the analysis. "One could claim that iOS is being proactive with such techniques, but in reality, they're simply being reactive to the type of exploits that typically target the iOS platform. However, Apple does deserve credit for raising the barrier up to the point of kernel exploitation by employing effective userspace mitigations such NX, ASLR, and mandatory code signing." :cwrocks:

Plz vote for better internet performance. Galaxy s2 Galaxy s3 I-phone 4S :cwrocks:

bro vote for it .

bro plz vote for it. :cwrocks:

gr8 share bro. :cwrocks: