A pilot program aims to help the US Defense Department beef up its networks by finding any vulnerabilities that could be exploited.
For full news : CNET.com
LIKE OUR PAGE IN FACEBOOK :
IE9 receives a perfect score for security from Microsoft’s browser test page.
(Credit: Lance Whitney/CNET)
A new Web page that tests browser security has crowned Internet Explorer 9 the most secure among the five major players. The only catch is that the page itself comes from Microsoft.
Dubbed “Your Browser Matters,” the new page checks a browser to determine how well it fares against phishing attacks and other types of socially engineered malware. The page then assigns the browser a score based on a scale of 0 to 4.
Looking at the major browsers, Internet Explorer 9 received a perfect 4 out 4, while IE8earned a 3. The latest versions of Firefox (7.0) and Google Chrome (14) took home scores of 2 and 2.5, respectively. And apparently Safari and Opera don’t even merit a grade since the page simply said it couldn’t give a score to either of those browsers.
Users can click on the “score” link to see exactly how and why the browser received its grade. Microsoft breaks down the security analysis into different questions, such as “Does the browser help protect you from websites that are known to distribute socially engineered malware?” and “Does the browser automatically block insecure content from secure (HTTPs) pages?” and then tells you if the browser got a yes or no for each one. MORE
LIKE OUR PAGE IN FACEBOOK :
Among the cyber vigilantes are The Jester (a.k.a. Th3j35t3r), a self-described ex-military gray-hat hacker who has previously attacked Wikileaks and 4chan, and a group calling itself Web Ninjas who are documenting their search on the LulzSec Exposed website.
The evidence compiled by The Jester and Web Ninjas includes purported chat logs of LulzSec’s private IRC channel, as well as circumstantial evidence identifying the members of LulzSec and their alleged true identities. They say they have passed on the information to the FBI.
We have previously speculated that LulzSec is a throwback to Anonymous‘ more anarchic past, perhaps formed by a few skilled Anons who grew weary of the hacker collective’s political pretension. The information presented by The Jester and Web Ninjas seems to corroborate this.
Two weeks ago, LulzSec tweeted, “This is the guy that paid us to hack pbs.org,” and pointed to the account of Branndon Pike, a 21-year-old from Daytona, Florida, who is a former Anonymous contributor. He told Fox News that LulzSec was pranking him because they were upset he had linked them to Anonymous.
Last week, someone anonymously posted to the Full Disclosure computer security mailing list a chat log of a conversation between LulzSec members . LulzSec responded to the leak, thereby confirming the log’s authenticity, stating that the compromised channel was only used “to recruit talent for side-operations” and that their main channel remained untouched.
Mentioning handles present in the chat log, LulzSec said that “people such as joepie91/Neuron/Storm/trollpoll/voodoo are not involved with LulzSec, they just hang out with us in that channel.” This implied that the handles they did not mention—including “Kayla” and “Topiary”—are indeed members of LulzSec.
Kayla is a name previously linked to Anonymous and its attacks on computer security firm HBGary. In March, she gave an interview to Forbes in which she disclosed her involvement with Anonymous and many personal details. Web Ninjas and The Jester claim that Kayla is actually a man.
Topiary is also a name linked to Anonymous. After the Anonymous attacks on the Westboro Baptist Church, an Anonymous representative debated a church leader on the David Pakman show. A widely circulated video of the exchange shows the name “Topiary” as the Anonymous spokesman’s Skype username.
This week a public radio producer called the seemingly untraceable phone number at which LulzSec has been taking calls, and recorded his conversation with members of the group. One of the LulzSec voices sounds like the voice of Topiary and has a similar European accent.
Web Ninjas have also posted photos and details of several other persons who they say correspond to the handles on the chat logs, including that of a man said to be “Sabu,” the supposed leader of LulzSec. “We do have his name, address, location and work but we are not publishing,” Web Ninjas said.
We recently saw the destruction of a ‘botnet’, a collection of computers around the world that are, without the knowledge of their owners, dedicated to sending out spam messages – unsolicited offers for dodgy deals.
After it was taken down the volume of spam messages being sent each day dropped an enormous amount, according to security researchers.
We are going to investigate what a botnet is, why it’s important to keep your computer secure to avoid becoming part of one, and the link between botnets and organised crime.
Phishing and spam
It used to be the case that computer viruses were written by people with nothing more malicious on their minds than vandalism, at worst. But nowadays most viruses and other forms of malicious software are created by or for criminals who use them to extract or extort money from unsuspecting internet users.
One example most of us will have come across is the ‘phishing’ email, which arrives in a user’s inbox and suggests that their account at some bank or other, or Ebay or Paypal, has been breached, or is up for renewal or otherwise needs to be validated. By clicking on the link in the email, the user is taken to the criminal’s own website instead of the genuine login page.
The user then enters their username and password and this is then used by the criminal to break into the user’s account either to directly steal money, or for other uses – if it’s an Ebay account, it may be used to set up fake auctions or to place fake bids on the criminal seller’s own auctions, for instance. Similarly, conventional spam emails usually offer dubious health treatments, super-cheap watches and get-rich quick schemes.
What these have in common is that both sets of emails are being distributed by botnets, collections of computers (known as ‘bots’, short for robots) under the control of a criminal.
The old way to send spam
Before the days of botnets, spammers would send email from their own computers, or using services that would send out millions of emails at a time for them. But anti-spam techniques improved and could detect and filter all the emails coming from a single PC.
Spam and phishing are volume businesses – they depend on sending out millions (or even billions) of messages in the hope that a tiny percentage of recipients will click on them. If you are sending enough emails, even that tiny percentage is worth big money.
What spammers needed was a way to distribute very large numbers of emails that were impossible to trace to a single source. The solution was provided by unscrupulous programmers, hired by organised criminals to create viruses.
Instead of creating a virus that steals information, the new type of virus installs a piece of code that instructs an infected computer to churn out thousands of emails. Because the computers are distributed across the world, the resulting emails are harder to identify as a single spam attack.
How does it work?
To begin with, the operator (the ‘bot master’ or ‘herder’) will send out emails containing viruses to a large group of people – this itself may be done by a botnet.
Users who open the email attachments and run them will have their computers taken over, but there may not be any signs that this has happened.
Unlike with other malicious software, there may be no reason to think that your computer is being used for malicious acts, other than a slowing down of internet speed, or general computer speed. However, both of those are common even on uninfected computers so it’s not easy to judge.
Once the computer is infected with the ‘bot’, it will connect to the bot master’s computer somewhere on the internet. When a spammer or criminal wants to use the botnet they will pay to hire it for a set period.
For as long as the spammer continues to pay, the botmaster will instruct all the computers in the botnet to continue sending out spam. The authorities are on the case, as are technology and security companies.
Microsoft-coordinated raids by US Marshals in March saw the end of the Rustock botnet, which controlled up to two million computers and was sending up to 30 billion emails a day. At its most potent in 2010 it was responsible for nearly two thirds of all spam sent.
The way to stay safe online is the same as ever: first, treat email attachments with suspicion, even if they appear to come from friends, and don’t click on links in email unless you know for sure that they are legitimate.
Ensure your security or anti-virus program is up-to-date, working properly and running regular scans.
Use the latest release version of your web browser and make sure Windows (or whatever operating system you are using) has all the latest updates installed.
Read more: http://www.computeractive.co.uk/ca/news/2041872/avoid-falling-scams-phishing-bot-masters#ixzz1O0qugCxW
Software, gadgets, magazines and more in our webstore. Click here to see our latest offers.
Contact me at : firstname.lastname@example.org