Security and spyware

Microsoft offers advice to deal with IE security bug

Users of Internet Explorer versions 6 through 9 are grappling with another security flaw without a fix, but Microsoft has a few suggestions to help shore up protection.

Uncovered this past weekend, the security hole could compromise the PCs of IE users who surf to a malicious Web site. Microsoft said it's already aware of attacks that have tried to take advantage of this weakness.

Since no fix is yet available, it's up to users of IE to protect themselves. A new Microsoft Security Advisory offers several recommendations.

To start, the usual advice always applies. Make sure you'… Read more

Kaspersky 2013 ups the ante with exploit prevention

The 2013 updates to the Kaspersky protection suites bring to consumers some of the most advanced security technology currently available. It involves introducing an exploit prevention engine as part of the security suite, but also a Safe Money banking protection tool that you can interact directly with. The suite's scans aren't the fastest, but it definitely will protect you.

Installation Installing Kaspersky has been dramatically simplified over the past two years. Following on 2012's fuss-free install, the installer for 2013 will remove conflicting security programs and any detected malware automatically.

You're still on the hook for … Read more

Russian court Web site defaced over Pussy Riot verdict

A Russian court Web site has been defaced following a verdict that saw the members of the all-female punk-rock band Pussy Riot sentenced to two years in jail.

The Khamovnichesky District Court was hacked today by a group claiming to be affiliated with the U.S. branch of Anonymous. The site uploaded a message in Russian saying that it doesn't "forget" or "forgive." The group also posted a Pussy Riot song, called "Putin Is Lighting the Fires of the Revolution," and video of Bulgarian singer Aziz.

The BBC was first to report on … Read more

OAuth 2.0 leader resigns, says standard is 'bad'

OAuth 2.0 promised to improve authentication on the Net, but its author has resigned from the project after concluding the standard "is a bad protocol."

"When compared with OAuth 1.0, the 2.0 specification is more complex, less interoperable, less useful, more incomplete, and most importantly, less secure," Eran Hammer-Lahav said in a blog post yesterday. "I resigned my role as lead author and editor, [withdrew] my name from the specification, and left the working group...Deciding to move on from an effort I have led for over five years was agonizing." … Read more

Defense expert to U.S.: Hire hackers and wage cyberwar

A top defense and cybersecurity expert says the U.S. should stop trying to take aim at expert hackers and start doing a better job of recruiting them.

"Let's just say that in some places you find guys with body piercings and nonregulation haircuts," U.S. Naval Postgraduate School professor John Arquilla said in an interview with The Guardian published today. "But most of these sorts of guys can't be vetted in the traditional way. We need a new institutional culture that allows us to reach out to them."

Arquilla argues that there are … Read more

FBI kills DNSChanger network, but how many will be affected?

The FBI today made good on its promise to take down its DNSChanger network. But people who ignored warnings may find themselves unable to get online.

At 12:01 a.m. EDT today, the FBI shut down the DNS servers that had kept computers infected by the DNSChanger malware still able to connect to the Internet, according to the Washington Post.

About five years, a group of hackers who deployed the DNSChanger malware, which modified the DNS settings of infected computers to point to rogue servers. After catching the criminal gang and taking controls of the servers, the FBI converted … Read more

Web users beware: DNSChanger victims lose Web access July 9

If you're one of thousands of people infected with the DNSChanger malware, get rid of it before Monday.

On July 9, the FBI will be switching off servers it used to keep those infected with the malware on the Internet. The organization says maintaining the servers is costly and that therefore the agency won't extend its support.

DNSChanger was first discovered in 2007 and was found to have infected millions of computers worldwide. The payload effectively modified a computer's DNS settings to redirect traffic through its rogue servers. When users typed in a domain name in a … Read more

Flame can sabotage computers by deleting files, says Symantec

The infamous Flame virus can delete files from a computer and is likely the cause of a cyberattack against Iran in April, according to new findings.

Flame was originally identified for its ability to steal data and capture information from keystrokes, PC displays, and audio conversations.

But a new component of Flame uncovered by security firm Symantec gives its operators the power to delete important files from compromised computer systems, Symantec researcher Vikram Thakur revealed yesterday.

Such power means that the virus can disrupt critical software and "completely disable operating systems," Reuters reported based on Thakur's findings.… Read more

Indian court overturns Vimeo, Pirate Bay blockade

An Indian court has decided to clarify a previous order that saw entire Web sites taken down for fear of a single movie being pirated.

India's Medianama is reporting today that the Madras High Court recently limited a badly drafted April ruling on the subject. The court said in its updated ruling, according to Medianama, which obtained a copy of it, that "the interim injunction is granted only in respect of a particular URL where the infringing movie is kept and not in respect of the entire website. Further, the applicant is directed to inform about the particulars … Read more

Microsoft's Do Not Track default in IE10 violates new specs

Microsoft faces a tough time trying to pull off its goal of setting IE10's Do Not Track feature as the default.

The Do Not Track, or DNT, feature in a browser is supposed to send a signal to third-party Web sites, telling them not to track your Internet activity. Most browsers include this as an option that the user can turn on or off.

Microsoft wants to turn the feature on by default in Internet Explorer 10, seeing it as a necessary step in giving users more control over how their online activities are tracked, shared, and used. But … Read more