All Posts Tagged Tag: ‘Security’
uTest has released the results from a check-in services "Bug Battle" competition, in which over 300 users from about 40 countries reported bugs in popular check-in services Fousquare, Gowalla, and Brightkite. A total of 870 bugs were reported – technical, functional, and GUI bugs in the web and mobile apps of these three services.
Rumor has it that Google is not using Windows internally anymore, and security companies don’t necessarily find this to be a great solution if security is the concern. More than one has emailed WebProNews with reactions to this story.
In the first quarter of 2010, a USB worm took the top spot for malware globally, according to a new report by McAfee.
Threats on portable storage devices took the lead for the most popular malware. AutoRun related infections held the No.1 and No. 3 spots due to the widespread adoption of removable devices, mainly USB drives. A variety of password-stealing Trojans rounded out the top five. Those include generic downloaders, unwanted programs and gaming software that collects statistics anonymously. The popularity of these threats were consistent worldwide.
Vietnam shares a border with China, and it’s possible that Vietnamese authorities are starting to share the Chinese government’s low opinion of Google, too. Today, a spokesperson dismissed Google’s claim that Vietnamese computer users were infected by politically motivated malware.
Easter is coming up, and of course that means spammers are taking advantage. They do this with most holidays. And like they do with other holidays, they are using the holiday to disguise malicious emails. Symantec shared some examples with us.
"MessageLabs Intelligence has intercepted Easter ‘e-card’ spam emails offering a ‘2010 Easter 3D e-Card,’" a representative for Symantec tells WebProNews. "Spam authors are attempting to use the recent surge of interest in 3D media to increase the likelihood of people falling for their scam."
Google said it has detected malware targeting Vietnamese-language users opposed to bauxite mining in the Communist country.
The malware infected the computers of "potentially tens of thousands of users" who downloaded Vietnamese keyboard language software, Google Security Team member Neel Mehta wrote on the company’s security blog. The attacks targeted opposition to the mining of bauxite, an ore used to make aluminum.
Symantec has a released a new report looking at the nature of industrial espionage and targeted attacks, a big issue right now, considering the whole Google/China situation. A representative for the firm tells WebPronews, "Further analysis of targeted attacks shows that the top five targeted roles are senior officials (VPs, Directors) and the individuals that receive the most targeted malware are responsible for foreign trade and defense policy, especially in relation to Asian countries."
Google introduced a new security feature for Gmail today. It notifies the user when a suspicious log-in activity is detected on their account. This notification will come in the form of a message saying ""Warning: We believe your account was last accessed from…" along with the geographic region that Google can best associate with the access. Engineering Director Pavni Diwanji explains on the Gmail Blog:
Something fishy is going on. If you search for "Google executives" on an English-language version of Google, you may get a link to http://www.google.com/corporate/execs.html, which would be Google’s page where it has profiles for its executives (go figure). However, you may also notice that the text appears in Chinese characters.
Update: WebProNews contacted Google to find out how they handle Google Buzz spam. The company tells us:
"We have several spam and abuse checks in place for Google Buzz content. On the abuse side, we recompress images that are uploaded, and links are scanned by the same technology that helps protect Google web search and browsers that implement our Safe Browsing data. Users can also click "Report abuse" in the drop-down menu for each Buzz message. We will suspend accounts for abuse that violates our terms of service."
Data breach incidents cost U.S. companies $204 per compromised customer record in 2009, compared to $202 in 2008, according to a new study from the Ponemon Institute and security firm PGP.
Even with an overall drop in the number of reported breaches (498 in 2009 vs. 657 in 2008), the average total per-incident costs in 2009 were $6.75 million compared to an average of $6.65 million in 2008.
Thanks to Google, PayPal, and Mozilla, the anti-malware organization borne out of Harvard’s Berkman center has become an independent entity. StopBadware.org is now a non-profit known simply as StopBadware.
This change should be viewed as more evolutionary than revolutionary; like before, StopBadware will work to minimize the threat of malware, and at the moment, nothing more significant than some colors, logos, and site content has been changed.
Perpetrators of click fraud are getting sneakier and sneakier. Harvard Business School professor Ben Edelman has uncovered one of the more diabolical click fraud schemes known to be hatched. As he summarizes it:
When Google made its big announcement about an attack originating from China, the company also mentioned that "at least twenty other large companies" had been affected. Now, it’s become almost certain that one of them was Adobe, and there are signs that Yahoo was another target.
As news of Google’s China situation dominates headlines, the company has also announced that it is turning on https access for Gmail as the default (Gmail accounts were hacked in China, in case you haven’t read about that yet).
Https, which stands for Hypertext Transfer Protocol Secure is used to provide encryption and secure ID. Back in 2008 Google started giving users the option to use it.
Google released a stunning blog post that details a "sophisticated and targeted attack" on Gmail that "resulted in the theft of intellectual property from Google".
Google notes that the attack was not just on Google infrastructure but also on more than twenty other companies from various industries. Google states that they are working with the authorities in the U.S. and will be notifying the companies of the breaches.