Technology in your hands.

Social network Facebook will roll out more extensive privacy controls Tuesday night or Wednesday morning, as well as an instant-messaging service soon after, representatives from the company announced during a press briefing at the company’s headquarters in Palo Alto, Calif.

Most notable about the new privacy controls is the fact that Facebook members will now be able to choose how much of their profiles are visible to those on their friends list.

Naomi Gleit, Facebook’s product manager for privacy and internationalization, previewed the updated options, which include a new “Friend of Friends” option based on social proximity–not unlike LinkedIn profiles, in which profile information is visible to second- and third-degree contacts rather than the site’s members as a whole. Facebook members will also be able to include or exclude certain friends from having access to information…

Read Full Article

Security vendor Trend Micro has fallen victim to a widespread Web attack that splashed malicious software onto hundreds of legitimate Web sites in recent days.

A Trend Micro spokesman confirmed that the company’s site had been hacked Thursday, saying that the attack took place earlier in the week. “A portion of our site– some pages were attacked,” said Mike Sweeny, a Trend Micro spokesman. “We took the pages down overnight Tuesday night– and took corrective action.”

On Thursday security vendor McAfee reported that more than 20,000 Web pages have been affected by the attack. The pages are infected with malicious code that tries to install password-stealing software on the PCs of people who visit the sites.

Read Full Article

Spammers have cracked the captcha mechanism Gmail uses to make sure you are a human before you can open an e-mail account, leading to a huge increase in the amount of spam sent from Gmail last month, security firm MessageLabs says.

We’ve all been subjected to captcha programs when signing up for Web services. They typically consist of a box with some characters, either distorted or displayed against some noisy background, and you have to type the letters and numerals in exactly as you see them before the system will accept your sign-in.

They are designed to catch, or stop, automated programs called bots that are written to create new accounts for spammers to use. Annoying as the captcha systems are, they have been successful in keeping bots out, until recently.

Yahoo Mail and Hotmail captcha mechanisms were broken in July 2007, according to MessageLabs. And now, Gmail has succumbed…

Read Full Article

A security consultant based in New Zealand has released a tool that can unlock Windows computers in seconds without the need for a password.

Adam Boileau first demonstrated the hack, which affects Windows XP computers but has not yet been tested with Windows Vista, at a security conference in Sydney in 2006, but Microsoft has yet to develop a fix.

Interviewed in ITRadio’s Risky Business podcast, Boileau said the tool, released to the public today, could “unlock locked Windows machines or login without a password … merely by plugging in your Firewire cable and running a command”.

Boileau, a consultant with Immunity Inc., said he did not release the tool publicly in 2006 because “Microsoft was a little cagey about exactly whether Firewire memory access was a real security issue or not and we didn’t want to cause any real trouble”.

But now that a couple of years have passed and the issue has not resolved, Boileau decided to release the tool on his website…

Read Full Article

At 4 in the morning of May 1, 2005, deputies from the El Paso County Sheriff’s Office converged on the suburban Colorado Springs home of Richard Gasper, a TSA screener at the local Colorado Springs Municipal Airport. They were expecting to find a desperate, suicidal gunman holding Gasper and his daughter hostage.

“I will shoot,” the gravely voice had warned, in a phone call to police minutes earlier. “I’m not afraid. I will shoot, and then I will kill myself, because I don’t care.”

“I will shoot.” Listen to the Colorado Springs hostage hoax.

But instead of a gunman, it was Gasper himself who stepped into the glare of police floodlights. Deputies ordered Gasper’s hands up and held him for 90 minutes while searching the house. They found no armed intruder, no hostages bound in duct tape. Just Gasper’s 18-year-old daughter and his baffled parents.

A federal Joint Terrorism Task Force would later conclude that Gasper had been the victim of a new type of nasty hoax, called “swatting,” that was spreading across the United States. Pranksters were phoning police with fake murders and hostage crises, spoofing their caller IDs so the calls appear to be coming from inside the target’s home. The result: police SWAT teams rolling to the scene, sometimes bursting into homes, guns drawn.

Now the FBI thinks it has identified the culprit in the Colorado swatting as a 17-year-old East Boston phone phreak known as “Li’l Hacker.” Because he’s underage, Wired.com is not reporting Li’l Hacker’s last name. His first name is Matthew, and he poses a unique challenge to the federal justice system, because he is blind from birth…

Read Full Story

Malware writers are increasingly tailoring attacks to specific regions, languages and applications..

Security firm McAfee warned that locally targeted malware comprises up to half of all attacks in some areas.

Dave Marcus, security research and communications manager at McAfee Avert Labs, said: “You have the guys that are local for their region, and then you’ve got the bigger organisations.

“The situation is still developing, but we could not have had this conversation two years ago.”

An example of localised malware can be found in Japan. Financially motivated malware throughout the rest of the world is overshadowed in Japan by malware which focuses on destruction and data theft via peer-to-peer applications.

Read Full Article here

The hacking group Cult of the Dead Cow has released a tool that should make Google hacking a little easier for novices.

Called Goolag, the open-source software lets hackers use the Google search engine to scan Web sites for vulnerabilities.

This is something that hackers have been doing for years, but it can be tricky work– involving custom scripts and tools that sift through the mountain of data available via Google.

The Cult of the Dead Cow is best known for creating the Back Orifice software 10 years ago, which could be used to remotely control a Windows machine.

Like Back Orifice, the software could be used by both legitimate security professionals and criminals. Goolag comes with an easy-to-use graphical interface. It is based on techniques developed by Computer Sciences Corp. researcher Johnny Long, a well-known computer hacker who has spent years documenting the way that Google’s search engine can be used to uncover security vulnerabilities in the Web sites it indexes.

Read Full Article here

Ben Edelman’s Valentine’s Day missive to C-NetMedia is definitely not a love letter. In a detailed report posted on Thursday, the spyware researcher, attorney, and assistant professor at Harvard University accused the Alabama-based anti-spyware company of deceptive business and marketing practices, and of selling ineffective security software.

C-NetMedia could easily be confused with CNET Networks; in fact, the two companies have nothing to do with each other.

As Edelman points out, C-NetMedia profits from confusion. It had paid for a sponsored link that appears on Google searches for “spybot.” SpyBot Search & Destroy happens to be a popular anti-spyware tool. C-NetMedia’s sponsored link leads to SpywareBot.com/SpyBot, a Web link that could easily be mistaken for the official SpyBot Search & Destroy site. C-NetMedia’s ad text — “Official Site - Search & Destroy Spyware. Download Spyware Bot Now!” — magnifies the confusion.

Read Full Article

Web browsing and searching are becoming increasingly risky activities, according to a report published by Google on Tuesday.

“In the past few months, more than 1% of all search results contained at least one result that we believe to point to malicious content and the trend seems to be increasing,” said Niels Provos, a security engineer at Google, in a blog post.

Provos said that in the year and a half since Google began tracking malicious Web pages, the company has found more than 3 million unique URLs on more than 180,000 Web sites that attempt to install malware on visitors’ computers.

Read Full Article

Here’s a heads-up on the evolving security threats we can expect to see in the coming year, including emerging menaces such as badvertising, adsploits, anti-social networking, lieware, and whaling.

By the end of 2008, McAfee Avert Labs predicts it will have identified some 550,000 malicious programs, a 54% increase from 2007. With all the new malware emerging, we can expect new terminology to describe these constantly morphing threats. Here, then, is our only slightly tongue-in-check attempt to predict some of the rising threats in 2008 and the language that may be employed to describe those threats.

Full Article