The failure of security that caused the infection of more than 190 thousand users on Orkut has been fixed by Google. In a statement, the American company says the cause of this problem was a code in the ‘New Orkut’, which was modified by the developers of social network.
“We took swift action to correct a vulnerability to cross-site scripting (XSS) in orkut.com which was discovered a few hours ago. Our analysis of the script code does not reveal any malicious activity. The problem is now resolved, but continued studying Vulnerability to help avoid similar problems in future, “Google said in a statement.
The flaw led the users to be included in the community “Infected by Orkut Virus”, without any need for approval. The group came to be deleted by the site staff in the early afternoon, but the hackers recreated using the same loophole. Besides becoming a member, the user started sending malicious code to your contacts through the network message.
Users who were infected by the code should clear browser history and delete temporary files. It is further recommended that the password for access to social networking should be replaced.
Google has added another layer of security to its Google Apps service, which may make it more appealing to businesses still uncertain about joining the move to Cloud Computing. The new step to keeping accounts secure currently applies to the Premier, Education, and Government editions of Google Apps, with the feature coming to all Google Apps users in the next few months.
It can’t be more simple, yet it’s actually quite clever. When users sign up to Google Apps, one of the details they’re asked to supply is their mobile phone number. With this new step, when you log in to your Google Apps account, a random security code, which changes each time, will be sent to your phone, either via a text or voice call. To verify yourself and actually get in to your account, you will need to type the code you are given into the site. If the code is wrong, you won’t get in. It’s the same concept as those “Authenticators” banks and online games are starting to use in abundance, but it eliminates the need for any new gadgetry, and instead uses the one gadget practically everyone these days has – their phone.
What’s more, to make the feature less annoying, Google lets users tone down the security for devices they trust. If a user is on a trusted computer — their office system, for example — they can opt to have their verification code remembered on that computer, meaning they won’t be asked for a code for 30 days, instead of having to enter a new one upon each login.
One final point, for those Tech-minded people out there who may want to take advantage of this security in their own projects: it may interest you to know that Google has built its verification feature on the open source OATH standard, meaning users can customize it for their own needs or even apply it to non-Google applications.
Four New York University students who raised a bundle of cash to build a privacy-preserving alternative to Facebook sure have their work cut out for them.
The project in question, Diaspora, grew out of deep-rooted dissatisfaction many people expressed earlier this year in response to Facebook privacy changes that without warning exposed details many users didn’t want to share with world+dog. When the developers sought funding, according to The New York Times, they asked for $10,000. So strong was the discontent of some Facebook users that they ended up with donations exceeding $200,000.
On Wednesday, to show people just how far the project has come along, some of the open-source code planned to be used in a pre-alpha version of the website was made available to the public. However, only a few hours later, hundreds of security researchers and amateur hackers began identifying security flaws in the code that could seriously compromise those who used the service. Among other things, the mistakes make it possible to hijack accounts, friend users without their permission, and Read the rest of this entry »
Security vendor Avast takes a cue from its own name and a slightly aged Internet meme to bring you a pirate-themed approach to home computer protection.
Since last night, Avast has been preparing to celebrate the international “Talk Like a Pirate Day” that comes every year on September 19. Users using Avast! will at some point receive a prompt from the program telling them about Talk Like a Pirate Day and give them the option to install a special “Pirate English” language pack. This tongue-in-cheek new feature rebrands four of the main screens in Avast!’s user interface to use Pirate Speak for people who opt in to the feature through September 22.
The changes are actually quite minimal, but somewhat humorous. A skull-and-crossbones is added to the avast! logo, and the “Secured” text to confirm that the program is working correctly changes to say “Ship-Shape”, also stating, “Yer ship be secure.” Menu options are also renamed to a more pirate-y theme, with the Scan options being renamed “Scour the Ship”, the Virus Chest becomes the “Dead-man’s chest”, and so on. If you like a little bit of pirate humour, then you’ll like this new feature.
SpywareBlaster is a popular tool for protecting your computer against the various nasties that lurk on the internet, ready to spread to and cause havoc on your computer. Unlike Malware Scanners, which clean and protect you from existing infections, SpywareBlaster is designed to prevent new Malware infections from ever getting installed from the moment it’s active. As Javacool Software, the parent company of the software, explain it:
SpywareBlaster focuses on prevention and protection. Removal deals with threats after they’ve already had a chance to wreak havoc and compromise your data. There are plenty of freely-available spyware removal tools. But few of them do anything to help keep your system secure. That’s why we initially released SpywareBlaster, and that’s why we’ve continued to strengthen its already powerful protection – to stop potentially unwanted software before it has a chance to get on your machine.
Recently, JavaCool Software updated the entire software package, bumping up its version number to 4.4. Those who have an older version should already have been notified to download the new version from the website, but if you haven’t been yet and didn’t know, or just needed a reminder, then I thought I’d just post this to remind you. Unfortunately JavaCool doesn’t post changelogs for its software, so I don’t actually know what the new version brings.
Just a few hours ago I saw this headline appear in the news. Since it’s attracted some interest in tech circles I’m a part of, I thought I’d repost it myself.
(This post was updated 20:35 BST with updated information about the deal. I’d like to thank The Register for their report of the news, which acted as the main source for these updates)
Intel has announced it is buying software-security company McAfee. The chip maker has offered $48 a share in cash for the anti-virus firm, a 62 per cent premium of McAfee’s Wednesday closing price of $29.93 a share. The total value of the acquisition, $7.68 billion, is Read the rest of this entry »
On Friday 13 August, 2010, v3.co.uk ran a promotion lasting 24 hours, allowing users to get a 1 year license of BitDefender AntiVirus 2010 for free. Here was the official word from them:
We’ve given you some of the very best full applications in the past and we’re back again with four full exclusive promos through August. The first is our exclusive BitDefender Antivirus 2010 [1-PC, 1-Year], worth $24.95/£16.99, available free of charge for everyone, for 24 hours, between miday CEST Friday 13 August to midday CEST Saturday 14 of August.
Where can you download your exclusively free BitDefender Antivirus 2010? From the V3.co.uk Software Store: http://store.v3.co.uk
Promotional information will be available on Friday, so keep checking the store. With this promo, you can download your software build on Friday, grab your serial code, then install or use at any time. Strictly one serial code per user, however.
Better still, with BitDefender 2011 due soon, you’ll be able to upgrade from the free 2010 to 2011! BitDefender are also offering you an exclusive upgrade promo to the full security suite, BitDefender Internet Security. More information on Friday.
This freebie has unfortunately now expired and is no longer available. However, as a testament to the history of Technically Motivated’s Freebies section, this topic shall remain at least for now.
Earlier in the week, I posted a lengthy article explaining why “deleting” a file does not actually get rid of it from your computer. In it, I stated that the only true way to delete a file permanently that you either don’t want, or think could be a problem if the wrong hands got a hold of it, is by using a Secure File Erasing tool. So let me present to you one such tool that I particularly like.
Eraser, by the Eraser Project, is a tool that needs little introduction, being as its very name explains its purpose better than any description could. But to give it a basic description, it’s a secure file-erasing tool that the developers describe as “an advanced security tool for Windows which allows you to completely remove sensitive data from your hard drive”. Here is the list of all of its features according to the developer:
- It works with Windows XP (with Service Pack 3), Windows Server 2003 (with Service Pack 2), Windows Vista, Windows Server 2008, Windows 7 and Windows Server 2008 R2
- Windows 98, ME, NT, 2000 can still be used with version 5.7!
- It works with any drive that works with Windows
- Secure drive erasure methods are supported out of the box
- Erases files, folders and their previously deleted counterparts
- Works with an extremely customisable Scheduler
To explain the last one – Eraser allows you to “schedule” an Erasing task to perform when YOU want it to, as well as the usual “erase this now” options.
Also, Eraser can securely erase files already in your Recycle Bin using a single right-click on the Bin. And it also has “Free Space Erasing” options, which will clean all the unused space on any of your drives, ensuring files that are still on the drive despite being “deleted” are gone for good. Now THAT’S peace of mind!
Eraser is available in two flavours – a Full Installer, for placing directly onto your computer, and a Portable Edition that you could install and run directly from a Memory Stick or other removable media, though the portable edition is a little old compared to the full installer (still works wonders, though). The best part is since Eraser is free, open source software, it’s free to download and will never cost you a single penny to use – a rare find these days. The open-source nature also makes it something you can trust.
Eraser homepage (Find out more about, and get Eraser)
Portable Edition
When you have no use for a particular file any more and you either want to save hard drive space or stop prying eyes from seeing it, it’s common behaviour to delete it from your computer. Like any good computer, Windows makes “deleting” a file very easy – just press Delete, or right-click and choose Delete, and it will put it in the Recycle Bin so you can decide whether or not you REALLY wanted it gone. Empty the Recycle Bin or press Delete again while it’s inside, and the file disappears from your computer.
You’ve probably thought that once you’ve deleted a file, it’s gone for good and you can forget about it, right? Wrong! Read the rest of this entry »