TechLuver.com

At Last !!!  Finally StopBadware.org brought the Real Malware, RealPlayer from RealNetworks, to the light of the day.

StopBadware has brought just some of the bad practises out in the open, while you can find about it in much more details in reader comments I’ve found on highly recognized technology sites like CNET’s News.com, tehRegister.co.uk and PCWorld.com, posted by their tech savvy readers.

Just in case, if you are wondering who / what is this StopBadware.org ?
Stopbadware, an industry-academia group designed to raise public awareness about software that violates fair information and privacy practices, is a collaboration between Harvard Law School’s Berkman Center for Internet & Society and Oxford University’s Oxford Internet Institute, with support from companies like Google, Lenovo, and Sun Microsystems.

Cambridge, MA — StopBadware.org, the consumer protection initiative developed to combat badware, on Jan 31, released an alert about RealNetworks Inc.’s RealPlayer software application.

The group found RealPlayer version 10.5 to be badware because of inadequate disclosure of advertising behavior and RealPlayer version 11 to be badware because it bundles an additional application without disclosure.

RealPlayer 11 is the current version of the application, offered on Real (dot) com as an internet video and multimedia player. RealPlayer 10.5 is an older version which is still widely distributed through such sites as BBC Radio and through the Firefox web browser’s “missing plug-in” capability.

The report highlights two areas of concern:
• The Software does not fully, accurately, clearly, and conspicuously disclose the principal and significant features and functionality of the application prior to installation - The advertising software bundled with RealPlayer is misleadingly called a ‘message center’, and is described incompletely and inconspicuously in the EULA as software designed to provide useful software updates. When RealPlayer 10.5 is installed, the advertising features of this ‘message center’ are enabled by default for users who choose not to register their personal information with RealNetworks after the software is installed.
• Software installs deceptively - RealPlayer 11 does not disclose that it installs Rhapsody Player Engine, and does not remove this software when RealPlayer is uninstalled. Users are not informed by the installer or uninstaller of the connection between RealNetworks and Rhapsody Player Engine.

“Software producers have a responsibility to inform users, clearly and unambiguously, about what software will be installed on their computers and what it will do,” said Maxim Weinstein, manager of StopBadware.org at the Berkman Center for Internet & Society at Harvard Law School. “RealNetworks does not allow users to make an informed choice about how their computers will be used. We hope to see a new version of RealPlayer soon that addresses these
concerns.” More at StopBadware.org (in pdf).

According to StopBadware.org’s definition of badware it is “malicious software that tracks your moves online and feeds that information back to shady marketing groups so that they can ambush you with targeted ads.”

Here are some of the reader comments I’ve found on PC world in response to their article on the issue:
User “Yert” writes at January 31, 2008 8:59 PM PT
“About freaking time. Real Player is the worst media software ever. And its competitors have DRM systems in place!

Seriously though, I don’t use Real Player, and uninstall it whenever I am authorized. It is not safe, not sane, and bloated, even compared to iTunes. Real Player should have lost the EU judgement on the fact that their product sucks!”

User “OnlineSolutions” writes at February 03, 2008  6:55 AM PT
“I installed RealPlayer’s suite once as an experiment and signed up to Rhapsody for their 30 day trial. I immediately changed my mind, but was unable to cancel using their website. They required a phone call to cancel, but the 800 number they gave didn’t work. After repeated emails and phone call attempts, I had to change my credit card number to stop the $19 / month in charges that had continued for 6 months. These people are either incompetent or crooks.”

Reader comments on CNET’s News.com:
Reader “GermanVermin” writes:
“realplayer sucks: Yeah. I have always hated realplayer. its chock full of advertisements, a pain to install, and runs background and startup services that slow down your computer. For an official client of a common propreitary video codec, RealPlayer should be more professional.

Use RealAlternative instead, it allows you to play realplayer videos inside of windows media player.”

Reader “MadLyb” writes:
“What a surprise: I stopped using RealPlayer years ago because of their intrusive software and policies. I’m surpised it took this long for someone to ding them.”

Reader “Electric.81″ writes:
“Real Player: Real Player is a piece of ‘crapolla’ and always has been since day one….now they’ve been caught with thier hand in the ‘cookie jar’ ;>) ”

Reader comments I’ve found on theRegister.co.uk:
Reader “Kev K” writes:
“Real Player & Quicktime both suck : QT lite and Real Alternative from free-codecs.com do the job very nicely for me without the bloat or constant nagging.”

Reader “Anonymous” writes:
“It’s been 3 years: since I stopped using this shyteware, just because of this annoying ODRealSched process of theirs that was getting reactivated once in a while despite I deleted it and removed any link to it.

How come you can trust such a company. Good thing they are named and shamed. At last !!!! ”

Reader “Robert Moore” writes:
“Die RealPlayer die!!! : I have come to accept that most media players (In windows) are resource hogs these days, but Real takes it to a whole new level.

I used to work for a retailer, in their service center, and I would regularly get in computers that the complaint was “Choppy DVD playback” or words to that effect. In most cases a quick uninstall of RealPlayer would fix it right up. Only PH would be foolish enought to install RealPlayer.”

Excerpts from the reader janimal’s comment:
“Real Malware: Have you ever read the Real license?? I’m pretty sure satan was involved because, it goes way beyond the usual accepted rights buggery and weasleness of the standard software license.

Happily if you want to view RM files these days (thanks for the access BBC bastards . I complain to them regularly about Real software) you can use Real Alternative avalable here..

http://codecguide.com/about_real.htm

I choose thumbs up because that’s what Real like to put up people’s bottoms.”

Finally, I never get that, when there are choices of free Windows Media Player 11 and Open Sourced VLC Media Player, why in the world any one need to use RealPlayer? Ok how to play the contents that are available only in Real Media ? I just never play those files

BUCHAREST, Romania – On Tuesday, Dec 18, BitDefender announced that BitDefender antivirus analysts have detected a new trojan, which hijacks Google text advertisements, replacing them with ads from a different provider.

The threat, which is identified by BitDefender as Trojan.Qhost.WU, modifies the infected computers’ Hosts file (a local storage for domain name / IP address mappings, which is consulted before domain name servers and is considered authoritative).

The modified file contains a line redirecting the host “page2.googlesyndication.com” which should point to an IP of the form 6x.xxx.xxx.xxx to a different address, of the form 9x.xxx.xxx.xxx, so that the infected machines’ browsers read ads from server at the replacement address rather than from Google.

“This is a serious situation that damages users and webmasters alike,” said Attila-Mihaly Balazs, a BitDefender virus analyst. “Users are affected because the advertisements and/or the linked sites may contain malicious code, which is a very likely situation, given that they are promoted using malware in the first place. Webmasters are affected because the trojan takes away viewers and thus a possible money source from their websites.”

Users are advised to let BitDefender software delete the trojan. More info on the ad-hijacking trojan at BitDefender here and Real-time Virus Reporting here.

Beware of the Love Bots!

So you think you’ve found Mr. or Ms. Right online in, of all places, a Chatroom. Beware! A Russian company has just come up with software that can simulate online flirting, genuinely fooling people into thinking they’re making overtures to a real person.

The program, so far available only in Russian, will go on sale around February 15, just after St Valentine’s Day, said the CyberLover.ru website.

San Francisco, Calif — PC Tools, on Dec 12, uncovered new software developed in Russia that flirts with females or males seeking relationships online in order to collect their personal data.

The software, CyberLover, can conduct fully automated flirtatious conversations with users of chat-rooms and dating sites to lure them into a set of dangerous actions such as sharing their identity or visiting web sites with malicious content.

According to its creators, CyberLover can establish a new relationship with up to ten partners in just 30 minutes and its victims cannot distinguish it from a human being.

PC Tools is concerned about the program’s ability to mimic human behavior during online interactions and urges internet users to beware of this new breed of software that can easily be used for malicious purposes. The concept behind this software could be the catalyst for a dangerous new trend in malware evolution.

“As a tool that can be used by hackers to conduct identity fraud, CyberLover demonstrates an unprecedented level of social engineering,” says Sergei Shevchenko, Senior Malware Analyst at PC Tools. “It employs highly intelligent and customized dialogue to target users of social networking systems.”

“Internet users today are generally aware of the dangers of suspicious attachments and URLs they receive, the documents they open or the websites they visit, but CyberLover employs a new technique that is unheard of – and that’s what makes it particularly dangerous.”

“CyberLover has been designed as a bot [robot] that lures victims automatically, without human intervention. If it’s spawned in multiple instances on multiple servers, the number of potential victims could be very substantial,” says Shevchenko.

According to PC Tools researchers, the CyberLover software:

- offers a variety of profiles ranging from ‘romantic lover’ to ‘sexual predator;’

- uses a series of easily configurable “dialogue scenarios” with pre-programmed questions and discussion topics;

- is designed to recognize the responses of chat-room users to tailor its interaction accordingly;

- compiles a detailed report on every person it meets and submits then to a remote source – the reports contain confidential information that the victim has shared with the bot, which can include the victim’s name, contact details and personal photo(s);

- invites victims to visit a “personal” website or blog which could in fact be a fake page used to automatically infect visitors with malware.

Though Cyberlover is currently targeting Russian web sites, social networkers and online daters in the are urged to stay alert to unusual activity credited to programs like CyberLover.

To protect themselves, PC Tools recommends:

• Never give your personal details to anyone over the internet.
• Consider using aliases/fake names on social networking sites and when chatting online.
• Carefully monitor the online behavior of your family members and educate them of the dangers.
• Ensure you have up-to-date AntiVirus and Anti-Spyware installed, with real-time and behavioral protection.

PC Tools warns the security industry to prepare itself for this potential new trend of malware which uses “natural language dialogue systems” – already deployed within gaming technologies. PC Tools.

OAKLAND, Calif — Ask.com a search engine owned by IAC on Tuesday, Dec 11, announced the launch of AskEraser, the first product to give consumers privacy control over their online searches.

When enabled by the user, AskEraser completely deletes all future search queries and associated cookie information from Ask.com servers, including IP address, User ID, Session ID, and the complete text of their queries.

An AskEraser link is featured prominently in the upper right corner of the Ask.com homepage and search results pages - clearly and constantly indicating to the user that their search activity will be ‘erased’ from Ask.com servers. AskEraser remains ‘on’ for searches conducted across Ask.com’s major search verticals: Web, Images, AskCity, News, Blogs, Video, and Maps & Directions - and can be turned ‘on’ or ‘off’ by the user at anytime.

“For people who worry about their online privacy, AskEraser now gives them control of their search information,” said Jim Lanzone, CEO of Ask.com. “AskEraser is simple, straightforward, and easy-to-use. It is an idea whose time has come.”

Earlier this year, Ask.com also announced that it is implementing a new data retention policy to disassociate search history from IP address and User ID after 18 months.

In addition, Ask.com has taken steps to further industry collaboration and dialogue on privacy issues. In July, Ask.com and Microsoft joined together in urging the online industry to develop global privacy principles for data collection, use and protection related to searching and online advertising.

AskEraser launched Tuesday in the United States and in the United Kingdom - and will be deployed globally in 2008. More at Ask.com.

Dec 08, ‘07 — Gadi Evron, a Security Architect for Afilias global registry services, an expert on corporate security and counterespionage, botnets, e-fraud and phishing, and the founder of the Zero-Day Emergency Response Team (ZERT), writes an excellent in-depth article on effectively fighting spam at ZDNet.

Excerpts from Gadi Evron’s article:
“Working in the Israeli city of Netanya, next door to our offices was a spam operation with roughly 30 employees. One day they weren’t there anymore.

They were blog comment spammers, but officially were doing Search Engine Optimization or SEO. Instead of optimizing content, they posted illicit comments on many blogs with commercial or misleading messages leading to their clients’ web sites, mainly for the purpose of increasing their clients’ web sites visibility in search engines such as Google. They would do this using an illegal tool such as botnets, and make quite a bit of money.

The reason for their disappearance soon became clear; nearly all their clients were gone. A law was passed in the United States which addressed online gambling operations (”Unlawful Internet Gambling Enforcement Act” - UIGEA). As a result, the public gaming industry ceased accepting online wagers. More than that, UIGEA addressed processing payments to and from Internet gambling sites. In a day, most of US-based gambling web sites ceased to exist (others moved over-seas, although quite a bit of the world’s credit processing is done by US firms).

This effectively caused the death of numerous black hat SEO companies–comment spammers. Perhaps the UIGEA measure against processing of payments proved too difficult to overcome. Not being a lawyer I can’t say exactly how UIGEA caused this death. No matter, US online gambling operations were effectively destroyed.

Spam decreased. The underlying cause for that was that the clients weren’t there due to the inability to process payments because of the online Casinos law. Not only black hat SEO companies suffered, many spam operations lost clients. There is nearly no more Casino spam in our mail inboxes. Isn’t that grand?

A long time ago I heard somebody say they asked a corporate take-over lawyer on how he’d take down spam. He said: Legalize and regulate it. It seems like he was right, just on a deeper level.” More at ZDNet.

Montclair, NJ — Dec 03, ‘07 — It was after 1 a.m. on a Sunday when college freshman Amanda Phillips arrived at the train station. She was nervous about walking alone in the dark to her dorm at Montclair State University.

So Phillips activated a GPS tracking device on her school-issued cell phone that would instantly alert campus police to her whereabouts if she didn’t turn it off in 20 minutes. After a five-minute walk, she safely reached her dorm room, locked the door behind her and turned off the timer.

“I think this is a great idea. It makes me feel a lot safer. And it’s not even that expensive,” said Phillips, an 18-year-old from Delaware.

Had she not turned the device off, an alarm would have sounded at the campus police station, and a computer screen would have displayed a dot with her location, along with her photo and other personal details.

College students at Montclair State University are all talking about a new requirement that will require students to have a cell phone.

Montclair is one of the first schools in the U.S. to use GPS tracking devices, which along with other security technology are increasingly being adopted on campuses in the wake of the Virginia Tech massacre last spring.

Students can use the timer, or, in an emergency, activate the GPS technology to instantly alert police.

The cost: $420 a year for a base plan which is bundled into the tuition bill.

It includes just 50 peak voice minutes a month, but unlimited text messaging to any carrier, unlimited campus-based data usage, and student activated emergency GPS tracking.

“What it does is allow students to have an extra pair or group of people watching over them when they’re going from one location to another,” Montclair Police Department Chief Paul Cell said.

The positive impact is already being felt across campus.

The university contracted with the New York-based upstart Rave Wireless for the safety technology and Sprint for the cell phone service. Montclair State said it is not making money on the deal. It said the total cost is around $2 million per year — almost exactly what the school collects from students to fund it.

Sprint added cell towers so that virtually every inch of the campus gets service.

Raju Rishi, co-founder of Rave, said Montclair State was the first to use the safety feature, called Rave Guardian. A half-dozen other schools, including nearby Fairleigh Dickinson University and the University of North Carolina, now use similar systems, Rishi said.

Rishi said campus police are not monitoring the movements of students who don’t turn on the GPS feature. “There’s no Big Brother,” Rishi said. “You need a subpoena to locate somebody against their will.” More at AP, WCBSTV.com

New Processor Provides 10x Performance Increase at One Tenth the Cost and Flexibility for HD Video Processing and Multi-Channel Applications.

HOUSTON, Texas — Dec 03, ‘07 /PRNewswire/ — To allow consumers to seamlessly move content across their video end products, Texas Instruments is offering a new DaVinci technology digital media processor for video transcoding in media gateways, multi-point control units, digital media adaptors, video security DVRs and IP set-top boxes.

Wrapped with a complete offering of development tools and digital media software, the new TMS320DM6467 DaVinci processor is a DSP-based system-on-chip (SoC) specifically tuned for real-time, multi-format, high-definition (HD) video transcoding. Integrating an ARM926EJ-S core and 600 MHz C64x+(TM) DSP core along with a high-definition video co-processor, conversion engine and targeted video port interfaces, the system solution delivers a 10x performance improvement over previous generation processors to perform simultaneous, multi-format HD encode, decode and transcoding up to H.264 HP@L4 (1080p 30fps, 1080i 60fps, 720p 60fps). More at DaVinci/TMS320DM6467.

Video security systems will see similar BOM (bill of materials) reductions and have the flexibility to implement multi-format multi-channel encode (up to four channels of MPEG4/H.264 MP D1 plus four secondary channels of MPEG4/H.264 MP CIF) or decode (up to six channels of MPEG4/H.264 MP D1) for hybrid digital video recorder (DVR) and server (DVS) systems. The DM6467 has an integrated C64x+ DSP which can accommodate video analytics or proprietary video processing algorithms. The DM6467 integrated ARM9, 10/100/1000 EMAC and ATA interfaces would eliminate the need for external host processor enabling a single chip DVR/DVS system.

Pricing and Availability

The DaVinci TMS320DM6467 is now sampling to select customers and will be sold in 50Ku volume for $35.95. The DVEVM is scheduled to begin shipping in 1Q08 from TI and TI Authorized Distributors. theDaVincieffect.

Wellington, New Zealand — Nov 29, ‘07 — Police nabbed the suspected teenage kingpin of an international cyber crime network accused of infiltrating 1.3 million computers and skimming millions of dollars from victims’ bank accounts, officials said.

“Working with the FBI and police in the Netherlands, New Zealand police arrested the 18-year-old in the North Island city of Hamilton, said Martin Kleintjes, head of the police electronic crime center. The suspect’s name was not immediately available.

Kleintjes charged that the ring was responsible for stealing at least $20 million using bank account and login details detected by their illegal spyware.

The 18-year-old Hamilton man is now co-operating with police after they carried out searches at Canterbury, Northland and Waikato addresses.

The FBI believes “AKILL” is the ringleader of a “botnet” – in this case a cluster of over a million computers infected by a malicious virus letting the perpetrator gain control of them, access private information and attack other computers.

The arrest was part of international probe into the criminal use of “botnets,” in which hackers gain control of third-party computers through malicious software and then use them as remote-controlled robots to crash online systems, accept spam and steal users’ personal information.

Eight people have been indicted, pleaded guilty or convicted since the investigation started in June. Thirteen additional warrants have been served in the U.S. and overseas in the investigation, which the FBI says has uncovered more than $20 million in economic losses.

New Zealand police searched the residence of the 18-year-old suspected to be the ringleader earlier this week. The federal agency identified the person by the online handle “AKILL.”

Earlier this month, Ryan Goldstein, 21, of Ambler, Pa., was indicted in the case. Authorities allege that the New Zealand suspect and Goldstein were involved in crashing a University of Pennsylvania engineering school server Feb. 23, 2006.” More at Stuff.co.nz

Nov 29, ‘07 — BBC News is reporting on a huge campaign to poison web searches and trick people into visiting malicious websites has been thwarted.

“The booby-trapped websites came up in search results for search terms such as “Christmas gifts” and “hospice”. Windows users falling for the trick risked having their machine hijacked and personal information plundered.

The criminals poisoned search results using thousands of domains set up to convince search index software they were serious sources of information.

While computer security researchers have seen small-scale attempts to subvert search results before now, the sheer scale of this attack dwarfed all others. “This was fairly epic,” said Alex Eckelberry, head of Sunbelt Software - one of the firms that uncovered the attack.

Eckelberry said tens of thousands of domains, many based in China and only a couple of days old, were used in the vanguard of the attack.

Websites loaded on these domains were booby-trapped with malicious software that looked for vulnerabilities in copies of Microsoft’s Internet Explorer used to browse them. “If your machine was not fully patched you were going to get hosed,” said Eckelberry.

The criminals who bought the domains convinced Google, MSN and Yahoo they were good and popular sources of information, said Mr Eckelberry, by using comment spam on blogs to push the pages up the search index rankings.

He speculated that the campaign was being waged by the Russian Business Network - a hi-tech criminal gang known to favour web-based attacks.

But, said Eckelberry, this attack was likely to be a harbinger of many more. “This is not going to go away,” he said.” More at BBCNews.

LIVERMORE, CALIF — In an effort to find an answer to the problem of identifying smuggled special nuclear material (SNM), researchers at Sandia National Laboratories in California say a Neutron Scatter Camera they are developing may be able to detect radiation from much greater distances and through more shielding than current detection instruments.

The neutron scatter camera, says Sandia physicist Nick Mascarenhas, has the capability to count neutrons from a source of SNM and localize it — meaning it doesn’t only indicate there is radiation present, but also where it is emanating from and, under some circumstances, how much.

“This instrument can pinpoint a hot spot in another room through walls, something not typically possible with gamma-ray detectors,” says Mascarenhas. “Performance-wise, it’s beating the older technologies, but we want to continue to push the limits of sensitivity and detection distance.”

Distance, says Mascarenhas, is a significant benchmark because it means the neutron scatter camera has the potential to detect through various types of shielding, a concern at any border crossing or point of entry.

Since 9/11, radiation detection has taken on a new immediacy as a means of preventing a nuclear weapon attack within the United States. Gamma-ray and neutron detectors are being deployed at border crossings and ports, with the goal of enabling interdiction of a nuclear weapon or material before it enters the country.

The neutron scatter camera has an advantage over traditional neutron detection because it can differentiate low energy neutrons from high energy neutrons.Another advantage is shielding. While some gamma rays can be blocked from detectors, neutrons are much more difficult to conceal. In a lab test, the camera easily detected and imaged a source placed across the hallway, through several walls and cabinets.

The biggest obstacle to the camera becoming widely adopted is the liquid scintillator, which is flammable, hazardous, and requires special handling. According to Mascarenhas, materials exist that could be used as a solid scintillator, but they need to be mass produced and made readily available in the U.S. for this purpose. Solid scintillator material, he says, is not in the scope of the current project but is a logical next step.

“We are not concerned with size at this point — our mission is to understand everything about the performance of this instrument and make it the best it can be,” he says. “Making it portable or compact might be the next steps, but that’s something I’m confident that Sandia, as an engineering laboratory, can solve.” More at Sandia.gov

SEOUL, South Korea –BUSINESS WIRE– Nov 22, ‘07 — Samsung Electronics, the world’s largest provider of thin-film-transistor, liquid crystal display (TFT-LCD) panels, announced today that it has completed development of a flat panel X-ray detector (FPXD) for radiology machines, in collaboration with Vatech Ltd, a Korean medical machinery manufacturing company.

By using digital imaging with thin-film transistor (TFT) technology, the diagnostic process is enhanced in many ways. In addition to delivering a much more precise image, Samsung’s new FPXD imaging sensor can save medical labs considerable time and money because no film or development process is needed.

An X-ray detector is an elaborate imaging sensor that converts invisible X-ray images into digital signals, which are then instantly transformed into pictures. Today, the medical profession still relies primarily on costly, plastic-based analog film for X-ray photography applications, which can take an excessively long period of time to develop in many medical situations.

The new FPXD measures 45 centimeters (cm) wide x 46cm high (or 61cm diagonally) and boasts a 3072 x 3072 (9.4 megapixels) resolution providing ultra-high definition images.

The new Samsung FXPD technology has virtually an endless range of applications beyond conventional X-ray systems. For example, it can be adopted for more advanced diagnostics such as CAT scans, for building inspections (scanning rebar structures, etc.) and for airport security scanners.

To create its FPXD, Samsung attached photodiodes to a TFT substrate that was produced using its proprietary amorphous silicon technology. The X-rays are detected photon by photon and then converted into visible light, which in turn is converted to electrical signals that can be displayed as diagnostic images on a flat panel screen.

In addition, Samsung has created an image enhancement function to eliminate most digital image noise interference to provide the highest radiographic sensitivity in the industry.

Samsung’s expects that its new, FPXD one-stop, total solution will secure the leadership position in the growing market for medical equipment detectors.The device will be available worldwide beginning first quarter, 2008.

CUPERTINO, CA– Nov 16, ‘07 — On the heels of Microsoft releasing Windows Live OneCare, Symantec today announced new versions of Norton SystemWorks, the leading PC tuneup solution that diagnoses, repairs and maintains consumer and home office/small office computers. Norton SystemWorks Standard, Norton SystemWorks Premier and Norton SystemWorks Basic are now Vista compatible and provide consumers the opportunity to choose the solution that best suits their needs.

All three editions of Norton SystemWorks automatically diagnose and fix hard drive errors with the One-Button Checkup feature. Also included are Norton Utilities’ trusted tools, Norton Cleanup, which removes cookies and temporary files, and System Optimizer, which allows computer users to optimize their Windows settings from a single screen.

In addition, Norton SystemWorks Standard and Premier include Norton AntiVirus 2008, which protects against new and emerging malicious code. Norton SystemWorks Premier also features Norton Save & Restore 2.0, offering easy yet reliable system and data backup and recovery, and an emergency boot CD so customers can start their computer when it can’t start itself.

Pricing and Availability

The estimated retail prices for the products are US$69.99 for Norton SystemWorks Standard, US$49.99 for Norton SystemWorks Basic, and US$99.99 for Norton SystemWorks Premier. Prices for all editions of Norton SystemWorks include a one-year subscription to Symantec’s protection updates. More at Symantec.

REDMOND, Wash — Nov 15, ‘07 — Microsoft on Thursday officially released Windows Live OneCare 2.0, which has been in beta testing since July.

Windows Live OneCare is an online service that provides managed maintenance and security for consumers and small businesses. It offers protection from viruses, spyware, and phishing, helps with firewall settings, and coordinates system tune-ups and data backup.

“Customers have told us they want an all-in-one solution for PC care that is simple and easy to use across all the PCs in their home,” said Amy Barzdukas, senior director of Windows Live OneCare at Microsoft, in a statement. “Windows Live OneCare helps address this need by providing a comprehensive set of security and performance tools while adding new features, including multi-PC management, printer sharing support and centralized backup options.”

The service’s main new feature is the OneCare Circle, which links PCs together over a wireless connection to make them manageable from a single place. OneCare Circle allows, for example, a parent to see that a child has disabled the firewall on his or her PC and to turn it back on. It also helps centralize data backup by allowing a hard drive connected to any linked machine to serve the whole home network.

The service also includes the new Start Time Optimizer, which helps users load only the programs they require at startup, thus accelerating the startup process. In addition, it includes a “Proactive Fixes and Recommendations” feature to help optimize PC performance, and it helps maintain wireless networking security. More at Microsoft.

Atlanta, GA — Nov 15, ‘07 — Half of more than 3,000 retail stores that a wireless security company secretly monitored at major shopping areas in the U.S. and Europe use wireless data systems vulnerable to hacking, the company said Thursday.

The data that stores routinely transmit on wireless networks include credit card and Social Security numbers and other sensitive customer information.

AirDefense Inc., an Atlanta-based maker of security products for wireless data systems, found that about 25 percent of the stores’ 4,748 wireless access points were exchanging data with no encryption at all to foil electronic eavesdroppers.

Another 25 percent were using an outdated encryption method called Wireless Equivalent Privacy (WEP) that is easily cracked by thieves using widely available tools.

The remaining half of the access points — the connections between wireless devices and computer networks — were using newer encryption methods that are considered far harder to crack.

The six-week undercover project — conducted at shopping areas in Atlanta, Boston, Chicago, Los Angeles, New York, San Francisco, London and Paris — attempted to expose security holes in wireless networks that are increasingly used to transmit data inside stores.

Wireless systems are believed to have been the entry points for recent large-scale data thefts at retailers, including a massive heist at discount retailer TJX Cos.

TJX said in March that at least 45.7 million cards were exposed, although recent court filings by banks suing TJX estimate than 100 million were. Canadian investigators concluded in September that TJX had failed to upgrade its encryption from the older WEP method by the time the eavesdropping began in July 2005.

“The bad guys are going to go for the low-hanging fruit, and that’s the wireless networks,” said Richard Rushing, AirDefense’s chief security officer and manager of the survey project.

The most common data security lapses involved mis-configured access points that open backdoors to data. On several occasions, larger retailers had configured access points to work with WPA but had not switched off WEP, the weakest wireless security protocol. In addition, many retailers use their store name in the SSID, the name assigned by the equipment vendor to the wireless network during installation giving away a retailer’s identity. SSID’s can easily be reconfigured but often times are not. More at AirDefense.

Nov 14, ‘07 — AT&T plans on Wednesday to introduce a nationwide program giving owners of small- and medium-size businesses some of the same tools big security firms offer for remotely monitoring employees, customers and operations, the New York Times said in its online edition.Under AT&T’s Remote Monitor program, a business owner could install adjustable cameras, door sensors and other gadgets at up to five different company locations across the country, the newspaper reported.

Using a Java-enabled mobile device or a personal computer connected to the Internet, the owner would be able to view any of the images in real time, control room lighting and track equipment temperatures remotely, the Times said. All the images are recorded on digital video which can be viewed for up to 30 days, the newspaper added.

According to the Times, equipment costs range from $199 for a fixed camera starter kit in a single location, to $349 for multiple cameras including ones that will pan or tilt. The newspaper also said monthly monitoring charges range from $9.95 for a single location, to $39.95 for five locations. More at AT&T Remote Monitor.

Los Angeles, CA — Nov 10, ‘07 — A Los Angeles  computer security consultant entrusted with making personal computers safer has admitted to hacking into them to create a rogue network of as many as 250,000 PCs, which he used to steal money and identities.

Federal prosecutors Friday said that John Kenneth Schiefer, a 26-year-old computer security consultant, used an army of hijacked computers, known as a “botnet,” to carry out a variety of schemes to rip off unsuspecting consumers and corporations.

Schiefer agreed to plead guilty to four felony charges in connection with the case and faces up to 60 years in prison and a $1.75-million fine, according to court documents filed Friday in federal court in Los Angeles.

Schiefer, who used the Internet name “acidstorm,” is the first person charged under federal wiretapping law with operating a “botnet,” or network of compromised computers, Assistant U.S. Atty. Mark Krause said.

“People hired him to fix their computers, to make sure they’re safe,” Krause said. Instead, prosecutors contend that Schiefer and his associates installed malicious computer code, called malware, that gave them remote access to the computers without the owners’ knowledge.

The “zombie” computers then eavesdropped on the users’ electronic communications. The vast number of computers that Schiefer compromised — as many as 250,000 — highlights a stealthy online crime spree on the rise.

These botnets, short for “robot networks,” remotely harvest personal information, including user names and passwords, to give their operators access to credit card information and online bank accounts.

Schiefer culled user names, passwords for the PayPal online payment service, and other account information that he used to make unauthorized purchases and passed on to others, prosecutors said.

In all, the federal indictment includes four counts of accessing protected computers to commit fraud, disclosing illegally intercepted electronic communications, wire fraud and bank fraud. Federal authorities were still trying to identify victims and the scope of their losses, Krause said.

Cannes, France (Gartner ITxpo) – November 5, 2007 – Trend Micro today announced the latest version of its mobile device security solution, available to the market in December 2007. The release of Trend Micro Mobile Security (TMMS) 5.0, girded with data encryption and authentication, mitigates mobile security challenges such as security breaches and data leakage while allowing enterprise administrators to manage security for handheld devices from a single console.

TMMS 5.0 features new data encryption and authentication capabilities: If a mobile device is lost or stolen, the business-critical data contained in it is encrypted unless it is unlocked with a password. Data on devices that do not comply with policies can be wiped out by administrators. The anti-malware features block viruses, worms, Trojans and SMS text message spam. Built-in firewall and Intrusion Detection System (IDS) protects against hackers, intrusions and denial-of-service attacks – all potential threats to mobile devices.

TMMS 5.0 uses the OfficeScan Client/Server Edition (OSCE) 8.0 console which also manages medium business and enterprise PC and server security. By installing TMMS 5.0 onto their OSCE 8.0 console, existing customers use a single console to manage mobile devices, desktop PCs and enterprise servers. Customers not presently using OSCE 8.0 receive an OSCE 8.0 console license with their TMMS 5.0 purchase.

Trend Micro Mobile Security 5.0 supports multiple leading platforms such as Windows Mobile 5.0 (Smartphone.) Windows Mobile 6.0 (Standard Edition); Windows Mobile 5.0 (PocketPC.) Windows Mobile 6.0 (Classic and Professional); and Symbian S60/3rd Edition (Nokia E-Series.)

Pricing and Availability : Trend Micro Mobile Security 5.0 Standard includes antivirus, firewall, Intrusion Detection System, and centralized management. Trend Micro Mobile Security 5.0 Advanced adds encryption and authentication. TMMS 5.0 starts at $US35 per device while TMMS 5.0 Advanced starts at $70 per device with standard volume discounts applying. TMMS 5.0 Standard and Advanced for Windows Mobile 5.0/6.0, and TMMS 5.0 for Symbian/S60 3rd Edition (Nokia E-Series) will be available in mid-December 2007. TMMS 5.0 Advanced for Symbian/S60 3rd Edition, which includes encryption and authentication, is planned to be available in the first half of 2008. More at Trend Micro here and here.

McAfee to Enhance E-Commerce Security by Integrating HACKER SAFE with SiteAdvisor Safe Search.  

Santa Clara, CA — Oct. 30 /PRNewswire-FirstCall/ — McAfee today announced a definitive agreement to acquire the privately-held ScanAlert, creators of the fast-growing HACKER SAFE Web site security certification service, for approximately $51 million in cash up front and with an earn-out of up to an additional $24 million if certain performance targets are met. The acquisition will extend McAfee’s leadership position in Web security, and will help to guide the more than 116 million U.S. consumers who shop online to safe e-commerce Web sites. 

According to the Common Vulnerabilities and Exposure List, which is sponsored by the National Cyber Security Division of the U.S. Department of Homeland Security, vulnerabilities found in Web applications are now the most commonly found, surpassing those discovered in Microsoft Windows and desktop software. 

ScanAlert audits and certifies the security of 8,000 customers representing more than 75,000 Web sites, and its patent-pending technology protects more than 15 million e-commerce transactions each month. The HACKER SAFE security trust mark is displayed by over 60% of the Internet Retailer Top 500 list, including well-known brands such as American Red Cross, GUESS, PETCO, Toshiba and Warner Brothers. 

Web sites earning HACKER SAFE certification derive multiple benefits:

• HACKER SAFE’s trust mark has shown to boost consumer confidence and drive an average of 14% increase in conversion rates.
• Increased visibility in comparison shopping services. Merchants may drive an increase in sales further by showing their HACKER SAFE certification in such comparison shopping site results as PriceGrabber.com, Yahoo! Shopping and Pronto.com.
• Proactive monitoring. With daily scanning for vulnerabilities, e-commerce sites enjoy both an added layer of security as well as proactive monitoring so they can address potential security issues before they impact consumers.
• PCI compliance. ScanAlert also helps sites with compliance related to PCI, the payment card industry’s security standard, by managing the external scanning requirement.
• McAfee SiteAdvisor integration. When the integration is completed, HACKER SAFE certified sites will be highly visible through SiteAdvisor. SiteAdvisor has been downloaded more than 90 million times. HACKER SAFE Web sites will also be McAfee SiteAdvisor tested.

ScanAlert will be integrated into McAfee’s Web Security Group, co-led by Ken Leonard of ScanAlert and by Tim Dowling, a vice president under McAfee’s consumer, mobile and small business unit, which is headed up by Senior Vice President and General Manager Todd Gebhart. More at McAfee.

Trend Micro will augment content-security solutions with the addition of innovative data leak prevention experts, technology and products.CUPERTINO, Calif. and TOKYO, Oct. 25, ‘07 /PRNewswire/ — Trend Micro Incorporated , a leader in network antivirus and Internet content security software and services, announced today a definitive agreement to acquire Provilla, Inc., a leading provider of fingerprint-based intelligent endpoint solutions for data leak prevention (DLP) in organizations. Under the agreement, Provilla will operate as a subsidiary of Trend Micro’s U.S. affiliate. Provilla’s data leak prevention experts as well as technology and products will enhance the Trend Micro portfolio of easily deployed and managed multi-layered content-security solutions for business customers.

Organizations of all sizes are vulnerable to data leaks that expose them to security, intellectual property, monetary, privacy and compliance threats. On-the-move workers, equipped with unsecured, unprotected mobile computers, may inadvertently or intentionally expose confidential company information via wireless networks. With an ever increasing array of USB-based devices, all corporate desktops are now also at risk. An organization’s time, money, and reputation are at risk when such a data leak occurs, with security professionals urgently attempting to recover sensitive data and mend the leak.

Enterprise security professionals are in constant battle: Even when old leaks are controlled, new data leaks frequently occur through a plethora of other endpoints. Provilla technology intelligently controls leaks at multiple endpoints. The technology also lets organizations know the exact locations of sensitive data for active and effective control. Provilla products also educate and sensitize end users to corporate policies and regulatory requirements.

“As demand for DLP solutions has ramped quickly, we have been able to meet the need with a steady stream of innovative products and advancements primarily because of a stellar group of Provilla technologists,” said Shu Huang, chief technical officer, Provilla. “Our people are excited by the opportunity to join forces with the Trend Micro team, which is known for a commitment to technical innovation and to customers globally that starts at the top and permeates the ranks. We see this as an opportunity to build a complete data leak prevention product suite that fits with Trend Micro’s philosophy of central security management.” Trend Micro will continue to offer Provilla’s stand-alone products for the near term as well as gradually integrate Provilla’s capabilities into its own enterprise, small and medium business solutions. Provilla products are deployed in North America, China, Taiwan, Europe and Japan.

 More at Trend Micro