The developers of Bitcoin, a unknown digital banking system, have bound a flaw in a complement that authorised antagonistic users to perform rejection of use (DoS) attacks on a victim’s node, causing it to stop receiving updates from a Bitcoin network.

To send and accept payments, Bitcoin nodes encode a send information into blocks of information that get many-sided into a globally distributed retard chain. Each transaction is cryptographically sealed and related to a prior one. For this complement to work, a user’s customer needs to promulgate with a tellurian network frequently in sequence to keep adult to date with a exchange that have happened given a final time it was online. If a node is removed from a network for a poignant volume of time, it can not trigger or accept transfers of bitcoins.

The developers have not nonetheless explained how a disadvantage in a Bitcoin program can be exploited – they wish to give users sufficient time to patch their clients before releasing information that could be used by hackers to retreat operative a operative exploit. They have, however, expelled version 0.6.2 of a customer that fixes a problem. Backports of a repair for versions 0.5.5 and 0.4.6 are also available. The developers have settled that a disadvantage can't be used to concede users’ wallets.

The Bitcoin customer is accessible for Windows, Mac OS X and Linux. Its source formula is protected underneath a MIT License.

See also:

• Bitcoinica Bitcoin site breached, a news from The H.

(fab)

フロントエンドのサイトはすべて中央のバックエンドサイトにリダイレクトされ、このバックエンドがファイルジェネレータまたはリポジトリとして機能します。これまでに確認されているフロントエンドのサイトの一部を挙げます。

• [http://]www.fruitninjaandroid-apk.ru
• [http://]www.flashplayerandroid-apk.ru
• [http://]www.cuttherope-android-apk.ru
• [http://]www.cuttherope-experiments-apk.ru
• [http://]www.cuttherope-apk.ru
• [http://]www.angrybirds-android-apk.ru
• [http://]www.jellydefense.ru
• [http://]www.templerun-android.ru

正規のゲームであると信じ込ませるために、ゲームをプレイしているデバイスの実際のスクリーンショット画像が使われていることに注目してください。

アプリをインストールするときの許可の要求には常に注意を払ってください。怪しい場合は、開発者の Web サイトで公式のダウンロードリンクを確認するようにしましょう。次回の私のブログでは、「イビルツイン手法で狙われた Android アプリ: パート 2」と題して、偽アプリで使われている典型的な手口と、それを回避する方法を紹介する予定です。

* 日本語版セキュリティレスポンスブログの RSS フィードを購読するには、http://www.symantec.com/connect/ja/item-feeds/blog/2261/feed/all/ja にアクセスしてください。

Those who try to envision a destiny run a risk of being wrong. But those who disremember a significance of conducting a impending investigate adopt a pacifist opinion that weakens them opposite a persecution of events. Anticipating governmental changes prepares us to continue a storm.

That quote comes from a recently published Prospective Analysis on Trends in Cybercrime from 2011 to 2020, by a French General of a Army, Marc Watin-Augouard.

This investigate was creatively published in French by a row of experts from a open and private sectors. we was one of them.

Our proceed was formed on a Delphi method, an iterative routine of contention formed on a petition grown by a systematic committee, with halt summaries drawn adult by an ad-hoc committee. The paperless contention routine was effective and kept member responses anonymous, that intended a personification field. The 22 experts who contributed to this investigate underwent 3 rounds of particular interviews, permitting them to demonstrate their opinions and reformulate their responses formed on a formula of a organisation discussions. Their analyses and particular imagination have led to a vacant request that outlines standard rapist trends of a 21st century. The routine took one year to benefaction a formula in this summary.

The outcome of this work is not an finish in itself, though rather a apparatus to inspire contention among process makers, business leaders, and member of polite multitude per strategies to say a best probable control in a digital universe but borders.

McAfee has translated of a formula of this new French investigate on computer-related crime. McAfee, and I, cruise this process and strange investigate useful in explaining a threats we face currently and presaging what we competence see in a years adult to 2020. Armed with this expertise, we can some-more effectively strengthen ourselves opposite destiny cybercrime.

The English chronicle of a request is available here.

Tags: Cybercrime, predictions

A few months ago we highlighted Facebook confidence settings and how to capacitate several protections. In this post, we excavate some-more into granular control of your information privacy. By ratcheting down your remoteness settings, we can have some-more control over who can get to your data, assisting to keep your amicable networking knowledge positive, and potentially preventing problems before they occur.

Protect Yourself

When we record into your account, we can perspective or cgange your remoteness settings on a pulldown menu underneath “Home” on a tip right of a page. Here’s what cave looks like:

When we get to a Privacy alighting page, we competence notice your default settings are set to “Public”, here we refurbish them.

Notice this is targeted during your default pity options, we can also change them for specific equipment on a site by regulating a inline assembly selector, yet here it’s a good thought to name “Custom” and mention what fits your needs, here’s what’s shown by default:

That’s a small too open for many, so we make a default prominence to “Only Me”, gripping in mind that we can use a inline assembly selector to dilate a assembly of sold information we wish to share, yet if we don’t, a default will be to keep it some-more private.

Notice we can also categorically list people or lists we DON’T wish to share things with, a arrange of information pity blacklist, that we competence find useful if we opt to share with others yet wish to shorten certain aspects some-more granularly. If we name this choice we are also presented with a note saying:

That means if we tab someone in a photo, for example, they will be means to perspective a photo, even yet we don’t categorically opt to share it.

Now let’s demeanour during ways other people can entrance your form information. We start by selecting a “Edit Settings” couple behind on a Privacy Settings page:

The default settings uncover “Everyone”, shown below:

These default settings are a small too approving for my tastes, so we ratchet them down like this:

This environment keeps my form a small some-more private. Back during a Privacy home page, let’s take a demeanour during “Profile and Tagging” to control how information gets tagged and shared:

Here we can ratchet down who can post to your wall, who can see posts tagged in your profile, and so on. Below is a default:

I would cite to shorten some-more calm to friends only, so we change it to simulate that preference:

Also, we competence wish to control who can tab we in their calm by enabling “Review posts friends tab we in before they seem on your profile” if we select to shorten that.

Next we shorten past post visibility, that is a good thought if you’ve had a lot of posts in a past, and you’d cite some-more granular control over how that information is shared:

When we revise this section, we are presented with a shade warning we about restricting past posts, warning that given it’s a tellurian change, we competence also select to only shorten specific posts, rather than opposite your whole profile. Continue past this warning by selecting “Limit Old Posts.” You will be asked to endorse this choice, warning that this change competence not be easy to undo.

Next we take a demeanour during “Blocked People and Apps”, a arrange of blacklist for specific functionality:

Click on “Manage Blocking” link, that opens a following dialog box:

This functionality can come in accessible if we have been removing unwelcome interactions from someone on your crony list. Also, note that once we supplement a user to your Restricted List, they aren’t told of a change, that is accessible for traffic with potentially pestering friends wanting to know because you’ve altered your settings.

Summary

These are some of a simple protections that will assistance control a information stretch of your private information. Of course, Facebook updates a confidence and remoteness settings on sincerely unchanging intervals, so we will yield updates from time-to-time. In multiple with a progressing confidence post, this remoteness authority should go a prolonged approach toward gripping your amicable networking safer and forestall problems with your personal information swelling serve than we designed or expected. If we find this post helpful, or have any Facebook remoteness tips you’d like to share, greatfully let us know in a Comments below.

.

Bing Updates Available for Test Drive
You might have heard final week about some large updates entrance to Bing that we consider will yield we a new and sparkling approach to search. The new facilities began to roll-out Tuesday here in a U.S. You can check out some of a new facilities during http://www.bing.com/new.

You can also learn some-more about a updates from a video below, that provides a good overview of what you’ll find in a new Bing some and credentials on a new features. With a rested design, a new image underline for present entrance to action-oriented information, or get recommendation and recommendations from friends and experts with a new amicable sidebar, it’s a large recover for a Bing team, and we wish we like it.

div img alt=”DCSIMG” id=”DCSIMG” width=”1″ height=”1″ src=”http://m.webtrends.com/dcsygm2gb10000kf9xm7kfvub_9p1t/njs.gif?dcsuri=/nojavascriptWT.js=No” / /div

Aviary SDK accessible for Windows Phone …
Steve Clayton reported some interesting news for developers, as a folks from Aviary have expelled an SDK for Windows Phone, creation it easy for a developer to confederate Aviary’s impressive print modifying tools into mobile apps.The editor itself can be integrated into a web site or app with a few lines of code, so good value checking out.

… and LinkedIn too
Another sparkling square of news for Windows Phone customers. LinkedIn has expelled a unequivocally nice new app for Windows 7 phones. It’s one a lot of us have been looking brazen to, and early reviews of a pattern and functionality are positive.

You can review some-more about a app from a LinkedIn blog, or download it today.

Security Advantages Emerge in Cloud Computing
While during initial blush, many companies might see a pierce to cloud-based systems as formulating intensity confidence issues, a new study consecrated by Microsoft shows that many companies are anticipating a conflicting to be true. For many tiny and mid-sized companies, cloud services can offer a good understanding of confidence advantages and expetise that can be formidable and dear to grasp otherwise. Survey respondents news spending scarcely one-third reduction time handling confidence issues than those not regulating cloud services.

Windows 8 Utilities and Disk Health
In a new post on a Building Windows 8 Blog, Kiran Bangalore, a module manager on a Windows team, reviews in fact some of a changes being done to a chkdsk utility, used for detecting and repair issues of hoop corruption. While such issues start rarely, a time it takes to run can be a source of disappointment to Windows users. The changes are designed to make this routine some-more pure and reduction intrusive. It’s one of a many behind-the-scenes improvements a Windows group is creation that promises to save Windows users and IT Administrators a good understanding of time and difficulty when issues come up.

Windows 8: Sharing Works like a Charm
One some-more from Windows 8 – and IE10 – though on a facilities side. The IE blog has a good post explaining how a group has done sharing links faster and easier. Today, pity a couple from a Web site we like involves duplicating a link, opening or toggling over to another app, and afterwards pasting it in to share or email that link.

With a share charm, we can share links to Web sites in a most some-more useful and visually-appealing way. Rather than use mysterious URLs, Windows 8 and IE10 emanate a abounding couple preview, regulating Web page titles, descriptions and thumbnail images to arrangement and share, most as we share equipment with many amicable media sites. And Windows 8 and IE10 both support a OpenGraph protocol, so site owners can control how their web sites and pages uncover adult in Windows 8 as well.

 
That’s all for this week … interjection for interlude by!

There are new strategy being suspicion adult daily, and there will never be a extent to what cyber-criminals are peaceful to do to get to your Mac and your private data. By holding a suitable measures to learn about Mac security, we will find that even yet a possibility of being putrescent is always there, staying sensitive is a best approach to keep your mechanism stable from a bad guys.

EMBED THIS IMAGE ON YOUR SITE:

Source:Mac Anti-Virus Security – Intego

Artemis, a auxiliary of a NCC Group, skeleton to emanate a form of high-security section on a internet underneath a .secure general Top Level Domain (gTLD). Subdomains on this gTLD would have to use confidence technologies such as HTTPS and a domain name complement that is stable around DNSsec. These mandate are designed to boost a trustworthiness, flawlessness and confidence of services that run underneath .secure. On a web site, Artemis explains that this advantages services such as banks, blurb enterprises and non-profit organisations.

Registrants for .secure contingency yield identity, corporate and heading support that will be checked thoroughly, according to a company. Artemis explains in a FAQ that it will use two-factor authentication for residence corroboration and will check for heading violations. Registrants contingency also determine to a company’s Acceptable Use and Security Control Policies, that are designed to forestall antagonistic activity or a unconsidered origination of vulnerabilities by blank confidence technologies.

Artemis is also operative with vital internet companies to form a Domain Policy Working Group (DPWG) and emanate a selection for secure web sites. This selection (Domain Policy Framework, DPF) will be submitted to a IETF and it is dictated that it should turn a partial of renouned browsers and mail servers. Artemis says that a smallest DPF mandate are imperative DNSsec signing of each zone, a use of TLS for all HTTP sessions, mail domains that are sealed around DKIM, and a use of opportunistic encryption for SMTP. Other DPF mandate are designed to revoke a risk of compromised and illegitimately used Certificate Authorities, and to strengthen a email trade between .secure domains.

Artemis skeleton to use pointless checks to guard .secure subdomains. If a teenager process crack is found, a operators will accept a warning around email. The association skeleton to respond to vital process infringements such as a hosting of malware by suspending or invalidating contracts.

The thought of handling a special process gTLD isn’t new: for instance, a operators of a .mobi subdomain contingency safeguard that any web pages found underneath such an residence are optimised for mobile devices.

(fab)

While there were few daily spikes final year, clearly there has been some-more activity in a final dual months.

Looking behind during final year, a ccTLD for India (.in) ranked tenth on a TLD placement list:

However, a .in ccTLD jumps to a fifth mark when looking during a final month (while a commission some-more than quadruples):

Examining messages found in a Global Intelligence Network, Symantec researchers have found that a immeasurable infancy of spam messages containing .in URLs is strike run spam. Back in Mar of this year Symantec remarkable an boost in strike run spam and .in URLs seem to be compared with it.

Here are tip 10 theme lines from .in URL spam over a final 5 days:

Subject: Avoid Retail Markup
Subject: What Retailers Don't Want You to Know
Subject: Visitors Pass
Subject: Visitors Pass Alert
Subject: 4 dishes that KILL fat and 7 food chemicals that CAUSE it
Subject: Visitors Pass Notification
Subject: Warning- You might not be stable by Norton. Update Now.
Subject: Health coverage with or but pre-existing conditions.
Subject: Special 2012 Savings - Eliminate whole phone bill
Subject: DirectBuy Visitors Pass Notification

Please note a use of a Norton code above is unapproved and that summary is not from Symantec. Rather than providing antivirus program updates, as a summary claims, these messages instead mostly broach several malware to users.

Symantec will continue to guard this trend and emanate additional filters to aim these attacks. In addition, Symantec also advises enterprises and consumers to adopt a best practices found in a Symantec Intelligence Report.

Apple only expelled an advisory addressing 17 confidence flaws in QuickTime Media Player. The refurbish is rated vicious as several of a bound vulnerabilities can be used to grasp “Remote Code Execution”. One of a vicious vulnerabilities addressed is CVE-2012-0671, that we detected and reported to Apple progressing this year.

How was a disadvantage discovered?

I found a disadvantage by manually questioning and retreat engineering a binary formula of QuickTime and combined a fuzzer to cover specific portions of a Apple media formats. In this sold vulnerability, QuickTime does not parse .pct media files properly, that causes a crime in a procedure DllMain by a deformed record with an shabby value located during equivalent 0x20E. In my contrast we used QuickTime Player chronicle 7.7.1 (1680.42) on Windows XP SP 3 – PT_BR, though many expected other versions on Windows influenced as well.

A PoC repro01.pct is accessible for meddlesome parties and was common with Apple on Feb 22, 2012 to assistance them locate and repair a problem.

What does this disadvantage mean?

If we use QuickTime, enemy can take sum control of your appurtenance by this vulnerability, that is triggered by personification a antagonistic media record that uses overly vast values in a PCT picture format. A standard conflict would hide such a record into a webpage and use amicable engineering to expostulate users into observation a page. So far, there have been no reports of enemy exploiting this disadvantage yet.

To put this into context, QuickTime is used by 61% of all internet enabled PCs, including 49% of all Windows PCs and 98% of all Apple computers (numbers pleasantness of Qualys BrowserCheck). Even if we don’t use QuickTime by default to play cinema and videos, it can be used as a media actor for a PCT format on all web browsers, including Chrome, Safari, Internet Explorer and Firefox.

All users, consumers and businesses alike, should download a confidence refurbish as shortly as probable given simply browsing to a antagonistic web page on any web browser can activate this vulnerability. If you’re not certain either your QuickTime plug-in is updated, we can use Qualys BrowserCheck, a giveaway service, to check if we need to download a update.

Throughout a whole process, Apple was really veteran in doing this emanate and supposing consistent standing updates on my request. It was good to see a association of Apple’s distance holding a active purpose to safeguard that their program and their users are stable from vital vulnerabilities like this one.

A minute advisory can be accessed during https://community.qualys.com/docs/DOC-3511