Three from Building Windows 8. If we can’t get adequate news on Windows 8, check out these 3 new posts from Building Windows 8 – reliably measuring browser performance, SkyDrive and Windows 8 and using a denunciation we wish on Windows 8. Don’t skip ‘em!

The Windows trademark redesigned. We have pronounced that Windows 8 is a finish reimagination of a Windows handling system. Nothing has been left unexplored, including a Windows logo, to weigh how it hold adult to complicated PC sensibilities. The Windows trademark is a clever and widely famous mark, though when we stepped behind and analyzed it, we satisfied an expansion of a trademark would improved simulate a Metro character design beliefs and we also felt there was an event to reconnect with some of a absolute characteristics of prior incarnations. To get a rest of this story, review this Feb. 17 post on Blogging Windows. Below is a screenshot of a new logo:

Google bypassing user remoteness settings. When a IE group listened that Google had bypassed user remoteness settings on Safari, we asked ourselves a elementary question: is Google circumventing a remoteness preferences of Internet Explorer users too? We’ve detected a answer is yes: Google is contracting identical methods to get around a default remoteness protections in IE and lane IE users with cookies. Below we spell out in some-more fact what we’ve discovered, as good as recommendations to IE users on how to strengthen their remoteness from Google with a use of IE9′s Tracking Protection feature. We’ve also contacted Google and asked them to dedicate to honoring P3P remoteness settings for users of all browsers. For some-more on this story, review this Monday post on a IEBlog.

Finding Windows Phone Champs. Here during Microsoft we call a Windows Phone evangelists “Phone Champs”. Champs safeguard a developers get accurately a assistance and support they need and are a voice of a developer community. They are all experts on a height and offer as internal resources to answer questions from stream or impending developers. Champs can assistance we troubleshoot a problem in your app and can assistance we get your hands on a phone for testing. For some-more on this story, review this Feb. 17 post on The Windows Phone Developer Blog.

Windows Azure Community News Roundup. The Windows Azure Blog has published a latest book of a weekly roundup of a latest community-driven news, calm and conversations about cloud computing and Windows Azure. Check it out.

From a IEBlog: Sub-pixel digest and a CSS intent model. With Windows 8, we have an rare choice of inclination for browsing a Web, from vast desktop screens to tiny slates. In sequence to accommodate this operation of devices, a browser contingency be means to scale and blueprint a Web during many opposite shade sizes and dimensions. We’ve formerly blogged about some of the features in IE that support these scenarios. Sub-pixel positioning (of content and layout) is one of a core height technologies that capacitate Web pages to demeanour pleasing and unchanging during any scale. In this post, we report changes done in IE10 to improved support sub-pixel positioning by a CSS-OM.

Burns McDonnell chooses Microsoft Dynamics CRM 2011. Microsoft announced on Monday that Burns McDonnell, a full-service engineering, architecture, construction, environmental and consulting services firm, has selected Microsoft Dynamics CRM 2011 over Salesforce.com and Oracle Fusion CRM for a 1,600-seat CRM deployment. The palliate of use of Microsoft Dynamics CRM 2011 was a company’s determining cause in selecting it over rival CRM solutions. Burns McDonnell expects doing of a solution, that is slated to start this spring, will assistance boost worker capability and urge customer sales and service. Want some-more detail, review this press recover on a Microsoft News Center.

That’s a hang for this book of The Midweek Download! Thanks for reading!

Posted by Jeff Meisner
Editor, The Official Microsoft Blog

Protect Your Music Collection with Intego Personal Backup

If we review forums about iPods and iTunes, you’ll see a lot of people looking for ways to duplicate song from their iPod behind to their computer. The many common reason for this is they had a critical problem on their computer, mislaid all their files, and they wish to get their digital song back. In other words, they don’t have backups of their song collection, or of any of their other files.

We during Intego cruise backups to be a cornerstone of any confidence policy, both for people and for companies. The files we create, and a information that is on your Mac, are, for a many part, irreplaceable. Sure, if we use Apple’s iCloud, we can get behind your contacts and bookmarks, and maybe some files, though what if we need to strengthen your song collection? Unless we use iTunes Match, if we remove your song collection, it’s mislaid forever.

Think of all a time we spent importing your CDs, and a income we spent shopping song from several digital vendors. If we don’t have a backup, and your computer’s tough hoop crashes, we competence remove all your files, including your whole song collection. The song is still on your iPod, and there are some collection that can redeem it, though if we didn’t sync all of your song to your iPod, or if we find we can’t duplicate your song files from your iPod, afterwards you’re out of luck.

With Intego Personal Backup, we make it easy to strengthen your song collection. You can possibly make a bootable backup (clone) of your whole tough disk, or we can privately behind adult your Music folder:

We suggest that we behind adult your song frequently to an outmost tough hoop or a network volume. If we don’t have an outmost tough disk, we competence consider about removing one. You can get a good outmost tough hoop for about $100.

Intego Personal Backup is accessible as partial of Intego Internet Security Barrier X6. Get a giveaway 30-day demo of Internet Security Barrier X6 and try out Personal Backup, and a other good programs in a suite.

P3P stands for Platform for Privacy Preferences Project and is an open W3C standard. It is dictated to assistance both users and programs establish what sites do with personal data. The cookie government complement in Internet Explorer blocks third celebration cookies from sites that do not supply a P3P process matter revelation it how cookies are used.

According to Microsoft’s analysis, Google exploits a disadvantage in a P3P specification. The selection states that browsers should omit uncertain policies, so that’s accurately what Google delivers:

P3P: CP="This is not a P3P policy!See http://www.google.com/support/accounts/bin/answer.py?hl=enanswer=151657 for some-more info." 

This can be review and accepted by tellurian users, but, according to Microsoft, browsers that follow a P3P selection appreciate this to meant that a cookie will not be used for tracking purposes. As a outcome Internet Explorer lets Google cookies pass.

Microsoft is advising users to download a tracking insurance list to stop Internet Explorer from forwarding cookies to Google. The blog posting contains a couple to a list, that can be commissioned from within Internet Explorer with a elementary rodent click. Microsoft is also formulation to demeanour into ways of creation Internet Explorer’s cookie doing some-more secure. One probability would be to omit a P3P selection and retard all cookies with uncertain P3P policies.

According to a 2010 study by Carnegie Mellon University, 11,176 of 33,139 sites examined use an shabby P3P specification. Google has now responded to Microsoft’s claim and, in an email to US media, it describes a complement used by Internet Explorer as archaic and “widely non-operational”.

Google points out that a couple within a P3P process does indicate to an article that states their position on P3P. It also records comments from a security researcher that “Instead of regulating P3P loophole in IE that FB Amazon exploited … MS did nothing. Now they protest after Google uses it”. Facebook, during least, has a same P3P process style as Google, finish with explanation. At a time of writing, Amazon was returning a valid P3P policy.

(djwm)

メール自体はテキスト形式で、特に変わったところはないように見えます。しかし、さらに詳しく調べると、送信元のドメインが詐称されており、実際には航空会社とも関係がないことがわかりました。よく似てはいますが、詐称されている実際の送信元ドメインは空気清浄機と掃除機の会社であり、航空会社とは縁もゆかりもありません。詐称しようとしている航空会社と送信元 Web サイトが一致するかどうかを確認しなかったのはスパマーの怠慢だったようで、用心深いユーザーにはメールの信憑性がすぐに疑われてしまうでしょう。もちろん、航空券を予約していなければすぐ不審に思うところですが、このメールを誤配信と考えたユーザーが、いずれにしても状況を調べようとしてリンクをクリックしてしまうことを詐欺師は期待しているのかもしれません。

メールに書かれたリンクからフィッシングドメインを調べると、正規の航空会社の Web サイトが詐欺師によって複製されていたことがわかりますが、ここにも詐欺師の手抜きがあり、偽の Web サイトは正しく表示されません。

この偽サイトでは、ユーザーが航空会社に登録しているアカウントのカード番号とパスワードを入力するよう求めています。ダミーの情報を入力したらどうなるかを調べようとしましたが、偽サイトは正しく機能せず、Web フォームが表示されません。Web フォームが壊れていて情報を盗み出せない以上、この詐欺師の努力はすべて水の泡です。そのため、今回の詐欺師の意図を見きわめるのは難しいのですが、Web フォームが機能すれば、クレジットカードと銀行口座の情報を入力するように要求されることは容易に想像できます。

メールに記されたフィッシングドメインの Whois 情報にも特筆すべき点があります。ドメインは 2 週間前に登録されたばかりですが、その登録先は著名な航空機メーカーのユーザーのメールアドレスだったのです。このことから、詐欺師はこのユーザーのメールアカウントに侵入して銀行やクレジットカードの情報を盗み出したうえで、自身の名前で偽のドメインを登録した可能性があります。このドメインの Whois 情報を見ることのできるユーザーであれば、正規の有名企業に登録されているドメインということで本物と思い込んでしまうかもしれません。

メールの署名に使われている FSA 登録番号は、まったく別の航空会社のもので、詐称されている会社の番号ではありません。今回の詐欺は Web サイトが正しく表示されないために失敗しますが、偽の Web サイトをもっと本物らしく見せ、メールの情報に間違いがないことを確認するだけの十分な時間をかけていたら、もっと判別が難しくなっていたかもしれません。

シマンテックの高度な監視システムでは、この詐欺も未然に識別され遮断されました。

* 日本語版セキュリティレスポンスブログの RSS フィードを購読するには、http://www.symantec.com/connect/ja/item-feeds/blog/2261/feed/all/ja にアクセスしてください。

There have been reports from several sources that Twitter is quick coming a miracle of 500 million users.  We take a demeanour during what this could meant for us all and take a contemplative demeanour behind on some of a issues that Twitter users have faced over a years.

What does that figure meant to us?

• This series of Twitter users is 60% some-more than a race of a United States of America (according to the U.S. Census Bureau).
• That figure is 8 times a race of a United Kingdom.
• The estimate tellurian race of Earth in 1550 AD was 500 million.

Of course, not all Twitter users are who they explain to be.

You are substantially informed with saying a design of an appealing particular gracing your supporter list and afterwards realizing that a supporter is only perplexing to pass off think medication. The abuse of Twitter by spammers and bot networks is zero new and something we have seen in Websense® Security Labs™ for several years now. Over a past few years, we have seen bot networks take their instruction from generated Twitter users. We have also seen website compromises on a large scale regulating Twitter trending topics to beget a antagonistic domain they hit next.

Malware authors and spammers burst on amicable networks in a wish that they can fast widespread their wares: 500 million users, 200 million users, even 100 million users yield a scale and network connectivity to do accurately this.

Here are some of a not-so-high Twitter highlights of a final 5 years:

Is there any hope?

Behind each cloud is a china backing and Twitter is no exception.  Our Websense Social Web Controls as good as a ThreatSeeker® Network can assistance to extent a bearing from threats on amicable networks. You can find out some-more on www.websense.com.

From bread bakers to candlestick makers, from celebrities to pharmacists, 500 million users/spammers/bots have incited to Twitter to share their lives and rivet in 140-character exchanges with others. Have you?

Regards,

https://twitter.com/websenselabs

Carl Leonard

Leave a Comment

  Remember me

Today we expelled a Fourth Quarter 2011 Threat Report, divulgence that malware surpassed a a guess of 75 million singular malware samples final year. Although a recover of new malware slowed a bit in Q4, mobile malware continued to boost and available a busiest year to date.

Malware

The altogether expansion of PC-based malware indeed declined around Q4 2011, and is significantly reduce than Q4 2010. The accumulative series of singular malware samples in a collection still exceeds a 75 million mark. In total, both 2011 and a fourth entertain were by distant a busiest durations for mobile malware that McAfee has seen yet, with Android resolutely bound as a largest aim for writers of mobile malware.

Contributing to a arise in malware were rootkits, or secrecy malware. Though rootkits are some of a many worldly classifications of malware, designed to hedge showing and “live� on a complement for a enlarged period, they showed a slight decrease in Q4. Fake AV forsaken extremely from Q3, while AutoRun and password-stealing Trojan malware uncover medium declines. In a pointy contrariety to Q2 2011, Mac OS malware has remained during really low levels a final dual quarters.

Web Threats

In a third entertain McAfee Labs available an normal of 6,500 new bad sites per day; this figure shot adult to 9,300 sites in Q4. Approximately one in each 400 URLs were antagonistic on average, and during their top levels, approximately one in each 200 URLs were malicious. This brings a sum of active antagonistic URLs to some-more than 700,000.
The immeasurable infancy of new antagonistic sites are located in a United States, followed by a Netherlands, Canada, South Korea and Germany. Overall, North America housed a largest volume of servers hosting antagonistic content, during some-more than 73 percent, followed by Europe-Middle East during some-more than 17 percent and Asia Pacific during 7 percent.
Spam

At a finish of 2011, tellurian spam reached a lowest indicate in years, generally in areas such as a United Kingdom, Brazil, Argentina and South Korea. Despite a dump in tellurian levels, McAfee Labs found that a benefaction spearphishing and spam are rarely sophisticated.

Overall botnet expansion rebounded in Nov and Dec after descending given August, with Brazil, Columbia, India, Spain and a United States all saying poignant increases. Germany, Indonesia and Russia declined. Of a botnets, Cutwail continues to power supreme, while Lethic has been on a solid decrease given final quarter. Grum done a poignant quip after a prolonged decline, heading Bobax and Lethic by a finish of Q4.

Data Breaches

The series of reports of information breaches around hacking, malware, rascal and insiders some-more than doubled given 2009, according to privacyrights.org, with some-more than 40 breaches publicly reported this entertain alone. The heading network hazard this entertain came around vulnerabilities in Microsoft Windows remote procession calls. This was followed closely by SQL injection and cross-site scripting attacks. These remote attacks can be launched during comparison targets around a globe.

Download McAfee’s Threats Report: Fourth Quarter 2011.

Tags: Android, Cybercrime, data breach, Data Protection, Endpoint Protection, enterprise, facebook, global hazard intelligence, identity protection, Identity thieves and cybercriminals, malware, mobile security, Network Security, Risk and Compliance, security, social networking, spam

Consider a materialisation of people posting photos of credit cards on Facebook, a arrange of self-inflicted confidence breach. Your initial greeting competence be “Is that foolish or what?”

In my opinion a “or what?” is a satisfactory question, one that we suspicion about this President’s Day, a day when a lot of credit cards in America get a good examination (with a important difference of a one in this picture).

Note that what you’re saying is a doctored chronicle of what indeed seemed on Facebook, where a sum on a front of credit label were clearly visible. These have been masked in this screenshot, along with other identifying information (I have attempted to find out who constructed a above picture in sequence to give them credit, as it were, though so distant I’ve not succeeded).

Also note that a chairman who posted a pic does not seem to be a label owner, so it’s not a box of “stupid child posts print of his initial credit card” that is how some bloggers described it (although we am certain there are cases of that kind as well). No, this is only a box of a person, presumably a parent, being unapproachable of that “first credit card” moment, and wanting to share it with friends and family. This chairman was substantially in a same state of mind as many other Facebook users who:

A. Think of Facebook as a place to share things with a few name friends, though have not practiced their “share” settings accordingly, and;

B. Under-estimate a series of people who are peaceful to take advantage of their associate tellurian beings.

In other difference “they don’t know any better” and presumably miss a kind of life practice that make other people consider twice about putting a print like that online. Now, we don’t know what commission of Facebook’s 800+ million users are now A+B positive, so to speak, though they paint a abounding capillary of potentially exploitable persons. Fraudsters and fraud artists are penetrating to cave that vein, as evidenced by a consistent coming of new deceptions documented by websites like Facecrooks.

What should unequivocally be of regard to companies, and multitude during large, is that these A+B folks are not only a aim on Facebook. Criminals are targeting users who miss confidence recognition opposite a far-reaching operation of information systems. They are crafting attacks that rest on exploiting digital device users who have small or no confidence training.

So a subsequent time we hear infosec professionals bemoaning a irrationality of users we need to ask: “Are they foolish since they are ignoring a confidence training they received, or are they doing foolish things since we have failed, as an organization, and as a society, to learn them to know better?”

And while we’re during it, what contend we cut Shannon and Dustin a break!

.

Obviously, we here during Microsoft consider it’s flattering cool, though we’d like to know that facilities of msnNOW readers like a most.

a href=”http://www.zoomerang.com/”Online Surveys – Zoomerang.com/a

Thanks for voting!

Posted by Jeff Meisner
Editor, The Official Microsoft Blog

Trustwave sole a CA certificate to another association that enabled it to emanate current certificates for any server. This enabled a latter association to guard encrypted trade sent and perceived by a possess staff regulating what was effectively a man-in-the-middle attack. Trustwave has given revoked a CA certificate and has announced that it will, in future, no longer promote sub-CAs of this nature.

The letter, sealed by Kathleen Wilson, who is obliged for a CA procedure used in Mozilla software, requests that all CAs respond by 2 March and determine to devaluate any sub-certificates that capacitate third parties to eavesdrop on information trade by 27 April. Any analogous HSMs and smartcards also have to be destroyed.

Mozilla baldly asserts that if any such sub-CAs are detected after a 27 April deadline, a substructure will take whatever stairs are necessary, including stealing a base certificate from Mozilla program if required. Wilson also intends to tell a CAs responses to her email. The email includes a couple to Mozilla’s rules on including base certificates in a products – these manners are now being revised.

Mozilla developers have expelled a patch that outlines sub-CAs chaining to Trustwave CA as untrusted. The patch would seem to mislay a hazard of instituting a direct done by a reader of The H’s associates during heise Security for a evident dismissal of Trustwave from a list of devoted CAs. Credit has clearly been given for a fact that Trustwave willingly disclosed a occurrence and has already revoked a certificate in question.

Mozilla is but creation it unambiguously transparent that it will not endure MITM CAs in future. It will be engaging to see what arrange of response it receives. On creation a disclosure, Trustwave suggested that it was customary use within a industry. Symantec, that owns CA Verisign, has not responded to an enquiry from heise Security as to either it issues CA certificates for monitoring purposes.

(djwm)