Hacking and Anonymous surfing

Have you received a warning from Facebook that your account protection is “very low?” Don’t panic. Your security settings may be stronger than Facebook would lead you to believe — and that’s ticked off one security expert. “The suggestion that users’ accounts currently have a protection status of ‘very low’ is entirely misleading and stinks of scare tactics,” declared Graham Cluley, a senior technology consultant with security software maker Sophos.

Facebook has been contacting its members for several weeks now with its “very low” security protection warnings. In the alerts, the company includes a link. Click the link and you’re taken to a page that requests additional personal information about you. Sound familiar? This is exactly the tactic used by Internet highwaymen to steal sensitive information from unwitting web users and plant malicious software on their computers.

“With fake antivirus (also known as scareware) attacks becoming an ever-growing problem (they attempt to trick you into believing your computer has a security problem when it doesn’t), some security-conscious Facebook users might worry that this is a similarly-styled assault, designed to scare you into taking perhaps unwise actions,” Cluley wrote at Sophos’s Naked Security blog.

The year started badly with January’s now infamous Aurora hack, widely blamed on the Chinese. The fallout was as considerable, with some EU governments warning against their citizens using Internet Explorer. Hillary Clinton just got very upset, the most senior US political figure ever to go on the record about cybersecurity-as-geopolitics.

Uncomfortably, the US was also at the centre of April’s disturbing ‘Collateral Murder’ video, leaked footage of a US helicopter gunship strafing and killing Iraqis on the ground who turned out to be unarmed civilians and journalists.

Shocking vrit video has been on YouTube many times, but this video was different, having been prized from the encrypted vaults of the US military by an insider, who sent it to Wikileaks. The whistleblower followed this up with the Afghan War Diary and finally and the US diplomatic cables.

At the 27th Chaos Communication Congress (27C3) in Berlin, security researcher Julia Wolf of US company FireEye pointed out numerous, previously hardly known, security problems in connection with Adobe’s PDF standard. For instance, a PDF can reportedly contain a database scanner that becomes active and scans a network when the document is printed on a network printer. Wolf said that the document format is also full of other surprises. For example, it is reportedly possible to write PDFs which display different content in different operating systems, browsers or PDF readers – or even depending on a computer’s language settings.

Many businesses and authorities use PDF as their standard file format for maintaining presentation consistency across heterogeneous computer environments. According to Wolf, however, the PDF standard has long had too many functions that can be exploited to launch attacks and wreak other havoc. These functions range from database connections without security features to options that can blindly trigger the execution of arbitrary programs in Acrobat Reader. The researcher said that other risks are generated through the support of inherently insecure script languages such as JavaScript, formats such as XML, RFID tags and digital rights management (DRM) technologies. According to Wolf, Adobe itself calls PDF a “container format” which may indeed hold a variety of things. For example, it is possible to integrate Flash files, which themselves offer many points of attack, as well as audio and video files.

At the 27th Chaos Communication Congress (27C3) in Berlin, security researcher Julia Wolf of US company FireEye pointed out numerous, previously hardly known, security problems in connection with Adobe’s PDF standard. For instance, a PDF can reportedly contain a database scanner that becomes active and scans a network when the document is printed on a network printer. Wolf said that the document format is also full of other surprises. For example, it is reportedly possible to write PDFs which display different content in different operating systems, browsers or PDF readers – or even depending on a computer’s language settings.

Many businesses and authorities use PDF as their standard file format for maintaining presentation consistency across heterogeneous computer environments. According to Wolf, however, the PDF standard has long had too many functions that can be exploited to launch attacks and wreak other havoc. These functions range from database connections without security features to options that can blindly trigger the execution of arbitrary programs in Acrobat Reader. The researcher said that other risks are generated through the support of inherently insecure script languages such as JavaScript, formats such as XML, RFID tags and digital rights management (DRM) technologies. According to Wolf, Adobe itself calls PDF a “container format” which may indeed hold a variety of things. For example, it is possible to integrate Flash files, which themselves offer many points of attack, as well as audio and video files.

It looks like we are entering into the age of the $100 Android smartphone. I talked a little bit about what this would mean for consumer adoption of smartphones last week. In short, many more people will be moving from featurephone to smartphone and carriers get to compete for tight budget handset buyers.

The 845 is a rebranded Huawei device like the T-Mobile Comet or a Cricket Ascend device sold in the US. Its specs are pretty mediocre, but much better than any featurephone, obviously. It runs Android 2.1, has a 240 x 320 pixel, 2.8 inch display, GPS, Bluetooth 2.1, 3-megapixel camera and 802.11 Wifi.

This device is squarely aimed at new smartphone users who will be coming over from feature phones. Vodafone offer voice and data plans starting at £10.

Yes, the sophisticated Geinimi Trojan horse was specifically coded to target Android-based devices. That’s certainly bad news, but the situation could definitely could be much worse.

As Sophos security expert Graham Cluley notes, the Trojan – which is concealed in repackaged versions of various apps and games – has yet to make into the official Android Market. “[This] means that you would only have been putting yourself at risk if you installed poisoned software from an unauthorized source,” he explained.

“And researchers at mobile security firm Lookout say they have only seen the software on unofficial Chinese app stores.” According to Cluely, Android users would have to deliberately alter the settings on their smartphones and tablets to install software from such “unknown sources.”

The US government – along with organizations like the RIAA and the MPAA – are hitting Torrent sites where it hurts.?? Indeed, due to a slew of recent domain seizures, affected websites are currently experiencing major dips in traffic. ??However, Torrent-Finder is refusing to throw in the towel.

The moment the website’s .COM domain was seized by the government, it instantly lost search engine relevance because all links pointed to the old .COM domain, which was no longer functioning. As expected, the broken links not only affected surfers searching and navigating to the site, but the website’s SEO ranking as well.??

This is because Google employs an algorithm along with other parameters to determine a site’s relevance to a certain term. ??For example, if a website such as NASA.com writes a number of articles about “supernovas,” the more relevance it has when people search that particular term. Furthermore, if there are external sites linking to NASA’s supernova stories, the more relevant Google sees Nasa.com to the word “supernova.” ??

Android Honeycomb – which features optimized support for tablets – may not be set at version 3.0. Rather, Google has reportedly designated version 2.4 to represent the long-awaited iteration of the popular mobile operating system.

Indeed, as Artem Russakovskii of Android Police notes, a quick check of the site’s statistics seem to indicate that Android 2.4 is none other than Honeycomb. “Specifically, in the last 30 days, we have had 15 visits from Android 2.4. On another hand, we had 0 visits with Android 3.0,” explained Russakovskii.

“Sure, the OS version can be faked, but I find it pretty unlikely that there are suddenly multiple sightings of 2.4, completely independently from each other and all around the same time, while no sightings of 3.0 occurred.”

A “zombie satellite” that spent months sending out signals while it was adrift in orbit has sprung back to life, resetting itself after its unexplained breakdown in space earlier this year.

“The most critical phases of Galaxy 15′s recovery have been successfully completed,” officials at Intelsat, the communications provider that owns the satellite, said of the newly responsive satellite.

The Galaxy 15 communications satellite lost contact with its flight control center in April. But in an unexpected twist, the stricken satellite’s telecommunications broadcast package remained in operation. With Intelsat operators unable to control the solar-powered satellite, Galaxy 15 continued to transmit signals, posing a risk of interfering with the signals of neighboring satellites.

The FBI has joined the hunt for hackers who took down websites like PayPal, after they stopped processing payments to whistle-blowing website WikiLeaks, US media reports said Friday.

The Smoking Gun website published five pages of an FBI affidavit, detailing an operation that took US federal investigators to Europe, Canada and back to the United States as they hunted down the “Internet activists” who launched attacks “against perceived corporate enemies of WikiLeaks.”

The attacks earlier this month targeted firms including electronic payments site PayPal, and Visa and Mastercard credit cards, which had suspended or frozen WikiLeaks?s accounts after the whistle-blowing website published thousands of sensitive Department of State cables.