With the New England Patriots having been unceremoniously knocked out of playoff contention in unprecedented fashion with an 11-5 record, most of you are probably so disgusted that you won't even bother to watch the Super Bowl. But for the rest of you, and particularly those of you planning to attend and watch the Cardinals finish off their storybook playoff run with one final (and one very shocking) victory over the Pittsburgh Steelers (that's right, I'm calling the Cardinals on this one) in person, Microsoft will be helping to keep you safe during the ensuing pandemonium.
NFL security VP Milton Ahlerich said earlier that Raymond James Stadium in Tampa will be "one of the safest locations you can possibly be" during the Super Bowl, which shows how confident he is in Microsoft's Surface. Security will be using Surface to coordinate security forces, giving them a display of a Microsoft Virtual Earth map of the entire region, along with the ability to quickly zoom and display a 3D image of the city with realtime resource tracking.
"We’re thrilled to be a part of the Super Bowl activities and supporting our long term customers here in Tampa," said Robert Wolf, President and CEO of E•SPONDER. "Our goal remains to provide the region’s first responders with easy-to-use, real-time collaboration tools to help protect the fans attending events throughout Super Bowl week and the game itself."
Google's rap sheet when it comes to goofy exploits gives us pause to wonder if the company might be spending too much time concentrating on Cloud computing and not enough on security fundamentals. Back in July of last year, a SecurTeam blog exposed a Google Calendar flaw which made it possible to expose any Gmail user's real name with minimal effort. More recently, an exploit in Gmail allowing hackers to redirect your email was discovered. Now someone has stumbled onto an interesting vulnerability in Google's Chrome browser.
When you visit a site with an http password protected directory -- or try logging into your router, such as 192.168.1.1 for Linksys owners -- an Authentication Required pop-up appears asking for your for your login credentials. Your password should look something like ••••••••, but according to NeoBlog user tekmosis, if you let Chrome save your credentials to auto-fill the form, the next time you log in, copying and pasting the hidden password into a plain text application will reveal the actual ASCII characters.
We put tekmosis' discovered exploit to the test and as it turns out, you don't even need to have Chrome save anything. We tried logging into our router, typed our password, and it was immediately revealed when we copied/pasted it into Notepad.
While it might take a little work on the part of a hacker to take advantage of this vulnerability, it's one that should never have existed in the first place. You could make an argument that all exploits should never have existed, but this one just seems like a particularly glaring oversight.
It issued the warning on its website, in what appears to be a less-frequented section, and opted against directly contacting the users. The company began its statement by downplaying the security breach: “as is the case with many companies that maintain large databases of information, Monster is the target of illegal attempts to access and extract information from its database.”
It claims to have taken the necessary “corrective steps” immediately after discovering the security breach. It has asked users to reset their passwords on their own, though they will eventually be forced to make the change. The company says that the exposed data includes user IDs and passwords, email addresses, names, phone numbers, and some basic demographic data. Resumes and sensitive data is said to be safe.
Monster.com has also advised users that they need to be more vigilant and watch out for specious emails claiming to be from the company.
Google's Android OS was supposed to pave the way for an iPhone killer, but instead of decimating the iPhone, Android-users are instead finding their contacts being wiped out. The culprit isn't Android itself, but an Android application called MemoryUp users claim is responsible for erasing their contacts, installing adware, and even freezing their phone.
"Doesn’t work at all erased my phone numbers and froze my phone," one user complained. "Do not download. Destroyed my memory card/system delete. Then my email was spammed. TMobile can’t stop you from downloading this! So don’t!," added another user.
The app, created by Peter Liu, claims to keep Android smartphones running faster and efficiently by monitoring system use and freeing up resources when needed. But some users contend the program is nothing more than a scam. Buyer beware.
It looks as though the United States will not only get its first Chief Technology Officer (CTO), but according to the Agenda for Homeland Security, the Obama administration also plans to hire a new national cyber advisor. The report, which was released on Wednesday, lists several goals for combating terrorism, including ways to protect information networks.
Chief among the goals of protecting information networks is to "declare the cyber infrastructure a strategic asset and establish the position of national cyber advisor who will report directly to the president and will be responsible for coordinating federal agency efforts and development of national cyber policy."
Other related goals listed in the report include initiating a safe computing R&D effort, protect the IT infrastructure, prevent corporate cyber-espionage, develop a cyber crime strategy to minimize the opportunities for criminal profit, and mandate standards for securing personal data and require companies to disclose personal information data breaches.
Remember Microsoft's rare out-of-band security update from last October, MS08-067? Microsoft warned us then that Windows XP, Windows Server 2003, and Windows 2000 SP4 were especially vulnerable to being attacked. Windows Update probably took care of patching your home computer. However, companies and individuals that were slow to patch their fleets of PCs with KB958644 could find their computers now infected by a nasty worm called Conficker, Downadup or Kido.
How big a deal is Conficker/Downadup? According to F-Secure, the number of infected machines went from 2.4 million to 8.9 million in just four days as of last Friday. Panda Security now estimates that as many as one in every 16 PCs may be infected. F-Secure wraps up its analysis by saying "The situation with Downadup is not getting better. It's getting worse." Panda compares the outbreak with the legendary Kournikova (2001) and Blaster (2003) outbreaks.
How does Conficker/Downandup spread, and what can you do about it? Join us after the jump to learn more.
Back in November, Microsoft announced plans to discontinue its fee-based Live OneCare subscription service by June 30, 2009 and replace it with free security software the company claims "will provide comprehensive protection from malware including virusus, spyware, rootkits, and trojans." Microsoft's plans could spell bad news for security vendors who sell comprehensive security suites, but at least three companies are already looking forward.
It remains to be seen how Microsoft's Morro will compete will full fledged third-party applications, but according to Windows communications manager Brandon LeBlanc, competition won't stand in the way of ensuring everyone's security apps work with Windows 7.
"Microsoft has been actively working with security partners to help them get their applications ready for Windows 7," LeBlanc said. "Three security developers have taken the build we released to developers in October and have developed solutions available today that work with Windows 7 Beta."
Hit the jump and tell us what effect you think Morro will have third party security software.
Credit card payment processor Heartland Payment Systems, which is based in Princeton, fears that its card data might have fallen in the wrong hands. On Tuesday, it formally warned credit card holders about it and advised them to vet their card statements exhaustively and to report any abuse.
The company has revealed that its computer network was found to be infested with malware. They are nearly convinced that the cardholders’ names and numbers have been stolen. The company hasn’t divulged any technical details of the malware attack.
So, you've decided to log into your bank's website to figure out if you can afford the newest techno-bling shown at CES. Your bank gives you the nod, and you open up another browser tab (or window) to cruise over to your favorite tech reseller. After doing a few price and stock checks, a pop-up window appears: your bank session has timed out - and if you want to double-check your available credit or account balance, you need to log in again. Should you click and go?
To learn how it works, and to learn how to protect yourself, join us after the jump.
Some 40,000 followers of Rich Sanchez's Twitter page may have been led to believe that the CNN anchor had a drug problem after a tweet appeared saying "i am high on crack right now might not be coming into work today." No, Sanchez wasn't really high on crack, nor was he cracking a joke (see what we did there?), but he was the victim of a hacker who took control of his account while he was away doing rehab (for his knee, not for drugs).
Around the same time this occurred, a password stealing phishing scam has been gaining steam by disguising itself as a private message leading to a fake Twitter log-in screen and targeting various celebrities, such as Britney Spears, the account for Fox News, and president elect Barack Obama. The ordeal had Sanchez scratching his head, but Twitter has now revealed this incident had nothing to do with the recent phishing scam.
"The issue with these 33 accounts is different from the Phishing scam aimed at Twitter users this weekend," Twitter wrote in a blog post. "These accounts were compromised by an individual who hacked into some of the tools our support team uses to help people do things like edit the mail address associated with their Twitter account when they can't remember or get stuck. We considered this a very serious breach of security and immediately took the support tools offline. We'll put them back only when they're safe and secure."
The falsly incriminating tweet has been removed, and we hear Sanchez made it work that day, sober and all.