Our domain name is theos.in and TLD is .IN. The letters which follow the final dot of any domain name is called TLD (Top Level Domain Name). Management of top-level domains is handled by the ICANN.
Now McAfee has published the list of most dangerous TLDs in the world used by spammer and to install virus / other dirty stuff on your computer without authorization.
From the article:
McAfee found the most dangerous domains to navigate to are ".hk" (Hong Kong), ".cn" (China) and ".info" (information).
Of all ".hk" sites McAfee tested, it flagged 19.2 percent as dangerous or potentially dangerous to visitors; it flagged 11.8 percent of ".cn" sites and 11.7 percent of ".info" sites that way.
A little more than 5 percent of the sites under the ".com" domain — the world's most popular — were identified as dangerous.
From the ZoneAlarm web site:
The security experts behind ZoneAlarm urge you to always patch your operating systems and browsers whenever an update is available. More importantly, take extra precautions to protect your PC for those times when a patch may not be available. That's why we are offering you ZoneAlarm Anti-Spyware for FREE today (Nov 14, 2007), Patch Tuesday, only. Don't miss out on this incredible opportunity to protect your PC and stay safe online!
=> Download here
Robert Graham, the CEO of errata security, surprised attendees by hijacking a Gmail session on camera and reading the victim’s email. He went even further by demonstrating the attack to us in person, taking over another journalist’s Gmail account and then sending us sheep-loving emails.
Now you know why it’s dangerous to check your web emails in public hotspot or through open wi-fi connections. You can try https session and only use secure wifi connection to avoid problems.
From the article:
The attack is actually quite simple. First Graham needs to be able to sniff data packets and in our case the open Wi-Fi network at the convention fulfilled that requirement. He then ran Ferret to copy all the cookies flying through the air. Finally, Graham cloned those cookies into his browser – in easy point-and-click fashion - with a home-grown tool called Hamster.
Point and click Gmail hacking at Black Hat
No these thieves are not modern-day Robin Hoods, but they're really just cyber-robbers. They are using this method to see if credit card is valid or not:
The verification method has become popular because the monitoring software at credit-card companies may not question donations to charities, according the Symantec blog. Santoyo said the schemers usually donate less than $10.
American Red Cross spokeswoman Carrie Martin said, "This happens all the time. We have people at the Red Cross who deal with this type of activity."
Last month alone, the Red Cross refunded 700 fraudulent credit-card transactions, Martin said. That figure doesn't include the transactions the charity blocked because they appeared fraudulent.
This looks neat and claver solution for Windows Vista.
One of the security features within Windows Vista that is not evident is file system virtualization. This type of virtualization allows an application a silo'd virtual store where it can read and write to without compromising the system.
Let's say you have an appication that attempts to write to System32. Instead of allowing the application to do so, Vista creates a virtual System32 in the user's profile that the application will use. Application developers can code their applications to automatically run virtualized or you can set this manually. IE7 running in protected mode utilizes this functionality so when you visit a webpage that tries to insert a file into the Startup folder, it instead is placed in the virtual startup folder and will not execute upon the next boot. Let's look at a simple example.
File System Virtualization
Microsoft Windows Server 2003 Service Pack 2 (SP2) is a cumulative service pack that includes the latest updates and provides enhancements to security and stability. It includes updates, fixes and enhancements to a Windows oses. Service packs are the means by which product updates are distributed.
If you are using any one of the following version, you need to use this service pack:
- Windows Server 2003 with SP2
- Windows Server 2003 R2 with SP2
- Windows Server 2003 x64 Editions with SP2
- Windows Server 2003 R2 x64 Editions with SP2
- Windows Server 2003 for Itanium-based Systems with SP2
- Windows XP Professional x64 Edition with SP2
This is a released to market (RTM) only. You can download service pack by visiting this site. (release note, found via MSDN blog)
DRM (Digital Rights Management) is a technology (or several technologies) to give content providers control over redistribution and access to material.
Apple's iTunes Store, as well as many e-books vendors, have adopted DRM schemes in recent times.
This article provides some details about Apple DRM:
Understanding how Apple’s FairPlay DRM works helps to answer a lot of questions: why it hasn’t been replaced with an open, interoperable DRM that anyone can use, why Apple isn’t broadly licensing FairPlay, and why the company hasn’t jumped to add DRM-free content from indie artists to iTunes.
Read more: How FairPlay Works: Apple's iTunes DRM Dilemma
There is news everywhere about Windows Vista Crack called “BIOS Emulation Toolkit For Windows Vista x86”. It claims that it bypass the product activation requirement of Microsoft Windows Vista.
Here is how it works:
Microsoft allows large hardware manufacturers (e.g. ASUS, HP, Dell) to ship their products containing a Windows Vista installation that does NOT require any kind of product activation as this might be considered an unnecessary inconvenience for the end-user. Instead these so-called 'Royalty OEMs' are granted the right to embed certain license information into their hardware products, which can be validated by Windows Vista to make obtaining further activation information (online or by phone) obsolete.
This mechanism is commonly referred to as 'SLP 2.0' ('system-locked pre-installation 2.0') and consists of the following three key elements:
I’ve updated my blog few days back. But in case if you are still running 2.1.1 makes sure you get updated version.
This morning we received a note to our security mailing address about unusual and highly exploitable code in WordPress. The issue was investigated, and it appeared that the 2.1.1 download had been modified from its original code. We took the website down immediately to investigate what happened.
It was determined that a cracker had gained user-level access to one of the servers that powers wordpress.org, and had used that access to modify the download file. We have locked down that server for further forensics, but at this time it appears that the 2.1.1 download was the only thing touched by the attack. They modified two files in WP to include code that would allow for remote PHP execution.