Download Squad http://www.downloadsquad.com Download Squad http://www.blogsmithmedia.com/%SiteURL%/media/feedlogo.gif Download Squad http://www.downloadsquad.com en-us Copyright 2010 Weblogs, Inc. The contents of this feed are available for non-commercial use only. Blogsmith http://www.blogsmith.com/<![CDATA[10+ great tools for safer web browsing]]>http://www.downloadsquad.com/2010/02/09/10-great-tools-for-safer-web-browsing/http://www.downloadsquad.com/2010/02/09/10-great-tools-for-safer-web-browsing/http://www.downloadsquad.com/2010/02/09/10-great-tools-for-safer-web-browsing/#commentsFiled under: , , ,

Today is Safer Internet Day, an annual event coordinated by the folks at InSafe -- who are all about promoting responsible Internet use. We've covered a number of great tools in the past that have the same aim, so what better day to take another look at them?

Web Of Trust (WOT, Pictured)
WOT is a community-powered trust and ratings system. With nearly 26 million sites rated to date, it's one of the most popular safe browsing tools you can find. Their browser add-on is available for Internet Explorer, Firefox, and Google Chrome. Once installed, you'll start seeing WOT's color coded ratings rings next to links to let you know if they're safe.

I have WOT installed in my browsers, and I recommend it wholeheartedly.

Continue reading 10+ great tools for safer web browsing

10+ great tools for safer web browsing originally appeared on Download Squad on Tue, 09 Feb 2010 11:03:00 EST. Please see our terms for use of feeds.

Read | Permalink | Email this | Comments]]>add-onsbrowsingdownloadsextensionsinternetpluginssafertoolsTue, 09 Feb 2010 11:03:00 EST<![CDATA[17 year-old security flaw in NTVDM makes the DOS prompt an enterprise nightmare]]>http://www.downloadsquad.com/2010/02/08/17-year-old-security-flaw-in-ntvdm-makes-the-dos-prompt-an-enterprise-nightmare/http://www.downloadsquad.com/2010/02/08/17-year-old-security-flaw-in-ntvdm-makes-the-dos-prompt-an-enterprise-nightmare/http://www.downloadsquad.com/2010/02/08/17-year-old-security-flaw-in-ntvdm-makes-the-dos-prompt-an-enterprise-nightmare/#commentsFiled under: , ,

NTVDM DangerIt has come to light that there is a security flaw in the NTVDM (NT DOS virtual machine), which is the process that runs when you open a command prompt (DOS window) on any 32-bit version of Windows. This flaw has existed since the very first version of the service on Windows NT and could allow a specially written 16-bit application to escalate the user's rights to that of administrator -- proof-of-concept code already exists for such an attack.

Microsoft has acknowledged the flaw in the NTVDM, but does not intend to immediately fix it. Instead, they have released a One Click Fix for this issue which changes a registry setting to prevent the NTVDM from launching.

The problem with this approach is that there are still 16-bit enterprise applications out there (both on client, and on servers) that work perfectly well and need to continue doing so. The options for companies relying on such legacy applications are limited: they can either stop using their applications (not really an option for some), or they are forced to live with the possibility that users could gain administrative rights on their machines.

The question boils down to whether Microsoft has an obligation to correct this problem in what is by today's standards an ancient piece of code that's sole purpose is to allow people to run ancient software. I would argue that while it's fair for Microsoft to stop shipping the NTVDM as they have in the latest version of Windows Server 2008, until they stop providing it across all of their operating systems, they need to support it and if that means fixing a very old security hole properly, then so be it.

Share StumbleUpon.com

17 year-old security flaw in NTVDM makes the DOS prompt an enterprise nightmare originally appeared on Download Squad on Mon, 08 Feb 2010 12:20:00 EST. Please see our terms for use of feeds.

Read | Permalink | Email this | Comments]]>administrative rightsAdministrativeRightsancient softwareAncientSoftwaredos promptDosPromptenterprise appEnterpriseAppMon, 08 Feb 2010 12:20:00 EST<![CDATA[Most of the world's electronics are made in China...can we continue to trust our tools?]]>http://www.downloadsquad.com/2010/02/06/most-of-the-worlds-electronics-are-made-in-china-can-we-conti/http://www.downloadsquad.com/2010/02/06/most-of-the-worlds-electronics-are-made-in-china-can-we-conti/http://www.downloadsquad.com/2010/02/06/most-of-the-worlds-electronics-are-made-in-china-can-we-conti/#commentsFiled under:

I know, it's the story that never ends -- and really, don't expect it to end any time soon -- but here's another angle: what about Chinese hardware?

We now know that either the Chinese government, or a very large privately-funded clandestine operation from Asia, has been hacking Western governments, intelligence agencies, and businesses for a decade. What if the hardware they produce also has secret backdoors or comes pre-infested with trojan viruses?

The story on IT World lays down some pretty chilling precedents: did you know that Chinese intelligence agents approach business men at trade fairs in the UK and offer 'gifts' of digital cameras that come with viruses on them? What if the Chinese government has gotten to hardware manufacturers -- what if your Xbox 360 comes with a backdoor in it that lets them snoop on your home network? How about a chip on your motherboard or graphics card that phones home?

It's an interesting idea, made all the more scary because it's believable. For now, as far as we know, it's just espionage, an attack on governments and businesses -- but when will be the targets?

A vast amount of technology originates from China and Taiwan, and that's not going to stop soon -- if China's grasp is inescapable, why bother worrying?

And even then, is there even a way we can combat it?
Share StumbleUpon.com

Most of the world's electronics are made in China...can we continue to trust our tools? originally appeared on Download Squad on Sat, 06 Feb 2010 14:00:00 EST. Please see our terms for use of feeds.

Read | Permalink | Email this | Comments]]>chinacomputershackhardwaremanufacturingsecuritySat, 06 Feb 2010 14:00:00 EST<![CDATA[Scammers exploit the iPad hype]]>http://www.downloadsquad.com/2010/02/04/scammers-exploit-the-ipad-hype/http://www.downloadsquad.com/2010/02/04/scammers-exploit-the-ipad-hype/http://www.downloadsquad.com/2010/02/04/scammers-exploit-the-ipad-hype/#commentsFiled under: ,

Since it's introduction last week, people have been clamoring for more information on the iPad. Apple has released a video and has posted some basic specs and pricing, but more information has been hard to come by. Scammers have started to pick up on this and have been looking for ways to exploit users searching for iPad websites.

BBCNews reports that handful of security firms have been spotting attempts to "trick" search engines into providing people with rogue links. People that click these links will be redirected to pages that scan their computer looking for holes and vulnerabilities.

So how is this happening? People have started crafting fake websites that will show up high in search results for "Apple" or "iPad", etc. Users will be redirected to sites peddling fake security software, asking them to sign up for credit cards and claiming that more information and rumors on the iPad are just a few clicks away.

The same common sense rules apply for preventing this from happening. Be careful when opening links and as always, make sure you're computer has the latest security patches and updates.

Scamming and exploitation of users is nothing new, especially around high profile "trending" events. A similar scam recently occured involving the earthquake in Haiti.
Share StumbleUpon.com

Scammers exploit the iPad hype originally appeared on Download Squad on Thu, 04 Feb 2010 09:30:00 EST. Please see our terms for use of feeds.

Read | Permalink | Email this | Comments]]>emailGooglehaitiipadmalwarephishingscamscammerssearchsecurityThu, 04 Feb 2010 09:30:00 EST<![CDATA[Jaw-dropping and life-changing details about Chinese attacks on Google emerge]]>http://www.downloadsquad.com/2010/02/04/jaw-dropping-and-life-changing-details-about-the-china-versus-go/http://www.downloadsquad.com/2010/02/04/jaw-dropping-and-life-changing-details-about-the-china-versus-go/http://www.downloadsquad.com/2010/02/04/jaw-dropping-and-life-changing-details-about-the-china-versus-go/#commentsFiled under: , ,

Your world is about to be rocked.

If you're not a hardened, tinfoil hat-wearing the-apocalypse-is-nigh conspiracy theorist, you soon will be. Wired has just published a stunning article detailing a really scary report from computer forensic firm Mandiant. The story brings to light some disturbing truths about the always-connected, always-on world we live in.

As an Internet nerd, I actually found the details numbly humbling. It made me think about a silent war, a cold war that is warming the ground we walk and air we breath -- but has not yet bubbled forth to be joined in the field of war. Reading Wired's story and thinking about the depth and detail and concerted effort required to pull off such a hack scares me.

You should read the full article for complete details, but here's a quick breakdown of the attacks employed against targets such as Google, U.S. oil companies, defense contractors and counter-terrorism departments:
  • A new form of attack is being leveraged by hackers, called Advanced Persistent Threats (APT) -- think of APT as a 'ticking bomb', an apparently-benign piece of software that can be turned on at any time. These APTs can avoid detection and remain dormant for months or years, only turning on when the 'coast is clear'. In this most recent case, an unpatched zero-day attack on Internet Explorer 6 was the entry point.
  • These attacks are theft-oriented -- the sole purpose behind these APT attacks are to get at sensitive data: email, Word documents, Powerpoint presentations, spreadsheets, etc. Corporate secrets, counter-intelligence, you name it.

Continue reading Jaw-dropping and life-changing details about Chinese attacks on Google emerge

Jaw-dropping and life-changing details about Chinese attacks on Google emerge originally appeared on Download Squad on Thu, 04 Feb 2010 08:09:00 EST. Please see our terms for use of feeds.

Read | Permalink | Email this | Comments]]>aptchinacyber warfareCyberWarfaregooglegoogle vs chinaGoogleVsChinahacksecurityzero day attackZeroDayAttackThu, 04 Feb 2010 08:09:00 EST<![CDATA[Twitter warns against using the same password on multiple sites]]>http://www.downloadsquad.com/2010/02/03/twitter-warns-against-using-the-same-password-on-multiple-sites/http://www.downloadsquad.com/2010/02/03/twitter-warns-against-using-the-same-password-on-multiple-sites/http://www.downloadsquad.com/2010/02/03/twitter-warns-against-using-the-same-password-on-multiple-sites/#commentsFiled under: , , ,

keysIn a new post on Twitter's Status blog, Twitter points out that a sudden surge in followers on a few select accounts was due to a large number of insecure passwords being used by regular Twitter users. What's happening is that users are re-using passwords that they've used on other sites, and some of those other sites turn out to have not been secure.

That's the thing; as soon as any of the sites you log in to gets compromised, the email address or username and password associated with it can be tried by the bad guy on various other services. Since most people re-use passwords, there's a high likelihood that they will gain access to your account. From there, who knows what kind of damage they might cause. If you're lucky, you'll notice something's amiss.

This should be a wake-up call for all users who use the exact same password, or a predictable variant at each site they log in to. If you haven't already, right now is as good a time as will ever be to make sure you're using unique passwords for all of your online services. You never know when one of them might get compromised.

Twitter warns against using the same password on multiple sites originally appeared on Download Squad on Wed, 03 Feb 2010 11:36:00 EST. Please see our terms for use of feeds.

Read | Permalink | Email this | Comments]]>compromisedfollowerspasswordpasswordssecuritysitetwitterWed, 03 Feb 2010 11:36:00 EST<![CDATA[Three privacy-minded Google Chrome alternatives]]>http://www.downloadsquad.com/2010/01/28/three-privacy-minded-google-chrome-alternatives/http://www.downloadsquad.com/2010/01/28/three-privacy-minded-google-chrome-alternatives/http://www.downloadsquad.com/2010/01/28/three-privacy-minded-google-chrome-alternatives/#commentsFiled under: , ,

So you like the speed of Google Chrome, but you want a browser that doesn't communicate quite so much data to the borg collective? Because Chrome is built on the open source Chromium project, there are plenty of options for you.

Third-party developers have taken steps, like removing the unique tracking ID Google slaps on each Chrome install, search suggestions, and other bits which communicate various things about you back to Google HQ. Granted these builds don't do anything about the numerous other ways Google tracks you, but they're a decent starting point.

Continue reading Three privacy-minded Google Chrome alternatives

Three privacy-minded Google Chrome alternatives originally appeared on Download Squad on Thu, 28 Jan 2010 16:00:00 EST. Please see our terms for use of feeds.

Permalink | Email this | Comments]]>chrome plusChromePluscomodo dragonComodoDragongoogle chromeGoogleChromeironprivacysrwareThu, 28 Jan 2010 16:00:00 EST<![CDATA[E-book buyer's privacy guide - reading isn't solo anymore]]>http://www.downloadsquad.com/2010/01/28/e-book-buyers-privacy-guide-reading-isnt-solo-anymore/http://www.downloadsquad.com/2010/01/28/e-book-buyers-privacy-guide-reading-isnt-solo-anymore/http://www.downloadsquad.com/2010/01/28/e-book-buyers-privacy-guide-reading-isnt-solo-anymore/#commentsFiled under: ,

The digital footprints we leave as we move along in our daily lives are pretty astonishing. As our lives are transformed by the convenience technology provides, the price we pay is the privacy we give up. Today is Data Privacy Day, and we thought it was a good time to highlight one of the areas where companies are watching your behavior closely.

The Electronic Frontier Foundation published an excellent guide, "The E-Book Buyer's Guide to Privacy " which dishes the goods on E book readers' privacy policies by brand. It might give you pause to think of the powerful information Amazon, Barnes&Noble, Google, and Sony could employ with the information they monitor on what books individuals read or search for.

For instance, two of the E-book readers (Google Books and Amazon Kindle) can monitor what you're reading. Google's Book Search Project takes tracking reading habits to a new level, logging what you searched for, the page you read, how long you viewed the page, and where you searched next.

All of the E-book readers, Google Books, Amazon Kindle, B&N Nook, and Sony Reader can keep track of book searches and book purchases. Most troubling is the fact that the information collected on your book selections, searches, and purchases could be shared outside the company without your consent (applies to the Kindle, Nook and Reader).

The good news is you do have options. You can laugh in the face of the commercial behemoths and get a free, open source FBReader (for Windows/Linux) which collects no data on your book selections or searches. Another option: you can go to a bookstore and purchase an old fashioned paper book, with cash preferably.

E-book buyer's privacy guide - reading isn't solo anymore originally appeared on Download Squad on Thu, 28 Jan 2010 14:06:00 EST. Please see our terms for use of feeds.

Read | Permalink | Email this | Comments]]>amazonAmazon KindleAmazonKindlebarnes and nobleBarnesAndNobleeBookEbookReaderElectronic Frontier FoundationElectronicFrontierFoundationfbreadergoogle booksGoogleBookskindlelinuxnooksony readerSonyReaderwindowsThu, 28 Jan 2010 14:06:00 EST<![CDATA[International Data Privacy Day 2010]]>http://www.downloadsquad.com/2010/01/28/international-data-privacy-day-2010/http://www.downloadsquad.com/2010/01/28/international-data-privacy-day-2010/http://www.downloadsquad.com/2010/01/28/international-data-privacy-day-2010/#commentsFiled under: ,

Today is International Data Privacy Day, and some of the big names in the online world are stepping up and... acknowledging issues of data privacy. Google has released a video highlighting the ways it uses some of that personal data it collects about you to make your life easier, and then explains that you can opt out of some of Google's data collection policies.

Microsoft has released the results of a study on data privacy. The study looked at how HR managers and recruiters in the US, UK, France, and Germany look at the information available about job seekers online. The results? 70% of HR professionals in the US have rejected a candidate based on information they found online. But fewer than 15% of the consumers surveyed worried that anything they posted online would affect their getting a job.

In other words: Be afraid. Be very afraid. Because it looks like you're really not worried enough.

International Data Privacy Day 2010 originally appeared on Download Squad on Thu, 28 Jan 2010 10:31:00 EST. Please see our terms for use of feeds.

Read | Permalink | Email this | Comments]]>data privacydata privacy dayDataPrivacyDataPrivacyDayThu, 28 Jan 2010 10:31:00 EST<![CDATA[Facebook's new reply-by-email feature poses a SPAM and security risk]]>http://www.downloadsquad.com/2010/01/27/facebooks-new-reply-by-email-feature-poses-a-spam-and-security/http://www.downloadsquad.com/2010/01/27/facebooks-new-reply-by-email-feature-poses-a-spam-and-security/http://www.downloadsquad.com/2010/01/27/facebooks-new-reply-by-email-feature-poses-a-spam-and-security/#commentsFiled under:

Remember that slick new option Sebastian spotted a while back which allows you to reply to Facebook comments via your email? As it turns out, that convenience may pose a serious security risk.

When a comment is posted, Facebook generates a unique email address which then listens for replies. Therein lies the problem: F-Secure Labs have discovered that the email -- which is displayed in plain sight -- can be replied to by anyone from any email address.

They don't even have to be your friend on Facebook (depending on how your privacy settings are configured, of course). If they can see your wall, they can see your reply addresses.

Big deal? Well, the big deal is that it could turn into a juicy target for phishers, spammers, and other Internet lowlifes. There's enough crap on Facebook already, so here's hoping they sort this issue out in a hurry.

Poor Matti. F-Secure's guinea pig wall now has a few more than the one response you see in the header image...
Share

Facebook's new reply-by-email feature poses a SPAM and security risk originally appeared on Download Squad on Wed, 27 Jan 2010 23:00:00 EST. Please see our terms for use of feeds.

Read | Permalink | Email this | Comments]]>exploitfacebookreply by emailReplyByEmailrisksecurityWed, 27 Jan 2010 23:00:00 EST<![CDATA[How to know if a toolbar (like Google's) is tracking you when it's disabled]]>http://www.downloadsquad.com/2010/01/27/how-to-know-if-a-toolbar-like-googles-is-tracking-you-when-it/http://www.downloadsquad.com/2010/01/27/how-to-know-if-a-toolbar-like-googles-is-tracking-you-when-it/http://www.downloadsquad.com/2010/01/27/how-to-know-if-a-toolbar-like-googles-is-tracking-you-when-it/#commentsFiled under: ,

A recent tip suggested that even when disabled the Google Toolbar sends data to Google without the user knowing. After doing some digging I've found this is only the case if, while using IE8 the user fails to restart the browser after disabling the toolbar from the "Manage Add-ons" window.

This is certainly possible, but the browser does warn the user to restart immediately after saving the changes. In fact, going to the add-ons screen is the slow way to disable the toolbar -- the easiest way is to click Tools>Toolbars then uncheck the Google toolbar. This stops it from sending the information back to Google immediately.

So, while I don't believe Google is being nefarious, after the news of their recent hacking and some of the reasons it was possible, it's a good time to talk about how to monitor what sort of information is being sent through tools like the Google Toolbar.

Continue reading How to know if a toolbar (like Google's) is tracking you when it's disabled

How to know if a toolbar (like Google's) is tracking you when it's disabled originally appeared on Download Squad on Wed, 27 Jan 2010 14:04:00 EST. Please see our terms for use of feeds.

Permalink | Email this | Comments]]>cleanersoftgoogle toolbarGoogleToolbarprivacysecuritywiresharkWed, 27 Jan 2010 14:04:00 EST<![CDATA[Comodo Internet Security 4 adds application sandboxing]]>http://www.downloadsquad.com/2010/01/24/comodo-internet-security-4-adds-application-sandboxing/http://www.downloadsquad.com/2010/01/24/comodo-internet-security-4-adds-application-sandboxing/http://www.downloadsquad.com/2010/01/24/comodo-internet-security-4-adds-application-sandboxing/#commentsFiled under: , ,

Comodo receives much more recognition for their firewall software than they do for anything else they develop, but that hasn't stopped them from venturing outside their comfort zone.

In October 2009, they released Comodo Internet Security -- which bundled their popular firewall app with free antivirus defense. It was a good freshman effort, though their AV engine (developed in-house) wasn't quite mature enough to go toe-to-toe with other those from other antivirus providers.

Work has begun on version 4, however, and so far the beta version looks like it will be a substantial improvement. One feature I'm particularly interested in is sandboxing.

Comodo is not alone in introducing this feature -- Avast recently bundled something similar in certain versions of their latest release. It's only enabled in Avast's paid versions though, so Comodo could well be the only security suite or AV in which you'll find totally free, full-featured sandboxing!

Continue reading Comodo Internet Security 4 adds application sandboxing

Comodo Internet Security 4 adds application sandboxing originally appeared on Download Squad on Sun, 24 Jan 2010 13:00:00 EST. Please see our terms for use of feeds.

Permalink | Email this | Comments]]>antiviruscomodofirewallinternetsandboxsandboxingsecuritySun, 24 Jan 2010 13:00:00 EST<![CDATA[Microsoft knew of critical IE flaw used in Google attack 5 months ago]]>http://www.downloadsquad.com/2010/01/22/microsoft-knew-of-critical-ie-flaw-used-in-google-attack-6-month/http://www.downloadsquad.com/2010/01/22/microsoft-knew-of-critical-ie-flaw-used-in-google-attack-6-month/http://www.downloadsquad.com/2010/01/22/microsoft-knew-of-critical-ie-flaw-used-in-google-attack-6-month/#commentsFiled under: , , ,

Microsoft has already fessed up -- admitting that a vulnerability in Internet Explorer was a key component in the Chinese attacks on companies including Google and Yahoo. Today, a post at Wired revealed some very disappointing news: Microsoft knew about the exploit as far back as September of 2009.

Microsoft's senior security officer Jerry Bryant had this to say: "Our investigation into this responsibly reported vulnerability began early September...We became aware of the recent attacks in mid January and as part of our investigation determined the vulnerability being used in these attacks was similar to the one investigated in September."

Apparently the official plan from Redmond was to patch the hole in a cumulative update this February -- a full six months after it was discovered. In the wake of the attacks, however, they were forced into action and released an out-of-band patch for IE.

What's your take on this news?

Six months seems like an extremely long time to make millions of customers wait for you to release a patch to a flaw which is considered to pose a severe risk.

Most of our users have already made the switch - maybe it's time for the rest of the world to look at an alternative browser.

Microsoft knew of critical IE flaw used in Google attack 5 months ago originally appeared on Download Squad on Fri, 22 Jan 2010 11:54:00 EST. Please see our terms for use of feeds.

Read | Permalink | Email this | Comments]]>exploitflawinternet explorerInternetExplorersecurityvulnerabilityFri, 22 Jan 2010 11:54:00 EST<![CDATA[Adobe Flash Player 10.1 to cooperate with private browsing modes]]>http://www.downloadsquad.com/2010/01/22/adobe-flash-player-10-1-to-cooperate-with-private-browsing-modes/http://www.downloadsquad.com/2010/01/22/adobe-flash-player-10-1-to-cooperate-with-private-browsing-modes/http://www.downloadsquad.com/2010/01/22/adobe-flash-player-10-1-to-cooperate-with-private-browsing-modes/#commentsFiled under: , ,

There have been more than a few blog posts lately talking about how websites can use Flash cookies to keep tabs on you even if you're visiting their site using your browser's private browsing mode. It would appear, however, that the crew at Adobe thinks this is something which should change.

According to a post on NeoWin, Adobe is working to make sure that Flash 10.1 will play nice with the private browsing offered in most current browsers. Once you close your session, Flash Player will automatically clear the pertinent locally cached files. Visited a site with a Flash-powered login system? Any locally stored objects (LSOs) they create will also be purged.

On top of that, non-private instances of the Flash player won't have access to data created by those running in private sessions.

Right now, Adobe has things working with Google Chrome, Firefox 3.5 (or newer) and Internet Explorer 8. While Safari offers a private mode, support isn't quite there just yet. Expect to see it arrive before Flash 10.1 is released to the public.

Adobe Flash Player 10.1 to cooperate with private browsing modes originally appeared on Download Squad on Fri, 22 Jan 2010 07:00:00 EST. Please see our terms for use of feeds.

Read | Permalink | Email this | Comments]]>10.1adobebrowsingcachecookiesflashlsoprivacyprivateFri, 22 Jan 2010 07:00:00 EST<![CDATA[Analysis of 32 MILLION breached passwords shows people use stupid passwords]]>http://www.downloadsquad.com/2010/01/21/analysis-of-32-million-breached-passwords-shows-people-use-stupi/http://www.downloadsquad.com/2010/01/21/analysis-of-32-million-breached-passwords-shows-people-use-stupi/http://www.downloadsquad.com/2010/01/21/analysis-of-32-million-breached-passwords-shows-people-use-stupi/#commentsFiled under:

Password breaches happen on a pretty regular basis, but the one at Rockyou.com was massive -- involving 32 million users. Now that the dust has settled, security firm Imperva has taken the time to do a little analysis of the data involved.

Verdict: it's 2010, and people are still using the stupidest passwords imaginable.

Here's a quick look at the top ten:
  1. 123456
  2. 12345
  3. 123456789
  4. Password
  5. iloveyou
  6. princess
  7. rockyou
  8. 1234567
  9. 12345678
  10. abc123
Are you kidding me?! No...No, you're not. But this is a seriously sad commentary on two things.
Share

Continue reading Analysis of 32 MILLION breached passwords shows people use stupid passwords

Analysis of 32 MILLION breached passwords shows people use stupid passwords originally appeared on Download Squad on Thu, 21 Jan 2010 12:08:00 EST. Please see our terms for use of feeds.

Read | Permalink | Email this | Comments]]>breachdumbfailpasswordsrockyou.comsecuritystupidThu, 21 Jan 2010 12:08:00 EST<![CDATA[Bing now keeps IP records for 6 months, instead of a year and a half]]>http://www.downloadsquad.com/2010/01/20/bing-now-keeps-ip-records-for-6-months-instead-of-a-year-and-a-half/http://www.downloadsquad.com/2010/01/20/bing-now-keeps-ip-records-for-6-months-instead-of-a-year-and-a-half/http://www.downloadsquad.com/2010/01/20/bing-now-keeps-ip-records-for-6-months-instead-of-a-year-and-a-half/#commentsFiled under: , ,

In response to new European Union regulations, Microsoft has reduced the amount of time Bing will associate your IP address with your search history. Up until now, Bing saved your searches, along with your full IP address, for 18 months. That's now been cut down to 6 months. Under the new plan, Microsoft will also stop storing your cross-session search cookies at 18 months, meaning they won't know that all of your separate search sessions came from the same person.

To put Bing's new privacy policies into perspective, you have to compare them with what happens at the biggest player in search, Google. Google waits 9 months before it will anonymize IP addresses to separate them from your account info and other data that could be used to ID you. Bing anonymizes immediately. At 18 months, Google deletes IP addresses, compared to Bing's new policy of clearing them after 6. Google has also made no indication that it will comply with the new EU regulations, which is perfectly in keeping with its recent attitude of standing up to governments it disagrees with.

[via CNET]
Share

Bing now keeps IP records for 6 months, instead of a year and a half originally appeared on Download Squad on Wed, 20 Jan 2010 10:00:00 EST. Please see our terms for use of feeds.

Read | Permalink | Email this | Comments]]>anonymousbinghistoryip addressIpAddressmicrosoftprivacysearchsearch historySearchHistoryWed, 20 Jan 2010 10:00:00 EST<![CDATA[DNS Security Extensions are about to make the Internet a lot safer]]>http://www.downloadsquad.com/2010/01/19/dns-security-extensions-are-about-to-make-the-internet-a-lot-saf/http://www.downloadsquad.com/2010/01/19/dns-security-extensions-are-about-to-make-the-internet-a-lot-saf/http://www.downloadsquad.com/2010/01/19/dns-security-extensions-are-about-to-make-the-internet-a-lot-saf/#commentsFiled under: ,

DNS hijacking and poisoning has been around since the dawn of time -- it just didn't enter the popular media until recent high-profile attacks on Twitter, Baidu, and the success of China's Golden Shield Project. Basically, DNS in its current form is incredibly insecure when compared to corporate infrastructure. With DNS hacks it's very easy to set up pharming (think 'farming' combined with 'phishing') where a popular site is redirected to a rogue server. Why infiltrate a heavily-encrypted corporate network when you can simply poison a DNS server?

That's all about to change with DNSSEC. Between now and May 2010, DNS Security Extensions will be rolled out to the root servers. From there, it's expected that lower branches of the DNS system will quickly adopt the same security protocols.

In essence, these changes add a new layer of encryption and verification to all changes made to DNS records. When the client requests the IP address of an alphanumeric address, encryption keys are exchanged and the result verified. In theory, the system will probably sacrifice a little speed, but the slowdown will probably be negligible.

[via Pingdom (maybe the best domain name ever)]
Share

DNS Security Extensions are about to make the Internet a lot safer originally appeared on Download Squad on Tue, 19 Jan 2010 16:12:00 EST. Please see our terms for use of feeds.

Read | Permalink | Email this | Comments]]>dnsdnssecpharmingphishingrootroot serversRootServerssecurityTue, 19 Jan 2010 16:12:00 EST<![CDATA[Avast - the world's most popular free antivirus - version 5.0 now available for download]]>http://www.downloadsquad.com/2010/01/19/avast-5-free-antivirus-for-windows-available-for-download/http://www.downloadsquad.com/2010/01/19/avast-5-free-antivirus-for-windows-available-for-download/http://www.downloadsquad.com/2010/01/19/avast-5-free-antivirus-for-windows-available-for-download/#commentsFiled under: ,

I figured the big day was nearly at hand when checking Google Pack for the switch to Avast - the spherical 'a' logo was orange instead of the blue which accompanied version 4. It's now official: Avast 5.0 is now available for download.

As with previous versions of Avast, there are both free and pro versions - as well as a a full internet security suite. It's Alwil's first suite, and a relative bargain at $59.95 per year for three computers. Norton - still the big dog in paid antivirus - charges $69.99 for a single machine.

What's new in version 5? Like many other AV developers, Alwil has made the new version lighter on system resources. They've cut down the total number of system processes Avast creates and boosted scanning speeds. The new behavioral shield provides solid heuristic detection for threats not yet included in Avast's definitions.

Continue reading Avast - the world's most popular free antivirus - version 5.0 now available for download

Avast - the world's most popular free antivirus - version 5.0 now available for download originally appeared on Download Squad on Tue, 19 Jan 2010 07:09:00 EST. Please see our terms for use of feeds.

Permalink | Email this | Comments]]>5alwilantivirusavastfreemalwaresecuritysuitetrojanvirusTue, 19 Jan 2010 07:09:00 EST<![CDATA[On a good note, China has been making life harder for spammers]]>http://www.downloadsquad.com/2010/01/16/on-a-good-note-china-has-been-making-life-harder-for-spammers/http://www.downloadsquad.com/2010/01/16/on-a-good-note-china-has-been-making-life-harder-for-spammers/http://www.downloadsquad.com/2010/01/16/on-a-good-note-china-has-been-making-life-harder-for-spammers/#commentsFiled under: ,

Despite the recent shenanigans overseas involving Google, China has at least taken steps to help cut down on the amount of spam in our inboxes.

Symantec's Samir Patil reports that their company has observed a major drop in spam originating from .CN domains. Back in December, the CNNIC announced that they would be enacting new rules about domain name registrations "in order to further enhance the authenticity, accuracy, and integrality of the domain name registration information."

The change seems to have worked wonders. Patil notes .CN based spam has dropped from previous rates -- as much as 50% of all spam -- to as low as 5% since the new policy was put in place. Whether or not the change was intended to have this effect remains to be seen. After all, this could have been a decision based purely upon the desire to have more control over the approval process.

So why is .CN so popular, anyway? It's apparently a believable place to send Canadian Pharmacy spam from.

As much as it pains me to tell you all this, that discount Viagra from Canada you've been this close to ordering?

Yeah...Canadian pharmacies (at least the ones I know about) don't operate in China. We'll have to get our little blue pills elsewhere.
Share

On a good note, China has been making life harder for spammers originally appeared on Download Squad on Sat, 16 Jan 2010 08:43:00 EST. Please see our terms for use of feeds.

Read | Permalink | Email this | Comments]]>canadianchinaemailpharmacyscammerscamsspamSat, 16 Jan 2010 08:43:00 EST<![CDATA[Internet Explorer to blame for attack on Google]]>http://www.downloadsquad.com/2010/01/15/internet-explorer-to-blame-for-attack-on-google/http://www.downloadsquad.com/2010/01/15/internet-explorer-to-blame-for-attack-on-google/http://www.downloadsquad.com/2010/01/15/internet-explorer-to-blame-for-attack-on-google/#commentsFiled under: , , ,

There is a lot of news coming out about the attack on Google and everyone involved is trying to figure out exactly what happened. While nothing is official, a lot of the evidence has started pointing to the Chinese government as being behind it. Even so, our friends over at Microsoft might have some insight as to how the attack was accomplished.

Microsoft says it best in their security blog:
"We have determined that Internet Explorer was one of the vectors used in targeted and sophisticated attacks against Google and possibly other corporate networks."
Earlier today, VeriSign provided some information about the way Google was hacked, but here we have the software giant taking some responsibility for what happened. While the vulnerability still exists, Microsoft doesn't seem all that worried that the hole could cause problems for the average user. IE8 and their newest OS releases all have security features in place by default that can prevent attack, leaving only the more outdated versions of the browser at risk. Even so, they've released a security advisory to clarify what the vulnerability will and won't do.

Developments on this cyberattack will probably continue coming out but this news will definitely help narrow down the problems and may even help reveal who was truly behind it all.

The real question: why is Google using Internet Explorer anyway?
Share

Internet Explorer to blame for attack on Google originally appeared on Download Squad on Fri, 15 Jan 2010 18:30:00 EST. Please see our terms for use of feeds.

Read | Permalink | Email this | Comments]]>chinagooglegoogle vs chinaGoogleVsChinahackinternet explorerInternetExplorermicrosoftsecurityzero-dayFri, 15 Jan 2010 18:30:00 EST