Web Security Review

Image Source: pictures.directnews.co.uk

It is found in a research that English speaking countries are targeted more for identity thefts. It rates to twice the rate of many European countries. Reports of identity fraud victims are 10% in the US, Canda and the United Kingdom. These being English speaking countries. Germany, France and Spain only reported a 5% rate of identity fraud. The Germans enjoy the lowest ratio of identity fraud among the specified countries, reporting only 3% identity fraud cases. While the Germans may have helped themselves to be more less riskier of being identity theft victims du to the fact that they are more cautious in handling their passwords. Only one in four Germans, according to the survey ever revealed their password to anyone they know. Unlike in the US where 60% of the respondents reported to have shared their passwords with their loved ones and or family members. Next is the French which totaled 56% over all. AMericans tend to write down their passwords so they would know what it is when they forget. The Freanch and Spanish users are the most lax in handling their passwords.

Image source: www.blog.webreakstuff.com
This is an alarming news, everyone. We all know about Youtube, right? Well, it’s dangerous as MySpace, FaceBook, or any online community now. Given that Youtube also allows “pg 13” stuffs, but that’s not the danger we’re talking about. That’s right. Some of the pages in Youtube have links that opens malicious machines into your computer. These machines have the ability to save your computer’s keystrokes, copies data, or even control your computer for another hacking scheme. Some people can separate the real and the fraud just by looking in the URL in the status bar, but it is much safer if you just search it in youtube itself. You know why? Some hackers make their preys open these links by making them their friends first. They just did this just because this is the time of election in the US, and youtube-users provide videos about the election, or their insight.

The Photo Express service is currently only officially offering by Adobe to those in the US, but we successfully accessed and used it from the UK (although we did have to claim to be from the US to do so). To those using the Photoshop Express service from outside the US, the Adobe has warned them that they will find it painfully slow but we found it fairly slick. Later in the year plans are in place to officially launch Photoshop Express in other locations.  My Photos section offers 2GB of space and we started uploading photos, and we were able to organize images into albums or leave them loose in the library, then it was on with the editing.

The Windows Server 2008 according to The Planet features enhanced capabilities and powerful tools that build on the strengths of its predecessors. In February, the new operating system, which was launched along with Microsoft Visual Studio 2008 and Microsoft SQL Server 2008, delivers enhanced Web tools, virtualization technologies and security features that, backed by The Planet’s network and six data centers, provide a secure and scalable hosted IT environment. Urvish  Vashi, director of product management for the planet said that “As more companies move their complex IT infrastructures to hosted environments, they’re looking for the broadest portfolio of offerings to support their strategic business requirements,”

You’ve got to get moving if you haven’t already filed your tax return because April 15 is nearly here. This year, it is important to file if you are eligible for an economic stimulus payment. If you don’t file then you don’t get paid. On March 29 the Internal Revenue Service teamed up with tax operations run by such organizations as AARP and the United Way to help the many folks who don’t typically file and held what the agency called “Super Saturday”, one way the IRS and its partners are working to ensure everyone eligible receives a stimulus payment. IRS spokesman Jim Dupree said “For millions of Americans, filing a tax return is not routine” he also said that “Their income is either too low or not taxable”.

It is apparent that support costs will continue to increase in direct proportion to the concurrent services offered still as carriers look to add more and more services to their portfolios. The number of support calls increases in proportion as the number of services increases. For the communications providers these increased problems come at a time when call centers are trying to increase service levels and first call resolution ratios. Using a web conferencing solution is one simple way to achieve these goals.  Through the use of Web Conferencing, I learned what Motorola is doing to help service providers and call centers of various sizes with the support issues.

According to Websense, there are a lot of reasons for spammers to favor using GMail:

“…that from the spammers’ perspective, there are four main advantages to this approach. First, signing up for an account with Google allows access to its wide portfolio of services. Second, Google’s domains are unlikely to be blacklisted. Third, they are free to sign up. And fourth, it may be hard to keep track of them as millions of users worldwide are using various Google services on a regular basis.”

There are actions made by GMail to fix this problem as they come up with different methods in preventing such scam. GMail has invited certain users to have their closed beta test to intensify their security system

Yuki Shiina was arrested after allegedly sending 9 spam messages with forged sender information on November 13, 2007. The suspect, according to the investigations, bought 600,000 e-mail addresses for 100,000 yen and sent spam messages from his home PC.

He earned 2 million yen (more than 18,000 US dollars) from advertisers and sent around 2.2 million messages. The Internet service provider tipped last September to the police that they recorded that he was sending a massive amount of e-mails.

In Japan, a law was passed in 2002, and subsequently amended in 2007 where it prohibits sending spam messages with false or forged sender identification.

By Ryan Narain

A hacker finds a way to use a booby-trapped Web page to trick Google Toolbar users into adding malicious buttons to the browser.

A dialog spoofing vulnerability in the popular Google Toolbar could be exploited by malicious hackers to execute malicious files or launch identity theft attacks, according to a warning from security researcher Aviv Raff.

Raff, a well-known hacker who regularly finds and reports software vulnerabilities, figured out a way to use a booby-trapped Web page to trick Google Toolbar users into adding malicious buttons to the toolbar.

In an IM interview with eWEEK, Raff said multiple versions of the toolbar allows spoofed information to be presented to the user when adding a new browser toolbar icon/button.

Read more from eweek.com

For readers with a MySpace or Facebook account, please be vigilant and careful when accepting apps or widgets from your friends; they main contain Trojan viruses that steal information from your site and then send it all back to the one who created it. They usually do this by sending Trojans through apps or widgets that your friends sent you. According to researchers at Finjan, cyberattackers are now going to these social networking sites such to get more victims.

“Attacks will become more sophisticated by combining several services in order to heighten infection ratios and decrease the detection rate, while providing more robust and scalable attack frameworks,” Yuval Ben-Itzhak, chief technology officer, Finjan, said in a news release. “The focus will be on trojan technology as it enables maximum flexibility in terms of command and control. This adds another potentially malicious element to the ‘legitimate’ web traffic that needs to be examined by security solutions.”

In short, before installing the app or widget that your friend sent you, confirm if it came from them. If it didn’t, kindly delete it immediately. If it did come from them, research on the app or widget from previous users.

Source