McAfee will provide restitution to businesses hit by a faulty virus definition update that rendered computers unusable, the company has confirmed.

“Enterprise customers will get compensation tailored to each individual customer and will receive a combination including products, services and support,” a McAfee spokesman told ZDNet UK on Tuesday.

The concept of companies paying for damages caused by buggy software has been often discussed. Is this a step in that direction or is McAfee  just doing some good customer management ?

Source: http://www.zdnet.co.uk/news/security-management/2010/04/27/mcafee-to-compensate-businesses-for-buggy-update-40088779/?s_cid=938

Saw this coming a mile away. Why didn’t Ubisoft?..

I couldn’t wait to get my hands on Assassin’s Creed II. It’s nice to be able to unwind for an hour or so at night, running across rooftops in 15th Century Venice, leaping on an unsuspecting Templar and burying my dual hidden blades in his neck. Well, it would be nice accept my wireless signal in my bedroom isn’t all that great (or maybe it’s a laptop hardware issue) and the game hangs every 2 mins for about 30 seconds because I lose my connection. Thanks to the Ubisoft’s always-online DRM. I have to be online at all times to play the game.

“Hackers have overcome Ubisoft’s controversial DRM system that relied on constant connection to the internet for games to function.

A crack for Ubisoft’s anti-piracy system published by a group called Skid Row allows gamers to circumvent the controls.  A message from the group on a gamers’ forum sets out the group’s agenda: allowing legitimate copies of PC games to be played without an internet connection, rather than facilitating piracy. Skid Row cheekily thanks Ubisoft for posing an interesting intellectual challenge.”

I understand Ubisoft’s desire to protect its products from pirates but this causes a great inconvenience to legitimate customers like myself. Not to mention, it only took about a a dayto crack it. It causes me all this aggravation with controls that only held up for 24 hrs ?

Silent Hunter NFO:

Ü ß               ßÜ    ÜþßßßþÜ      Û                ÜþßßßþÜ
°   ÛÜ     ²Ü     °    ÜÛÝ  ß       ²Ü     ßßÛÛÛÜÜ     ° ÜÛÜ     ²ÛÜ
ßÛÛÛÜ ²ÛÛÜ     ÜÜÛÛÛÜÜß    °   ²ÛÛÜÜÜÜÜÜÜÛÛÛÛÛÜ ° ÜÛÛßÛÛÜ ° ²ÛÛ²  °     Ü
ÜÛÛÛÛßßßßßß ²ÛÛ²  ²ÛÛÛÛßÛ²²²Û  ÜÜÜÜÜܲÛÛ² ²ÛÛ²  ²ÛÛ²ß ÜÛÛ²   ²ÛÛÜ ²ÛÛ² °°°  ÜÛ²
ßßßßßß²²²²Üß²²²ßß²²²Ü   ßßß  Û²²²ß  ²²²² ²²²²ßß²²²ÜÜ ²²²² ° ²²²² ²²²² °°° ²²²²
±±±±±  Þ±±±±ÛÞ±±  Þ±±±± ²²²²²Þ±±±± ° ±±±± ±±±±  Þ±±±±Ûܱ±± ° ±±±± ±±±± °°° ±±±±
°°°°° ° °°°°°Ý°° ° °°°°°°°°°°Þ°°°° ° °°°° °°°° ° °°°°°°°°° ° °°°° °°°°  Ü  °°°°
±±±±± ° ±±±±±Ý±± ° ±±±±±Ü±±±±±±±±± ° ±±±± ±±±± ° ±±±±±Ý±±± ° ±±±± ±±²ßÜÛÛÛÜß²±±
Þ²²²² °Þ²²²²²²²² °Þ²²²²²Ý²²²²Þ²²²²Ý  ²²²² ²²²² °Þ²²²²²²²²² ° ²²²² ²²²²²ß ß²²²²²
ßÛÛ² ÜÛ²ÛÛßÜÛÛß  ²ÛÛÛÛ²ÛÛÛß  ²ÛÛÛ²ÜܲÛ۲ܲÛß   ²ÛÛÛ² ßÛÛ²   ²ÛÛß ²ÛÛß ° ° ßÛÛ²
°  ßÜÛÛßß   Ûß   ÜÛ²ÛÛß Ûß  °  ÛÛÛÛÛßßß   ß  ° ÞÛÛ²ÛÝ ° ßÛÛÜÛÛß ° ²ß   °     ßÛ
Üßß    °     ÜÛÛÛßß  ° ßþÜÜþß ßßÛÛÛÛÜÜÜþß  °  ßßÛÛÛÜÜÜÜÜÛÛß Eboy
ßÜÜþß     þßß                                     ßßßßßß
S   K   i   D   R   O   W

Üß               ->  T H E   L E A D i N G   F O R C E   <-                 ßÜ
ßÜ                                                                          Üß
ßßßßßßßßßßßßßßßßßßß ßßßßß  ß proudly presents ß  ßßßßß ßßßßßßßßßßßßßßßßßßß
° ÛÛÛ²²²²±±°° Silent Hunter 5: Battle of the Atlantic / Ubisoft °°±±²²²²ÛÛÛ °
±ÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜܱ
²                                                                           ²
²   RELEASE DATE : 03-03-2010               PROTECTION : Ubisoft DRM        ²
²   GAME TYPE    : Submarine Simulation     DISKS      : 1 DVD              ²
°                                                                           °
ßÛ²ßßßßßßßßßßßßßßßßÛÛßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßß ßßß  ß
ßÛÝ Release Notes: ßÛÜ                                               ° Û
Üþ  Þ² ÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÛÛÜ                                             ± Û
Û   ÜÛß Û                                                                ² Û
ßßß  ° Û The Skid Rowdies are looking new blood to fill up the ranks.   Û Û
± Û We're a professional team of dedicated sceners with big mark   Û Û
Û Û under sceners. We believe on the ground idealism of the root   Û Û
Û Û of the real old school scene. We do all this for fun and       Û Û
Û Û nothing else. We don't earn anything on our hobby, as we do    Û Û
Û Û this for the competition and the heart of what got the scene   Û Û
Û Û started in the mid eighties.                                   Û Û
Û Û                                                                Û Û
Û Û If you think you got something to offer, then don't hold back  Û Û
Û Û on contacting us as soon as possible.                          Û Û
Û Û                                                                Û Û
Û Û  _______  __     ___     _____   /__                          Û Û
Û Û      / |/ /_/_|         _  / /_ /  /                   Û Û
Û Û  / /| / / //| |     //_// / / / / / /                   Û Û
Û Û /   |   /  | |_   / / / /_/ / /// /                    Û Û
Û Û ____/|_|___/|___/ / /_/_/__/_/____/                     Û Û
Û Û     twice the fun   / double the trouble                      Û Û
Û Û                                                                Û Û
Û Û ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ Û Û
Û Û                                                                Û Û
Û Û On with the game release information:                          Û Û
Û Û                                                                Û Û
Û Û Silent Hunter 5 hails the return of the number one submarine   Û Û
Û Û simulation. For the first time the player will be able to play Û Û
Û Û & feel as U-boat captain leading his crew from a first person  Û Û
Û Û view in a true dynamic campaign.                               Û Û
Û Û                                                                Û Û
Û Û Operate against Allied shipping on a vast area all across the  Û Û
Û Û Atlantic Ocean and Mediterranean Sea and participate in famous Û Û
Û Û encounters with strong enemy warships. Can you do better than  Û Û
Û Û the best U-boat aces?                                          Û Û
Û Û                                                                Û Û
Û Û Silent Hunter 5 raises the levels of interactivity and         Û Û
Û Û immersion inside the U-boat and outside                        Û Û
Û Û                                                                Û Û
Û Û For the first time the player will walk through highly         Û Û
Û Û detailed submarines in FPS view and be able to access every    Û Û
Û Û inside & outside part of the U-boot                            Û Û
Û Û                                                                Û Û
Û Û With the help of an advanced order system the player will      Û Û
Û Û interact with the submarine crew, watch them doing their daily Û Û
Û Û jobs and experience the tension & fear inside the U-boot.      Û Û
Û Û                                                                Û Û
Û Û Player actions will impact the outcome of battles and the      Û Û
Û Û scenario evolution in campaign. Depending on his approach the  Û Û
Û Û player can open new locations with upgrade and resupply        Û Û
Û Û possibilities, while the Allied response adjusts dynamically   Û Û
Û Û                                                                Û Û
Û °                                                                Û °
ßÛ²ßßßßßßßßßßßßßßßßÛÛßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßß ßßß  ß
ßÛÝ Install Notes: ßÛÜ                                               ° Û
Üþ  Þ² ÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÛÛÜ                                             ± Û
Û   ÜÛß Û                                                                ² Û
ßßß  ° Û 1. Unpack release                                              Û Û
± Û 2. Mount image or burn it                                      Û Û
Û Û 3. Install                                                     Û Û
Û Û 4. Copy the content from the SKIDROW folder on the DVD to your Û Û
Û Û    installation directory and overwrite                        Û Û
Û Û 5. Play the game                                               Û Û
Û Û                                                                Û Û
Û Û Additinal Notes:                                               Û Û
Û Û                                                                Û Û
Û Û Don't install/use Ubisoft launcher, or simply block any        Û Û
Û Û connection to internet.                                        Û Û
Û Û                                                                Û Û
Û Û Install game and copy crack, it's that simple!                 Û Û
Û Û                                                                Û Û
Û Û Support the companies, which software you actually enjoy!      Û Û

Source: http://www.theregister.co.uk/2010/04/28/ubisoft_drm_cracked/

So…. I made this post about the Social Media fallacy that is Blippy. Well true to form, here we are less than two months later finding out…

“Blippy, a social networking site that allows users to share their purchases and discuss shopping with others, will revamp its security plans and hire a Chief Security Officer after an embarrassing incident in which the site accidentally published a few of its members’ credit card numbers on Google.

Blippy Co-founder and CEO Ashvin Kumar said in a blog post this week that the slip-up occurred as a result of a technical oversight back in February that caused raw transaction data to appear within the HTML code on some Blippy pages for about half a day. ”

Who didn’t see this coming a mile away? Presenters at Shmoocon this year noted that penetration testers [and hackers] absolutely love this the Blippy platform because of the naked insight it offers into the spending habits of specific individuals. They also shared a favorite quote making its way around the infosec community: “I joined Blippy and all I got was jacked at the ATM.”"

Sigh

Yesterday, a faulty McAfee anti-virus update labeled a critical Microsoft system file as a “virus” causing hundreds of thousands of computers around the world with Windows XP Service Pack 3 running  to go into a continuous reboot cycle [duh!].

Today, however, Sophos is reporting hackers are compounding the problem by using blackhat SEO (search engine optimisation) techniques to create webpages stuffed with content which appears to be related to McAfee’s false alarm problem – but are really designed to infect visiting computers.

Sophos has identified malicious webpages which appear on the first page of Google results if users search for phrases associated with McAfee’s false positive.

“It’s bad enough if many of the computers in your company are out of action because of a faulty security update, but it’s even worse if you infect your network by Googling for a fix,” explained Graham Cluley, senior technology consultant for Sophos. “These poisoned pages are appearing on the very first page of search engine results, making it likely that many will click on them. If you visit the links you may see pop-up warnings telling you about security issues with your computer. The warnings are fake and designed to trick you into downloading dangerous software, which could result in hackers gaining control of your corporate computers or the theft of your credit card details.”

Yesterday, OWASP released its list of top ten web application security risks for this year. The list, which was first unveiled in November at the OWASP conference, is a departure from OWASP’s previous lists, which ranked the most commonly found weaknesses and vulnerabilities in Web applications. OWASP’s new list features the most exploitable and likely security risks found in these apps. The list includes:

• A1: Injection
• A2: Cross-Site Scripting (XSS)
• A3: Broken Authentication and Session Management
• A4: Insecure Direct Object References
• A5: Cross-Site Request Forgery (CSRF)
• A6: Security Misconfiguration
• A7: Insecure Cryptographic Storage
• A8: Failure to Restrict URL Access
• A9: Insufficient Transport Layer Protection
• A10: Unvalidated Redirects and Forwards

Download the full report here.

From the following article: http://wcbstv.com/seenat11/internet.passwords.microsoft.2.1633927.html

“The study concluded someone hacking into your computer and stealing your password is similar to a crook getting your house key.

The crook will likely use it right away and not wait until after you’ve changed the locks.

“As soon as they’ve got it, they’re using it and then they’re gone,” said Lance Ulanoff, editor of PC Magazine.

Ulanoff advises people to get stronger passwords in the first place. ”

The so-called “expert” advise: Use stronger, more complex passwords.

I guess he is not familiar with the fact that stolen account credentials are bartered and traded like goods in the hacker underground. Ofscourse you should use complex passwords. But it’s still a good practice to change it occasionally.

Version version 4.2.2 released today brings the following fixes:

• Nessus-fetch: Proxy issues have been resolved.
• NASL: Fixed a memory leak in the NASL xmlparse() function.
• Networking: Fixed IPv6 routing when talking to a remote host (FreeBSD, Mac OS X). Packet forgery was not always working on ES5 64 bits.
• Packaging: Fixed the Debian /etc/rc init script. Upgraded OpenSSL to version 0.9.8n (Windows, Solaris)
• Stability: Fixed a possible crash when using a badly written custom plugin. Fixed a possible crash when running out of BPFs on Windows.

Picture this: You’re at a café with your laptop and latte in hand, getting ready to review new sales leads and the quarterly financial projections. First you hop on the free Wi-Fi that the shop’s management provides. Then you connect your laptop to a projector so that the entire café can take a look, and finally you hand out some printed copies of your confidential product specifications to the other patrons so that they can follow along. That may sound ridiculous, but if you’re using public-access Wi-Fi without taking the proper precautions, you might as well be asking your coffee compatriots to partake in confidential company information.

That’s an abstract from a pretty good article in NetworkWorld. I previously also posted about the dangers of public wireless networks.

Consider however, how probably is it that a competitor or anyone else for that matter is lurking steal your data? You don’t know and neither do I. Just remember that it’s very easy to do so protect yourself.

Read full article: http://www.networkworld.com/news/2010/041310-how-to-stay-safe-on.html

These types of attacks have become the norm on Facebook.  Last week, I posted on a similar scam involving Whole Foods Grocery.

This particular  scam page had taken in more than 37,000 users by last Friday, offering them a $1,000 gift certificate in exchange for promoting Ikea to  friends. At that time, the page was gaining new fans at the rate of about 5,000 per hour. The promotion, the page said, was only available for one day.

To participate, users must become a fan of the fake Ikea page, hosted on Facebook, and then invite all their friends to become fans. They are then directed to an affiliate marketing page hosted by GiftDepotDirect.com, where they are asked personal information such as name, address, date of birth and home telephone number.

After that step, the victim is told to sign up for two online marketing offers – these ones with legitimate websites such as Netflix and CreditReport.com – in order to claim the gift card.

The promised cards in these scams never show up. Who would have thunk it??

** Cross-posted from www.secur3t.com**

Google will ask users of its social network Buzz to review their privacy settings starting April 5.

This follows a series of privacy related concerns and updates following the initial launch of the service. I mentioned some of the concerns here in a post: Google Acknowledges Privacy Issues With Buzz amid FTC complaint

The latest tweaks will also show every aspect of a user’s profile, from public settings to the websites users are connected to, and who they are following or being followed by.

“Shortly after launching Google Buzz, we quickly realised we didn’t get everything right and moved as fast as possible to improve the Buzz experience,” said Buzz product manager Todd Jackson in a blog post.

“Offering everyone who uses our products transparency and control is very important to us.”, he continues.

The blogosphere has reacted positively to the proposed changes.

“While we can say that this is what we wanted at launch, it is heartening to see it now,” said Alex Wilhelm, of TheNextWeb.

Ben Parr, associate editor at social media blog Mashable, said that while the changes could not fix the damage already done, they might “help get Congress off [Google's] back”.

“If it can appease critics on the privacy issues, then it can tackle the bigger challenge: making Google Buzz into a competitive threat to Twitter and Facebook.”

The Google Buzz team has promised more updates in the future.