Is this a divorce or separation?  I chronicled Google’s dysfunctional marriage to China last month. This week Google shut down its search service on the Chinese mainland last night after a two-month standoff with Beijing over censorship and the much talked about hacking incident.

Google.cn now redirects visitors to google.com.hk – where they are greeted by a message reading: “Welcome to Google search in China’s new home.”

The move allowed Google to stop self-censoring the service, although the government’s filtering system would still prevent mainland users from seeing the results of many “politically sensitive” searches.

Microsoft has released a preview of the new version of Internet Explorer, IE 9.It can be downloaded  from http://ie.microsoft.com/testdrive/Default.html.

I’m sure we will soon start seeing phishing emails and malicious sites being set up around this so if you are interested, be sure to download it from the REAL Microsoft, huh.

Not impressed? Here’s Microsoft’s response, or should I call it a presponse.

“The Platform Preview is an early look at the Internet Explorer 9 platform so some features are incomplete, some may change, and some may be added…..We ask that you refrain from providing feedback on features where noted that they are either partially implemented or not available. We are aware of their condition and will provide updates in future releases. Similarly, for known issues, we are aware of their existence and are actively working on them. Thank you for your interest in the Internet Explorer Platform Preview!”

Microsoft Corp. today warned of a critical vulnerability in Internet Explorer that is already being exploited by hackers; it was the company’s second such admission in the past two months.

Internet Explorer 6 and its 2006 successor, IE7, contain a vulnerability that can be used by attackers to inject malicious code into a Windows PC. The oldest and newest of Microsoft’s supported browsers, IE 5.01 and IE8, respectively, are not vulnerable to such attacks.

“At this time, we are aware of targeted attacks attempting to use this vulnerability,” Microsoft acknowledged in an advisory posted simultaneously with two security updates that patched eight bugs in Windows and Office. Elsewhere, Microsoft said that the vulnerability had been publicly disclosed.

Source: http://www.computerworld.com/s/article/9168138/Microsoft_warns_of_new_IE_bug_attacks_under_way

Twitter has added a new service that detects malicious URLs in an effort to quell the rise in spam and phishing on the microblogging social network. I previously did a post about the risk posed by url shorteners.

The new security feature ultimately will scan all URLs before they hit the Twitter feed, but initially is only doing so for URLs sent via Twitter direct messages [DMs] and email notifications about DMs. Twitter is using its own URL shortener for these links: “For the most part, you will not notice this feature because it works behind the scenes but you may notice links shortened to twt.tl in Direct Messages and email notifications,” said Del Harvey, Twitter’s director of trust and safety, in a blog post last night.

Twitter’s security feature comes amid new data revealing the level of abuse on the social network: One in eight Twitter accounts last year was malicious, suspicious, or suspended, according to a report issued today by Barracuda Networks. The surge in celebrities joining Twitter in 2009 resulted in a major jump in spam, phishing, and other abuse on the site, according to the report.

Read more: http://www.darkreading.com/securityservices/security/attacks

Microsoft has resumed pushing out the patch connected to the recent Windows blue screens. Microsoft concluded that the system crashes with due to a rootkit [named Alureon] infecting the users computers. The company  issued a scanning tool users can run to determine whether their PCs are infected  before they attempt to download and install MS10-015. The tool doesn’t scrub Alureon from a compromised computer, but only determines whether the system is compatible with the patch.

Microsoft has not yet delivered a promised detect-and-destroy tool that will clean infected PCs. In the past, Microsoft has used its Malicious Software Removal Tool (MSRT), a free program updated each Patch Tuesday, to seek out and destroy rootkits. The next scheduled refresh of the MSRT is March 9.

If it sounds like a horror movie….well, that’s because is really is. Microsoft is reporting yet another Internet Explorer bug.

In the latest episode of this never-ending saga, there is an unpatched bug in VBScript that hackers can use to drop malware on 32-bit Windows XP machines running IE 7 and 8. I know what you are saying: ” But we told them to upgrade from the nine year old IE6! ”

According to Microsoft’s Senior Security Communications Manager Lead Jerry Bryant, an exploit “was posted publicly that could allow an attacker to host a maliciously crafted web page and run arbitrary code if they could convince a user to visit the web page and then get them to press the F1 [or help] key in response to a pop up dialog box.”

Is it time to change your browser? Maybe the EU has it right.

Mar 01, 2010 – The U.S. Department of Defense (DoD) announces the official approval of the  EC-Council Certified Ethical Hacker (CEH) certification program as a new baseline skills requirement for U.S.cyber defenders. Specifically, the new Certified Ethical Hacker program is required for the DoD’s computer network defenders (CND’s), a specialized personnel classification within the DoD’s information assurance workforce.

The Certified Ethical Hacker requirement falls under the auspices of DoD Directive 8570 Information Assurance Workforce Improvement Program. The current version (incorporating Change 2) was signed by Assistant Secretary of Defense, John G. Grimes and was officially instated on February 25, 2010. Directive 8570 provides clear guidance to information assurance training, certification and workforce management across all components of the DoD.

The CND groups protect, monitor, analyze, detect, and respond to unauthorized activity within DoD information systems and computer networks.

With this directive, military service, contractors, and foreign employees across all job descriptions must show 100-percent compliance with the new Certified Ethical Hacker training requirement by 2011. This shows the DoD’s focus on better training and preparation of the U.S. military workforce in this area.

The Certified Ethical Hacker qualification tests the certification holder’s knowledge in the mindset, tools and techniques of a hacker, fortifying it’s certification tag line: “To beat a hacker, you must think like one.”

“CEH has been selected due to the immense technical and tactical nature of the certification,”

# # #

The International Council of E-Commerce Consultants (EC-Council) is a member-based organization that certifies individuals in various e-business and security skills. It is the owner and developer of the world famous Certified Ethical Hacker course, Computer Hacking Forensics Investigator program, License Penetration Tester program and various other programs offered in over 60 countries around the globe. These certifications are recognized worldwide and have received endorsements from various government agencies including the US Federal Government via the Montgomery GI Bill, and the US Government National Security Agency (NSA) and the Committee on National Security Systems (CNSS). For more information about EC-Council, please visit the website: http://www.eccouncil.org

Source: http://www.prlog.org/10553483-united-states-department-of-defense-embraces-hacker-certification-to-protect-us-interests.html

Microsoft has been ordered to introduce the browser “ballot box” following a ruling by the European Commission that Microsoft’s practice of pre-installing Internet Explorer on every new computer was anti-competitive. The Commission accepted Microsoft’s offer of rolling out the ballot box across its range of Windows machines, which it believes will make it easier for computer users to choose an alternative browser to Internet Explorer. See ballot below:

The ballot box will be pushed to Windows users running XP, Vista and Windows 7, via an automatic software update, and will only be shown to computer users who are not already running a different default browser. The list of offered browsers are:

* Avant
* Google Chrome
* Mozilla Firefox
* Flock
* GreenBrowser
* Internet Explorer
* K-meleon
* Maxthon
* Opera
* Apple Safari
* Sleipnir
* SlimBrowser

I’m not sure how I feel about this. Competition is always good however users savvy enough to care already know they can download and run any of these browsers. I agree with Microsoft on the point that this will just add to the confusion of many users.

Microsoft will drop support for Vista (without any Service Packs) on April 13 and support for XP SP2 ends July 13. (i.e. no more security updates). If you are still running these, it it time to update.