IT Masala

They won't divulge their real names, they call their project a "whiny, attention-seeking ploy," and they appear to take their fashion cues from Beastie Boys music videos.

They won't divulge their real names, they call their project a "whiny, attention-seeking ploy," and they appear to take their fashion cues from Beastie Boys music videos.

But two hackers going by the names of Mondo Armando and Müstaschio promise to begin disclosing security vulnerabilities in MySpace, News Corp.'s popular social networking site, every day next month.

"The purpose of the exercise is not so much to expose MySpace as a hive of spam and villainy (since everyone knows that already), but to highlight the monoculture-style danger of extremely popular websites," wrote Mondo Armando in an e-mail interview.

"We could have just as easily gone after Google or Yahoo or MSN or IDG or whatever. MySpace is just more fun, and is becoming notoriously [obnoxious] about responding to security issues," he said.

These "Month of Bugs" projects have become a way for hackers to bring attention to both themselves and to security problems in certain types of products. Well-known hacker HD Moore kicked off the craze last year when he published one browser bug per day for the month of July. His effort was followed by a "Month of kernel bugs," a "Month of Apple Bugs," and a "Month of PHP Bugs."

The MySpace hackers launched their project late Thursday expressing simultaneous enthusiasm and disdain for the task ahead. "If it ends up being just as lame as the Month of Apple Bugs, then we haven't really missed the mark. If it's funnier, then great," they wrote on their project's blog. "If it kills this Month of Whatever fad, then hurray for everyone, it's over."

They intend to primarily publish cross site scripting bugs, which can allow an attacker to execute malicious script within a victim's browser, but they may also publish bugs that affect browsers or technologies like Flash or QuickTime.

[ Whiny,attention-seeking ploy ] via [ pcworld ]

Want to know who are the lucky one to be in the FBI’s ten most wanted list?

The FBI is offering rewards for information leading to the apprehension of Top Ten Most Wanted Fugitives. Check each fugitive page for the specific amount.

Go here: FBI - Most Wanted - The FBI's Ten Most Wanted Fugitives

Certain vitamins have no health benefits and actually increase the risk of death, say Danish researchers.

Taking vitamins A, E and other antioxidant supplements may increase the risk of death and carries no clear health benefits as claimed by vitamin makers.

In a blow to the healthy image often associated with dietary supplements, a wide-ranging Danish-led review of 47 clinical trials, involving 180,938 patients, concluded that vitamins A, E and beta carotene are in fact linked to a rise of five per cent in the risk of mortality.

"Beta carotene, vitamin A, and vitamin E given singly or combined with other antioxidant supplements significantly increase mortality," wrote the authors, led by Goran Bjelakovic of the Centre for Clinical Intervention Research at Copenhagen University Hospital. "Our findings contradict the findings of observational studies, claiming that antioxodiants improve health."

"By eliminating free radicals from our [body], we interfere with some essential defensive mechanisms," read the study. The antioxidant supplements are synthetic and not subject to the same toxicity studies as other pharmaceutical agents.

"Better understanding of mechanisms and actions of antioxidants in relation to a potential disease is needed," the researchers concluded.

The makers of vitamins and other dietary supplements are not required to register their products with the U.S. government's Food and Drug Administration that regulates medicine and food products, but the FDA can order the withdrawal of products on the market that are found to pose a risk to public health.

More Information:

Journal of the American Medical Association
University of Copenhagen
Anti-oxidant, Wikipedia

via [ cosmosmagazine ] 

Online criminals are thriving even in the face of new automated defenses. 

Do you think the new built-in phishing filters in Internet Explorer 7 and Firefox 2 will protect your private data? Think again. Anti-Phishing Working Group found 37,439 new sites- the number of sites devoted has nearly doubled since last year. (Click on the "Image" thumbnail to see the chart showing this trend.)

According to RSA, a security vendor, hackers in January started selling a phishing kit that lets criminals set up very convincing fake Web sites with little effort. The fake site pulls images and layouts from the real site, usually a bank or other financial institution, and passes the user's information back to the real site to mimic a regular log-in–while keeping a copy of the account data for the criminals.

Research firm Gartner estimates that 3.5 million Americans gave up sensitive information to phishers in 2006, an 84 percent jump from the previous year–for a total loss of $2.8 billion. One single phishing gang, called Rock Phish, is estimated to have taken in more than $100 million.

What should you do to protect yourself?

- Heuristic scanning may help combat the scourge

- Use McAfee's SiteAdvisor browser add-on for IE and Firefox (highly recommended)

- Look at the browser address bar which will turn green. This is due to the new type of site certification–called Extended Validation Secure Sockets Layer, or EV SSL–may also help.The sites are verified by 3rd party such as Verisign.

- Never click a link in an e-mail or on a third-party site to go to any of your financial accounts.

- You always use your own bookmark or type in the address of the particular bank

- Be careful before clicking on the link in the email even when you're 100 percent certain that the e-mail is legitimate, you should be extra cautious.

-  Automated tools, such as the free Password Safe and PwdHash utilities can provide some help.

But to combat ever-adapting phishers, your best protection remains…YOU.

Related Artciles :

- India ranks third in phishing 

- Beware of Fake UTI Bank page online

- How Phishing Works 

- Fake Ebay Pages & Forums 

Videos :

- Phishing 101 : Learn how to avoid scam emails and phishing schemes targetting banks, PayPal, eBay, etc. Courtesy of My-PC-Help.com

- Phishing Demo : A demonstration of a live PayPal phishing site before we send requests to have it taken offline.

- Phishing Demo - Aloha : A live site phishing demo. The target is a small Federal Credit Union in Hawaii.

- Phishing :  Learn how to avoid phishing scams!

via [ pcworld ]

If you downloaded WordPress 2.1.1 within the past 3-4 days, your files may include a security exploit that was added by a cracker, and you should upgrade all of your files to 2.1.2 immediately.

From WordPress.org :

It was determined that a cracker had gained user-level access to one of the servers that powers wordpress.org, and had used that access to modify the download file. We have locked down that server for further forensics, but at this time it appears that the 2.1.1 download was the only thing touched by the attack. They modified two files in WP to include code that would allow for remote PHP execution.

 

Although not all downloads of 2.1.1 were affected, WordPress declaring the entire version dangerous,  have released a new version 2.1.2 that includes minor updates and entirely verified files

WordPress has also setup an exclusive email address for this , as its very critical. You can email them at  21securityfaq@wordpress.org and ask you questions

Suggestion to all WordPress users :

If your blog is running 2.1.1, please upgrade immediately and do a full overwrite of your old files, especially those in wp-includes. Check out your friends blogs and if any of them are running 2.1.1 drop them a note and, if you can, pitch in and help them with the upgrade.

For all detailed information click here : WordPress Official Site