• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Internet
    • Browsers
    • Cloud Computing
    • Online Video
    • Search Engines
    • Web 2.0
  • Mobile
    • Android Apps
    • Apps
  • Software
  • Funny Stuff
  • Social Networks
  • Web Tools

Daily Bits

  • Home
  • About
  • Archives
  • Contact
  • Advertise

Security

MySpace to Unveil New, (Better than Facebook?) User Privacy Settings

May 23, 2023 by Arnold Zafra

MySpace is not going to take the issues confronted by Facebook with regards to privacy settings just like that. And so, to indirectly add injuries to the many problems faced by Facebook, MySpace has just announced that it will soon roll out a new and simpler privacy settings for MySpace users.

The first few lines of MySpace announcements clearly states what its goals are by this announcement. MySpace tells us:

The last few weeks have been fraught with discussion around user privacy on social networks. We want to take this opportunity to discuss our view of user privacy on MySpace and some of the core features that made MySpace unique from its inception.

It was short of saying, “…discussion around user privacy on Facebook.”

Anyway, according to the announcement, MySpace’s new and simpler privacy settings that will give users greater control over their information. The site is will provide setting options that include public, friends only, or public to anyone 18 or over.  In the coming weeks, MySpace will put the default settings for all users to – “friends only.” Of course, you’ll be free to change this option anytime.

And guess what? MySpace had this planned out for quite some time now.  And admittedly, the only reason why they are rolling these new setting options now is because of the recent issues hauled by media to social networks concerning privacy.

The question here is, will these in any way convince Facebook users who are dissatisfied with how Facebook has been handling privacy issues, to use MySpace for social networking instead? What are your thoughts?

Originally posted on May 18, 2010 @ 12:14 am

Filed Under: Internet, Security, Social Networks Tagged With: myspace privacy

Automattic Launches VaultPress, Back Up Service for Self-Hosted Blogs

May 14, 2023 by Arnold Zafra

Automattic has announced its new service that is aim to help self-hosted WordPress blog owners ensure that their blog properties are safe and secure. The new service called VaultPress is an online backup service built on the Automattic grid which in case you’re not aware is serving more than 10 billion WordPress.com blogs and 250 million monthly visitors.

VaultPress would ensure that your blogs and sites are completely secure no matter what happens to the server where it is hosted.  The service will secure your plugins, themes, comments, posts revisions  and of course every bit of content of your WordPress blogs.

Despite the complexity of what it can do, using VaultPress will be surprisingly easy. It’s actually your usual WordPress plugin that you can install on your blogs.  And you can always add additional blogs easily anytime you need to.

And once you get VaultPress running, it will continously monitors and stores updates to your blogs and sites. Everything that you do – write, edit, and upload will be simultaneously reflected in your VaultPress backup.

Sounds wonderful, right? Unfortunately, VaultPress will be offered as a Premium service.  Monthly fee is expected to be around $10.  But hey, it’s not really a big sum of money considering that it will safely secure that your blogs will always be online.

VaultPress is about to go on close beta state. If you want to be part of the beta testers, you may sign up here.

Will you register your blog on VaultPress once it goes public? Are you willing to pay for it?

Originally posted on March 31, 2010 @ 12:29 am

Filed Under: Internet, Security, Web Tools Tagged With: automattic, vaultpress, wordpress

Twitter Explains the Stolen Documents Issue

March 24, 2023 by Arnold Zafra

When TechCrunch published a post saying that they have obtained some vital Twitter documents from some hacker who got into personal accounts of some Twitter employees, the news spread like a wild  fire in the forest.  And as quickly as this news hit the headlines of most tech sites, Twitter also quickly replies and explains “vital information” regarding these so called vital documents. [Read more…] about Twitter Explains the Stolen Documents Issue

Originally posted on July 15, 2009 @ 10:05 pm

Filed Under: Security

Twitter Worm Attacks Continue

March 14, 2023 by Arnold Zafra

The worm that started wreaking havoc on Twitter last Saturday continues its attack. Already on its fourth attack, the new variation of the XSS continues to compromise Twitter accounts and post malicious tweets on Twitter users updates. [Read more…] about Twitter Worm Attacks Continue

Originally posted on April 13, 2009 @ 11:05 am

Filed Under: Security Tagged With: mickeyy worm, Twitter

Check if Your Gmail Account Has Been Hacked

February 23, 2023 by Admin

If you rely on Gmail as much as I do, you probably worry about someone hacking into it right? Well, among the advanced features on Google’s mailing service there is a cool little trick that you can use to monitor “foreign” activity on your accounts.

The tip is coming from Make Use Of, and it is really easy to use.

You basically just need to check the bottom of your Gmail account for the “Last activity…” message. There you will see when the last login was effectuated, and using which IP address. You can also click on “Details” to see a list of the last logins, their IP address, browser and so on. All you need to do, therefore, is to check if you are really the only person using your Gmail account!

Originally posted on October 2, 2008 @ 12:11 pm

Filed Under: Security

Security Trends of 2008 Part 4: The Dreaded Storm and MPack

February 16, 2023 by Loki

Picking up from the last time after my two-month long hiatus, I bring you now the greatest security threats of 2008: Storm and MPack.

Storm Blows Web 2.0 Away

The Storm malware is actually a collaboration of Web 2.0 techniques like social networking and dynamical associations towards a system. Simply put, it uses the most common web techniques in a two-stage attack, which we discuss later.

According to IronPort’s 2008 Internet Security Trends, Storm-class malware has its key characteristics:

Self-Propagating – sends massive amounts of spam to spread. Users are directed to multiple changing HTTP URLs, which serve Storm malware. If infected, the system then becomes part of the network.

Peer-to-Peer – where previous botnets were controlled from central­ized locations through a hierarchical management structure, nodes communicate through a unique peer-to-peer communication protocol. This makes it difficult to track the total size.

Coordinated – Storm will send spam campaigns that point to webpages hosted by other computers, showing amazing sophistication in the way the network creates its attacks.

Reusable – can be used for many kinds of attacks: spam, phishing, DDoS, it has even been known to compromise IMnetworks and post blog spam, making it a threat to many different protocols.

Self-Defending – Storm watches for signs of reverse engineering or analysis. It repeatedly launched massive denial of services attacks against researchers and anti-spam organizations.

Through these, Storm was able to accomplish a huge number of PDF, XLS, MP3 spam outbreak over the course of 2007 and even up to today.

Storm Signaling: The Two Attack Stages

Storm uses e-mail functions and interconnectivity of Web 2.0 in order for its two-stage attack to take place. Also, Storm creators have come up with a “drive-by” browser exploit that infects computer simply through a web page visit, no downloads needed for infection!

Once a Storm malware infects a computer, it connects its victim computer into a peer-to-peer network, the Storm Network. This network is a modified design, decentralized and excessive, unlike its older, centralized ancestor. The creators seemingly acknowledged the fact that a centralized network is easy to destroy just by “chopping the botnet’s head off.”

Apart from the peer-to-peer feature, Storm also needs to maintain itself via self-defense measures. It utilizes Distributed Denial of Service to both prevent people from exploring the innards of a Storm malware, and launch a retaliatory attack to the onlookers.

Once the Storm network has possession of the victim system, it can instruct its victim to do either send a recruitment spam and aid in the network growth, serve malicious web pages, attack instant messengers, provide fast-flux and domain resolutions, or post blog spams on other websites. These actions can ensure that Storm will persist even if some of its victims are paralyzed, because it launches large-scale attacks that recruit other victims into its network.

Storm doesn’t actually attack head-on, as most of its deceased ancestors did. Unlike those suicidal malware, Storm-class malware seem to value its life, that it focuses more on its staying power than its destructive one. It is very frightening to know that while the Storm hasn’t completely been eradicated, its designers are improving it at a fast pace.

MPack: The Marketed Malware

MPack is actually a malware kit that is sold for anywhere between $700 and $1, 000. It is a PHP-based malware kit being sold by a certain group of Russian software developers known as the Dream Coders Team. In a CNET interview, Yuval Ben-Itzhak, chief technical officer of security company Finjan, stated how dangerous the Mpack kit is. “Without any computer science skill or any security background, you can install this package on any Web server and start to infect people with malicious code,” said Ben-Itzhak in the interview.

The commercial malware, as I would like to call MPack, is designed specifically for web-based attack, pretty much like Storm. It is deployed using an iFrame attack placed silently into legitimate websites, keeping infection and, interestingly enough, its attack statistics. Further, its creators, the Dream Coders Team, gives one-year support, fresh exploits (like the one Storm has), and add-ons that can cost anywhere from $50 to $300,possibly based on attack modifications.

While having these kind of malicious kits in the market is not that new, support services do seem to be appealing, especially for a novice who wants instant ability over malware infection.

MPack Attacks!

MPack kit owners are provided with an administrative interface to launch their attacks, usually by the same drive-by exploits utilized by Storm. Further, the interface keeps the statistics on both viewers of an infected web page and the successful attacks it carried on. It somehow gives satisfaction to the user for purchasing the malware kit, not to mention the support services and “additional arsenal” that can make a novice a force to reckon with.

mpack

Storm and MPack malware have been spreading like wildfire since mid-2007 that it has become very alarming. The things most feared about the two are their peer-to-peer and self-defense mechanisms that allow the malware to creep into a network and destroy it from within. Also, considering that the protocol used by both Storm and MPack is HTTP, it’s really hard to recognize a social malware from a safe web page. Without a plug to pull or a switch to turn it off, it has come to attention that these malware can be considered professional in a sense – there are experts behind the longevity of these malicious software. The question that arises now would be: How can we avoid being attacked by these malware?

For Safety And Precaution

Increased sophistication. That phrase summarizes the greatest threats of 2008, although conventionally, malicious programs still do what they do best: advertise, infect, steal data, and spread. In their line of evolution, developers learned that a one-step approach is no longer plausible, and the improved two-step route they are taking is more than anyone can handle.

With a new way to launch attacks while ensuring a defensive mechanism for themselves, Storm- and MPack-like malware are hard to deal with. They easily render previous security measures obsolete. In order to protect your system from those malware, new ways are being preached and practiced. IronPort’s 2008 report summarizes these safety measures into five:

1. Secure web traffic. The reputation of a website is a key to determine how plausible a malware can infect it. Let’s have Yahoo for example. It’s reputation as legitimate and virus-free makes it hard for user-generated malware to penetrate it.

2. Deploy preventive protection for e-mail. The alarm brought about by Storm- and MPack-class malware calls for multi-level spam defenses, commonly available in our favorite e-mail service providers. Deploying these defenses can easily detect and separate possible malware attachments.

3. Protect against corporate data loss. Commonly, attacks from malware scans your hard drive to collect private information. It wouldn’t hard a company if it would require its employees to scan outgoing transfers and connections for possible policy violations. It would show how cautious your company is and give it a reputation for safety, adding to its market level.

4. Prevent “phone-home” activity. It is very important to scan or totally block outgoing “phone home” activities, as the sender might be malware-infected, retrieving attack commands or uploading data back to operators.

5. Track important communications. New technologies are available for real-time tracking of your e-mail messages, which works similar to physical package shipping. Added care wouldn’t hurt to our noble and easily accessible e-mail accounts, as they have become an integral part of our virtual lives, while others keep on attacking us through them.

Malware sure has spread everywhere on the Internet, but we should still be the masters of our own virtual spaces. I hope this four-part series will aid you through the rest of 2008! Happy surfing!

Originally posted on July 14, 2008 @ 9:31 am

Filed Under: Security

  • « Go to Previous Page
  • Go to page 1
  • Go to page 2
  • Go to page 3
  • Go to page 4
  • Interim pages omitted …
  • Go to page 10
  • Go to Next Page »

Primary Sidebar

Privacy Policy

Copyright © 2023 · News Pro On Genesis Framework · WordPress · Log in