Miles Associates LLC

Jim Miles – IT & IT Security Consultant – Web Sites for Growing Organizations

Microsoft falsely labels Chrome as malware

“Wow, that’s certainly one way to win the browser war,” said Andrew Storms, director of security operations at nCircle Security, over on Network World.

Google has released a new version of Chrome after Microsofts antivirus software flagged the browser as malware and removed it from about 3,000 peoples computers on Friday.

Microsoft apologized for the problem and updated its virus definition file to correct the false-positive problem, according to a post from Ryan Naraine at ZDNet.

“…perhaps Microsoft should have included Google, not just its customers, in its apology”.

via Microsoft falsely labels Chrome as malware | Security – CNET News.

Romance scams plague UK: 200,000 victims

Research out of the UK today says that perhaps as many as 200,00 people in that country have been victims of online romance scams and the same study says over 1 million people personally know someone who has been scammed by one of these heartless fraudsters.

The online research was conducted by the UK’s University of Leicester found that 52% of people surveyed online had heard of the online romance scam when it was explained to them and that one in every 50 online adults know someone personally who had fallen victim to it. The results confirm the law enforcement belief that this type of crime is often not reported by those affected, in many cases due to embarrassment at having been duped, or through a continuing hope that there will eventually be a genuine romance, the study found.

According to the FBI’s IC3, scammers use poetry, flowers, and other gifts to reel in victims, the entire time declaring their “undying love.” These criminals also use stories of severe life circumstances, tragedies, deaths in the family, injuries to themselves, or other hardships to keep their victims concerned and involved in their schemes. Scammers also ask victims to send money to help overcome a financial situation they claim to be experiencing. These are all lies intended to take money from unsuspecting victims, the IC3 says.

The romance scam is particularly cruel in that perpetrators spend long periods of time grooming their victims, working out their vulnerabilities and when the time is right to ask for money…

via Layer 8: Romance scams plague UK: 200,000 victims?.

Faster than light?

A meeting at Cern, the world’s largest physics lab, has addressed results that suggest subatomic particles have gone faster than the speed of light.

The team has published its work so other scientists can determine if the approach contains any mistakes.

If it does not, one of the pillars of modern science will come tumbling down.

via BBC News – Speed-of-light results under scrutiny at Cern.

Use new Facebook features to separate personal from professional

How Researchers “Stole” 20GB of E-Mail from Fortune 500 Companies

Two researchers who set up doppelganger domains to mimic legitimate domains belonging to Fortune 500 companies say they managed to vacuum up 20 gigabytes of misaddressed e-mail over six months.

The intercepted correspondence included employee usernames and passwords, sensitive security information about the configuration of corporate network architecture that would be useful to hackers, affidavits and other documents related to litigation in which the companies were embroiled, and trade secrets, such as contracts for business transactions.

via Doppelganger Domains stories – Gizmodo.

The Purpose of Security…

Great quote:

The entire purpose of security is to support your ability to do business in a secure manner. Security is an enabler, not a limiter. If security is a limiter, you are using it wrong/abusing it.

by Jon-Louis Heimerl in this article in Security Week.

Windows 8 to offer built-in malware protection

Microsoft is including a beefier version of its malware protection in Windows 8.

The company is tweaking its Windows Defender tool, which has been part of the last few versions of Windows, by essentially adding some of the more robust features from its free Security Essentials product. Launched in 2009, Security Essentials has garnered generally positive reviews but requires a separate download, while the built-in Windows Defender has lacked certain key elements as a defense against malware.

At a demo of Windows 8’s security at Microsoft’s Build conference on Tuesday posted by The Register, Steven Sinofsky, president of the Windows and Windows Live division, said that “we’ve taken Defender, and we’ve actually built a whole new range of protection, all the way up through anti-malware, antivirus, all that is built into Defender.”

via Windows 8 to offer built-in malware protection | Security – CNET News.

Tell-all telephone

By pushing the play button, you will set off on a trip through Malte Spitz’s life.

A cool but chilling demonstration of a life reconstructed using the online data added to location data.

Tell-all telephone | Data Protection | Digital | ZEIT ONLINE.

May 2011 Patch Tuesday Security Bulletins | eEye Digital Security

This month, Microsoft released 2 patches which repair a total of 3 vulnerabilities. Both of these patches address Remote Code Execution vulnerabilities.

via Patch Tuesday Security Bulletins | eEye Digital Security.

Out-of-band patch: MS warns of hack attempt on major sites

Microsoft issued a warning today that nine fraudulent digital certificates were issued by root certificate authority, Comodo Group. Although the certificates were quickly revoked, their initial release still poses a threat to browser users, including users of Internet Explorer. This is not a security flaw in Microsoft software, the company says, but it released a security update for Windows all the same.

The nine fake certificates affect the following Web sites, Microsoft says:

  • login.live.com (Windows Live)
  • mail.google.com
  • http://www.google.com
  • login.yahoo.com (3 certificates)
  • login.skype.com
  • addons.mozilla.org
  • “Global Trustee”

Fraudulent certificates give hackers the ability to spoof content, phish, or insert themselves in man-in-the-middle attacks, collecting information that users think is being sent over a secure link from browser to Web site.

via Network World.

%d bloggers like this: