You want a good, solid, free antivirus program? Microsoft Security Essentials fills the bill nicely. Unfortunately, even though it was officially released more than a year ago, it’s still one of the best-kept secrets in personal computing. Its installed base of 30 million users worldwide might sound big in raw numbers, but it’s a drop in the bucket compared to the billion-plus Windows PCs in use.
All that’s about to change, as Microsoft has now begun delivering Microsoft Security Essentials via Microsoft Update to customers in the United States (a pilot program in the UK started earlier this year). If Windows detects that you’re currently running without up-to-date antivirus protection, this is what you’ll see in the Optional Updates section:
read more Microsoft tempts antitrust lawyers with expanded antivirus offering | ZDNet.
Security researchers have revealed that ‘private browsing’ modes on web browsers, which are designed to remove all traces of the sites a user has visited, can leak information.
A study by Dan Boneh from Stanford University which is due to be presented at the Usenix Security Symposium in the U.S. next week claims that many browser add-ons or website security measures stop the ‘private browsing’ mode from working properly.
via ‘Private Browsing’ Not So Much – PCWorld.
Well, Google has taken the next step in its world domination plan, banning Microsoft Windows from internal use.
Employees will be given the choice between Apple’s Mac OS and Linux.
Adding insult to injury, Google is also publicly citing Windows security problems for the decision and blaming Windows vulnerabilities for the China hacking incident.
So that’s 20,000+ Windows licenses that won’t be sold and renewed at Google in future years.
Given that Google is in the process of introducing a competitive platform and operating system (Android/Chrome), this move isn’t surprising. The important question for Microsoft is whether other companies will follow suit.
via Google Dumps Microsoft Windows Company-Wide — Blames Windows For China Hacking Attack.
The cyberattack on Google last year reportedly yielded access to a password system that controls millions of users’ access to the company’s services including e-mail and business services.
Gaia, which allows users to sign in using their password once for a range of services, was compromised during a two-day attack last December, according to a New York Times report that cited a person with knowledge of an internal investigation. However, Gmail users’ passwords do not appear to have been stolen, and the company quickly initiated security changes to its networks, according to the report.
via Report: Google password system attacked | Tech News on ZDNet.
Two generations of Cisco wireless LAN equipment contain a range of vulnerabilities, researchers have told the Black Hat security conference.
Enno Rey and Daniel Mende from German testing firm ERNW demonstrated how to hack into two separate generations of Cisco Wi-Fi kit. They said that the flaws were fairly easy to find and exploit.
In a presentation called ‘Hacking Cisco Enterprise WLANs’ on Wednesday, the researchers demonstrated an attack aimed at Cisco’s first generation equipment Cisco Structured Wireless Aware Network (Swan).
The researchers said it was possible to launch denial of service attacks and to sniff encrypted traffic on Swan by exploiting weaknesses in Cisco’s Wireless LAN Context Control Protocol (WLCCP). The protocol defines how information is sent between wireless access points.
via Security researchers demo Cisco Wi-Fi flaws | Tech News on ZDNet.
Google continues to use HTML5 to push its web apps into the future. The latest bit of HTML5 to feel Google’s love is drag-and-drop support, which is now a standard part of Gmail. If you’re using Google Chrome 4 or Firefox 3.6, you can now simply drag a file from your desktop onto a message window and Gmail will automatically attach the file.
read more Google Turns to HTML5 for Gmail’s New Drag-and-Drop Attachments | Webmonkey | Wired.com.
If you get an e-mail that appears to be from Facebook saying the company reset your password and urging you to open an attachment, it is a scam. Repeat, it is a scam.
McAfee warned people in a blog post on Wednesday to beware of an e-mail that appears to come from Facebook urging recipients to open an attachment to get their new password.
The attachment contains a password stealer that can potentially access any username and password combination used on the computer, not just the login credentials for Facebook.
“This threat is potentially very dangerous considering that there are over 350 million Facebook users who could fall for this scam,” McAfee says. “This is also the sixth most prevalent piece of malware targeting consumers in the last 24 hours, as tracked by McAfee Labs.”
There are obvious clues that this is a phishing scam. For one, Facebook doesn’t send e-mails like this. It may send an e-mail with a link where the user can reset the password, but not an e-mail with an attachment. Secondly, the e-mail has poor grammar and awkward phrases. For instance, Facebook is not capitalized in the salutation.
via Beware the new Facebook password reset scam | InSecurity Complex – CNET News.