chain

Fraudsters have cranked up production of malware targeting Android devices with with a rash of Trojans, many of which apply tricks long used against Windows PCs. F-Secure reports that a rogue developer has modified a harmless app that displays pictures of bikini-clad babes into a tool that secretly establishes a rudimentary mobile botnet. "The added code will connect to a server and send details about the infected handset to the malware authors," F-Secure reports. The malware waits for an incoming phone call before it send the phone's IMSI, IMEI, SDK Version and information regarding any packages installed to a remote server. AVG adds that 25 rogue Android apps were discovered on the Android marketplace over the weekend that contained a variant of the DroidDream trojan. Google purged these apps but more rogues have since reappeared, it adds. AVG is working with Google's Android security team in dealing with the fresh threat. It estimates a combined total of 15,000 handsets have been hit by the DroidDream outbreak. Separately a malicious link in spammed SMS messages is being used to fool users in China into downloading a supposed Android security update that is actually an SMS distributing Trojans. AdSMS uses the sort of trickery long used by fake Windows security update Trojans, but with the added twist that the mobile malware is capable of sending SMS messages to a premium rate number, enriching virus distributors and their partners in crime at the expense of infected users in the process. Many of the same security problems long prevalent on Windows are repeating themselves on Android, making the platform an increasingly attractive target for hackers, a recent security analysis by Kaspersky Labs reports. These problems include a large number of Android devices running outdated software harbouring unpatched vulnerabilities in the hands of users who routinely ignore security alerts. "As with Windows, the most infected computers are those on which users have administrator privileges, the greatest risk of infection is faced by those Android systems which have been jailbroken," Kaspersky analyst Yury Namestnikov. "Mobile malware communicates with its owners using a method that is widely employed by Windows malware

In the tech world, the phrase "gets better with time" is rarely, if ever, used. Hackers may be the only exception to that rule, and they seem to be on a faster learning curve than Facebook. A video scam has been circulating on Facebook since Tuesday, tricking users into downloading and installing software by offering up a video of Dominique Strauss-Kahn. On Wednesday, hackers switched the bait to what was supposed to be a saucy video of Hayden Panettiere and Rhianna. Both video links actually lead to a website that attempts to install fake security software. On a PC, victims are told that they should install the newest version of Adobe Flash Player to watch the video, but instead end up with the fake antivirus program installed on their computer. Mac users, on the other hand, see a pop-up window asking if they'd like to fix or ignore some security issues. Once the user clicks "fix," the fake software is installed. From there, things get pretty heinous. The software sends pop-up messages with scary warning messages and then takes the victim to a porn site every five minutes. The only way to stop the boob bombardment is to pay a $60-$80 fee, which apparently puts the software to sleep for good, according to Sophos researcher Chet Wisniewski. Antivirus vendor Sophos was the first company to discover the scam on Tuesday. If you don't cough up the cash, porn sites will continue to appear on your computer every five minutes, and links to the original malicious videos will be posted to your Facebook wall. It's unclear why Facebook hasn't been able to stop the spread of this malware, but it's possible that hackers are using new tricks to get past Facebook's scam filtering systems. A Facebook spokesperson on Wednesday had no answer as to why the scam was so difficult to stop, but did say that the social network was "in the process of investigating, blocking the links, and remediating any affected users." Source: CrunchGear

Web mail users at Yahoo and Hotmail have been hit with the same kind of targeted attacks that were disclosed earlier this week by Google, according to security software vendor Trend Micro. Trend Micro described two similar attacks against Yahoo Mail and Windows Live Hotmail in a blog post, published Thursday. "It's an ongoing issue for more than just Gmail," said Nart Villeneuve, a senior threat researcher with Trend Micro. Villeneuve believes that Facebook accounts have also been used to spread similar attacks. Google made headlines Wednesday after revealing that several hundred Gmail users -- including government officials, activists and journalists -- had been the victims of targeted spearphishing attacks. Google mentioned phishing on Wednesday, but the criminals have been using other attacks too. In March, Google said that hackers were taking advantage of a flaw in Microsoft's Windows software to launch politically motivated hacks against activists. Corporate networks have been under attack for years, but hackers now see personal Web mail accounts as a way to get information that can help them sneak into computers that would otherwise be locked down. "People always think of these attacks as isolated cases, but they're more like a series of successful and failed attacks over a longer period of time," Villeneuve said. "It's not a one-off attack." For example, in the Gmail phishing attacks, the hackers used a little-known Microsoft protocol to figure out what type of antivirus software their victims were using. By knowing what antivirus program they were up against, they could then build attack code and then test it against their target security software to be sure that it would go undetected. And by trolling through their victims' email messages, the attackers could write believable-sounding messages that their targets would be more likely to click on or open up. That's how the victims lose control of their computers: by opening, for example, a specially written pdf document or by taking their browsers to a malicious website. "This is the latest version of State's joint statement," read one fake email, used by the Gmail phishers. "My understanding is that State put in placeholder econ language and am happy to have us fill in but in their rush to get a cleared version from the WH, they sent the attached to Mike." "People, whether they're human rights activists or they're government officials, tend to have personal Web mail," Villeneuve said. "It's a good way for the attackers to get information on those individuals but also to get information that they could use for an attack of the corporate network of those individuals." Google said that the phishing attacks it had detected were launched from computers located in Jinan, China. That led some to suspect that the phishing was state-sponsored, but China's U.S. Embassy said Thursday that China is the victim of cybercrime, not the perpetrator. "As a responsible player in cyberspace, China strongly opposes unlawful online activities and supports international cooperation in striking down on such misdeeds," said Wang Baodong, an embassy spokesman, in an email. "Any claims of so-called Chinese state support for hacking are completely fictitious, and blaming misdeeds on China is irresponsible and unacceptable." In a blog post, published Thursday, Villeneuve outlined other attacks, including one that leveraged a Hotmail Web programming bug to suck email messages from users' accounts. This attack worked by tricking victims into reading a maliciously encoded email message. It hit Taiwanese victims. Another attack, spotted recently by Trend Micro, attempted to break into Yahoo Mail accounts by stealing the browser's cookie files and then using that information to try and trick Yahoo's servers into divulging sensitive information, Villneuve said. However, it looks like this attack didn't actually work thanks to technical difficulties, he said. Microsoft was unable to immediately comment for this story, but earlier it did confirm that it fixed the Hotmail flaw. A Yahoo spokeswoman declined to comment on Trend Micro's report, but said that the company does "take security very seriously." "We invest heavily in protective measures to ensure the security of our users and their data," the Yahoo spokeswoman said in an email message. "We also use a multi-faceted approach to further protect against spam, phishing and other online scams, which includes rapid response, industry collaboration, public policy efforts, and consumer awareness." Although Gmail is now getting the most attention, Yahoo Mail is actually the most targeted Web mail platform, according to one researcher, who spoke on condition of anonymity because he is involved in sensitive investigations into these attacks. "It's been going on for a very long time," he said. "Campaigns go on every day." Source: PCWorld

Asustek is preinstalling Canonical's Ubuntu operating system for the first time in some netbooks to target the Linux market, Canonical said Thursday. Dell is the only other major PC vendor to pre-load Ubuntu on its netbooks. Canonical said that Asus has started shipping from June 1 three Eee PC models, the 1001PXD, 1011PX and 1015PX, with Ubuntu 10.10 pre-installed. The OS has been configured to work with the processor and networking hardware on the netbooks. Asus was one of the first PC makers to ship netbooks, offering the Eee PC with multiple versions of the Linux OS including Xandros starting in 2007. Asus then released Windows XP netbooks starting in 2008 after Microsoft started offering Windows XP Starter, a stripped down version of Windows XP. Asus now preloads Windows on a majority of its netbooks with Linux playing second fiddle. Ubuntu 10.10, code-named Maverick Meerkat, has editions targeted at PCs and netbooks, but Canonical didn't say which edition would be preinstalled on the Eee PCs. The netbook edition, called Netbook Remix, has a specialized user interface for smaller screens. The latest version of Ubuntu, version 11.04, does away with the Netbook Remix edition, integrating the code into the main OS base. The OS on the Eee PCs will come with a full productivity suite and support for Adobe's Flash, Canonical said. More Asus netbooks in the future will ship with Ubuntu preinstalled, Canonical said. Multiple versions of Ubuntu have been certified previously to work with certain Asus Eee PC models. Source: PcWorld

Academic researchers say they've uncovered weaknesses in dozens of the most popular file hosting sites that allow people to gain unauthorized access to data that's supposed to be available only to those selected by the user. The services, which include sites such RapidShare, FileFactory, and Easyshare, allow users to upload large files and make them available to anyone who knows the unique URI (or Uniform Resource Identifier) that's bound to each one. Users may post the link on websites or forums available to the public or share it in a single email to prevent all but the recipient from downloading it. RapidShare, for instance, says it can be used to "share your data with your friends, colleagues or family." But according to academics in Belgium and France, a "significant percentage" of the 100 FHSs (or file hosting services) they studied made it trivial for outsiders to access the files simply by guessing the URLs that are bound to each uploaded file. What's more, they presented evidence that such attacks, far from being theoretical, are already happening in the wild. "These services adopt a security-through-obscurity mechanism where a user can access the uploaded files only by knowing the correct download URIs," the researchers wrote in a paper presented at the most recent USENIX Workshop on Large-Scale Exploits and Emergent Threats. "While these services claim that these URIs are secret and cannot be guessed, our study shows that this is far from being true." The researchers said they trained web crawlers on the file services and uncovered hundreds of thousands of private files in less than a month. They also used the sites to store private files that contained internet beacons, so they'd know if anyone opened them. Over a month's span, 80 unique IP addresses accessed the so-called honey files 275 times, indicating that the weakness is already being exploited in the wild to harvest data many users believe isn't available for general consumption. The weakness that's easiest to exploit was found on sites that use sequential identifiers in the download URIs. By writing scripts that enumerate the the IDs character by character, their crawler was able to locate almost 311,000 unique files over a period of 30 days. The researchers then ran searches on Microsoft's Bing.com to arrive at an estimate that 168,320, or 54 percent of them, were private because they hadn't been shared online. "Unfortunately, the problem is extremely serious since the list of insecure FHSs using sequential IDs also includes some of the most popular names, often highly ranked by Alexa in the list of the top internet websites," the researchers wrote. To prevent their findings from being abused, their report didn't say which sites are vulnerable to specific types of attacks. Another common weakness involved the use of pseudorandom URIs for each uploaded file. By using brute-force attacks that cycled through every possible combination, the researchers were able to successfully guess a file's unique ID 1.1 times for every thousand attempts. Part of the weakness is the result of websites that used IDs that consisted of only numeric strings with a maximum length of six numbers. But even when services used IDs with alphanumeric characters or numbers with a length of eight, the researchers achieved similar success rates. In other cases, file services used ID systems with enough complexity that rendered brute-force techniques ineffective or used CAPTCHAs or other mitigations. But the researchers were often able to guess the names anyway, in some cases by exploiting a directory traversal vulnerability in a webhosting program used by multiple services. In other cases, they defeated the mitigations by using a feature that allows people to report copyright violations and other abuse to the site admins and combining it with a separate feature for deleting files. Because the feature on one site exposed the first 10 characters of a file's 14-character ID, the number of combinations to brute force was a manageable 65,536. The researchers said the most effective countermeasure against the attacks is the use of encryption on the user's computer. They developed a proof-of-concept Firefox add-on that automatically encrypts and decrypts files upon upload and download and uses steganographic techniques to hide the encrypted files. Source: The Register

A week after a humiliating public apology for the insecurity of its PlayStation Network and Qriocity service, Sony has been forced to delay the restart of its online games services. Sony, whose officials had repeatedly bowed as part of their self-abasement for the service crisis, has taken low-key approach to extending the PSN return-to-service delay, making the announcement on a company blog. "We were unaware of the extent of the attack on Sony Online Entertainment servers, and we are taking this opportunity to conduct further testing of the incredibly complex system," the blog post says. According to the Wall Street Journal, the cost of the The Great Sony thingy-Up of 2011

The day techgear closes is the day Chain becomes a monk!! its only rumor, as someone is trying to stir! if techgear would close err0r would have mentioned it before anyone else knew about it. as for ozzy hes still around and he dose the ip banning of the spammers and etc. But he has a life also. Anyways Plz dont make me a monk lmao

Ok just to let some of you know, that WhiteTiger a scripter from Sparkpea as redone a lot of the old scripts for that chat server, so far hes completed 37 old msn scripts. Now you have 3 choices either download them from here as err0r will add some, or you can get a lot from my site, or you can go directly to the chat server and go in the room !!!!!!MSHS!!!!! and do `scripts and a link will be dropped with the username and password to get to the upload site. many thanks to WhiteTiger for redoing and taking the time to redo these classic old scripts.

Happy Birthday err0r Wow isn't it amazing how time flies when you see it's err0r's B-Day. Happy Birthday to a good friend, and a good friend to a lot of us.You have always helped people and thats what makes you unique my friend, so with that I wish you a great B-Day and all the best, and many more to come!! Happy Birthday My friend err0r

Well if I recall no it scans the whole system like [c] [d] you have to tick those and it dosent scan a folder indivdualy. Thats why I went to Microsoft essentilas and havent looked back since LOL But you can always find out more info by going here http://www.eset.com/home the home of the product

It's not often that I get upset by the news we cover on AllFacebook but today is an exception. A young woman from Florida has just pleaded guilty to second-degree murder of her baby son because he interrupted her FarmVille game with his crying. Alexandra V. Tobias, a 22-year-old from Jacksonville, Florida, declared her plea on Wednesday before Circuit Judge Adrian G. Soud, according to a report in The Florida Times-Union. Tobias was arrested in January. She reportedly told investigators that she shook the baby, smoked a cigarette "to compose herself", then shook him again. She said the baby might have hit his head during one of the two shakings. He was just three months old. Tobias is the one that killed her baby boy, not the developers at Zynga. FarmVille is a cooperative, non-violent game and one that withstands interruptions easily

What happens when you take some various PC parts, a pumpkin, and PCWorld Labs analysts, and bring them all together? Why, you get the Great Pumpkin PC! And it may very well be the craziest thing we've ever attempted. To complete this hack, we carved and cleaned out a large pumpkin, inserted a small motherboard, some memory, a hard drive, a fan, and a power supply. We were a little unsure at first if the PC would even work--the inside of a large garden squash isn't exactly a hospitable place for PC components--but it booted and ran perfectly. Check it out http://www.pcworld.com/article/209150/video_the_pumpkin_pc_is_one_scary_hack.html Source: PCWorld

The group called Open Source for America, which aims to increase the role of open source in government, handed out its "first annual" awards this week at a conference in Portland and I'm afraid they did not have the sweet smell of success. The winners were worthy. The team behind the new whitehouse.gov, written in Drupal. The Trust the Vote Project. Most especially Brian Behlendorf, who is driving NHIN Direct, which over the next few years will eliminate the hassle of filling out the same forms each time you see a new doctor. But when you're giving an award to your own webmaster, and the site hasn't been updated to reflect the awards yet, then you're stretching. It reminded me of how, 10 years ago, I watched the online advertising awards in San Francisco and saw a bunch of statuettes go to a silly CNN banner. To this day no one else in the room knows why I was cackling all night. They thought I was on something. No, when you can't cry you have to laugh. Some of my concern lay in the choice of meeting site. Portland is so far from Washington you can nearly see Sarah Palin's house from there. I have to guess there was hope of honoring some state and local government efforts, thus the idea was to go far away from the Beltway. The bigger problem lies in the nature of government procurement. As I noted while in France for OWF, even honest government demands a ton of work free before you see a dime. Those costs get built into the contract, and those resources (who aren't doing anything but sophisticated selling) become high-value employees. That's why government contractors like Harris, which created NHIN Connect, wind up worthless in the private sector. The solution is purpose-built for bureaucrats' trips, and their business process doesn't work when the buyer really does care about cost, and won't pay extra to pad in a "request for information," a "request for proposal," and a detailed bid. I am not talking here of corruption. Corruption, when it exists, is yet-another charge that must be paid for out of the contract, and always is. Whether we're talking about drinks, dinner, a job for the retiring bureaucrat or outright bribes, it's not a change to the process, just a charge to an existing department. Well, most open source companies don't have marketing departments. Looking at the complete list of OSFA founders, I don't know if I've even gotten a t-shirt or a pen out of any one of them, and I've been on this beat five years. I consider that a good thing you don't really make money in open source handing out tschotskes to reporters. The problem is that, in the end, the question of open source vs. proprietary software in government is a make-or-buy decision. Every enterprise manager knows that to make open source work you need a commitment of human resources that your contractor provides in the proprietary world. So what seems to be happening is that these contractors, like HP's EDS unit or Dell's Perot Systems unit, not to mention the hundreds of government-contracting specialists surrounding Washington D.C. in a wreath of smiles, are simply adding open source code to their portfolios and pocketing the savings. That's not the change we seek. For open source to start saving government money, government needs to hire more programmers, and give those programmers authority over important functions that until now have been contracted out. Grow government directly, in other words, rather than indirectly the Halliburton way. And that's far more political than I suspect OSFA wants to be. Source: ZD

1-in-5 enterprises will bust budget moving to Windows 7 because of IE6 compatibility problems, says Gartner Enterprises addicted to Microsoft's nine-year-old Internet Explorer 6 (IE6) browser are having a tough time migrating to Windows 7, an analyst said today. And although Microsoft has made it clear it wants IE6 dead and buried, the company needs to help solve a problem it created when it released the non-standard browser, then pressed businesses to develop IE6-specific applications, said Michael Silver of Gartner. "Microsoft would rather put the non-standard browser technology behind it," Silver said in a recently published research report. Easy for Microsoft to say; it doesn't have to deal with the IE6 fallout. According to Gartner, IE6 compatibility problems will cause at least one-in-five organizations to take longer than expected or spend more than they budgeted for their Windows 7 migration projects. "Microsoft needs to explore all avenues that could ease the transitions away from IE6," Silver added as he spelled out ways the company could lower barriers to Windows 7 adoption, something obviously in its interest. The latest statistics from Web metrics company Net Applications pegged IE6's usage share at 15.6%, which means it's the world's third-most-used browser edition. Many of the holdouts are enterprises locked into IE6 because the commercial software or home-grown applications they use work only in that browser. Organizations running IE6 have told Gartner that 40% of their custom-built browser-dependent applications won't run on IE8, the version packaged with Windows 7. Thus many companies face a tough decision: Either spend time and money to upgrade those applications so that they work in newer browsers, or stick with Windows XP. But Windows XP won't live forever. Microsoft will retire Windows XP from all support in April 2014, forcing businesses to abandon it or risk running an operating system vulnerable to attack. Fixing homemade applications so that they run in IE8 is the surest solution, but also the most expensive. And every temporary workaround has a downside, said Silver. The most promising of the latter is to use application virtualization tools to virtualize only IE6 -- not, as in OS virtualization, an entire operating system -- so that it can be run in Windows 7. But Microsoft opposes IE virtualization because it says the process violates licensing agreements. The stance hasn't been tested in court -- Microsoft hasn't sued vendors like VMware and Symantec that provide application virtualization tools -- but the uncertainty make companies jittery. "It's ironic that Microsoft would oppose methods that would help organizations accelerate the move to Windows 7," said Silver in his research note. "Microsoft must do more to help organizations with their IE6 problems that Microsoft helped cause." If Microsoft doesn't want customers virtualizing IE6, then it should help out in other ways, perhaps by heavily discounting or even giving away Windows Server 2003 and associated client licenses so that companies can access IE6 -- and only the browser -- through April 2014 using Terminal Server. "Organizations need to resolve IE problems and begin their migrations to Windows 7 as soon as possible," said Silver "And Microsoft needs to do more to help." Source: CW

Dam Zantetsuken ya got of ya lazy butt and did somethign LOL Looks good bud !!

Yeah have to say site 5 is excellent after err0r told me about them, thats what I went with and have to say even tho they in the states they were prompt for me. I had an incident with another site and was shut down for a few days, due tot he other site complaining on infringement. site 5 and me were always in corresponds with this issue and finally we won and the the other site was called out. Site5 had told me sorry but this was always an issue when another site complains about infringement. But man they were fast on this issue and in always contact with me!! have never had a better host site ohh tell them TG007 & ChainScriptz send ya ..need my 15% off lmao ( was a joke )

Lets 'pretty much anyone' steal 'shouted' session cookies; illustrates poor security at major sites A new Firefox add-on lets "pretty much anyone" scan a Wi-Fi network and hijack others' access to Facebook, Twitter and a host of other services, a security researcher warned today. The add-on, dubbed "Firesheep," was released Sunday by Eric Butler, a Seattle-based freelance Web application developer, at the ToorCon security conference, which took place Oct. 22-24 in San Diego. Butler said he created Firesheep to show the danger of accessing unencrypted Web sites from public Wi-Fi spots. Although it's common for sites to encrypt user log-ons with HTTPS or SSL, few encrypt the actual traffic. "This leaves the cookie, and the user, vulnerable," said Butler in a post to his personal blog. "On an open wireless network, cookies are basically shouted through the air, making these attacks extremely easy." With a user's cookie in hand, a criminal can do anything the user can do on a site, Butler noted. Among the sites that Firesheep can hijack are Facebook, Twitter, Flickr, bit.ly, Google and Amazon. Butler did not reply to an interview request Monday. "None of this is new, the flaw certainly isn't," said Richard Wang, the U.S. manager of SophosLabs, the research arm of Abingdon, England-based security company Sophos. "But Firesheep makes it so easy to discover [unencrypted traffic and cookies] that pretty much anyone can use it to listen to what others are doing at public hot spots." Firesheep adds a sidebar to Mozilla's Firefox browser that shows when anyone on an open network -- such as a coffee shop's Wi-Fi network -- visits an insecure site. "Double-click on someone [in the sidebar] and you're instantly logged on as them," said Butler in his short description of his add-on. The add-on appears to be irresistible: Since Butler posted Firesheep on Sunday it's been downloaded nearly 50,000 times. Butler created Firesheep to illustrate the wide-ranging problem of unencrypted sites and public networks. "Web sites have a responsibility to protect the people who depend on their services," he said. "They've been ignoring this responsibility for too long, and it's time for everyone to demand a more secure Web. My hope is that Firesheep will help the users win." Wang said he was hopeful that the add-on would prompt more sites to encrypt their sessions. "The hope here is of increased use of HTTPS," he said. But he also urged more public networks to secure users, although he acknowledged the logistics -- handing out the passwords that users would need in order to connect -- would be daunting. "It's the old 'security-vs.-convenience' argument," he noted. Users can protect themselves, said Wang, by refusing to access insecure sites while at open networks. He added that people who are more technically inclined could rely on a secure proxy server, perhaps one run on their work machine, which their laptops would in turn access. "But that's not a solution for the average user," Wang admitted. Firesheep, which works with the Windows and Mac OS X versions of Firefox, can be downloaded free of charge at the GitHub site. Butler is working on Firesheep for the Linux edition of Firefox. Source: CW

2012 release may mean upgrade fatigue for enterprises, say analysts Enterprises now in the midst of migrating to Windows 7 are unlikely to repeat that same work in just two years with Windows 8, an analyst said today. "They would certainly like to upgrade only to every other edition," said Michael Silver of Gartner, referring to businesses. "If Windows 8 comes out in two years, I think that's likely to happen, that many [enterprises] will be very suspect about migrating to the next release." Silver's comments came after the Dutch arm of Microsoft announced that the follow-on to Windows -- dubbed "Windows 8" by most, if not by Microsoft -- will ship in two years, or in 2012. That timeline fits earlier Microsoft statements that said Windows is on a three-year development plan. The remark about Windows 8 -- "Microsoft is on course for the next version of Windows. But it will take about two years before 'Windows 8' [is] on the market," the Microsoft Netherlands blog stated Friday -- has since been scrubbed from the post. Tom Warren of Neowin.net was the first to report on the Dutch posting. The fact that Microsoft scratched the Windows 8 reference came as no surprise to Silver or Michael Cherry, an analyst with Directions on Microsoft, a Kirkland, Wash. research firm that tracks only Microsoft's moves. "If Microsoft starts talking up Windows 8 now, it risks slowing momentum for Windows 7," said Cherry in an e-mail reply to questions. Windows 7 does have momentum on its side: Last week Microsoft said it has sold more than 240 million licenses to the one-year-old operating system, making it the fastest-selling OS in the company's history. Web metrics company Net Applications has also noted the fast pace of Windows 7 adoption. According to its statistics, Windows 7 reached a 17% usage share in just one year, more than twice as fast as did the problem- and perception-plagued Vista. But the three-year development cycle that Microsoft seems committed to will present problems for companies, if not consumers. Fatigue, for one thing, said Silver, who cited the slow uptake for Office XP, which appeared just three years after its predecessor, Office 97, as an example. Companies tire of migrating to fast-paced operating system upgrades, largely because of the number of critical applications that may or may not run on a new edition. That's one reason enterprises generally seem more willing to upgrade if the new version is a "minor" update, or one that doesn't introduce a new architecture, but resist a so-called "major" upgrade. That was one of the reasons why Vista never got traction in business, said Silver. Source: CW

But people are spending less face-to-face time with friends Being online is making Americans feel more connected but they're actually seeing friends face-to-face less often. That's according to a Harris Poll, which also showed that 58% of those surveyed said they know what's going on with their friends and acquaintances, but don't interact with them personally. And 54% said they have less actual contact with their friends than ever before. So, if people are more connected how does that making them feel? Well, 31% say they feel more lonely than before. "It's getting harder to remember a time when people didn't "friend" or "follow" someone and have that mean electronically, not in person," the report noted. "And, on the whole, social media users seem to be the better for it, connecting with friends and old classmates that they probably wouldn't have gotten in touch with before social networks. Then, there is the argument that connecting online could actually harm relationships and make people feel more isolated." It's no surprise that the Harris Poll found that people are increasingly catching up with friends online. Earlier this year, another study showed that social networking sites such as Facebook and Twitter are occupying more of users' time. And this past summer, yet another study showed that 57% of women said they communicate with people more online than they do in person. And 39% called themselves Facebook addicts. The recent Harris Poll, which surveyed 2,258 adults online between Sept. 1 and Sept. 3, noted that young users -- between 18 and 34 -- are connecting more online than their older counterparts. However, those younger users also are reporting less face-to-face encounters with friends. It's a different story when it comes to connecting with people you work with. According to the poll, only 19% of people say they feel very connected or connected through social media to business associates. Source: CW

A Chinese state-run telecom provider was the source of the redirection of U.S. military and corporate data that occurred this past April, according to excerpts of a draft report sent to CNET by the U.S.-China Economic and Security Review Commission. The current draft of the U.S.-China Economic and Security Review Commission's (USCC's) 2010 annual report, which is close to final but has not yet been officially approved, finds that malicious computer activity tied to China continues to persist following reports early this year of attacks against Google and other companies from within the country. In several cases, Chinese telecommunications firms have disrupted or impacted U.S. Internet traffic, according to the excerpts. On March 24, Web traffic from YouTube, Twitter, Facebook, and other popular sites was temporarily affected by China's own internal censorship system, sometimes known as the Great Firewall. Users in Chile and the United States trying to reach those sites were diverted to incorrect servers or encountered error messages indicating that the sites did not exist. The USCC report said it was as if users outside China were trying to access restricted sites from behind China's Great Firewall. Then on April 8, a large number of routing paths to various Internet Protocol addresses were redirected through networks in China for 17 minutes. The USCC identified China's state-owned telecommunications firm China Telecom as the source of the "hijacking." This diversion of data would have given the operators of the servers on those networks the ability to read, delete, or edit e-mail and other information sent along those paths. The April incident affected traffic to and from U.S. government and military sites, including sites for the Senate, the Army, the Navy, the Marine Corps, the Air Force, and the office of the Secretary of Defense, the USCC said. Rodney Joffe, senior technologist at Domain Name System registry Neustar, also confirmed in a recent interview with CNET that the data diverted to China came from Fortune 500 companies and many branches of the U.S. government. Evidence didn't clearly indicate whether this diversion of data was done intentionally or for what purpose, according to the USCC. But the capability alone raises a red flag. "Although the commission has no way to determine what, if anything, Chinese telecommunications firms did to the hijacked data, incidents of this nature could have a number of serious implications," said the report excerpts. "This level of access could enable surveillance of specific users or sites. It could disrupt a data transaction and prevent a user from establishing a connection with a site. It could even allow a diversion of data to somewhere that the user did not intend (for example, to a 'spoofed' site)." The report also commented on an incident in April in which a China-based spy network was accused of targeting government departments, diplomatic missions, and other groups in India. The activity, which also compromised computers in at least 35 other countries, including the U.S., grabbed sensitive documents from the Indian government. Though the USCC could not definitively link this incident to the Chinese government, the authors of the report do believe there's an "obvious correlation to be drawn between the victims, the nature of the documents stolen, and the strategic interests of the Chinese state." The excerpts did note some positive news--2010 could be the first year over the past decade that shows a smaller number of logged threats against defense and military networks. This doesn't necessarily mean that the number of attempts have decreased. Instead, the report cites the Defense Department's assertion that its own defensive measures over the past year have prevented a larger number of threats. The U.S.-China Economic and Security Review Commission was set up by Congress in 2000 to analyze the national security issues involved in trade and an economic relationship between the U.S. and China. Read more:http://news.cnet.com/8301-1009_3-20020461-83.html#ixzz13Mr53Boa'> http://news.cnet.com/8301-1009_3-20020461-83.html#ixzz13Mr53Boa Source: CNET

Many companies must deal with the looming XP and Office migration crisis before fully turning to other key tasks cited in Gartner's annual top-10 IT issues list. At the same time IT executives must start evaluating new technologies to keep data center infrastructure and operations up to date, the hard deadline for migrating thousands of users from Windows XP and Office 2003 is approaching fast. While desktop operating system migration ranked No. 7 on Gartner Inc.'s latest list of the top 10 issues facing corporate CIOs, Gartner analyst David Cappuccio indicated that for many companies, it has become the most critical short-term need. Microsoft has said it will stop supporting Window XP and Office 2003 in April 2014. "You may find yourself in a situation where these migrations become the dominant projects in your organizations over the next few months," Cappuccio said. Matt Holmes, systems manager for Johnson County Community College in Overland Park, Kan., said Windows migration is "definitely" an issue. "Over the summer, we just had a round of 'firefighting,' where we had a bunch of Windows XP SP2 machines that had to get upgraded to Service Pack 3 because of end-of-life support," said Holmes. "I think it kind of snuck up on the desktop support folks." The college is now planning to migrate its users to Windows 7, he added. Gartner noted that while IT executives must deal with the Windows and Office deadlines, they also need to decide how to address the myriad longer-term issues that will transform data center operations. The trends in IT infrastructure and operations on Gartner's annual top-10 list, released last week at the research firm's Symposium/ITxpo in Orlando, mostly involve the long-term shrinking of data centers as companies turn to cloud computing. Rank Trend 1. Virtualization. "The data center of the future is going to be completely virtualized," Cappuccio predicted. 2. Dealing with data. Data is expected to grow by 800% over the next five years, and 80% of it will be unstructured. 3. Energy and green IT. This includes better automation and monitoring. 4. Unified communications and collaboration. This will be especially important as younger workers are hired. 5. Thinking horizontally. Companies need IT pros with business smarts. 6. Open-source collaboration. External networks will emerge. 7. Windows XP migration. Vendors will cease testing their apps on it. 8. Computing and data center density. This will be helped by the doubling of cores every two years and the expanded use of liquid cooling. 9. Cloud computing. Users will shift more services to the cloud. 10. Fabric computing. Server, storage and network systems will be integrated Source: CW

Criminals who use the Zeus malware may be working on a new angle: corporate espionage. Zeus typically steals online banking credentials. But Gary Warner, computer security researcher at the University of Alabama, said that the criminal groups that use Zeus have started trying to find out where their victims are employed. Sometimes the malware will pop up a fake online bank log-in screen that asks the victim for the name of his employer. Warner said that in online forums, hackers recently speculated that they might be able to sell access to computers associated with certain companies or government agencies. "They want to know where you work," he said. "Your computer may be worth exploring more deeply because it may provide a gateway to the organization." Zeus could be a powerful tool for stealing corporate secrets, because it lets the criminals remotely control victims' computers, scan files and capture passwords and keystrokes. With Zeus, hackers could tunnel through the victim's computer to break into corporate systems. Warner said the biggest threat is that Zeus could infect employees' home PCs and laptops that are outside the corporate firewall but have access to company data. Source: CW

Wow had no choice but to put my 2cents in this topic. I would suggest as all have said start with IRC server get use to how its worked and how to run one. then after all of that, then you can decide whats the next step. Because most like Buzzen and PhreikChat have developed there own 0cx, and really do you intend to spend all that time and effort on a chat server that maybe will not even get a maxium of 20 to 40 chatters on it. And are you ready to spend money and all of your time on the server? Its all not that simple to run a chat server. Then comes your staff and then comes the drama!! So these are just some of the things you have to think about. Look at me, I've just opened my own IRCd server, but my intentions are for scripting and learning, not for a chat server like Buzzen or Phreikchat. So really think hard about it. Well thats my 2 cents worth LOL

A Chandler, Ariz., man has pleaded guilty to charges related to his role in a pump-and-dump scam that inflated penny stock prices via spam and hacked computers. James Bragg, 41, faces five years in prison and a $250,000 fine for orchestrating the hacking and spamming portions of the scheme, which ran between November 2007 and February 2009, according to prosecutors. He pleaded guilty Wednesday in U.S. District Court for the District of New Jersey. Bragg used a Russian botnet operator, named only as B.T. in court documents, to send the spam and to access hacked brokerage accounts and buy the penny stocks without the victim's knowledge. The case sheds some light into the murky world of penny stock manipulation, where companies hire shady promoters to boost their stock prices. The promoters appear to be legitimate marketing and public relations firms, but some of them use illegal practices such as spamming to achieve results. Bragg, for example, was hired by a Texas-based middleman, identified only as C.R., who "acted as a middleman between stock promoters seeking to pump shares of stock, and e-mail spammers," according to court filings. Prosecutors say that Bragg promoted penny stocks such as RSUV (Remote Surveillance Technologies) and VSHE ( VShield Software). Both companies are now apparently defunct. It's not clear how much spam was sent or how much was made from the scam, but in a Dec. 20, 2007, Skype instant message exchange with C.R., Bragg described the mail as "runnin [sic] hard hitting inbox on gmail, hot[mail], yahoo, fusemail." In one case, profits from a month-long pump-and-dump were more than $150,000, but losses to victims of the scam -- who were left holding worthless stock that they'd purchased at inflated prices -- were almost certainly much higher. This isn't the first time Bragg has faced spam-related charges. He was sentenced to 12 months in prison several months ago in a separate case, filed in U.S. District Court for the Eastern District of Michigan. Pump-and-dump spam has been around for years, but this is the second time this year that someone has pleaded guilty charges relating to hacked brokerage accounts. In April Jaisankar Marimuthu, of Chennai, India, was sentenced to more than six years in prison by a U.S. judge for his role in a similar hack, pump-and-dump scheme. Source: CW

Contends that company and two men profited mightily by surreptitiously accessing personal information of Facebook users Facebook this week filed lawsuits against two individuals and one company for allegedly spamming its users and harvesting their personal information by getting them to sign up for non-existent products and services. The lawsuits, filed Tuesday in federal court in San Jose, accuse Steven Richter, Jason Swan, and Max Bounty Inc. of violating the Computer Fraud and Abuse Act, the CAN-SPAM Act and other state and federal laws. The company is seeking compensatory, statutory and punitive damages from each of the three parties named in the lawsuits. Facebook's lawsuits come at a time when the company is under growing pressure to clean up its data privacy practices. Just this week, for instance, Facebook found itself in the middle of a new firestorm after the Wall Street Journal reported that some of the social network's most popular applications, including FarmVille and Texas HoldEm Poker, have been sending user information to advertising and Internet monitoring companies. In a note posted on the Facebook site today, the company called this week's lawsuits a precursor of more to come in the next "month, year and beyond. We're committed to applying continuous legal pressure to send a strong message to spammers that they're not welcome on Facebook,' the blog post said. In court documents filed in connection with the lawsuits, Facebook described Richter as an affiliate for various Internet marketing companies. The lawsuit alleges that Richter earned tens of thousands of dollars by tricking Facebook users to visit third-party commercial Web sites. Richter is alleged to have used more than 40 Facebook profiles and created more than 40 Facebook pages to lure people to third-party sites with promises of free gasoline and free credits on games such as FarmVille. According to Facebook, Richter used his Facebook pages to lure 388,000 users to different sites for just one Internet marketing firm alone. He is estimated to have earned 44 cents for each Facebook user he sent to various third-party sites. Swan, too, is accused by Facebook of being an affiliate marketer who earned money by tricking users to visit other commercial Web sites and buying products from them. Swan is alleged to have harvested Facebook user data by tricking users into participating in various online quizzes and surveys with titles such as "Take the IQ Challenge." "Which 7 Deadly Sin Are You" and "Are you Stressed." He is also accused of getting Facebok users to spam each other by luring them to cut and paste a java script in their browsers that automatically blasted a message to all of the Facebook user's friends. MaxBounty is described by Facebook as the "mastermind" of an affiliate marketing scheme. The company is alleged to have conspired with and encouraged individuals to set up fake Facebook profiles and pages for the purposes of luring Facebook users to third-party sites. A request for comment made via the contact form on MaxBounty's Web site was not immediately returned. Facebook has secured major wins in similar lawsuits in the past, though it's unclear yet how much those victories have helped deter spamming activity on its networks. Earlier this month, a Canadian court upheld a massive $873 million judgment that was awarded by a U.S federal court in 2008 against Adam Guerbuezn, a Canadian citizen. Guerbuezn was accused by Facebook of sending out more than 4 million pornographic spam messages over Facebook. The $873 million award was the largest ever under the CAN-SPAM Act. Facebook also secured a $711 million judgment on similar charges against Sanford Wallace, a previously convicted spammer, last year. Though the chances of the company actually collecting any money on such victories are virtually non-existent, Facebook itself is hoping that its lawsuits will at least deter others from the same kind of activities. Source: CW