chain

It's been a few weeks that I've been working on the new site for chainscriptz, its different and its not phpbb3 I'm going a different way this time. Its still being worked on and so far it looks like this. http://chainscriptz.net/drupal/

Icechat 9 Rc1.2 Updated On July 21, 2011 Codeplex Revision 64180 Just a heads up that Snerf has done an update and you can get it here. icechat.codeplex.com

I have recently been looking to advance the server a bit and seeing as to what I can do with it. As someone from another server mentioned to me make a gaming server. Well the thought had crossed my mind..but no too much effort and really theres a lot of gamers servers on freenet. So what else could i do with the server? ok lets look at what the server dose really for me. 1. Test scripts 2. Tests snippets 3. Learn how a server works & commands 4. Add a decent webchat 5. Have firends come on. So all of what i wanted the server to do is doing, so any hints as to what else we can do with the server? have any idea's suggestions bounce them around, and I'll look into it. (I'm Bored as usual LOL)

Adobe and Apple used to be partners, with the maker of Photoshop being one of the biggest third-party Mac developers. Then Apple started releasing digital products that competed with its partner, and CEO Steve Jobs came out against Adobe Flash. Now the companies have quite the overlap in their customer bases and there's still a lot there, but Apple is doing its best to stop that. Users firing up Lion on their Macs yesterday may have wondered what was wrong with Flash. In fact, they may be seeing problems with pretty much all their Adobe products. Adobe explains the bad news in a knowledge base article: Known Issues with Adobe products on Mac OS 10.7 Lion. The list of affected products:

There is a lot of buzz about a recent set of tests by NSS Labs that show the Smartscreen reputation system in Internet Explorer 9 head and shoulders and most of the rest of the body above the competition in blocking malware on the web. I think the results of the test are even more important than they seem, considering previous reports that Microsoft plans to make Smartscreen a base part of Windows 8. This would extend parts of the protection to any executable hitting the file system. This would be big news. Smartscreen in IE9 has 2 components: A URL reputation system and a file reputation system. The URL reputation system is similar in concept to the Google Safe Browsing API, used by Chrome, Firefox and Safari, but vastly superior in results. It picked up 92 percent of malware-serving sites. Safe Browsing never reached 30 percent in the tests and generally settled much lower. For the 8 percent of sites that Smartscreen doesn't block, there's backup protection. Smartscreen tracks downloaded files (presumably by some hash like SHA-1) and a reputation for them. If the file is known to be good, it goes through. If it's known to be bad, it's blocked. If the system doesn't recognize it, the file throws up a warning: This warning could be a bit clearer at the cost of brevity, but I think it's worth it: "Microsoft has not yet encountered this file. If you know this file is new and unusual and know that it is safe, you may proceed. If it doesn't make sense that Microsoft has not yet seen this file, you may wish not to execute it in the interests of your own safety." I hope Microsoft submits such files to Virustotal or some such service in order to share them with the rest of the AV community. So back to Windows 8: At least some betas have included indications that this version of Windows will apply Smartscreen to any file, or at least any executable, that hits the file system. This would address one misplaced criticism in Smartscreen in IE9, that it only protects against the web vector. Of course, the web is how the vast majority of malware is distributed these days, but fix that route and attackers will move elsewhere, so Microsoft has to think ahead. I've argued that Microsoft should open up Smartscreen to other apps the way Google opened up the Safe Browsing API; Firefox was using it long before there was a Google Chrome. But putting the system into Windows itself may make that less advantageous. Another thing that Smartscreen doesn't do is protect against application vulnerabilities. If a site is not blocked and it exploits some browser vulnerability, Smartscreen doesn't block it. Of course if you're Microsoft you should patch the browser, and there are plenty of other defense-in-depth techniques, like ASLR and DEP, to limit the damage of vulnerabilities. I'd argue that Smartscreen plus timely patching is really good protection, even without an AV product. We're always hearing about the coming obsolescence of antivirus software. Could this be it? A Win8 Smartscreen as I see it doesn't cover everything an anti-malware product should. For instance, if you're offline and copy a file in via a USB drive would you be at all protected? I don't know. It's getting there though. Source: betanews

Most organizations are used to standard penetration tests. However, companies that have been increasing their overall security posture proactively through years of program maturity and hard work, need something different. This talk by David Kennedy from AIDE 2011 covers tailoring a penetration test based on the security level of the target and ripping through their security environment with sophistication. David goes in-depth on the future of penetration testing through the Penetration Testing Execution Standard (PTES) and what it takes in order to elevate your security posture. This is a technical talk which offers direction on where we need to head in the security industry. http://www.youtube.com/watch?v=8CqhePNRqbk&feature=player_embedded Source:

Japanese authorities have jailed a serial malware writer for two-and-a-half years over his latest creation. Masato Nakatsuji, 28, was found responsible for writing a strain of malware that spread across the locally popular Winny peer-to-peer file-sharing network last summer, replacing infected files on victims' computers with the image of an orange cartoon octopus. He was convicted of property destruction charges over the creation of the so-called "ika-tako" (squid-octopus) malware. At least three confirmed victims of the malware came forward. "It was an ingenious, planned crime to spread a computer virus over a long period of time," said presiding Judge Masaru Okabe, local English language news site the Daily Yomiuri reports. "The defendant committed the crime while he was on probation for a similar charge. I have no choice but to give him a sentence without suspension." Nakatsuji wrote the malware while still on probation for an earlier, near identical, scam. The miscreant previously created the Pirlames (AKA Harada) Trojan, which also spread via Winny, and displayed images of anime characters while destroying music and movie files on infected PC. In the absence of any specific computer crime law in Japan at the time, Nakatsuji was found guilty in 2008 of violating copyright laws and given a two-year prison sentence, suspended for three years. Last month Japan made the creation of computer viruses a specific criminal offence. Source: theregister

Pharmaceutical giant Pfizer's Facebook page has been defaced by mischief makers. The rudimentary hack, carried out by a group calling itself The Script Kiddies, resulted in the dissemination of a message saying Pfizer should be stopped because "they're corrupt and the damage they create is senseless". The hack was captured by The Hawthorne Effect blog here. According to Paul Ducklin at Sophos, it looks as if the account was hijacked after someone managed to guess the password of a person working for Pfizer's PR firm who had access to the page. The account has since been restored and, presumably, tightened up with a more robust password. More and more firms are being encouraged to dip their toes into social media, but unless they learn about the basics of computer security, this sort of thing is an accident waiting to happen. This point is even more pertinent in the frequent cases where such interactions are outsourced to third-party communications agencies, as discussed in a blog post by net security firm Sophos here Source: theregister

Google makes a heck of a lot of money from online advertising. In fact, 97 percent of Google's revenue, which totaled $33.3 billion in the past twelve months, comes from advertising. WordStream, a venture capital-backed provider of hosted software that automates most of the manual work involved with creating and optimizing both paid and natural search engine marketing campaigns, has done some research to discover which keyword categories fetch the highest costs per click (CPC) in Google's AdWords solution. And of course, they made an infographic based on the results of their research (embedded below). WordStream compiled data from its own, vast keyword database and the Google Keyword Tool to determine the top 10,000 most expensive English-language keywords over a 90-day period. Subsequently, the list was organized into categories by theme. The largest keyword categories were then determined by weighting the number of keywords within each category, as well as the estimated monthly search volume and average cost per click for each keyword. For the record, Google AdWords is an auction-based marketplace where advertisers bid on keywords to compete for top ad placement, with a minimum bid of 5 cents per keyword (update: actually, there's no longer a minimum bid for CPC campaigns). The top twenty keyword categories that demanded the highest costs per click are: 1. Insurance (example keyword: "auto insurance price quotes") 2. Loans (example keyword: "consolidate graduate student loans") 3. Mortgage (example keyword: "refinanced second mortgages") 4. Attorney (example keyword: "personal injury attorney") 5. Credit (example keyword: "home equity line of credit") 6. Lawyer 7. Donate 8. Degree 9. Hosting 10. Claim 11. Conference Call 12. Trading 13. Software 14. Recovery 15. Transfer 16. Gas/Electricity 17. Classes 18. Rehab 19. Treatment 20. Cord Blood Unsurprisingly, the list of most expensive keyword categories is clearly a result from people who, en masse, turn to the Web in search for help, whether it's for financial, educational, professional services or medical aid. WordStream concludes that the keyword categories with the highest volumes and costs represent industries with very high lifetime customer value: in other words, companies that can afford to pay a lot to acquire a new customer because of the nature of their business. But I would have personally never imagined that 'insurance' would be netting Google up to almost $55 per click. Think about that for a minute. Source:

Federal officials arrested 16 people accused of carrying out computer crimes that damaged or breached protected systems, including a December attack organized by the Anonymous hacker collective on PayPal that caused numerous service disruptions. Fourteen suspects from 10 states were accused of participating in "Operation Avenge Assange," which sought to punish the eBay-owned payment service for suspending an account belonging to whistle-blower website WikiLeaks. Using a tool known as the Low Orbit Ion Cannon and distributed by Anonymous members, they allegedly helped to coordinate an attack that bombarded PayPal servers with more traffic than they were designed to handle. Members of Anonymous gathered in internet relay channels to plan and carry out the attack against PayPal, which banned WikiLeaks a few weeks after publishing hundreds of thousands of classified US State Department memos. The indictment, which was filed last week in federal court in San Jos

The promised dump of its emails from News International by hacktivist group LulzSec failed to materialise on Tuesday. However a prominent affiliate of the group told El Reg that the release had only been delayed, rather than postponed. The UK end of the Murdoch media empire was hacked on Monday night, so that surfers visiting The Sun's website were redirected towards a spoof story on the fictitious suicide of Rupert Murdoch. The hack involved exploiting weaknesses on a retired site, running Solaris, set up by NI at the time NI was building a paywall for The Times. This pwnage was then used in a stepping stone attack that ultimately allowed the hackers to gain root on a server that gave them the ability to add a redirection script to the "breaking news" element of The Sun's website. Hacktivists scoffed at Murdoch's expense over these antics, making comments such as "WE HAVE JOY WE HAVE FUN WE HAVE ROOT ON MURDOCH'S SUN!" The deep level of compromised access demonstrated by LulzSec in running the fake story meant claims by hacktivists that the group had also gained access to NI's email database were all too plausible. Sabu, a prominent affiliate of LulzSec, said via Twitter that the group was sitting on emails of News International staffers that it planned to release on Tuesday. "Sun/News of the world OWNED. We're sitting on their emails. Press release tomorrow," Sabu said on Monday. In a follow-up message, Sabu challenged the Met Police (already on the defensive over the handling of the original NotW phone hack investigation, as well as accepting payments and favours from NI execs) to investigate LulzSec's hack on NI's email servers. "We hereby challenge the authorities in the UK to investigate the hack on the mail server(s) associated to The Sun/NotW. #hackgate #antisec." Hackgate News International took its webmail and remote access systems offline and reset passwords as a remedial action following thesun.co.uk's redirection hack. Systems were restored on Tuesday morning, The Guardian reports. This is a sensible precaution but it won't help NI if LulzSec did in fact manage to extract email archive files, as it claims it has. So far the group has only published email hashes of a small number of employees as well as the supposed email password of Rebekah Brooks at the time she edited The Sun. Brooks (who was called Wade at the time) seems to have used 63000 as her email password, the same number as The Sun's tip-line. The more technically skilled members of Anonymous and LulzSec have previously released emails spools from organisations targeted for special treatment beyond standard denial of service attacks and webpage defacements. Both HBGary Federal and ACS:Law know this to their cost. In both these cases, email databases were released at the same time the websites of the targeted organisations were defaced. This hasn't been the case in the News International attack, with the focus of online discussion among hacktivists turning to this week's arrest of suspected Anonymous members in the US and Europe. However, Sabu told El Reg via Twitter that more news on the claimed hack of News International emails had merely been delayed. "We will release a press release about the mails sometime relatively soon," he said, without giving any particular deadline. So, it seems, sysadmins and the rapidly dwindling senior execs at News International are not entitled to relax just yet. Source: theregister

Google is issuing warnings to people whose computers are infected with a type of malware that manipulates search requests. A strain of rogue anti-virus software also includes a search hijacker component. The hijacker is designed to further enrich scammers by redirecting users of compromised machines through various dodgy pay-per-click affiliate sites instead of genuine search engines. Instead of going straight to Google, surfers on compromised machines are sent via proxies. The traffic generated from malware-infected machines has an unique signature that has allowed Google to return warnings to victims using these machines. The malware is programmed to ping a specific Google internet address from compromised machines. Google came across this when it took a server associated with this address offline during routine maintenance. Legitimate search traffic was redirected, but the IP address still received thousands of requests per second, tipping Google off that something was amiss. Google security engineer Damian Menscher investigated the odd behaviour and discovered that it had been caused by a network of more than a million malware-infected machines, security blogger Brian Krebs reports. Google is using the information it obtained to provide prominent warnings to potentially infected surfers that their PCs "appears to be infected", as illustrated by a blog entry here. The warnings are something of a departure for Google, and may well help alert infected users that their machines are infected with a nasty thingytail of scareware and web-redirection malware. Unfortunately, it is probably only a matter of time before scareware scammers use fake templates from this new type of warning in attempts to peddle fake anti-virus software. Surfers are best advised to only purchase security software from recognised outlets and, in particular, to be suspicious of any warning that points you towards one particular product. If in doubt, consumers ought to use a freebie scanner from the likes of Avast, AVG or Microsoft itself, at least as a first point of call. Source: theregister

0k server is back up and running

Just to say that my server is down for a bit until they fix the issues with echo server, this may take between 1 to 24 hours depending if they have to replace the drive.

Well that was a brilliant start to get people to post snoopz LOL. As you can see a lot of people still do hang and look and read, just look at the views in the forums! and just because a site is not as busy as it use to be, dosen't mean its dead. people have lifes and vacation time, and its summer !! and its not an excuse ..every year its the same, actually been for many years. And yes scripters are now on IRC servers more then Flash or Phreik or in fact anything ...Go look in Koach's server you will see a lot of well known scripters in the Koachwsworkshop ..irc.koach.com Even i have been more towards IRC as i have been going around gettign interviews, and also I have my own server.So things change, but when winter comes look in Buzzen its pack full!! Heres an @xample irc.junkie.org How many months has that been untouched, here at TG007 we still bring you up to date news and snippets and scripts. Its not dead d00d look again!!

It's been another active week in the hacking world. At least 237,234 records were obtained by hackers from the Stevens Institute of Technology, German Federal Police, Kiplinger Washington Editors Inc., Toshiba Corporation, the National Assembly of Pakistan, Booz Allen Hamilton, and Monstanto Company. The hacking movement has not lost momentum. Last Thursday, the Stevens Institute of Technology was hacked by @p0keu. At least part of its database leaked on PasteBin containing 31 records with the full names of users, email addresses, and plain text passwords. As a side note, never ever ever store passwords in plain text in a database. There is absolutely no need. Last Friday, the Geman Federal Police (Bundespolizei) was hacked by the group NN-Crew. Information of GPS location coordinates, license plate numbers, suspects' telephone numbers, and the usernames and passwords of police officers was collected and on their website. The Bundespolizei stated that no investigation data was published and that the data obtained was from a server for customs officials that is used with the PATRAS tracking system, which has now been temporarily shut down. Last Saturday, Kiplinger Washington Editors revealed that 142,000 records of usernames, emails, passwords, and encrypted credit card numbers were obtained by hackers, as a Bloomberg article notes. Doug Harbrecht, a director at the company, said that the two-week delay was due to an investigation run by a third party organization in coordination with the FBI. The director stated, "'Part of the problem is we still don't know exactly what the hackers got'," but they don't believe it poses any threat. This past Monday was a particularly exciting day. The Toshiba America Consumer Products (TACP) website (tacp.com or tacp.toshiba.com) was hacked by a hacker named V0iD. According to the DataLossDB there were 11 admin emails and plain text passwords, 784 user emails and plain text passwords, and the names, emails, and plain text passwords of more than two dozen resellers. According to an article by Softpedia, there were 14 user tables, one containing 5,203 records, though he only pasted a total of 800 accounts on PasteBin. V0iD also hacked the National Assembly of Pakistan posting the usernames and passwords of 7 admin accounts and the phone numbers of 13 accounts on PasteBin. Perhaps the most significant breach was Booz Allen Hamilton, a government defense contractor. According to one article there were 90,000 accounts leaked of people involved in anything from "US CENTCOM, SOCOM, the Marine Corps, various Air Force facilities, Homeland Security, State Department staff, and what looks like private sector contractors." The group Anonymous posted on Twitter a link to download the 130.5 MB torrent of data. The company released a statement Tuesday on their website confirming the breached data, that they are investigating the issue, and do not believe the breach extended beyond information used by a learning management system for a government agency. And, perhaps the most interesting, is the recent attack on Monsanto, which supposedly is the beginning of Operation Green Rights, Project Tarmageddon. The project is to target companies responsible for global environmental issues like "Exxon Mobil, ConocoPhillips, Canadian Oil Sands Ltd., Imperial Oil, the Royal Bank of Scotland, and many others," according to their press release and a video posted on YouTube. According to a CNET article the names, addresses, phone numbers, and place of work of 2,5000 individuals were posted on PasteBin. Their post states they are attacking Monstanto ecause of their "downright evil business practices." According to the CNET article this act was specifically "to protest lawsuits the company filed against organic dairy farmers for stating on labels that their products don't contain growth hormones." Apart from data breaches, there were an number of websites taken down as well, including ircfederal.com, hbgaryfederal.com, and rootkit.com through DDoS attacks by Anonymous. There were 265 Brazilian websites hacked by tota-x who posted the list on PasteBin, and 808 Indian websites hacked by ZHC MongOse & ZHC Toshiro who also posted a list on PasteBin. Though we had previously mentioned LulzSec has quit operating, a tweet from them yesterday states, "If @pastebin reaches 75,000 followers we'll engage in a mystery operation that will cause mayhem." PasteBin posted on Twitter that they have noticed such a change that they have made a followers graph on their site. One tweet exclaims, "@pastebin now has 10.000+ followers. That is 7000 more than this morning when I woke up!" It is a very vibrant hacking climate, the Jester is chasing Sabu from Anonymous, CNET has made a Google Spreadsheet to keep up with the hacks, and Rupert Murdoch has shut down the 168-year-old paper and abandoned his bid on British Sky Broadcasting (BSkyB) because of his involvement with an extensive phone hacking scandal. Source:

Mozilla has proposed a new method for signing into websites that avoids both site-specific passwords and existing cross-site sign-in services from corporate behemoths such as Google and Facebook. Known as BrowserID, Mozilla's prototype is built atop a new "Verified Email Protocol", which uses public-key cryptography to prove that a particular user owns a particular email address. In essence, BrowserID lets you log into a website simply by clicking on a button and choosing an email address you wish to sign in with. Behind the scenes, the website, your browser, and a separate verification service use crypto keys to verify your identity. "For a Web developer, creating a new application always involves an annoying hurdle: how do users sign in? An email address with a confirmation step is the classic method, but it demands a user's time and requires the user to take an extra step and remember another password. Outsourcing login and identity management to large providers like Facebook, Twitter, or Google is an option, but these products also come with lock-in, reliability issues, and data privacy concerns," Mozilla says in a blog post, referring to services based on OpenID and similar protocols. "With BrowserID, there is a better way to sign in. ... A user can prove their ownership of an email address with fewer confirmation messages and without site-specific passwords." To set up BrowserID, the user supplies an email address and a password. This is then sent to the verification service, which returns an email to your inbox so you can verify that you indeed own that email address. (The process is similar to the email-based password-reset services so many websites use today). The service then creates a cryptographic key pair, keeping the public key and storing the private key with your browser. When you later visit a website that's set up for BrowserID, you simply click on a "sign-in" button and select your registered email address (you can register more than one). The site then retrieves the keys to verify your identity. The ultimate idea, however, is to convince mail providers to adopt the system, so that a separate verification service isn't needed. "Anyone with an email address can sign in with BrowserID, and email providers can implement BrowserID support to make the system even easier for their users," Mozilla says. But even with the verification service, the setup is quite simple. The service does collect a list of sites you share your email with, and if mail providers enter ithe mix, they will have access to such data as well. But Mozilla argues that unlike other cross-site sign-in services, BrowserID doesn't leak data back to any other servers. The open source outfit also says the system is superior to OpenID and other identity token

More than 10 per cent of companies that promise not to track internet users' online activity for behavioural advertising purposes still do so, according to new research. Publishers and advertising networks use cookies to track user behaviour on websites in order to target adverts to individuals based on that behaviour. A cookie is a small text file that websites store on users' computers to remember their activity on a site. Researchers at Stanford Law School investigated whether companies belonging to a voluntary scheme run by the Network Advertising Initiative (NAI) actually complied with the rules they had signed up to. The NAI encourages online businesses to voluntarily adopt a set of rules governing online behavioural advertising. Those rules force member companies to tell users that cookies they store about them could be used to serve behavioural ads. The rules also state that member companies must stop using the cookies to serve ads if asked to by users. The researchers claimed that at least eight NAI members out of the 64 they investigated continued placing behavioural ad cookies on researchers' machines after being asked not to. "At least eight NAI members promise to stop tracking after opting out, but nonetheless leave tracking cookies in place," Jonathan Mayer, one of the Stanford researchers, said in a blog. Mayer said that the researchers had performed three tests of the NAI members' cookie promises. In some of the cases the companies did delete the cookies but the researchers found that they were restored after they revisited content on the website, Mayer said in his blog. In other cases some of companies deleted some cookies and not others, he said. One of the eight firms, Vibrant Media, did not delete any of the tracking cookies when asked, the researchers claimed. More than half of NAI members tested left tracking cookies in place after researchers had told websites they were opting out. Researchers said that NAI members only have to allow users to opt out of behavioural ad targeting and not tracking. "Of the 64 companies we studied, 33 left tracking cookies in place after opting out," the researchers said. At least 10 NAI members, including Google, delete tracking cookies as well as behavioural ad targeting, the researchers said. See the Stanford researchers' blogHere Source: theregister

IceChat IRC Client Well today was quite an intersting day, I had a unique interview with the creator of Icechat. Snerf is the creator of the well known IRC Client IceChat. He had talked about when he started and the reasons for it, and how the name became. And hes quite willing to share his knowledge on his client and whoever is willing to learn. I will try to put the interview in a way that shows from the beginning to the end. This was my first interview and wont be my last with Snerf. So this is how the interview went. So as you can see IceChat has a long history behind it, and is the longest running client that is still being updated as of this day. Also if your looking to give any idea's or talk to Snerf, he can be found on irc.quakenet.org #icechat2009 and his website http://www.icechat.net/site/ So there you have the history of the Client and the Creator. I like to thank Snerf for taking the time to talk with me about his Client and how IceChat was made.

Sega's forum remains offline almost a month after its forums and other sites were hit by hacktivists. Hackers broke into Sega's systems and made off with user registration details, email addresses, birth dates and encrypted passwords of around 1.3 million users last month. No financial data was exposed by the hack, which was initially blamed on infamous hacking group LulzSec. The now defunct group denied involvement, even going so far as offering to track down the miscreants responsible. Sega took the precaution on 16 June of suspending its forums and other sites accessed via Sega Pass system while it beefed up security. This work remains ongoing almost a month later. A representative of Sega told El Reg that the sites remain offline for testing: making Sega, in as far as possible, "hack proof". No date has been set for restoration. Rival gaming firm Sony shut down its PlayStation Network in April, also following a hack attack. Sony, which blamed the attacks on Anonymous, restored the service around a month later. Personal information on 77 million account-holders was exposed by the PlayStation hack, which also aired the credit card numbers, passwords, and security questions of a subset of these unfortunate gamers. Anonymous had been running a campaign of denial of service attacks against Sony sites in protest of its legal offensive against PlayStation modders at around this time. Members of Anonymous were quick to deny responsibility for the much more invasive PlayStation attack, but that still leaves open the possibility that other members of the group carried out the assault. Whoever carried out the attack on Sony, it was orders of magnitude more serious than the comparatively minor breach at Sega. Source: theregister

Six out of every 10 users of Adobe Reader are running vulnerable versions of the ubiquitous PDF reader package, according to stats from freebie anti-virus scanner firm Avast. Adobe applications, behind only browsers and Microsoft Office as a favourite target for hackers, are regularly the target of Trojan-based hacking attacks, often featuring maliciously constructed attachments. Sometimes these attacks take advantage of unpatched vulnerabilities, a scenario applied to targeted attacks, but more often than not, malware writers attempt to exploit well-known, patched security bugs. Users who fail to keep Adobe Reader up to date are therefore leaving themselves at a much greater risk of malware-based attack. Avast reckons 60.2 per cent of its customers who use Adobe Reader were running a vulnerable version of the program. Only 40 per cent of users had either the newest Adobe Reader X or were fully patched. One in five users also had an unpatched version of Adobe Reader that was at least two generations old (8.x), it adds. Adobe Reader was used by 80 per cent of Avast's users. The next most common PDF reader application, Foxit, featured in just 4.8 per cent of installations. "There is a basic assumption that people will automatically update or migrate to the newer version of any program," said Ondrej Vlcek, CTO at AVAST Software. "At least with Adobe Reader, this assumption is wrong

As recently as February this year, Google allowed its users to sign up to its revenue-challenged video sharing website YouTube using a pseudonym. In fact, Mountain View was so proud of that option that its director of privacy, product and engineering, Alma Whitten, penned a blog post in which she pointed out the importance of allowing individuals to provide content anonymously online. "Using a pseudonym has been one of the great benefits of the internet, because it has enabled people to express themselves freely

After four long years, here comes a new version of PuTTY, the popular free telnet/SSH client for Windows and Unix platforms. PuTTY 0.61 brings new features, bug fixes, and compatibility updates for Windows 7 and various SSH server software. New features PuTTY 0.61 supports SSH-2 authentication using GSSAPI, on both Windows and Unix. Users in a Kerberos realm should now be able to use their existing Kerberos single sign-on in their PuTTY SSH connections. On Windows: PuTTY's X11 forwarding can now authenticate with the local X server, if you point it at an X authority file where it can find the authentication details. So you can now use Windows PuTTY with X forwarding and not have to open your X server up to all connections from localhost. On Windows: the Appearance panel now includes a checkbox to allow the selection of non-fixed-width fonts, which PuTTY will coerce into a fixed-width grid in its terminal emulation. In particular, this allows you to use GNU Unifont and Fixedsys Excelsior. On Unix: the GTK port now compiles with GTK version 2, which is generally shinier and in particular provides access to client-side scalable fonts. Some Linux distributions have been shipping pre-release versions of GTK 2 PuTTY for years, so this won't be a surprise to anyone using Unix PuTTY or pterm via Debian or Ubuntu. But this is the first official release containing that functionality. A small but important feature: you can now manually tell PuTTY the name of the host you expect to end up talking to, in cases where that differs from where it's physically connecting to (e.g. when port forwarding). If you do this, the host key will be looked up and cached under the former name. Assorted optimization and speedup work. SSH key exchange should be faster by about a factor of three compared to 0.60; SSH-2 connections are started up in a way that reduces the number of network round trip delays; SSH-2 window management has also been revised to reduce round trip delays during any large-volume data transfer (including port forwardings as well as SFTP/SCP). Support for OpenSSH's security-tweaked form of SSH compression (so PuTTY can now use compression again when talking to modern OpenSSH servers). Support for Windows 7's new user interface features. The new Aero window management should now play nicely with PuTTY's complicated window resize handling, and Windows 7 jump lists are now supported so you can launch saved sessions directly from the taskbar. Source: Help Net Security

The Kostolnik family's nightmare is over - the neighbor that has hacked into their Wi-Fi network and misused the access for terrorizing them has been sentenced to 18 years in prison. The 46-year-old Barry Ardolf, a former Medronic computer technician, started his campaign against the Kostolniks after they reported to the police that he kissed their 4-year-old son on the lips. Ardolf decided to get even by framing them for possession and publication of child pornography by setting up a fake MySpace page in the husband's name and publishing an offending photo on it, for sexual harassment by breaking into the husband's mail account and sending lewd emails to his female coworkers, and for making death threats to politicians. According to Wired, once the husband's coworkers reported the offending emails and he denied having sent them, the law firm for which he was working engaged a computer forensic investigator to look into the matter. When they found evidence that Ardolf was involved, they contacted the FBI who then searched Ardolf's house and found further evidence of his guilt. What's more, they discovered evidence of him having engaged in a similar campaign against previous neighbors. "Barry Ardolf has demonstrated by his conduct that he is a dangerous man. When he became angry at his neighbors, he vented his anger in a bizarre and calculated campaign of terror against them," stated the prosecutor. I must say that even though this sentence might seem a little excessive, it does warm my heart to know that he didn't succeed in ruining his neighbors lives and reputation. Source: Help Net security

Source: PCW