VirtualBox 3.0.8 Released

October 8, 2009 – 6:14 AM

VirtualBox is a general-purpose full virtualizer for x86 hardware. Targeted at server, desktop and embedded use, it is now the only professional-quality virtualization solution that is also Open Source Software.

Sun today released VirtualBox 3.0.8, a maintenance release of VirtualBox 3.0 which improves stability and performance.

Download:
http://www.virtualbox.org/wiki/Downloads

ChangeLog:
http://www.virtualbox.org/wiki/Changelog

Security researchers develop DoS attack filter

October 6, 2009 – 5:47 AM

Researchers have come up with host-based security software that blocks distributed denial-of-service attacks (DDoS) without swamping the memory and CPU of the host machines.

The filtering, called identity-based privacy-protected access control (IPCAF), can also prevent session hijacking, dictionary attacks and man-in-the-middle attacks, say researchers at Auburn University in their paper, “Modeling and simulations for Identity-Based Privacy-Protected Access Control Filter (IPCAF) capability to resist massive denial of service attacks.”

This new method is suggested as a replacement for IP-address filtering, which is sometimes used to block DDoS attacks but is problematic because IP addresses can be spoofed, says Chwan-Hwa “John” Wu, a professor of electrical and computer engineering at Auburn and lead author of the paper.

The method also greatly reduces the resources attacked machines have to expend in order to figure out whether requests are legitimate, he says.

Under IPCAF authorised users and the servers they try to reach receive a one-time user ID and password to authenticate to each other. After that they cooperate to generate pseudo IDs and packet-field values for each successive packet so packets get authenticated one at a time.

Source:
http://news.techworld.com/security/3203363/security-researchers-develop-dos-attack-filter/?olo=rss

Microsoft Confirms Hotmail Phishing Attack

October 5, 2009 – 6:34 PM

Several thousand Hotmail usernames and passwords were exposed on over the weekend via a phishing attack, Microsoft confirmed late on Monday.

Microsoft said it would block access to the accounts that were exposed and work with customers to reclaim access to them.

“Over the weekend Microsoft learned that several thousand Windows Live Hotmail customers’ credentials were exposed on a third-party site due to a likely phishing scheme,” Microsoft said in a statement. “Upon learning of the issue, we immediately requested that the credentials be removed and launched an investigation to determine the impact to customers. As part of that investigation, we determined that this was not a breach of internal Microsoft data and initiated our standard process of working to help customers regain control of their accounts.”

In a phishing scheme, users are duped into divulging confidential information, often account password and usernames, sometimes attached to financial information. In the Hotmail case, however, users could have used the email program to communicate with banks and other institutions, storing confidential information in their accounts.

Microsoft recommends that users change their Windows Live passwords (which can access Hotmail) every 90 days, Microsoft said. Users who believe they have fallen prey to a phishing scheme should change their passwords immediately, Microsoft advises.

Source:
http://www.pcmag.com/article2/0,2817,2353808,00.asp?kc=PCRSS03069TX1K0001121

Use scr.im to get less spam

October 4, 2009 – 11:38 AM

Leaving your email as plain text in forums, on Twitter or on classified sites makes you an easy spam target: spam robots and email harvesters constantly browse these sites to collect new victim emails.

Don’t share your email on public sites. Instead, use our free service that will convert your email address ([email protected]) into a safe and short URL (for instance http://scr.im/joe). People willing to email you will go to this URL that will reveal your email address, after a simple test that automated scripts and bots cannot pass.

scrim

Homepage:
http://scr.im/

Mozilla Plugin Check

October 3, 2009 – 3:03 PM

The Mozilla Firefox development team started to check the Flash plugin version of Firefox web browsers on the What’s New page after Firefox updates recently. This page would inform users if the Flash plugin version of their web browser was not the latest one which usually meant that their web browser was open for attacks that would target vulnerabilities in outdated Flash versions. The website would describe the problem to the user and offer a solution in the form of a download link to the latest Flash plugin at the Adobe website.

The idea came up to extend this check to include other popular plugins as well. A first version of that plugin checker is now online and available at a test server which can be publicly accessed by anyone.

The scripts on the page will check for installed plugins and compare the version of the installed plugin with the latest version that is offered officially by the developer of the plugin. Supported are at the moment (among others) Apple Quicktime, Shockwave Flash, Adobe Acrobat, Java, RealPlayer and Windows Media Player plugins.

Source:
http://www.ghacks.net/2009/10/03/mozilla-plugin-check/

Plugin Check:
https://www-trunk.stage.mozilla.com/en-US/plugincheck/