Web-monitoring software gathers data on kid chats

Parents who install a leading brand of software to monitor their kids’ online activities may be unwittingly allowing the company to read their children’s chat messages — and sell the marketing data gathered.

Software sold under the Sentry and FamilySafe brands can read private chats conducted through Yahoo, MSN, AOL and other services, and send back data on what kids are saying about such things as movies, music or video games. The information is then offered to businesses seeking ways to tailor their marketing messages to kids.

“This scares me more than anything I have seen using monitoring technology,” said Parry Aftab, a child-safety advocate. “You don’t put children’s personal information at risk.”

The company that sells the software insists it is not putting kids’ information at risk, since the program does not record children’s names or addresses. But the software knows how old they are because parents customize its features to be more or less permissive, depending on age.

Five other makers of parental-control software contacted by The Associated Press, including McAfee Inc. and Symantec Corp., said they do not sell chat data to advertisers.

Source:
http://www.google.com/hostednews/ap/article/ALeqM5i5CjgMEdrwRm3JxeglUykMAHAYmAD9AGNVM00

Posted in Internet, Privacy, Software | No Comments

Hole in Windows Vista and 7 allows remote reboot

A vulnerability in Microsoft’s implementation of the SMB2 protocol can be exploited via the net to crash or reboot Windows Vista and Windows 7 systems. The root of the problem is an error in how the srv2.sys driver handles client requests when the header of the “Process Id High” field contains an ampersand. The attack does not require authentication; port 445 of the target system merely has to be accessible, which in the default Windows local network configuration, it usually is. SMB2 is an extension of the conventional server message block protocol.

An exploit written in Python is already available. A test at heise Security, The H’s German associates, confirmed that the exploit enabled a remote reboot of a Vista system. However, in the test, the exploit had no apparent effect on a computer running Windows 7. According to the report written by Laurent Gaffie, who discovered the vulnerability, Windows Server 2008 might also be affected, since all of the systems named used the same SMB2.0 driver. Windows 2000 and XP were not affected, however, since they do not support SMB2.

Microsoft has yet to release an official update for the issue. Presently, the only remedy is to close the SMB ports by un-ticking the boxes for file and printer access in the firewall settings.

Source:
http://www.h-online.com/security/Hole-in-Windows-Vista-and-7-allows-remote-reboot–/news/114183

Posted in Internet, Networking, Security, Windows | No Comments

Facebook makes you smarter, Twitter makes you dumber

Have you ever written a text message and then failed to correctly multiply 3 by 7 right after you pressed “send”?

Have you ever posted an update on Facebook and instantly reached for your Proust? And have you ever sent a tweet, looked in the mirror, and suddenly believed that you had a twin?

Well, according to the Telegraph, Dr. Tracy Alloway, a psychologist from the University of Stirling in Scotland, can explain all of this.

The good doctor has spent many of her days studying working memory, which allows people to retain and use information. She believes it to be a far more significant measure of the well-being and intelligence of humanity than, say, IQ.

Alloway spoke Sunday to the British Science Festival at the University of Surrey and rather gushed about the success she has had in training children to enhance their working memory.

And she happened to mention that certain social-media behaviors are rather more conducive at developing working memory than others.

Source:
http://news.cnet.com/8301-17852_3-10346125-71.html?part=rss&subj=news&tag=2547-1_3-0-20

Posted in General BS, Internet | No Comments

The dark side of open source software is Stoned

A rootkit is a piece of software which, for nefarious purposes, aims to run undetected on your computer. It will hide itself from process listings and will seek to interfere with the ordinary running of your system to fulfil its own purposes.

A bootkit is a particular type of rootkit which kicks in when the computer boots and before any operating system has loaded. This can make it even more dangerous because it has full access to the system and cannot be removed by merely inspecting the operating system’s list of start-up services.

Austrian hacker Peter Kleissner has released the world’s first ever open source bootkit framework called Stoned Bootkit, named in dubious honour of an early boot sector computer virus called “Stoned.”

Stoned Bootkit aims to attack all versions of Microsoft Windows from XP through to the brand new Windows 7, including Server releases. Stoned loads before Windows starts and remains in memory, and comes with its own file system drivers, a plug-in engine and a collection of Windows “pwning” tools.

Stoned Bootkit also claims to be the first bootkit that breaks TrueCrypt encryption as well as working with traditional FAT and NTFS disk volumes.

This means with Stoned you can install any software you choose – a Trojan horse, say – onto any computer running Windows. You do not need know any passwords and it does not matter if the file system is encrypted.

Source:
http://www.itwire.com/content/view/27503/1141/

Posted in Internet, Security, Windows | No Comments

Amazon Web Services launches two factor authentication

Protecting the management account for cloud services can be one of the most critical security points of a cloud-based solution. Arguably, the account is more important than instance and operating system security for cloud workloads. Amazon web services (AWS) has recently introduced a new feature, Amazon web services multi-factor authentication (AWS-MFA), to allow more secure account access.

With AWS-MFA enabled on an AWS account, access to the services are now required to use two-factor authentication. The first factor is the standard email address and password for the AWS account, and the second factor is a six digit code displayed on a token device. The token device currently available for AWS integration is a Gemalto device. The six digit code is time expired and is placed with the standard AWS credentials for access to account functions.

Source:
http://blogs.techrepublic.com.com/networking/?p=1932

Posted in Hardware, Internet, Privacy, Security | No Comments