http://www.v3.co.uk/v3-uk/news/2207737/hackers-target-windows-update-in-phishing-attack

Hackers target Windows Update in phishing attack

Security vendor Sophos said that the scammers have constructed spam messages which claim to originate from the privacy@microsoft.com email address. The messages, which are designed to resemble official alerts from Microsoft, advise users that their systems might be at risk and advises visiting a supposed "update" page.

Upon clicking the link, however, users are directed to a phishing site which attempts to harvest email addresses for webmail services including Gmail and AOL mail.
"But the grammatical errors and occasional odd language should raise alarms bells that the emails may not really be from Microsoft."
The flaw, which is triggered by way of an infected .swf file, had been exploited by attackers to perform covert malware installations.

Neither is it right for the UK, within the Digital Economy act. It is a complete abomination being totally contrary to our human rights, and is highly discriminatory given it only applies within the largest ISPs within the UK.

The UK government itself estimates that the extra costs put on ISPs by the (in parts ludicrous!) Digital Economy act, to enforce copyright infringement (the cost of which should fall on the copyright material owners) will put broadband access financially out of reach of nearly 100,000 potential users who would otherwise have been able to afford broadband. Some social policy to 'extend' broadband usage, Not!

It has recently been set that we are guilty until proved innocent in the UK with appealing to cost £30 (even though appeals with shared internet connections are guaranteed to be successful as ISPs and copyright companies cannot prove who has used the connection).

I advise all UK large ISP company users to set up non-UK DNS servers to prevent even innocent accusation.

I also advise UK internet users with large companies as ISPs to inform them in writing where the internet connection is shared, eg by a partner, family etc, so they cannot wisely (if they've any sense!) in this instance operate the three-strikes policy. (something along the lines of . . . Please note in respect of the Digital Economy act that my internet connection is shared between X users. Please email me that you have updated your records accordingly;- will do nicely!)

The saddest thing is that although the £30 is refundable (eventually!) where appeals are successful, it has to be paid upfront in the first place (yet more hidden taxation...)

While I cannot condone major servers for copyrighted material serving thousands of gigabytes of 'illegal' material daily, neither can I (equally) condone the (deliberately) artificially very high prices for video games, music CDs and film DVDs. It would be far more sensible to be allowed to try these items to see if we like them, before buying them, and for them to be available at a reasonable price.

To my mind, many very rich corporations (often the world's wealthiest), whether selling cola or 'designer' clothes and similar, or digital content items can well afford to sell for far less than they do at present. They would rather 'steal' vast amounts from us by constructing price rises and price structures that are tantamount to 'highway robbery'. A can of cola contains at most 2 pence of ingredients and 2 pence manufacturing costs plus a maximum of 4 pence distribution costs. Even allowing for a small retail profit, it should sell for less than 15 pence, not over three times and sometimes five times this amount! Most Indie games sellers sell for about $5.99, add another $2 for CD cost making games costing $45 - $65 seem very very over-priced!

What worries the most is if petty acts of brutal dictatorship are allowed to flourish within so-called democracies, before we know it, many more of our freedoms will be removed from us.

Draconian is a word that needs to be expressed over threats to remove internet access for often very minor infringements. It is a matter of the deepest regret when supposedly civilized countries act in a manner totally removed from UN and EU Human Rights legislation.

Britain has a very poor record indeed in the field of upholding human rights!

Depriving anyone of an internet connection in the 21st century is barbaric and hostile in the extreme, whether this happens in France,the UK or New Zealand.

http://www.nzherald.co.nz/technology/news/article.cfm?c_id=5&objectid=10748754

Gareth Hughes: 'Three strikes' piracy law not right for NZ

f you need advice or have questions check out http://3strikes.net.nz/

http://news.hitb.org/content/scariest-ipv6-attack-scenarios

Experts are reporting a rise in the number of attacks that take advantage of known vulnerabilities of IPv6, a next-generation addressing scheme that is being adopted across the Internet. IPv6 replaces the Internet's main communications protocol, which is known as IPv4.
IPv6 traffic being tunneled across IPv4 networks, particularly using the Teredo mechanism that is built into both Microsoft Windows Vista and Windows 7. This vulnerability with IPv6-over-IPv4 tunneling has been known for at least five years, but it is still being exploited.

http://www.stuff.co.nz/technology/digital-living/5272410/ISPs-to-charge-for-notices-under-Skynet-law

New Zealand's Parliamentary Service suffered website outages last month after threats from "Anonymous", protesting against changes to copyright law.

http://www.stuff.co.nz/technology/digital-living/5131422/Suspected-Anonymous-hacktivists-arrested

*
http://www.stuff.co.nz/technology/digital-living/5107534/Darby-in-anti-piracy-ad-backlash

Comedian Rhys Darby had made a statement on his website stating that he does not support the government's controversial copyright law change.

The statement comes after his decision to front an anti-piracy DVD for the Federation Against Copyright Theft (NZFact) was construed as support for the change
Disgusted that this is a US company that is paying to show these to NZ school kids, why not be a little more honest and call it US facts? Why are we such a guinea pig for the US???" she wrote.

Another reader, 'S', said: "Not only will I never watch another show with Rhys Darby but I will be sending a letter to my kids school insisting that I do not give permission for my child to be shown this video. It is not the job of our education
system to brain wash our children for the benefit of American corporate interests."

http://www.nzherald.co.nz/technology/news/article.cfm?c_id=5&objectid=10730831

The Government says it will not alter its internet copyright legislation, despite UN criticism that such laws are an attack on human rights.

In April the Government passed such an anti-piracy law with the Copyright (Infringing File Sharing) Amendment Act which included a provision to suspend internet accounts for up to six months after three offences.

National MP Jonathan Young likened the internet to the evil Skynet computer system from the Terminator films.

The Government had no intention of altering it.

http://www.nzherald.co.nz/technology/news/article.cfm?c_id=5&objectid=10730807

http://www.nzherald.co.nz/politics/news/article.cfm?c_id=280&objectid=10730861

Internet companies are scrambling to prepare for anti-piracy laws coming into effect this September, but a legal expert warns they will struggle to cope with the new regulations.

"We're less than 12 weeks out from the go-live date on September 1 and ISPs are saying they need between 9 and 12 months to implement a system. You can see that it will be difficult for them."

Slingshot chief executive Mark Callander said ISPs were still in the dark on the details of the regulation.

THE LAW

Copyright (Infringing File Sharing) Amendment Bill:

* Requires internet companies (at their own expense) to send out warning notices to those suspected of illegally downloading content such as movies or music.

* After a third suspected infringement, rights holders can take suspects to the Copyright Tribunal, which can issue fines of up to $15,000 to an offender.

* If this doesn't work to stop online pirates, the Government may give the tribunal the power to cut an offender's internet access.

http://www.nzherald.co.nz/nz/news/article.cfm?c_id=1&objectid=10723333

You may question why such a bill needed to be rushed through Parliament under urgency by the Government. It remains a source of anger and mystery for me too. Perhaps it was an attempt to stop Government MPs from making speeches likening the internet to Skynet from The Terminator. Sadly, I'm not kidding.

http://www.informationweek.com/blog/main/archives/2010/09/unsolicited_adv.html
Unsolicited Advice For Adobe, Apple, Google, and Microsoft.
http://www.theinquirer.net/inquirer/news/1863177/adobe-security-flaw-undermines-nearly
Adobe security flaw undermines nearly every OS
put it another way, if you run any version of Adobe Flash, Reader or Acrobat put out in the last few years, you are in trouble.
It's rare to hear about security vulnerabilities that ensnare so many operating systems, especially Linux and Solaris, however Adobe's crack team of coders has managed just that.
http://www.zdnet.com/blog/security/another-day-another-adobe-pdf-reader-security-hole/7693

http://www.v3.co.uk/v3/news/2272393/hackers-attack-flaw-reader

Hackers attack new flaw in Reader, Acrobat and Flash

Adobe provides workaround, but no patch yet. (CVE-2010-3654)

http://www.computerworld.com/s/article/9193678/Hackers_exploit_newest_Flash_zero_day_bug

http://www.adobe.com/support/security/advisories/apsa10-05.html (authplay.dll)

MS automatically updated my PCs yesterday with the IE8 patch update. Great!

http://www.v3.co.uk/v3/news/2256465/mcafee-launches-operation

McAfee launches Google hack scanning tool Aurora Stinger will detect the threat and repair the machine

http://vil.nai.com/vil/averttools.aspx McAfee Labs Tools

http://www.theinquirer.net/inquirer/news/1587918/ancient-windows-flaw (3.1 to 7)

http://blogs.zdnet.com/security/?p=5268&tag=nl.e539 (kill IE6 & IE7)

Microsoft Security Bulletin MS10-002 :
Internet Explorer Cumulative Security Update for Internet Explorer (978207)
is available on Windows Update or download it manually.
______________________________________________________
The new Firefox version 3.6 is available:
releasenotes FF 3.6

Looks like Chrome would be the best choice. Take a look at this Pwn2Own competition, its a zero day attack on browsers.I was very surprised by the results, other than Safari being the first to go down.

People always think that Macs are safer, which is completely untrue, its just that the hackers go were the money is and there are more PC's. This means Mac's are attacked less and the security flaws are not found.

The other top three browsers were taken out a little while after that by one guy and an exploit of his own making.

They said they found a security flaw in chrome, but couldnt get past the sandbox.

Miller also told reporters that he targeted Safari on Mac OS X because he believes that it is the easiest to exploit. Windows, on the other hand, he claims is tougher because of its address randomization feature and other security measures. As for Chrome, he says that he has identified a security bug in Google's browser but has been unable to exploit it because the browser's sandboxing feature and the operating system's security measures together pose a formidable challenge.

JoanRC, I'm with ya on Linux and have tried to migrate to several times, I even have several partitions setup to install linux again. I did this whenever I got windows 7.
i've just been waiting for them add support for my motherboard and processor and I'm ready to go. It's super annoying to to enter on every install pc=nomsi, half the time I still have trouble installing my video card.

The benefits though, well worth it. games and everything are so fast!

From what I hear, Chrome has a lot of "phone home" features built in. It sends a lot of information about your browser habits back to Google. However, it's open source. At least one company, SRWare, has come out with a Chrome version, called Iron, that has stripped out all the spyware features. Their website doesn't show that they've been developing the browser since Sept of 2008, though. I still use Opera because Secunia Software Inspector still calls it the safest browser. (That was before I switched to Linux. Secunia doesn't work on Linux.) Opera doesn't always have the best Flash support; but, I still manage to get what I want out of Youtube.

http://www.networkworld.com/news/2010/011910-researchers-up-ante-create-exploits.html?ts0hb&story=ie7ie8

Researchers up ante, create exploits for IE7, IE8

http://www.computerworld.com/s/article/9143518/Chrome_sets_browser_security_standard_says_expert?

All browser makers should take a page from Google's Chrome and isolate untrusted data from the rest of the operating system, a noted security researcher said today.

Google Probes Possible Inside Job after China Cyber-Attack

from Daily Finance:

http://www.dailyfinance.com/story/google-probes-possible-inside-job-after-china-cyber-attack/19321261/

http://www.pcworld.com/businesscenter/article/187119/dont_kill_the_messenger_blaming_ie_for_attacks_is_dangerous.html?tk=nl_dnx_h_crawl

one of the malware samples exploited IE...but it's easier to blame MS for them all...

There are quite a few sites, besides Microsoft, that just do not work right unless you use IE. I keep it around for those sites.

And now the French have joined with the Germans in advising not to used IE France teams with Germany over IE flaws.

It will interesting to see how the browser share of market figures change during the next few months.

(Iron? that's really caught the public imagination...)

Sorry, but Firefox is buggy bloatware IMHO.

A much better browser is Iron, which is similar to Google Chrome, except that some cunning German chappies have removed everything in Chrome that 'reports back' to Google from it.

PS: Don't forget that Windows Update usually requires you to be using IE when you access it (or at least, that's been my experience!).
--
BFN
CAD

http://www.theglobeandmail.com/news/technology/chinese-hackers-exploited-flaw-in-microsofts-internet-explorer-mcafee/article1431444/

http://www.h-online.com/security/news/item/Recent-attacks-on-Google-exploited-previously-unknown-hole-in-IE-905439.html

http://www.h-online.com/security/news/item/Warning-over-using-Internet-Explorer-from-German-Government-as-exploit-goes-public-906173.html

The German government has warned web users to find an alternative browser (Get Firefox)

Well if you stayed away from IE for the most part it probably would be a good idea :)

And the Germans are saying don't use IE BBC News

http://www.stuff.co.nz/technology/digital-living/3233160/Microsoft-blamed-for-Google-China-attack

Recent cyber attacks on Google and other businesses exploited a previously unknown flaw in Microsoft's Internet Explorer browser, according to security firm McAfee.