UK Government websites are among half a million pages infected by hackers in a huge and well organised SQL injection attack.
SQL injection involves inserting malicious code into websites by entering SQL queries into input boxes, such as search or comment fields. Infected websites can then infect any users visiting the site.

“As more and more websites are using database back-ends to make them faster and more dynamic, it also means that it’s crucial to verify what information gets stored in or requested from those

databases - especially if you allow users to upload content themselves,” warns a blog post from F-Secure. “Unless that data is sanitised before it gets saved you can’t control what the website will show to the users.”

The company searched Google for a string indicating that a site has been infected, and found that 510,000 sites were affected. Among those were UN sites and the UK Civil Service careers site.

The code inserts a link to all text fields in a database that adds malicious javascript to the source code of the page. Three domains have been found to host the code; nmidahena.com, aspder.com and nihaorr1.com.

F-Secure suggests that site owners search their site for links to the javascript, and remove them before any users are infected. Sanitising any data sent to the database by users will prevent similar attacks in the future.

Source

Web payment firm Paypal has said it will block “unsafe browsers” from using its service as part of wider anti-phishing efforts.

Customers will first be warned that a browser is unsafe but could then be blocked if they continue using it.

Paypal said it was “an alarming fact that there is a significant set of users who use very old and vulnerable browsers such as Internet Explorer 4″.

Phishing attacks trick users into handing over sensitive data.

Paypal said some users were still using Internet Explorer 3 , released more than 10 years ago. It lacks many of the security and safety features needed to protect users from phishing and other online attacks.

Legitimate sites

Paypal said it supported the use of Extended Validation SSL Certificates. Browsers which support the technology highlight the address bar in green when users are on a site that has been deemed legitimate.

The latest version of Internet Explorer support EV SSL certificates, while Firefox 2 supports it with an add-on but Apple’s Safari browser for Mac and PCs does not.

“By displaying the green glow and company name, these newer browsers make it much easier for users to determine whether or not they’re on the site that they thought they were visiting,” said Paypal.

The steps were outlined in a white paper on managing phishing, written by the firm’s chief information security officer Michael Barrett and Dan Levy, director of risk management.

In it, they said: “In our view letting users view the PayPal site on [an unsafe] browser is equal to a car manufacturer allowing drivers to buy one of their vehicles without seatbelts.”

Paypal described the battle against phishing as a “fast-moving chess match with the criminal community”.

Source

Almost 75% of businesses want a central or national body to deal with e-crime in the UK, says a new report by the British Chambers of Commerce (BCC).

The study - Invisible Crime: A Business Crime Survey, looks at 3,900 businesses nationwide and asks a wide-ranging series of questions about the effects of criminal activity on companies.

“What we want to see is a national body that can take action, because obviously computer crime is not location specific and does not fit in to regional police forces,” says BCC policy advisor Gareth Elliott.

“From our point of view there has been a worrying rise in e-crime,” says Elliott. “This is really starting to affect a lot more businesses and especially those who are thinking of doing flexible and home working.”

“Businesses need to use things like anti-virus and backup software as well as firewalls, and need to have strong policies,” adds Elliott. “You need all the basic functions within your company.”

“However we think you still need the relevant police assistance. A lot of smaller businesses will need that advice to help them tackle the problem.”

Original Article

The United States Army has gone into the spam business - sending a phishing email to servicemen in an attempt to gauge how susceptible they are to attacks.
Emails were sent out offering free tickets to amusement parks, which directed recipients to a website where they were asked to enter personal details including address, email address and phone number.

The email claimed to originate from the Army Family and Morale, Welfare and Recreation Command, but confused those at the group who had no knowledge of such a scheme.

“This is a scam, a phishing site using our logo, header, and links to our website. It has nothing to do with us,” said a spokesperson from the organisation, speaking to Military.com, who explained that an alert was later sent out warning of the scam.

However, it later emerged that the attack had originated from within the Army itself, and that it was part of a security trial by the US Army Intelligence and Security Command (INSCOM).

A similar stunt was performed by the Office of Fair Trading earlier this year, when it sent thousands of texts to those aged 18-24 claiming that they had won a cash prize.

“Urgent! U may have won £1k cash with ‘2 Good 2 B True,” read the message, which was quickly followed up by another explaining that it was simply a test.

Source

Social network Facebook will roll out more extensive privacy controls Tuesday night or Wednesday morning, as well as an instant-messaging service soon after, representatives from the company announced during a press briefing at the company’s headquarters in Palo Alto, Calif.

Most notable about the new privacy controls is the fact that Facebook members will now be able to choose how much of their profiles is visible to those on their friends list.

Naomi Gleit, Facebook’s product manager for privacy and internationalization, previewed the updated options, which include a new “Friend of Friends” option based on social proximity–not unlike LinkedIn profiles, in which profile information is visible to second- and third-degree contacts rather than the site’s members as a whole. Facebook members will also be able to include or exclude certain friends from having access to information.

In December, Facebook added the ability to create custom groups of friends, but aside from sending out group messages, there’s not much that can currently be done with them. With this week’s update, Facebook will integrate this function with its privacy controls. For example, a user could hide or show private information, such as e-mail address and phone numbers, from friends or groups using the classifications “Friend of Friends,” “All Friends,” “Some Friends,” or “Only Me.” This means that individuals on a friends list can have specific privacy settings, Gleit said. Whenever a Facebook member sends or confirms a friend request, he or she can assign privacy settings.

Read More Here

A new breakthrough superconducting material fabricated by a Canadian-German team has been made out of a silicon-hydrogen compound and does not require cooling. The implications of the discovery are enormous and could transform the way people live by cutting power usage from everything from refrigeration to cell phones.

Instead of super-cooling the material, as is necessary for conventional superconductors, the new material is instead super-compressed. The researchers claim that the new material could sidestep the cooling requirement, thereby enabling superconducting wires that work at room temperature.

“If you put hydrogen compounds under enough pressure, you can get superconductivity,” said professor John Tse of the University of Saskatchewan. “These new superconductors can be operated at higher temperatures, perhaps without a refrigerant.”

He performed the theoretical work with doctoral candidate Yansun Yao. The experimental confirmation was performed by researcher Mikhail Eremets at the Max Plank Institute in Germany.

The new family of superconductors are based on a hydrogen compound called “silane,” which is the silicon analog of methane–combining a single silicon atom with four hydrogen atoms to form a molecular hydride. (Methane is a single carbon atom with four hydrogens).

Researchers have speculated for years that hydrogen under enough pressure would superconduct at room temperature, but have been unable to achieve the necessary conditions (hydrogen is the most difficult element to compress). The Canadian and German researchers attributed their success to adding hydrogen to a compound with silicon that reduced the amount of compression needed to achieve superconductivity.

Tse’s team is currently using the Canadian Light Source synchrotron to characterize the high pressure structures of silane and other hydrides as potential superconducting materials for industrial applications as well as a storage mechanism for hydrogen fuel cells.

The research was funded by the National Sciences and Engineering Research Council of Canada, the Canada Research Chairs program, the Canada Foundation for Innovation and the Max Plank Institute.

Source
Official Press Release

Google Inc. CEO Eric Schmidt said today that he would be concerned about the free flow of information on the Internet if Microsoft Corp. were to succeed in acquiring Yahoo Inc.

Last month, Microsoft proposed buying Yahoo in a deal originally worth $44.6 billion, but Yahoo’s board rejected the offer, saying it was too low.

“We would be concerned by any kind of acquisition of Yahoo by Microsoft,” Schmidt told reporters. “We would hope that anything they did would be consistent with the openness of the Internet, but I doubt it would be.”

Schmidt pointed to Microsoft’s history and “the things that it has done that have been so difficult for everyone,” but he did not elaborate.

Last year, a European court upheld a $695 million fine along with a landmark 2004 ruling that Microsoft abused the near-monopoly power of its Windows operating system to damage competitors.

“We are concerned that there are things Microsoft could do that would be bad for the Internet,” Schmidt said.

Microsoft CEO Steve Ballmer pledged earlier this month that his company will gain market share against Google in online advertising and Web searching, even if it leads to his “last breath” at the company.

In a Reuters poll of financial analysts, the overwhelming majority said they believe Microsoft will eventually succeed in buying Yahoo, but many said they feel it may not be the best use of its ample cash reserves.

Source

The Video Appeals Committee upheld an earlier decision that the game could be sold, following a nine-month battle between makers Rockstar and UK censors.

The British Board of Film Classification had taken the fight to ban the game to the High Court, saying the game “went too far”.

An edited version of the title will be released with an 18 certificate.

The game was first banned in June 2007 and an edited version of the game was later rejected by the BBFC.

David Cooke, director of the BBFC said: “As I have said previously, we never take rejection decisions lightly, and they always involve a complex balance of considerations.

“We twice rejected Manhunt 2, and then pursued a judicial review challenge, because we considered, after exceptionally thorough examination, that it posed a real potential harm risk.

“However, the Video Appeals Committee has again exercised its independent scrutiny. It is now clear, in the light of this decision, and our legal advice, that we have no alternative but to issue an 18 certificate to the game.”

Developers Rockstar Games has always maintained that the content of Manhunt 2 is no different from other 18-rated entertainment products, such as the film series Saw.

In a statement, the company said: “We are pleased that the VAC has reaffirmed its decision recognizing that Manhunt 2 is well within the bounds established by other 18+ rated entertainment.

“Rockstar Games is committed to making great interactive entertainment, while also marketing our products responsibly and supporting an effective rating system.”

Source

The original Eee PC turned out to be the surprise hit of 2007 and the company has already announced its Eee PC 900 successor.

ASUS is looking to cash in on that success with its new desktop PC which is called the “Digital Home System EP20″. However, right below the name of the device on the ASUS placard is the familiar “Easy to Play ; Easy to Learn ; Easy to Work” catchphrase which places the EP20 squarely in Eee PC territory.

Hard specs on the devices are hard to come by, but ASUS notes that the device is much smaller than typical than typical desktops and that it has “good enough performance”. Other niceties include Hi-Fi Stereo and Dolby Digital Live support. Also noteworthy is the fact that the EP20 will soldier on with the Eee PC Linux operating system (which is based on Xandros Linux).

Those looking to use the machine as an HTPC will be glad to know that the EP20 only emits 24 db of noise when running.

Things are less clear when it comes to the EP20’s hardware specifications. ASUS said back in January that the initial versions of the desktop Eee PC would chip with Celeron processors, while later versions would employ Diamondville. As we all know now, Diamondville is known as Intel Atom, so the EP20 will likely get both single-core and dual-core version of Intel’s new low-power processor.

ASUS said that the desktop-based Eee PC would start at $199 which is quite optimistic for a fully functioning desktop PC, but expect to see pricing closer to the $299 mark when it eventually hits the market during the second quarter.

Original Article

Facebook Inc.’s popular online hangout so far has proven to be a better place for promoting fun and games than peddling products.

But a new application aims to inject more commerce into the social playground by paying Facebook members who help merchants sell to their friends.

The program, called Market Lodge, revolves around the notion that consumers are more likely to buy merchandise or services recommended by someone they know and trust.

Market Lodge, made by a startup called bSocial Networks Inc., will pay Facebook members a 10 percent commission on all sales made on their recommendations.

Facebook tried to capitalize on the bonds of friendship last year by introducing a marketing system that includes broadcasting product endorsements among people who know each other.

The strategy hasn’t paid off yet, largely because many of Facebook’s users rebelled against a feature called “Beacon” that tracked and shared information about their purchases and other actions made on other Web sites.

Spurred by the backlash, Palo Alto-based Facebook now allows its users to turn off Beacon.

Conifer, Colo.-based bSocial is betting that Facebook’s roughly 67 million users will be more receptive to an approach that dangles a financial incentive for participating.

Read More Here