Major security bug fixed in Firefox

Mozilla is advising fans of Firefox to update the stable version of the browser after it released a patch for a security bug marked "critical" today.

Available for Windows, Mac, and Linux, Firefox 3.6.12 patches a heap buffer overflow that could allow for remote code execution. Mozilla notes that the bug affects the current version 3.6 branch of Firefox, the legacy version 3.5 branch, and could potentially affect Thunderbird users who load Web pages in the RSS reader.

The bug has not been found in the upcoming version 4, currently in beta development and behind schedule. Firefox 4 beta 7 was originally due in the middle of September, then pushed back to the end of September because of a stability bug. Mozilla has since initiated a code freeze on the next generation of its browser but has yet to update the schedule because of multiple critical bugs. It's expected that Mozilla's updated JavaScript engine will land in the seventh beta. Called JaegerMonkey, it's currently available for testing in the Firefox nightlies.

Source: CNET

The New AVG Antivirus Free 2011 - Video

AVG Free might've flagged just a little in the past few years, but it's back with a shorter install, better usability, and faster scans. Take a video tour of AVG Anti-Virus Free 2011 and see what makes AVG one of the most respected names in Windows security.

Facebook Filed Lawsuit Case On Spammers

Facebook announced today that it has filed suit against two individuals and a company that it says are responsible for propagating deceptive spam offers across the massive social network, including some that encouraged members to spam their friends in turn.

"This week, in a U.S. federal court in San Jose, California, we filed three lawsuits alleging violations of our terms and applicable law by defendants attempting to trick people on Facebook into signing up for mobile subscriptions and sending spam to their friends," a blog entry posted by Facebook's security team explained. "In three separate complaints, we allege that Steven Richter, Jason Swan, and Max Bounty, Inc. used Facebook to offer enticing, but non-existent products and services."

The lawsuits, filed Tuesday, allege that Jason Swan of Long Island, N.Y., had been running "more than 27 fake profiles, 13 fake pages, and at least 7 applications as part of an affiliate marketing advertising scam"; that Richter, also of Long Island, had been running about 40 fake profiles and 43 fake pages; and that the Canada-based Max Bounty Inc. had been misappropriating Facebook's logo and using deceptive marketing in its hawking of free gift cards, iPads, and other goods to consumers. All three are charged with violations of the U.S. Computer Fraud and Abuse Act, the Controlling the Assault of Non-Solicited Pornography and Marketing Act (CAN-SPAM), and other state and federal laws.

Almost exactly a year ago, Facebook was awarded $711 million in a court judgment against Sanford Wallace, the self-described "spam king" who had been accused of fraudulently obtaining access to Facebook accounts and then using them to run phishing scams. Among other things, Wallace is now permanently banned from Facebook.

In another judgment related to CAN-SPAM violations, this one in 2008, Facebook was awarded $873 million.

"Stay tuned as our push against spammers and scammers escalates over the next month, year and beyond," the post from Facebook today read. "We have other actions pending, and there will be more to come."

Security on Facebook has been a hot topic lately because of a controversial Wall Street Journal investigation that found many of Facebook's major application developers were violating the social network's terms of service by selling some user information to marketers. The report was assailed by many tech industry professionals who said that it made too much fuss about something that actually wasn't particularly surprising or alarming, but others have argued that the real problem is that Facebook didn't appear to be doing enough to police its advertisers and developers for terms of service infractions.

View the original article here

Report: China hijacked U.S. Internet data

A Chinese state-run telecom provider was the source of the redirection of U.S. military and corporate data that occurred this past April, according to excerpts of a draft report sent to CNET by the U.S.-China Economic and Security Review Commission.

The current draft of the U.S.-China Economic and Security Review Commission's (USCC's) 2010 annual report, which is close to final but has not yet been officially approved, finds that malicious computer activity tied to China continues to persist following reports early this year of attacks against Google and other companies from within the country.

In several cases, Chinese telecommunications firms have disrupted or impacted U.S. Internet traffic, according to the excerpts.

On March 24, Web traffic from YouTube, Twitter, Facebook, and other popular sites was temporarily affected by China's own internal censorship system, sometimes known as the Great Firewall. Users in Chile and the United States trying to reach those sites were diverted to incorrect servers or encountered error messages indicating that the sites did not exist. The USCC report said it was as if users outside China were trying to access restricted sites from behind China's Great Firewall.

Then on April 8, a large number of routing paths to various Internet Protocol addresses were redirected through networks in China for 17 minutes. The USCC identified China's state-owned telecommunications firm China Telecom as the source of the "hijacking." This diversion of data would have given the operators of the servers on those networks the ability to read, delete, or edit e-mail and other information sent along those paths.

Read the rest of the article at CNET

Security Expert Matthew Anderson Arrested For Spreading Viruses

Matthew Anderson, 33 years old, may very well be prisoned for distributing computer viruses. Matthew is a PC security expert from Scotland has admitted that he is member of international hackers.

His legal activities were found by Scotland Yard, which led an investigation into the viruses.

The gang, identified popularly recognized on-line because the m00p group. They're believed to be infecting computer systems using viruses, spywares connected to unsolicited industrial emails.

The Scotsman studies that Anderson composed and distributed thousands and thousands of spam messages with virus attachments earlier than distributing them.

The viruses ran within the background on an infected laptop and allowed Anderson to access private and commercial knowledge saved on them. He was additionally in a position to activate webcams, successfully spying on users of their houses and sometimes taking screengrabs.

The hacker additionally made copies of personal paperwork reminiscent of wills, medical studies, CVs, password lists and personal photographs.

Anderson, is set to be sentenced on 22 November.

Free Spyware Removal Video

In this video Mrizos shows a virtual PC that is infected by a a number spywares. He first log-ins to his VMWare PC in safe mode and from there installs malwarebytes.

Hackers Charged In Stealing $3M Using Zeus Trojan

The FBI and the U.S. Lawyer's workplace in southern New York announced that 37 folks accused of being part of a global crime ring that stole $3 million from financial institution accounts by infecting computers with the Zeus Trojan and different malware.

Between federal and state expenses, greater than 60 people complete are being charged in the operation, officials said.

Ten individuals have been arrested at present by federal and New York regulation enforcement officers and another 10 were previously arrested in the U.S. as a part of a coordinated take down, authorities said. Seventeen people are nonetheless being sought in the U.S. and overseas, officers said. The defendants named in the documents, unsealed by the courtroom at this time, had been all listed as being from Japanese Europe and face federal charges.

Individually, 10 individuals had been charged earlier at present in England for similar Zeus-associated crimes.

The Zeus Trojan was identified earlier this yr as a key issue within the building of a botnet that contaminated tens of hundreds of computers around the world.

The defendants charged in Manhattan federal court docket at present include alleged managers of the operation in addition to alleged money mules recruited to open financial institution accounts for laundering cash and a person accused of obtaining false overseas passports for mules.

The group allegedly recruited mules by putting adverts on Russian language Websites looking for students with J-1 visas, who may open financial institution accounts in the U.S.

One of the purported victims was identified as a municipal entity in Massachusetts. Among the alleged mules are accused of retrieving cash from breached brokerage accounts at eTrade and TD Ameritrade. Different defendants allegedly received stolen cash from wire transfers to bank accounts in Asia or by withdrawing cash from ATMs in New York, the documents indicate.

The investigation appears to have been triggered when New York police detectives went to a Bronx financial institution in February to analyze a suspicious $forty four,000 withdrawal, in response to a news release issued by the FBI, the U.S. Attorney's workplace, the New York Police Division, and different agencies.

The costs range from financial institution fraud and false use of passport to cash laundering and conspiracy to commit wire fraud. Most jail sentences range from 10 years to 30 years and fines from $250,000 to $1 million per


Learn more: CNET