Facebook Security Flaw Fixed… But, Change Your Passwords!

Man! The security issues just aren’t letting up this week!

Facebook may have leaked personal info on millions

“For years, an accidental security flaw in the way Facebook handled embedded frames allowed applications developers to access information on a user’s profile that installed that application. It is estimated that nearly 100,000 applications may have enabled this flaw, potentially affecting millions.

Symantec, the company that discovered the vulnerability, reported it to Facebook. The flaw has been fixed, but it is unknown if any of the data had been used maliciously. With 500 million active users, the flaw has the potential to be much larger than the PlayStation Network breach, which has 77 million users. There is a caveat though: the user would have needed to have installed one of the vulnerable applications in order to be at risk.”

A tweet I got earlier this evening from Leo Laporte advises us to change our FB passwords… I did… so should you!

Google Announces the Chromebook… Can Haz?

Google ChromebookIt looks cool! I want one! I signed up to be notified when it is available in June.

Nothing but the web – Google Chromebook

“Chromebooks are built and optimized for the web, where you already spend most of your computing time. So you get a faster, simpler and more secure experience without all the headaches of ordinary computers.

Order yours on June 15th.

Chromebooks boot in 8 seconds and resume instantly. Your favorite websites load quickly and run smoothly, with full support for the latest web standards and Adobe® Flash®. In fact, Chromebooks are designed to get faster over time as updates are released.

It’s easy to get connected anytime and anywhere with built-in Wi-Fi and 3G. As your Chromebook boots up, it quickly connects to your favorite wireless network so you’re on the web right from the start. 3G models include a free 100 MB per month of mobile data from Verizon Wireless so you can keep working around home and on the go.

Your apps, documents, and settings are stored safely in the cloud. So even if you lose your computer, you can just log in to another Chromebook and get right back to work.

Every Chromebook runs millions of web apps, from games to spreadsheets to photo editors. Thanks to the power of HTML5, many apps keep working even in those rare moments when you’re not connected. Visit the Chrome Web Store to try the latest apps, or just type in a URL. No CDs required.

Chromebooks are easy to share with family and friends. They can log in to experience all of their own Chrome settings, apps, and extensions, or use Guest Mode to browse privately. Either way, no one else using your Chromebook will have access to your email and personal data.

Your Chromebook gets better and better over time, unlike a traditional PC. When you turn it on, it updates itself. Automatically. All of your apps stay up-to-date, and you get the latest and greatest version of the operating system without having to think about it. Annoying update prompts not included.

Chromebooks run the first consumer operating system designed from the ground up to defend against the ongoing threat of malware and viruses. They employ the principle of ‘defense in depth’ to provide multiple layers of protection, including sandboxing, data encryption, and verified boot.”

Plus, Betanews’ columnist, Joe Wilcox says: “Google’s Chromebook subscription program could seriously pinch Microsoft enterprise licensing revenue. The $28 per month per, user fee is bargain-basement pricing compared to what businesses now pay Microsoft for software and OEMs for supporting hardware. Google could easily take $1 billion a year in software revenue from Microsoft, says one licensing expert, with the number substantially growing over several years.” Wow!

Google Chrome Browser Hacked, But No Details on How Yet

Google has been touting how secure Chrome is, and has had a challenge out there for a while to take it on, well somebody did find a way!

Google Chrome Browser Cracked by Security Researchers

“A team of security experts at Vupen Security, a specialist in vulnerability research for defensive and offensive security, claimed they have successfully cracked Google’s Chrome browser and its sandbox, denting Google’s claim that its browser is as secure as the company says. A video on Vupen’sWeb site shows the exploit in action with Google Chrome v11.0.696.65 on Microsoft Windows 7 SP1 (x64). The user is tricked into visiting a specially crafted web page hosting the exploit, which will execute various payloads to ultimately download the Calculator from a remote location and launch it outside the sandbox (at Medium integrity level).

For security reasons, the exploit code and technical details of the underlying vulnerabilities will not be publicly disclosed, the security team said in a post on their Web site, and noted they are exclusively shared with their government customers as part of their vulnerability research services. Vupen also disclosed the exploit works on both Chrome versions 11.x and 12.x. It was tested with Chrome v11.0.696.65 and v12.0.742.30.

‘The exploit shown in this video is one of the most sophisticated codes we have seen and created so far as it bypasses all security features including ASLR/DEP/Sandbox (and without exploiting a Windows kernel vulnerability), it is silent (no crash after executing the payload), it relies on undisclosed (0day) vulnerabilities discovered by Vupen and it works on all Windows systems (32-bit and x64),’ the Vupen Vulnerability Research Team wrote in the post. ‘While Chrome has one of the most secure sandboxes and has always survived the Pwn2Own contest during the last three years, we have now uncovered a reliable way to execute arbitrary code on any default installation of Chrome despite its sandbox, ASLR and DEP.'”

Of course, this just means that Google will “harden it” even more, and I think it will remain the most secure browser out there!

M$ Buys Skype – Expands Their Platform Support!

Microsoft bought Skype for $8.5 billion in cash (no stock swaps this time!) I use Skype, in fact, I have a “Skype-In” number for Dr. Bill Bailey.NET. I have also used Skype for video recording of netcasts as well. So, I am pretty “jazzed” that they are expanding their service on to other devices. More power to them! And, now that they have been purchased by Microsoft, I expect they will be BIGGER than ever! Wow.

Skype Confirms: We’re Coming to Xbox, Outlook, Windows Phone & More

“In the wake of today’s confirmed acquisition of Skype by Microsoft Corp., tech press, analysts and armchair quarterbacks alike have been busy speculating why Microsoft would buy Skype (and why it spent $8.5 billion to do so.) While we can’t address the price of the deal, we do know as of this morning, exactly what Microsoft plans to do with Skype…at least in part.

Skype, the company states, will be coming to Xbox and Kinect, Windows Phone, Lync and Outlook, plus other Windows devices and communities.

According to a Skype blog post put up first thing this morning, the popular communications company will be integrated into many of Microsoft’s products and services, but it will not remove support for its product on non-Microsoft platforms, thankfully. That means that mobile apps like the iPhone and Android app will still be maintained, as will the Mac desktop application. How often those products will be updated, however, is unknown.

‘Skype will support Microsoft devices like Xbox and Kinect, Windows Phone and a wide array of Windows devices,’ the blog post states, referring cryptically to ‘Windows devices,’ instead of saying ‘computers running the Windows operating system,’ for example, which is a bit curious, we think. The post then continues, ‘Microsoft will connect Skype users with Lync, Outlook, Xbox Live and other communities.'”

Geek Software of the Week: CrashPlan!

Crashplan!As you know, backing up your computer is extremely important! If you don’t backup your critical files, you will lose them, because all computer hardware will fail at some point! So, the question is, how do you do backups? You can backup to tape, or you can backup to another computer that you have locally, but that requires additional hardware, and it requires lot’s of effort to set up and administer, AND you have to remember to do it, or, in some way automate it with scripts.

Crashplan FREE On-Line Backup to the Cloud!

This week’s Geek Software of the Week will back up your data to “The Cloud,” automatically and, once installed, you’ll never have to deal with again… and, it’s FREE for individuals! How cool is that!?! Now, I realize that CrashPlan is an advertiser here on Dr. Bill – The Computer Curmudgeon, but I would not recommend them if I didn’t believe in them, and use them myself, and since it IS FREE for individuals, I am making it a Geek Software of the Week… because it’s just that cool! so, forget Mozy… forget Carbonite… CrashPlan works on the Mac, and on Linux, and on Windows… truly something we can all agree on! Get it, try it, you will be impressed!

Epic German TV News Fail!

How cool is this!!!!

The Maquis Took Down Bin Ladin!

The Maquis Took Down Bin Ladin!

“In one of the most epic news failures ever, a German reporter credited the Maquis of Star Trek for taking down Bin Laden. Trek Movie found this, and it’s absolutely hilarious. SEAL Team 6 is credited for being part of the raid that took out Osama Bin Laden, and for their report on the story the German channel did a quick Google search for “Seals Team VI” and found a patch that to them looked like it may be used for the actual team. The skull in particular was pretty convincing. Too bad they didn’t realize that it was a Klingon skull.”

“The I Got a New Camera Edition” of Dr. Bill.TV Netcast #187

Dr. Bill Netcast – 187 – (05/07/11)

Our new camera! GoToMeeting! Click HERE: https://bit.ly/gtmq211 for a FREE trial! Our FREE Netcast newsletter! Windows Thin PC, how Linux was announced, photoshop-ery of White House photo, FreeNAS 8 and Twittering, GSotW: Handbrake! Net security issues!

Links that pertain to this Netcast:

techpodcasts.com

Citrix GoToMeeting – Free Trial Link!

HandBrake Video Transcoder


Start the Video Netcast in the Blubrry Video Player above by
clicking on the “Play” Button in the center of the screen.

(Click on the buttons below to Stream the Netcast in your “format of choice”)
Streaming M4V Audio
 Download M4V


 Download WebM
Streaming MP3 Audio
 Download MP3
Streaming Ogg Audio
 Download Ogg

Available on YouTube at: https://www.youtube.com/watch?v=tADEVldxlDg

Available on Vimeo at: https://vimeo.com/23482624

LastPass is Another in a Line of Security Hits!

But, they did a great job and announced it, and caught it early! Kudos to them!

LastPass Password Troubles: What Happened?

LastPass is the latest company to find itself in the middle of a data security situation, but is your information in danger?As PCMag security analyst Neil Rubenking explained yesterday, the nature of the LastPass warning makes it unlikely that your passwords have been accessed by hackers; a fact that LastPass CEO Joe Siegrist confirmed in a Thursday interview with PCWorld.

‘We don’t think there’s much of any chance of [compromised passwords] at this stage,’ Siegrist said. ‘If there was, it would be on the orders of tens of users out of millions that could be in that scenario, just because of the amount of data that we saw moved. But it’s hard for us to be 100 percent definitive without knowing everything.’ As LastPass explained in a blog post, the company on Tuesday noticed a ‘network traffic anomaly’ on one of its non-critical machines. That alone wasn’t a major red flag; it happens occasionally either via an employee or automated script, LastPass said. The problem, however, was that the company could not identify the root cause. LastPass also found a ‘similar but smaller matching traffic anomaly from one of our databases in the opposite direction (more traffic was sent from the database compared to what was received on the server).’

As a result, LastPass decided to ‘be paranoid and assume the worst’ and asked that its customers change their master password. As PCMag’s Rubenking explained, LastPass provides users with a single, very strong ‘master’ password, and then remembers all your other Web site passwords. It can also fill in Web forms with your personal information. Your personal data and saved passwords are stored online in encrypted form, but your master password isn’t stored anywhere. If you forget it, you’re out of luck.

Having all of its users change their master passwords at the same time, however, led to a server overload at LastPass. The company allowed people to log in via ‘offline’ mode, so they could carry on with their business as LastPass worked through the email validation/password change process.

I think LastPass did a great job protecting it’s users! A security company “being paranoid” is a GOOD thing!

Skype’s Mac Client Has Dangerous Exploit

Alert! To all you Skype user’s on the Mac, there are exploits that can hurt you on teh Mac, and this is a big one!

Report: Skype’s Mac Client Has Dangerous Exploit

“The Skype client for Apple Mac computers has a zero-day vulnerability that allows an attacker to gain remote control of a victim’s Mac, according to a security researcher.

Skype was alerted to the vulnerability about a month ago but has yet to issue a fix, Gordon Maddern reported Friday on the Pure Hacking blog.

Since the publication of Maddern’s findings, Skype has promised a fix ‘early next week,’ according to ZDNet UK. ‘We are aware of this and will release a fix early next week to resolve the issue. We take our users’ privacy very seriously and are working quickly to protect Skype users from this vulnerability,’ Skype wrote in an email to the website.

After accidently discovering the vulnerability in a Skype chat with a colleague, Maddern said he successfully tested the ‘extremely wormable and dangerous’ exploit on more Macs but found that Skype’s Windows and Linux clients were not affected. The security researcher then used penetration testing tools and was able to remotely take over a Mac through the Skype vulnerability, he said.

Maddern said he contacted Skype to alert them to the issue but decided to publish the basic facts of his discovery because “that was over a month ago and there still has not been a fix released.”

Geek Software of the Week: HandBrake!

HandBrakeThis week’s GSotW goes highly recommended by the aforementioned Patrick Norton, and his cohort on HD Nation on Revision3, Robert Heron! Handbrake is “yet another” video transcoder tool. But, it is free, Open Source, and has lot’s of neat features!

HandBrake Video Transcoder

“HandBrake is an open-source, GPL-licensed, multiplatform, multithreaded video transcoder, available for MacOS X, Linux and Windows.

Supported Sources:

Any DVD or Bluray-like source: VIDEO_TS folder, DVD image, real DVD or bluray (unencrypted — removal of copy protection is not supported), and some .VOB, .TS and M2TS files
Most any multimedia file it can get libavformat to read and libavcodec to decode.

Outputs:

File format: MP4(M4V) and MKV
Video: MPEG-4(ffmpeg), H.264(x264), or Theora(libtheora)
Audio: AAC, CoreAudio AAC (OS X Only), MP3, or Vorbis. AC-3 pass-through, DTS pass-thorugh (MKV only)

Misc features:

Chapter selection, Chapter Markers
Subtitles
Vobsub and Closed Captions
SRT import and passthru
SSA passthru or burn-in (experimental)
Constant Quality or Average Bitrate Video Encoding
Support for VFR, CFR and VFR
Video: Deinterlacing, Decomb, Detelecine, Cropping and scaling
Live Video Preivew

1 250 251 252 253 254 394