Break

We haven't made a post in a pretty long time now, but our blog will be posting soon again. We're taking a small break from posting since Frollo is on vacation in Turkey and I don't have a stable internet connection. So stay tuned for further updates!

Cheers :-)

Tasty cookies - Internet Exporer

It has discovered that there is a new way for hackers to steal their victims' online credentials - stealing the session cookies from whatever site a victim is visiting. The stolen cookies can then be used to get victims' computers to download malware, forge clicks or send messages.

The attack, "cookiejacking," works on all versions of Internet Explorer across all versions of the Windows operating system, the researcher contends.

And apparently, Microsoft is working on it. Although a spokesman says that "there is no real reason for haste because this is a "moderate flaw" ", so you might want to keep your cookies cleaned if you're using IE.

My advice to people that are using Internet Explorer: Don't use it. There are lots of web browsers that are much faster and a lot more secure. Personally, I use Firefox 4, and I think it's great.

A small list of other available web browsers that I think are worth checking out:
- Chrome
- Firefox
- Opera
- Rockmelt (Requires Facebook though)
- Iron

Finally, I would like to ask you guys:  what kind of web browser you use?

Mac, not so safe!

Does Mac Defender, Mac Security or Mac Protector sound familiar to you? Have you perhaps even installed it to prevent viruses to eat your computer? Well congratulations, you have successfully installed a virus.

Just a few days ago, Apple acknowledged yesterday the problems with Mac Defender and promise to release a security update soon.

Mac Defender tells users that their computer has been infected with a virus and offers to remove it if the user enter their credit card number, and pay for the full version of the program.

The security update will automatically find and remove the program and will also add a function that will warn the users if they try to install any of the "antivirus" programs.

Apple is actually confessing that there is problems with OS X.

Shortly after Apple spoke about the update, a new version of the programs was released. It is now called Mac Guard and does not require the users to type in their password when they are installing it.

Mac Guard is split into two parts, the first part is a downloader which download the second part, Mac Guard.

One way to protect yourself from Mac Guard is to unselect "Run Safe Files" in Safari.

Android Security

Android have been suffering from an unknown security problem, where users who log in to different services on unknown networks could get their personal information stolen by hackers! But Google have now come up with a solution to all this, and is releasing a global update that will, hopefully, eliminate the security problems.

It's in particular three applications that have been triggering these problems; Google Contacts, Google Calendar and the image service called Picasa. This update that Google is supposed to release is calculated to reach all Android users within a week, and it fixes the problems in the apps Google Calendar and Google Contacts. Picasa is still however still risky, because of technical reasons. They are working on the fix for it though.

Note: This update does not require you to do anything, it will be done automatically!

I think this is cool, even though I don't really use Android :)

Dropbox drops the lies.

Dropbox has been found to publish misleading info regarding the security of the files you upload to the service. Dropbox has earlier always stated that the files the users synchronize are strongly encrypted and that not even employees can access the files.

But. The PhD and blogger Christopher Soghoian recently discovered that Dropbox uses a function which control that the files you upload doesn't already exist, and therefore saves lot's and lot's of space.

He then questioned how it could work if Dropbox couldn't access the users failes, he got the answer:

Employees at Dropbox doesn't have any access to the users files. They can only be unlocked with the users mail and password.

Only a few day after Christopher recieved the mail, Dropbox changed the information on their website to:

The ones hired at Dropbox are not allowed to view the information you upload to Dropbox. We have a small staff of employees who must have access to your information because of legal reasons and only happens in very rare cases.

Another week passed and Dropbox edited the information in their User Agreement. It now said:

Under certain circumstances the users information may be shared with a thirdhand part if we feel that are good reasons to do so. It can involve the following situations; a) to maintain laws; b) to protect a person from harm or death; c) to prevent frauds or misuse of Dropboxs services; d) to protect Dropbox property.

Simply said, Dropbox can decrypt your files and share them with a thirdhand party if they feel it fitting. Dropbox doesn't specifie if they only share with the police or if they share with other authorites or corporations.

Christopher has filed a 16 pages long complaint to the American Chamber of Commerce. He want Dropbox to admitt that the users file is not safe like they've said before, and that Dropbox send an email to the 25 million users with an excuse which cleary explains this.

Limewire sued, artist gets nothing.

The file sharing program Limewire has been sued by RIAA for a billion dollar, but only have to pay 105 million dollars in compensation. Of which the pirated artist doesn't receive a dime.

All the money we are receiving will be spent on campaigns for further piratehunting says RIAA's spokesman Jonathan Lamy to Torrentfreak.

RIAA haven't yet made any official statement about how exactly the money will be spent.

See, nothing good comes from anti-piracy, the artists doesn't get any money at all when the companies sue file sharers.

Failbook

Your personal info may have been stolen.

A bug in Facebook's handling of applications has resulted in millions of Facebook users password may be in wrong hands. It's the security company Symantec who has discovered the bug and is warning the users of the security breach.

About 100 000 applications where enabling this leakage at april 2011

Symantec recommend you to change password immediately so no third-hand-partys can use them.