NewSaurus

 Quoting current and former government officials

That the aim of the extensive hacker attacks on Google in late 2009 was to spy on US counterintelligence information. According to the newspaper, the hackers gained access to a database which contained information about Google Gmail accounts that had surveillance orders on them.

Apparently, the thousands of orders included classified ones from a US federal court that approves surveillance on foreign targets such as spies, diplomats and suspected terrorists. The report quotes one official as saying that the attackers could have used this information to warn Chinese agents who had attracted the US authorities' attention, enabling them to take steps to destroy information and get people out of the country. According to the official, the Chinese could also have sought to deceive US intelligence officials by conveying false or misleading information.

When Google disclosed the discovered attacks in early 2010, the company said that the attack mainly targeted the email accounts of Chinese human rights activists. There was no information about a breach of a database that contained court orders. The Washington Post says that, even now, it remains unclear how much information the hackers actually obtained. Reportedly, a high-ranking Microsoft executive said only weeks ago that attackers had, at around the same time, also searched the company's servers for information on accounts that had a surveillance order on them.

Both Google and the FBI reportedly declined to comment on the newspaper article. In 2010, China denied any involvement in the hacker attacks. Instead, the country said that China itself had been the victim of the most extensive hacker attacks.

Source :- www.majorgeeks.com, www.washingtonpost.com, www.h-online.com

Via: www.cnbc.com, www.bgr.com

Source: Anonymous [1], Anonymous [2]

Hackers associated with the group Anonymous earlier this month demanded that North Korean leader Kim Jong Un step down from power and adopt democracy. The demands went unanswered and the group has subsequently launched a variety of attacks aimed at North Korea’s online properties. Hackers defaced social media accounts and other websites belonging to Pyongyang and mocked Kim Jong Un with images associating him with a pig. Now, for the second time in less than two weeks, Anonymous members have taken down nearly a dozen new North Korean websites.

In an earlier attack, Anonymous hackers were able to seize control of North Korea’s Twitter and Flickr accounts, although the latter has since been deleted. Members have continued to post on the Twitter account, however, suggesting that North Korean officials have not yet regained control.

Central news and information site Uriminzokkiri has once again been taken offline, as well as English language news sites minjok.com, jajusasang.com and paekdu-hanna.com. A handful of other North Korean websites were also defaced with the photoshopped image of Kim Jong Un used in earlier attacks.

Anonymous members perviously claimed to have stolen more than 15,000 passwords from Uriminzokkiri users. In an earlier statement, the group revealed that it was working with “operatives” inside North Korea who are aiding in its attacks. As tensions between the U.S., South Korea and North Korea reach an all time high, the hacking collective has vowed to initiate additional cyberattacks in the coming weeks.

Source :- www.bgr.com

Microsoft is today putting an end to the vulnerability found in old versions of Internet Explorer (6-8) that allowed an attacker to execute harmful code in a target computer, if the user was tricked by a specially crafted website.

Soon after the security hole was found, the software giant quickly made available a temporary workaround in a form of patch that they call “Fix it”. However, the security update released today should permanently close the door, for good, to this issue.

The company reports that only a small number of users have been affected by the exploit, but acknowledges that if could potentially affect more users in the future. Because of its future impact the update has been labeled as “Critical” and it will be installed automatically to all those users who have Automatic Update enabled. Microsoft also is advising users to upgrade to IE9 and 10 when possible to stay even more protected from this particular security hole.

Note that if you previously installed the “Fix it”, you don’t need to uninstall it before applying the new update, but you may want to uninstall the patch after, as it could slowdown IE start-up time.
If you prefer to manually install the Security Update (2799329), you can download it here.

Please watch the video below for an overview of this security update, and you can find more information on the Microsoft Security Bulletin summary webpage.

http://www.microsoft.com/en-us/showcase/details.aspx?uuid=8d179378-a767-40cd-bbfa-3203f2bba2e6

Source :- www.pureinfotech.com, www.blogs.technet.com

Internet Explorer Logo

Today in a quick response to the matter, Microsoft is rolling out two security updates to resolve the security flaws on Internet Explorer. In this Windows Update the software giant is releasing two patches: The first patch 2744842 (described in Microsoft Security Bulletin MS12-063), permanently fixes the vulnerability on IE7, IE8 and Internet Explorer 9 on Windows XP, Windows 7 and Vista respectively.

The security hole discovered late last weekend, as we mentioned before, could allow malicious users to harm Windows machines by means of spacial design of Flash animation.

The second security update (described in Microsoft Security Advisory 2755801) is to fix the Flash exploit found on Windows 8′s IE10. This was a security issue that could cause Adobe Flash to crash, while allowing unauthorized to the computer. Even though the operating system hasn’t been released, there are already many companies and people developing software with the Release to Manufacture or RTM version — Microsoft plans to make Windows 8 available to the public on October 26th, right after the launch event the day before in New York City.

The patches are now available for Windows 8, Windows 7, Vista and Windows XP via Microsoft’s Windows update service.

Source :- www.pureinfotech.com , Microsoft Security Bulletins

INTERNET EXPLORER LOGO

Days after the newly discovered weakness in Internet Explorer (versions 9, 8, 7 and 6) that could potentially put at risk a massive number of Windows PCs, Microsoft has made available a temporary resolution for the problem in form of a Windows Fix it (kb2757760), also an update scheduled to be released this Friday to permanently path the issue.

The exploit, discovered during the weekend, could allow a malware to bypass security protocols via Flash and affect XP, Vista and Windows 7 machines. In a new article the company stated that there is a fix now for it and it is easy to apply: “This is an easy, one-click solution that will help protect your computer right away. It will not affect your ability to browse the web, and it does not require a reboot of your computer.”

While the fix it (Microsoft Fix it 50939 and 50938) delivers a protection against the security hole, Microsoft recommends to IE users that it is highly important to install the forthcoming security update set for Friday via Windows Update. To get all the steps on how to install Microsoft Fix it for Internet Explorer follow these instructions.

Source :- www.pureinfotech.com

INTERNET EXPLORER LOGO

As you might have heard by now, Internet Explorer 9 down to version 6 are at risk because of a new security flaw – IE10 on Windows 8 has not been affected –. Microsoft has yet to issue a security update, but until then the company is suggesting some options to temporally deal with this bug.
About the new IE bug, well… It is a security hole that was discovered days ago and it could potentially compromise PCs running Windows 7, Vista, XP SP3 and below, if users browse malicious web pages designed to take advantage of this Internet Explorer’s weakness.

In an article from Microsoft Security Advisory the company is offering details about the problem and it is also advising users to protect themselves from this vulnerability until an update for IE is release.

Four different workaround to deal with the bug

What you should always be doing is advice first:

1>> Make sure that you have an antivirus and anti-spyware solution installed and up-to-date, and also make sure that you are using a firewall, either use the one built-in Windows or use a third-party solution.

2>> It is also suggested to install the Enhanced Mitigation Experience Toolkit or EMET from Microsoft. The utility is designed to help protect from weakness in software being easily exploited, by adding an extra layer of security that function as an obstacle that whoever writes the malicious software must bypass first.

3>> Another option is to modify your Internet and Local Intranet security settings to High. If you want to do this. Open Control Panel, in the search box type Internet Options, from the list results open the Internet Properties, navigates to the Security tab and in the “Security level for this zone” position the slider to High for both zones. Click Apply and then OK.

4>> Active Scripting can also be used by setting it to notify in both Local Intranet and Internet. To accomplish this task once again open the Internet Properties and in the Security tab, select the Internet zone, click the Custom Level button. Then scroll down and under the Scripting section, set the Active scripting option to Prompt, and click OK. Remember to do the same for the Local Intranet zone.

According to the company these workarounds could help prevent users from loading websites that can harm their computers with this security hole.

Changing the settings will actively trigger an unpleasant message every time the user stumble upon a web page that make use of the ActiveX control prompting to allow or block the web page. However, you can always opt not to use Internet Explorer, until a fix is release. Options are all around, you can use Google Chrome or Firefox as alternative web browsers among others. This is a pretty easy thing to do if you are a normal user, but the challenge comes when companies depend on IE to access their web applications.

Source :- wwwpureinfotech.com

With no fix available yet, Microsoft has a few words of wisdom for users who don't want to be bit by the newly-discovered bug.

A malware attack exploiting Internet Explorer 9. (Credit: Rapid7)

 Users of Internet Explorer versions 6 through 9 are grappling with another security flaw without a fix, but Microsoft has a few suggestions to help shore up protection.

Uncovered this past weekend, the security hole could compromise the PCs of IE users who surf to a malicious Web site. Microsoft said it's already aware of attacks that have tried to take advantage of this weakness.

Since no fix is yet available, it's up to users of IE to protect themselves. A new Microsoft Security Advisory offers several recommendations.

To start, the usual advice always applies. Make sure you're running updated antivirus and antispyware software and that you're using a firewall, either a third-party utility or the one built into Windows.
You can also install the Enhanced Mitigation Experience Toolkit from Microsoft. EMET tries to ward off attacks on software holes by putting up a wall of security obstacles that the malware writers must circumvent. EMET can be configured specifically for Internet Explorer as well as other applications.
Another option is to push the Internet and local Intranet security settings in IE to "high." To do this, launch Internet Explorer, click the Tools menu, and then select Internet Options. Click the Security tab and then select the Internet zone. Under the Security level for this zone, move the slider to High. Click the Local Intranet zone and again push the Security level to High.

Users can also set Active Scripting to "prompt" in both the Internet and Local Intranet zones. To do this, again select Internet Options from the Tools menu in IE. Click the Security tab. Click the Internet zone and then select Custom Level. Scroll down to the Scripting section and set Active Scripting to Prompt. Repeat the same steps for the Local Intranet zone.

As Microsoft warns, tweaking these settings could prevent access to certain Web sites.
Even changing the setting to "prompt" will trigger an annoying message anytime you hit a Web site that uses ActiveX controls asking if you want to allow or block the site.

Microsoft's own Windows update sites -- *.windowsupdate.microsoft.com and *.update.microsoft.com -- rely on ActiveX control to install available updates.

You can add sites that you trust to the Trusted sites zone through Internet Options. But this can be time-consuming since you have to add them on an individual basis.

As a result, the easiest option is to just not use Internet Explorer, at least not while this exploit remains in the wild. Individual users can switch to Firefox, Chrome, or another browser. Organizations that have standardized on Internet Explorer face a tougher challenge. So the onus now is on Microsoft to fix this hole as quickly as possible.

You can learn more about the security flaw and possible workarounds through Microsoft's Security Advisory.

 Source :- www.cnet.com by Lance Whitney