Thursday, 5 May 2016

Stolen Passwords 272 Million Email Accounts Found


An American security company claims to have discovered the stolen usernames and passwords of 272 million email accounts. A large part relates to accounts of Russian mail service Mail.ru, let the company hold Security across news agency Reuters to know.

How the data is not stated precisely captured. According to Alex Holden Security Hold the stolen credentials were offered a forum for cyber criminals. He managed to get the data and verified. It turned out to be nearly 57 million Mail.ru accounts, 40 million Yahoo accounts, Microsoft 33 million accounts and nearly 24 million Gmail accounts and hundreds of thousands accounts of Chinese and German email providers.

Mail.ru, in response to the discovery launched an investigation to see which users are affected, to warn subsequently. A preliminary audit showed that did not work the leaked usernames and passwords.

Humble Bundle Offers Collection Of Books On Hacking


Humble Bundle , a platform that offers all kinds of games and books at low prices, now offers a bundle of different hacking books too. It is about 13 DRM-free books from No Starch Press with a value of $ 366. The asking price of Humble Bundle is partly determined by users.

For the first four books may include users decide what they want to pay. For the next five books must be paid at least $ 14.75. The last four books going away for at least 15 dollars. Users may also pay more. A portion of the proceeds going to charity. Also, users can choose how their money is split between the publisher and the charity.

The books are by different authors and deal with practical malware analysis, programming in Python, Designing BSD Rootkits, bitcoin, working with the Arduino and Raspberry Pi, hacking the Xbox and use the Linux command line. Meanwhile, there are 45,000 book bundles sold. The campaign will run until 11 May.

German Government Launches Test Plan For Security Routers


In order to ensure that routers that individuals and small businesses purchase are safe, the Bundesamtes für Sicherheit in der Informationstechnik (BSI), part of the German Ministry of the Interior, today a comprehensive test plan ( pdf ) launched broadband routers.

The test plan, especially for Internet service providers and manufacturers intended, which describes a secure router to meet.In this way, potential buyers can more easily compare models in the field of security with each other. According to the BSI, the security of a router, an important factor when choosing a particular manufacturer or type. The German federal government has recently abolished the so-called router obligation. Thereby German internet users can choose yourself which soon modem and router that they want to use their broadband connection.

"Routers are a central part in the digitalization and networking. They are the heart of the home network, but protect at the same time against Internet threats. The abolition of the router obligation have internet August this this year more choice in choosing their router. users should make use of this by looking at the safety when choosing a router, "said Arne Schönbohm, head of the BSI.

In the test plan different parts are discussed, such as the presence of security measures. Thus, each router must sort the BSI have a firewall and there should be no default port forwarding enabled. In addition, made several recommendations, such as the presence of an automatic update feature. Furthermore, the test plan contains examples of common vulnerabilities and attack scenarios.

UK Hospitals Receive 230,000 Euro Fine For Data Leak


A collective of UK hospitals has been fined more than 230,000 euros since it had placed the private information of staff inadvertently on its website. It was the national insurance number, date of birth, religion and sexual orientation of 6,500 employees.

The collective discovered the data breach after 10 months and had another 5 months to inform the affected employees. The information was provided voluntarily by the staff, so that collectively an annual overview of diversity and equality could publish within hospitals. The spreadsheets were found to contain hidden data simply became visible by double-clicking on a table. Because of the data breach, the UK data protection authority ICO now fined 185,000 pounds (the equivalent of more than 230,000 euros).

Anti-virus Again Caused Problems For Firefox Users



Mozilla has released an update to Firefox because anti-virus software again caused problems. Last week Firefox 46 , where several security issues were resolved. Shortly after the release of this version Firefox users complained that they did not have websites could charge more.

Users got to see only blank pages. Then Mozilla decided to discontinue the update to Firefox 46. An investigation was opened, from which it appeared that anti-virus software was the culprit. The problems resulted from the scanning of a certain directory. It is not the first time that Firefox crash and virus scanners. Early this year, Firefox proved to crash through the anti-virus software from G Data virus and made ​​sure that some users no SSL sites to visit. Updating to Firefox 46.0.1 will occur automatically on most systems.

Opera Launches Browser With Built AdBlocker




The creators of Opera today a new version launched from the browser on a built AdBlocker features. According to the developers, ad blocking an important measure to make websites load faster and reduce memory consumption.

Some popular websites would no ads 90% load faster. Browser developers, however, have done nothing to this issue, says Krystian Kolondra Opera. The browser developer wanted for his own words change this by providing a built-in Opera AdBlocker. Thereby find blocking ads at the level of the web-site engine, allowing pages to load much faster and less memory is used than in AdBlocker extensions is the case.



According to their own figures would surf with Opera's AdBlocker 62% faster than without AdBlocker. The browser uses less memory when a AdBlocker enabled. Opera users must AdBlocker in Opera 37 does switch itself. Something that can be controlled by site. Opera has been compared to Chrome or Internet Explorer a little browser. The share of Opera culminated in April, however, a revival and polite with 1.9% the highest level in more than a year. Recently let Opera know that a VPN is added to the browser.

Google: Virustotal Not Intended To Compare Anti-Virus


VirusTotal is a popular service from Google that charge suspicious files can be scanned by dozens of virus, but to keep health service and to prevent abuse have now announced new rules and users are reminded of their responsibilities.

According to Google VirusTotal is a nice collaboration between anti-virus companies and users. Users upload suspicious files, which are then shared with the anti-virus companies. "It's an ecosystem where everyone contributes, everyone benefits, and we work together to improve safety on the Internet," said Bernardo Quintero.

Rules

To ensure that the ecosystem is in good working there new rules announced. So all anti-virus companies are obliged to integrate their detection scanner in the public interface of VirusTotal. New scanners wishing to apply must first be able to present a certification or independent reviews of security testers, with the best practices of the Anti-Malware Testing Standards Organization (AMTSO) followed by VirusTotal.

Additionally VirusTotal users must follow the requirements and best practices, let Google know. "It's frustrating to see abuse and is detrimental to our community," said Quintero. He points out that VirusTotal is not substitute for a virus. In addition, the service must also not be used to compare virus scanners with each other. "Virus scanners are complex programs on additional detection properties which may not operate within the scanning area of ​​VirusTotal. Therefore, the scanning results from VirusTotal are not designed to compare the effectiveness of anti-virus products," Quintero says.

Wednesday, 4 May 2016

Virus Crashes Medical Equipment During Heart Procedure


A medical system that monitors patients crashed during cardiac procedures because the virus carried a specified virus. Reported that the US regulator FDA. It concerns the Merge Hemo, a programmable diagnostic computer of Merge Healthcare.

The system consists of a data module and the patient Hemo-monitor computer. The two units are connected via a serial interface connected with each other. During a heart procedure, the Hemo-monitor computer lost contact with the client and Hemo was the image black. While the patient was anaesthetized, this caused a delay of five minutes because the system had to be restarted. Research showed that the virus was to perform a scheduled virus scan.

According to the FDA this may compromise the patient at risk. In the case of the incident was the heart procedure, after the system was restarted, been successfully completed. The manufacturer states in response that the hospital has not followed the instructions regarding the installation of anti-virus software. These guidelines establish how the virus must be set so that there are no consequences for treatments. As patient data and medical images must be scanned. There, according Merge Healthcare therefore no problem lie with the medical system.

Google Encrypts All Traffic To blogs On Blogspot



Google has decided to encrypt all traffic to the blogs on its own Blogspot blogging service. In September last year the Internet giant began offering the option for bloggers to activate it yourself. This option has now been removed and traffic to all blogs are now encrypted.

There is also a new option available for bloggers called "HTTPS Redirect", making it possible to enable all visitors to the HTTP version of the blog visit automatically redirected to the https version. In case the option is disabled, it is possible to visit the blog via both http and https. Google warns however for mixed content that may not work properly the https version of the blogs.

It is in this case content such as images, gadgets, ads or templates that are invoked via http. In the case of an https site may cause a mixed content warning. Google argues that it can solve many of these problems, but some must be resolved by the bloggers themselves. To help bloggers and administrators with this, there is now a special tool launched to find mixed content into blogs and posts.

Many Websites Vulnerable ImageMagick Leak


A serious vulnerability in ImageMagick , a popular software library to handle with graphics, ensures that a large number of websites are vulnerable and at risk of being hacked. In case a website allows users to upload an image and using ImageMagick, an attacker can, at worst, run arbitrary code on the Web server.

Several plug-ins for image processing depend on the ImageMagick library, such as PHP's imagick, Ruby's RMagick and paperclip and NodeJS's imagemagick. The vulnerability is called " ImageTragick received" and was discovered by security researcher Nikolay Ermishkin . According to researcher Ryan Huber, it's easy to make abuse and will exploit them for short term appear.

The prediction Huber yesterday evening did turned out to be correct, because now such exploits include published. The developers of ImageMagick have a solution available that prevents the attack. Administrators should add a few lines of code in this case a file used by ImageMagick. A security will be released this weekend.

Wednesday, 20 April 2016

Chat App Viber Also Adds End-To-End Encryption



The popular chat and VoIP app Viber, which has over 600 million users in their own words, will encrypt all calls through end-to-end encryption. It developers have announced today . Through Viber users can chat with each other and whistles.

By adding encryption have Viber users under the assurance that their messages are not intercepted, whether it's for group or one-on-one meetings and regardless of platform. All that users have to do is use the latest version of Viber. Then, the chat app will show if the call is encrypted.

Users will see a gray lock when the call is encrypted. It is also possible to authenticate contacts manually. In this case, the lock will be green. Rolling out the encryption will take place over the next two weeks. In addition to the announcement of encryption Viber also has "Hidden Chats" revealed. Through this option, users can hide certain conversations in the main window so that only the user knows that they exist.

Ad Network Distributes Hundreds Of Infected Ads


A Scottish ad network that gets 10 billion impressions per month in his own words has been used in recent weeks to distribute hundreds of infected ads. Through the ads, which appeared under other porn sites and torrent sites, ransomware was disseminated.

This enables anti-malware company Malwarebytes . The company in the past two weeks had more than 400 unique infected ads of the Scottish advertising network AdsTerra, also known as Terra Clicks stemmed. Malwarebytes decided to warn AdsTerra but has not received a response yet. The ads direct visitors unnoticed by the Magnitude exploitkit. This exploitkit uses known vulnerabilities in Adobe Flash Player and Internet Explorer to infect computers with Cerber-ransomware.

Users who are not redirected to the Magnitude exploitkit, for example because they use certain security software or a virtual machine, will see a pop-up that there is a problem with their computer and they need to call a helpdesk. These are the familiar phone scam in which fraudsters try to gain access to the computer and victims to resolve not charge existing problems.

Tuesday, 19 April 2016

Adobe: Flash Player Security Thwart Hackers


Adobe security measures in recent months have added to Flash Player ensures that hackers could not carry out successful attacks on the media player during a recent hacking contest, as the software company announced.

During the annual Pwn2Own contest hackers are rewarded for demonstrating unknown vulnerabilities in different browsers and Adobe Flash Player. During the last edition of March Flash Player was finally twice successfully hacked , but that number could be higher, says Peleus Uhley of Adobe. In preparation for the hack contest Adobe rolled several updates to enhance the security of Flash Player.

These measures paid off as several attempts to hack Flash Player failed thus said Uhley. Still, Flash Player has been successfully hacked twice. "These victories show that there is always more vendors can do to improve security," he continues. Uhley notes that companies such as Adobe, Microsoft and Google are engaged in a race with hackers.

Adobe invests in his own words than a lot of security and regularly adds features to thwart it. hackers as only goal. "Such measures are increasingly being added. The companies themselves will change on the frontline of this battle and to grow the more expensive." According Uhley help hacking contests like Pwn2Own software companies to develop. "While Pwn2Own each year seems to take the same required innovations and challenges to books every year results," said Uhley.

Android Device With Fingerprint Reader Often Locked


Android devices that have a fingerprint reader are more locked than devices that do not offer this option. This was reported in the published today Google Android Security annual report ( pdf ). The use of screen lock helps according to Google both privacy and security.

However, research shows that many users set a screen lock because they find it difficult. With the launch of Android 5.0, users can, however, choose the "Smart Lock" option, in which a device remains unlocked until it is held by the user. This can be determined on the basis of various items such as Bluetooth, on-body detection 'and a trusted location. This reduces the number of times a user must manually unlock his device.

Since Android 6.0 fingerprint readers are supported, however, and this has a positive effect on the use of screen lock. Users can now unlock your phone using just their fingerprint. From Google figures show that the use of screen lock is more common on devices with a fingerprint reader. Is set at 55.8% of the Nexus 5 and Nexus 6 devices screen lock. With Nexus and Nexus 5X- 6P devices, which have a fingerprint reader, this is 91.5%. With other Android devices that have screen lock is being used on a fingerprint reader.

Google: Sharp Drop In Android Malware On Google Play


The number of malicious apps in Google Play has dropped sharply last year, says Google in a new report. For the second time the Internet giant published the Android Security annual report ( pdf ). Compared to 2014 took the risk of the installation of malicious applications by 40% in 2015.

The malicious apps are divided by Google in various categories like apps that collect data, spyware, Trojans and apps to download additional software. The percentage of apps which collects data decreased by 40%, to 0.08% of all installations.Spyware decreased by 60% to 0.02% of the installations and malicious downloaders saw a 50% decrease to 0.01% of all installations. However, the category of Trojans rose from 0.01% to 0.02%. Eventually it was less than 0.15% of all Android Devices that download malicious apps from Google Play only apps installed.

About 0.5% of the devices that was downloaded from Google Play apps as well as other resources to deal with malicious apps. In addition, Google says that it also protects users download these apps from other sources. For this, use the Verify Apps. Warnings Verify apps were improved last year, which was an increase of 50% of users decided not to install the app in question after a warning. End of 2014 Android Phones got to it first with ransomware. This category of malware was according to Google last year found only outside of Google Play.

Google Helps Owners Hacked Websites With Maid


If Google webmasters and owners of a hacked website helps to existing vulnerabilities and malicious code quickly resolved, according to research. According to Google , more than 10 million Internet users every week with malicious Web sites in touch.

It often involves hacked websites which install owner or webmaster failed security updates or to choose a strong password.This makes it easy for cyber criminals to take over a website and use for example distributing malware. Google warns Internet users of such web sites, but many webmasters do not follow the Internet giant by that something is wrong.

And even if they are informed of the security incident, they miss to overcome the knowledge to solve the problem. Google therefore decided to look together with the University of California at Berkeley how webmasters can be best informed and the problem as soon as possible can be resolved. From the research shows that if Google cooperates directly with the webmaster, 75% of webmasters manages to secure their website. A process that takes an average of three days.

To help webmasters soon be considered by investigators three important steps. The first and most difficult step is to inform the webmaster. In the case webmasters their website via Webmaster Tools have registered a Google mail ensures that 75% of webmasters secures the website. In the case of the webmaster is unknown the e-mail address, have browser warnings and alerts in the search engine a success rate of 54% and 43%.

The second step in the process is to give hints about the harmful content. Attackers often hide their files, which complicates the cleaning process. In the event Google tips on the infection to the webmaster e-mailed this made sure that the cleaning sheet was 62% faster than warnings without tips. The third step is to make sure that continues to clean the site. Google investigated and cleaned hacked websites and found that 12% had been hacked again within 30 days. That shows, according to the Internet giant how important it is to find the cause of a hack rather than to remedy the effects.

Gates Supports Microsoft's Lawsuit Against US Government


Bill Gates supports the lawsuit by Microsoft against the US government users whose data must be warned searched by the authorities. At present receive email providers from the US government often a 'gag order', said she is not allowed to inform users. According to Microsoft, this is going too far and the software giant wants the court therefore corrects the situation.

Gates leaves in front of Reuters know that the government in some cases information from email providers must obtain without the user in question gets to know this, but this is the exception and not the rule. Gates further calls for cooperation between government and tech companies to find the right balance when requesting private data. "I do not think there is anyone who thinks that the government should get all or that the government absolutely must get nothing."

New York Police Launch Campaign Against Encryption



The police force of New York 's Manhattan along with the Attorney General and various organizations for crime victims a campaign against encryption starts. According to the initiators of the campaign "#UnlockJustice 'it is important to highlight the impact of encryption for public safety and crime victims.

"The debate over encryption is often determined by privacy and security, where there is no thought about the impact on victims," ​​said Attorney General Manhattan Cyrus Vance. "That narrow view ignores the impact of encryption for the investigation and prosecution of crimes." According to Vance all consumer must be able to be searched by investigators.

Apple and Google have, however, ensured that this is not currently the case, he said. "Congress should not allow companies to make devices that against his injunctions file. Companies should not be allowed to give criminals a place where they can go about their business. Victims of crime are entitled to greater protection than criminals."

According to Police Commissioner William Bratton undermines the existence of devices for which a court order is not the justice system applies. "This is a crisis in the making and goes beyond a single terror case. Providing shelter for pedophiles, rapists and murderers through their mobile phone affects unprecedented casualties. This exception of the judicial system is unsustainable and must be corrected immediately . "

In addition, hundreds of the initiators point for devices that can not be searched. Through the campaign, they hope to educate the public about this. The created for the campaign hashtag was quickly adopted by proponents of encryption. "People deserve better protection than criminals. Standard strong encryption protects citizens against robbers and thieves," said security expert The Grugq . Other Twitter users claim that it is a campaign of misinformation and encryption just helps in protecting data.

Microsoft Warns Of E-mails With Attachments JavaScript


Microsoft has issued a warning to spam messages that contain a JavaScript file attached and try to infect your computer with malware, including Locky-ransomware. The JavaScript attachments are back wrapped in a rar or zip file, says Alden Pornasdoro Microsoft.

In addition to use JavaScript files cyber criminals also Office documents with malicious macros to spread ransomware. According to Microsoft can be rapidly infected a computer via a JavaScript file. "It is interesting to note that an Office attachment with malicious macros usually two or more clicks required to open the document. One click for the document, and another click to activate the macro. On the other hand, the JavaScript annex just one or two clicks to run, "Pornasdoro notes.

He adds that it is very unusual for people to send JavaScript files attached. Who receives such a file must therefore not open. Pornasdoro also advises organizations to enable AppLocker so dubious software can not be performed. In addition, administrators are advised to disable macros in Office programs.

Finland's F-Secure has advice given how the Windows Script Host can be disabled so that JavaScript files are no longer open.

BlackBerry CEO Cryptically On Assistance To Canadian Police



BlackBerry CEO John Chen has responded at a news that BlackBerry Canadian police would have the encryption key to the encrypted BlackBerry messages could decrypt. Chen does not want to confirm or deny the report.

Last week Vice Magazine came out with a report showing that Canadian police were able to decrypt encrypted BlackBerry messages. At that BlackBerry did not respond, but last night there appeared a blog posting by Chen . In it he argues that tech companies must meet reasonable court orders to give investigators access to data. He also repeated his earlier statement that it is objectionable as companies put their reputation over the public interest.

He then briefly discusses the case of the Canadian police, but would not say whether the Canadian police indeed received the encryption key. Chen said the only thing is that BlackBerry has held in this case to its own principles. "For BlackBerry, there is a balance of what is right, such as helping in the detection of criminals, and prevent government violate the privacy of citizens. We have found this balance, even though governments have pressured us to our ethical principles change."

Police Asked Apple To About 341 Units


The Dutch police Apple has in the second half of last year asked for information on 341 Apple devices, according to a new Transparency Report of the tech company ( pdf ). It went to a total of 39 requests related to 341 devices.

Sixteen requests were granted by Apple. According to Apple will most requests for lost or stolen devices. In the first half of 2015 were still 25 requests filed with about 85 aircraft was searched. During that period twelve requests were honored.

In addition to information about devices, the police also sought information about Apple accounts. In the second half of 2015 was about thirteen data requests related to 13 Apple accounts. In five cases, data were presented. three more requests came in the first half of 2015 within the information requested on three accounts. In one case, when Apple decided to hand over information.

In addition, Apple also received three emergency requests from the police in the second half of last year. This relates to data requests made in an emergency, for example, to save a life or prevent injury. In the first half of 2015, it went to one emergency request.

Friday, 12 February 2016

Ads On Skype Spreading Ransomware



Cyber Criminals have managed to show ads to Skype users who were trying to infect computers with ransomware, says anti-virus firm F-Secure. Although the ads appeared within Skype, does not mean that the browser is not open to advertising.


In the case of observed infected ads which showed the browser unnoticed load a page with the Angler-exploitkit. This exploitkit uses known vulnerabilities in Adobe Flash Player to infect computers with malware. Users who had not patched their Flash Player could become so infected with the Tesla Crypt-ransomware. Like other ransomware encrypts Tesla Crypt sorts files for ransom. The ads on Skype came from the AppNexus-advertising platform, which in the past often for the spread of infectious advertisements used. Meanwhile, the offending ads are no longer displayed.

Thursday, 11 February 2016

Russian Hospital Hacked Via Wifi And Old XP Flaw



A researcher has managed to hack a Russian hospital by a weak wifi password and a nearly 8-year-old vulnerability in Windows XP. The hack took place with the permission of the hospital in Moscow, let researcher Sergey Lozhkin know anti-virus company Kaspersky Lab.

He was using the Shodan search engine discovers a login portal of a CT scan machine hospital, which was only secured with a default password. Lozhkin had a friend who controlled the hospital and warned him. The hospital then agreed to an informal penetration test. The researcher decided to attack the hospital could do as a real attacker and began the Wi-Fi network of the hospital. He managed to retrieve the password through a brute force attack, let it faces Threat Post know.

After he had gained access to the wireless network he found a Windows XP machine that contained a vulnerability that Microsoft on October 23, 2008 had been patched. However, the update was not rolled out by the hospital. It was the vulnerability that also used the infamous Confickerworm to spread. Lozhkin then managed on the network to find the administrator panel of an MRI machine that was not password protected. Through the panel he had access to patient data and diagnoses were performed by the machine. According to the researcher shows his work that IT security too often forgotten by software developers, both in the medical industry and in other sectors.

Cyber Attack On US Tax System



One of the US IRS Tax system last month attacked by identity thieves who attempted to retrieve PINs that tax could be committed. The attacks were aimed at a web application that allows taxpayers, after entering their name, social security number, address and date of birth, their Electronic Filing (E-File) PIN to retrieve.

This PIN can then be used to apply for the tax refund. The identity thieves used the information to other parties was stolen to retrieve the PIN. In total, with 464,000 unique social security numbers tried to grab the code, which was successful at 101 000 social security numbers. According to the IRS , there was an automated attack. The Tax Administration claims that no taxpayers' data through IRS systems are won. In addition, the IRS will notify all individuals whose data were stolen by other parties.

British Tax Office Warns Of Return Over The Shared PC



UK Tax HMRC warns taxpayers to tax not do through shared computers such as in an Internet café. These criminals would save login details and then used to apply for fraudulent tax refunds.

HMRC would now have more than 17,000 fraudulent transactions intercepted by criminals 96 million pounds (124 million euros) were trying to reclaim. It is unclear how big the threat of the use of shared computers is exactly. Opposite the Mail Online allows a spokesperson for the British Tax namely also know that the HMRC is one of the most 'phished' brands in the world.

It often happens that criminals send phishing emails that attempt to lure them recipient to a fake version of the HMRC website to steal so then login details and other information. Because phishing attacks, there is a special page put online explaining how to recognize legitimate emails from the tax authorities.

American Bill Should Prohibit Encryption Backdoors


The US House of Representatives will today present a bill that prohibits US tech companies to add encryption backdoors to their products. In recent months warned some American politicians and investigative agencies, including the FBI, the use of encryption by criminals, which would hamper the investigation and prosecution.

The "ENCRYPT-law" of the Democratic delegate Ted Lieu and Republican Rep Black farenthold prohibits states companies may require to add an encryption backdoor to their products so that encrypted communications can be decrypted later.Recently had the US states of New York and California attempted to require encryption backdoors in smartphones.

According to Lieu technologically is unfeasible to handle individual states various encryption standards for consumer products."Apple is no different smartphones for California and New York and make the rest of the country," so let Lieu opposite Reuters know. Last year Lieu spoke even against the wishes of the FBI to weaken encryption.

"Democracy will always need to find a balance between security and freedom. We realize that it is a challenge for investigators to find that balance, we do not agree with the FBI's proposal to oblige companies to the safety of their products and weakening services by adding a "backdoor" which investigators encryption technology to circumvent, " says the deputy.

Google Stops From 2017 With Flash Ads


From January 2017 Google stops displaying Flash ads on their own ad networks, such as the Google Display Network and DoubleClick, as the Internet giant has over Google Plus disclosed. According to Google, it's important for advertisers to switch to HTML5 ads, so many people can be reached.

To accelerate this process will AdWords and DoubleClick Digital Marketing from June 30 to accept new Flash ads this year.From January 2, 2017 Flash ads will no longer be on the Google Display Network are displayed via DoubleClick. Google warns advertisers that they should have converted their ads to HTML5 for these dates. For now, the new measure does not affect video ads created in Flash.

Google has long been working to make Flash unnecessary. As YouTube videos are automatically played through HTML5. In the case of Flash ads that are distributed through AdWords, which are automatically converted to HTML5 since February last year. Since September 1st of last year, most Flash ads automatically in Google Chrome paused .

Last year, also called Alex Stamos, the new Chief Security Officer (CSO) of Facebook, which with Adobe Flash technology to stop , so that it can be switched completely on HTML5. HTML5 is natively supported by modern browsers and allows playback of videos and other "rich content" without installing additional plug-ins possible.

Microsoft Will Now Provides More Information About Windows 10 Updates



Microsoft will now provide more information about updates for Windows 10. The reason is the customer feedback, so let a spokesman opposite Follower Windows Paul Thurrott know. "To make it easy to create organizations and users to view information on new releases, we have two new pages created will be updated alls changes occur," says Microsoft's Michael Niehaus on a Microsoft blog.

The first page contains the " release notes ". It is in this case to details on every new Windows 10 update, singling out both security- and non-security-related fixes. In addition, a " release information page " with information about current releases as well as a list of all updates that have appeared. Microsoft had to endure a lot of criticism since it first little information about Windows 10 updates, so users do not know what the update did exactly.

Wednesday, 10 February 2016

Major Updates For Windows, IE, Office And Edge


During the February Patch Tuesday, Microsoft released 13 security updates for critical vulnerabilities in Windows, Internet Explorer, Microsoft Edge Office, Microsoft Server Software, the .NET Framework and Adobe Flash Player. Six of the updates are rated as critical.

In this case, an attacker could execute arbitrary code on the computer with hardly any user interaction. It involves, for example just visiting a malicious or hacked website. The remaining updates are for vulnerabilities that an attacker who already had access to a system to increase its rights or cause a denial of service.

Two of the vulnerabilities in Microsoft SharePoint and Windows, were already known before Microsoft had released an update.These vulnerabilities would not be attacked active. Most problems have been resolved in Internet Explorer. It involves a total of 13 vulnerabilities. There are also two critical vulnerabilities in the built-in PDF reader in Windows 8.1 and later. Via a malicious PDF document, it was possible for an attacker to take over your computer. An overview of all updates on this page to find. Updating is done on most Windows computers automatically.

Gmail Notifies Users Of Unencrypted Messages



Google Gmail users will now warn if they receive unencrypted messages, as the Internet giant has on Safer Internet Day 2016 announced . Google itself uses TLS encryption for encrypting messages. Gmail users can send encrypted messages to each other in this way. TLS is not yet used by all email providers.

This allows messages that Gmail users received via this e-mail providers, or send to this, be read. Gmail will therefore present a warning showing that the email provider of the addressee no encryption support, or if a message is received that is not encrypted via TLS. There will also be a warning if the sender's domain could not be authenticated. Gmail recently did not know that more and more support major email providers tls and domain authentication.


From investigation of Google, the University of Michigan and the University of Illinois show that from December 2013 to October 2015 the number of encrypted emails rose Gmail non-Gmail users received from 33% to 61%. In the same period, the number of emails were encrypted using TLS and Gmail to non-Gmail users was sent from 60% to 80%. Further uses 94% of the incoming email for Gmail, a form of authentication to protect against phishing and spoofing.

John Rae-Grant Google argues that not all e-mails which warned is dangerous. "But we advise you to be extra careful when answering or opening links in messages that you have doubts about. And by this update, you have the resources to make that decision."

Adobe Close Critical Vulnerabilities In Flash Player And Photoshop



Adobe has patched critical vulnerabilities in Flash Player and Photoshop computers could allow an attacker to take complete. In the case of Flash Player is about 22 critical vulnerabilities which allowed an attacker to execute arbitrary code on the computer, such as installing malware by just visiting a hacked website or see it from an infected ad.

There was no further interaction required from users. As far as known vulnerabilities are not attacked on the Internet. Since attackers often develop after the release of Flash Player updates exploits to attack unpatched users, Adobe advises to update to Flash Player version 20.0.0.306 within 72 hours. This can be done via the automatic update function or Adobe.com. In the case of Google Chrome, Internet Explorer 10 and 11 on Windows 8 and 8.1 and Internet Explorer 11 and Microsoft Windows 10 Edge Embedded Flash Player will be updated using the browser. Through this Adobe page can be verified that the system version is installed.

There is also a security update for Adobe Photoshop CC and Adobe Bridge CC appeared. The update fixes three critical vulnerabilities that an attacker could take over your computer if opened a malicious file. Because Photoshop traditionally not been a target for attackers, Adobe advises users and administrators to install the update if it suits them. Updating via the built-in updater of drawing programs. In the case of Photoshop CC 02.04.2014 is the update to download only via Adobe.com.