Mozilla exec urges Firefox users ditch Google for Bing

Asa Dotzler, Mozilla’s director of community development, used his personal blog to urge Firefox users away from Google and to use Microsoft’s search engine Bing, instead. Dotzler cited privacy concerns, specifically pointing to comments recently made by Google CEO Eric Schmidt.

“I think judgment matters,” said Schmidt. “If you have something that you don’t want anyone to know, maybe you shouldn’t be doing it in the first place.” Dotzler then links to the Bing add-on for Firefox, stating that Bing’s privacy policy is better than Google’s (and notably fails to mention Yahoo at all).

Schmidt was talking about laws in the US, but the way he worded his beliefs did not sit well with privacy advocates—and a whole lot of other folks—including Dotzler. Microsoft has to respect the Patriot Act and other laws just as Google does, but after seeing Schmidt’s comments, Dotzler decided that Firefox users need to be reminded of Bing’s existence.

Google’s philosophy is that the more open information is, the better it is for everyone, especially the search giant, which makes money by organizing said information and then displaying as relevant as possible ads beside it. Microsoft, on the other hand, while still a business that like, any other, wants to make money, has a long history of dealing with privacy concerns and regulations, so it’s eager to avoid potential issues if possible. Dotzler, a 10-year-veteran at Mozilla, is saying that if you care about your privacy, remember that Bing is better than Google, at least in that department.

Source:
http://arstechnica.com/microsoft/news/2009/12/mozilla-exec-urges-firefox-users-ditch-google-for-bing.ars

Posted in Internet, Privacy | No Comments

Phishing campaign targets cPanel users

Trusteer warned the customers of website hosting companies, including yahoo.com, against a new phishing attack aimed at stealing their content management system log-in credentials. The e-mails appear to be from a website hosting firm and ask website owners to confirm their cPanel/FTP account information. Using this information, criminals are uploading look-a-like bank website pages to steal funds.

cPanel is a popular CMS (Content Management System), used by many leading hosting providers, including Yahoo. It is used to perform website operations, including FTP account control and setup, which can be used to upload content to the cPanel-managed web site. Over the past few days, a phishing email campaign targeting owners of cPanel-based sites at various hosting providers has surfaced.

The attack is designed to harvest the FTP credentials of site owners, using cPanel-oriented messaging.

Source:
http://www.net-security.org/secworld.php?id=8583

Posted in Internet, Privacy, Security | No Comments

Bit.ly boosts malware protection

For the security-conscious, those shortened URLs on Twitter can be unnerving. After all, where is that shortened URL really taking you? This summer, security vendors documented how spammers and phishers were exploiting URL shortening services to try to trick users into visiting sketchy sites. On Monday, one URL shortening service provider, bit.ly, made an announcement that promises some security relief on this front: it plans to integrate security services from VeriSign, Websense, and Sophos to boost its defenses against malware and spam.

In a blog post, bit.ly said it will use VeriSign’s iDefense IP reputation service to detect URLs, domains and IP addresses that host malicious code. It will also use the Websense Threatseeker Cloud service to catch spam by analyzing bit.ly links in real time, and Sophos’ behavioral-analysis technology to fend off spam and malware.

According to a Websense blog post, bit.ly will use Websense’s security-as-a-service platform to scan both new and existing shortened links as users click on them. “Websense will conduct full content analysis for the IP sources, websites and Web content behind the bit.ly links, including categorization and reputation analysis of the URL, property type, lexical and search reputation, history, age, geography, neighboring properties and more. If the user attempts to click on a link leading to malicious code, spam or a known phishing site, bit.ly will display an alert describing the threat potential and give the user the option to safely navigate away,” Websense wrote.

Source:
http://itknowledgeexchange.techtarget.com/security-bytes/bitly-boosts-malware-protection/

Posted in Internet, Security | No Comments

The Penetration Testing Marketplace in 2010

Vulnerability assessment vendor Rapid7 has announced the first of a series of steps to integrate its penetration testing and vulnerability assessment scanning products. The first step is a module that allows users of the Metasploit Framework, which Rapid7 acquired in October to natively import NeXpose scanner results and then take automated action against vulnerabilities MSF is capable of attacking.

This is not the forum for a discussion of product news. But the integration, modest as it currently is, speaks to some high level trends in the penetration testing space that I feel are of continuing interest to businesses that currently perform or are considering setting up the capability to perform penetration tests using an internal pen test team.

In a nutshell, users of MSF 3.3.1 console and NeXpose can control the latter from the former, start a scan, import into MSF and cross-reference available exploits to the results of the scan, then automatically exploit the matching vulnerabilities.

Source:
http://threatpost.com/en_us/blogs/penetration-testing-marketplace-2010-120109

Posted in Internet, Networking, Privacy, Security, Software | No Comments

DNS Rebinding – Explained

Here is a great video from Robert “RSnake” Hansen explaining what DNS Rebinding actually is and shows some various attacks that may be performed as a result of it.  RSnake also explains what can be done to fix the problem and explains why it might not happen any time soon.

DNS Rebinding with Robert RSnake Hansen from Robert Hansen on Vimeo.

Posted in Internet, Networking, Privacy, Security | No Comments