Friday, 18 April 2014

Abandoned & Forgotten By Microsoft!

Microsoft is Criticized for Abandoning XP

AV software maker, Avast, has waded into the software giant for pulling the plug on Windows XP. Avast claimed that abandoning the popular OS was a big mistake, especially as Microsoft hasn’t provided an attractive possibility for people to upgrade.

Avast explained that security products can only do so much to keep XP users safe after the company stops patching the future vulnerabilities of the OS. In addition, abandoning Windows XP won’t only affect XP users, but will also create a huge security problem for the entire ecosystem. You can just imagine tens of millions of computers running XP connected to the Internet – unpatched and without security updates. Of course, all of them will be just waiting to be exploited. The vulnerable operating system will become an easy target for hackers. Besides, it will be regarded as a gateway to infect other non-XP operating systems. Avast also pointed out that many essential devices, including ATMs, are running Windows XP, and all of them will also be left exposed.

Nevertheless, one has to be fair to Microsoft – the company has given all users a very long time to say goodbye to their XP addiction. One would have thought that there would be a market for a security product staying ahead of the hackers – maybe Avast should consider this idea instead of complaining.

Thursday, 17 April 2014

The Word??

Microsoft Word Vulnerable to Hack

Microsoft has recently issued a warning of a remote code execution vulnerability used in targeted attacks directed at Microsoft Word 2010. The software giant explained that the vulnerability allows remote code execution when you open a specially created RTF file in an affected version of Microsoft Word, or preview or open an RTF email message in Microsoft Outlook while using Word as the email viewer.

This means that if you see an incoming RTF file – just don’t open it. Actually, no one sends RFT files nowadays, so it may be a safe bet that you should not open it. In case of the successful exploit, a hacker could gain the same user rights as the current user – or that’s what Microsoft claims.

Security experts admit that Internet users whose accounts are configured in such a way that they have fewer user rights on the system would be less impacted than those with administrative privileges. However, home users would be very easy victims. Microsoft says that people are better to disable opening RTF content in Word, as this will surely prevent the exploitation of this issue through Microsoft Word.

The tech giant explained that in a web-based attack scenario, a hacker could host a site containing a webpage with a specially crafted RTF file used to try and exploit the vulnerability in question. Compromised sites and the ones accepting or hosting user-provided material or adverts might contain specially crafted material which could exploit this vulnerability.

Microsoft says that an attacker would have no way to force people to visit those sites, but rather would have to convince them to visit the site, normally by getting users to click a link in an email message or Instant Messenger message taking them to the attacker’s site. The experts point out that the vulnerability could be exploited via Microsoft Outlook only when using Microsoft Word as the email viewer. In fact, Word is the default email reader in Microsoft Outlook 2007, Microsoft Outlook 2010, and Microsoft Outlook 2013.

In form of an initial workaround until the flaw is eliminated, the company is providing a Fix-it automated instrument. The latter uses Office’s file block feature and adds some registry keys to prevent opening of RTF files in all Word versions.

Tuesday, 15 April 2014

UK At Trying Again!!

UK Wants Even More Online Censorship

The UK government seems to be planning to increase censorship of the worldwide web after its initial attempt failed. Instead of simply giving up on the idea of filtering the Internet, David Cameron wants to censor more and not just delete illegal material but also anything that might offend him.

Now James Brokenshire, the Minister for Immigration and Security of the United Kingdom, pushes the idea of increased online filtering, as David Cameron has finally realized his initial attempt failed.Brokenshire has called for the government to do more to deal with "unsavory" content on the Internet. God knows what he means.

Again Brokenshire had to use the excuse of terrorist propaganda as a reason for online filtering. He said that terrorist propaganda on the Internet would have a direct impact on the radicalization of UK citizens and it is therefore very important to remove terrorist-related content hosted in the United Kingdom or overseas.

According to Jaani Riordan, a barrister specializing in technology litigation, the UK government is bringing in censorship, which would breach the European Convention of Human Rights in the terms of freedom of expression. This is why the government prefers to put pressure on private businesses to self-censor. Indeed,the Minister says that the government was considering a kind of a "code of conduct" for ISPs and businesses, along with a potential system whereby search engines and social media platforms actually alter their algorithms to make "unsavory" material appear less often.

Well, so far there was neither clear indication what a new online filter list pushed on ISPs would look like,nor how it will be designed to work.The suggestions were that the government would simply tell the industry what exactly it considers offensive and they will voluntarily have to agree to filter it. In the meantime, the Home Office insists that this suggestion is part of a new effort meant to take down "terrorist" material overseas, where much of it is hosted.

Monday, 14 April 2014

Aussie Government Having a Larf??

Australia Asked Users to Decrypt Their Encryptions

Aussie Attorney General Department seems to be cross that citizens are encrypting their traffic and the spooks can’t read it. May be that’s why it is drawing up new laws in order to force Internet users and providers of encrypted online communications services to decode any information intercepted by authorities. They claim it can save time and effort of the spooks in decrypting terrorists’ emails.

However, this proposal was buried in a submission by the department to a Senate inquiry on revision of the Telecommunications Interception Act. In the meantime, the Attorney General claims that the increasing rise of encryption use by businesses made it difficult to guarantee that intercepted communications will be in a readable format. The authorities point out that sophisticated criminals and terrorists are using encryption and related counter-interception measures in order to frustrate law enforcement and various security investigations – the terrorists can do so by using default-encrypted communications services or by adopting advanced encryption solutions.

Industry experts confirm that such tech giants as Yahoo!, Google and Microsoft already enable encryption by default for their email services. You may also remember that BlackBerry's messaging encryption has also previously been raised as a law enforcement issue.

Now the Australia’s Attorney General Department has developed a plan, under which law enforcement, anti-corruption and national security agencies could apply to an independent issuing authority for a warrant to authorize the issue of 'intelligibility assistance notices' to third parties like service providers and others.

The human rights activists point out that forcing individual suspects to decrypt encrypted messages would be a new power for Australian authorities.