Download Squad http://downloadsquad.switched.com Download Squad http://www.blogsmithmedia.com/http://downloadsquad.switched.com/media/feedlogo.gif Download Squad http://downloadsquad.switched.com en-us Copyright 2013 Weblogs, Inc. The contents of this feed are available for non-commercial use only. Blogsmith http://www.blogsmith.com/<![CDATA[New software uses facial recognition to defend against prying eyes]]>http://downloadsquad.switched.com/2011/04/07/new-software-uses-facial-recognition-to-defend-against-prying-ey/http://downloadsquad.switched.com/2011/04/07/new-software-uses-facial-recognition-to-defend-against-prying-ey/http://downloadsquad.switched.com/2011/04/07/new-software-uses-facial-recognition-to-defend-against-prying-ey/#comments Having the right programs and hardware to keep the information on your display safe from prying eyes is never a bad idea, and new software from Oculis Labs offers a very interesting take on how to do just that. It's called PrivateEye, and it utilizes facial recognition to automatically pixelate the contents of your display when you look away.

If you step away from your system and someone else decides to sit down and poke around, PrivateEye will present a confusing jumble of garbled text. It'll even notify you if someone tries to peek over your shoulder -- and display a picture of your peeping Tom, throw up an alert, or sound an alarm.

Check out the video embed after the break, and share your thoughts in the comments!

Continue reading New software uses facial recognition to defend against prying eyes

Download SquadNew software uses facial recognition to defend against prying eyes originally appeared on Download Squad on Thu, 07 Apr 2011 13:10:00 EST. Please see our terms for use of feeds.

Permalink | Email this | Comments]]>appsfacial recognitionFacialRecognitionoculispeeping tomPeepingTomprivacyprivatreeyesecuritywindowsThu, 07 Apr 2011 13:10:00 EST<![CDATA[Security firm RSA attacked using Excel-Flash one-two sucker punch]]>http://downloadsquad.switched.com/2011/04/06/security-firm-rsa-attacked-using-excel-flash-one-two-sucker-punc/http://downloadsquad.switched.com/2011/04/06/security-firm-rsa-attacked-using-excel-flash-one-two-sucker-punc/http://downloadsquad.switched.com/2011/04/06/security-firm-rsa-attacked-using-excel-flash-one-two-sucker-punc/#comments RSA attacked using Flash vulnerability It has emerged that the underlying cause of RSA's SecurID gaffe was the recently-reported zero-day vulnerability found in Adobe's Flash Player.

The exploit, which used specially-crafted Flash embedding in Excel spreadsheets, was first reported on March 15 and has since been fixed. RSA was hacked sometime in the first half of March when an employee was successfully spear phished and opened an infected spreadsheet. As soon as the spreadsheet was opened, an advanced persistent threat (APT) -- a backdoor Trojan -- called Poison Ivy was installed. From there, the attackers basically had free reign of RSA's internal network, which led to the eventual dissemination of data pertaining to RSA's two-factor authenticators.

The attack is reminiscent of the APTs used in the China vs. Google attacks from last year -- and indeed, Uri Rivner, the head of new technologies at RSA is quick to point out that that other big companies are being attacked, too: "The number of enterprises hit by APTs grows by the month; and the range of APT targets includes just about every industry. Unofficial tallies number dozens of mega corporations attacked [...] These companies deploy any imaginable combination of state-of-the-art perimeter and end-point security controls, and use all imaginable combinations of security operations and security controls. Yet still the determined attackers find their way in."

What we'd like to know, though, is whether the attack on RSA was caused by Adobe's lackadaisical approach to patching Flash -- or was it the other way around? Was it the RSA attack that first brought the zero-day vulnerability to Adobe's attention?

Download SquadSecurity firm RSA attacked using Excel-Flash one-two sucker punch originally appeared on Download Squad on Wed, 06 Apr 2011 06:55:00 EST. Please see our terms for use of feeds.

Permalink | Email this | Comments]]>adobeadvanced persistent threatAdvancedPersistentThreatAPTexcelflashhackhackingphishingpoison ivyPoisonIvyrsasecuridsecurityspear phishingSpearPhishingtwo-factorWed, 06 Apr 2011 06:55:00 EST<![CDATA[WordPress 3.1.1 is a recommended security update, also improves performance]]>http://downloadsquad.switched.com/2011/04/05/wordpress-3-1-1-is-a-recommended-security-update-also-improves/http://downloadsquad.switched.com/2011/04/05/wordpress-3-1-1-is-a-recommended-security-update-also-improves/http://downloadsquad.switched.com/2011/04/05/wordpress-3-1-1-is-a-recommended-security-update-also-improves/#commentsWordPress.org logoWordPress.org, the insanely popular self-hosted blogging platform, has just received an update that bumps it to version 3.1.1. According to the official blog post on the matter -- and made obvious by the minor revision number -- this isn't a release centered on exciting new features, but that really shouldn't deter any WordPress.org user from updating.

WordPress 3.1.1 contains many security fixes, and as such not updating as soon as possible may leave your blog vulnerable to attacks. Among the fixed issues are two relating to the media uploader, an XSS flaw, and one that caused a PHP crash in certain conditions when handling "devilishly devised links in comments."

Alongside the security patches come performance improvements, fixes for taxonomy and some permalinks, as well as various things that have been causing plugin compatibility issues.

If you're currently a WordPress.org user, you should have already gotten notified about the update in your Dashboard. If not, or if you aren't a user just yet, you can download WordPress 3.1.1 from the official website.

Download SquadWordPress 3.1.1 is a recommended security update, also improves performance originally appeared on Download Squad on Tue, 05 Apr 2011 15:30:00 EST. Please see our terms for use of feeds.

Permalink | Email this | Comments]]>appsautomatticBlogbloggingblogscmsdevelopermediasecuritysecurity updateSecurityUpdateWebwordpressWordPress 3.1.1wordpress.orgWordpress3.1.1Tue, 05 Apr 2011 15:30:00 EST<![CDATA[Google Chrome and Chromium add protection against malicious downloads]]>http://downloadsquad.switched.com/2011/04/05/google-chrome-and-chromium-add-protection-against-malicious-down/http://downloadsquad.switched.com/2011/04/05/google-chrome-and-chromium-add-protection-against-malicious-down/http://downloadsquad.switched.com/2011/04/05/google-chrome-and-chromium-add-protection-against-malicious-down/#comments google chrome malicious download Google Chrome already sports a number of security-minded features, from Incognito mode to a software sandbox which makes exploiting the browser a Herculean task. Now, Google has announced additional protection for Chromium and Chrome users.

Built upon the Safe Browsing API, the new feature introduces protection against malicious downloads. If a download link appears in the Safe Browsing blacklist, Chrome and Chromium will warn users against downloading -- a save button is still presented, of course, in case you're convinced a file is perfectly safe to download.

We'd like to see something a bit more eye-catching than the red warning icon -- like perhaps painting the entire bar red. Many of the people a feature like this aims to protect probably won't notice the icon or change in wording as they'll be focused on clicking the save button.

Google is initially making download protection available to Chrome dev channel users, and you'll likely see it in Canary and Chromium snapshot builds as well. After thorough testing, beta and stable users will be next in line.

Download SquadGoogle Chrome and Chromium add protection against malicious downloads originally appeared on Download Squad on Tue, 05 Apr 2011 15:00:00 EST. Please see our terms for use of feeds.

Permalink | Email this | Comments]]>appsbrowserbrowserschromechromiumdownloadgoogle chromeGoogleChromemaliciousprotectionsafe browsingSafeBrowsingsafetysecuritywebTue, 05 Apr 2011 15:00:00 EST<![CDATA[Untethered iOS 4.3.1 jailbreak is go with redsn0w and PwnageTool for Windows and OS X, minus iPad 2]]>http://downloadsquad.switched.com/2011/04/04/untethered-ios-4-3-1-jailbreak-is-go-with-redsn0w-and-pwnagetool/http://downloadsquad.switched.com/2011/04/04/untethered-ios-4-3-1-jailbreak-is-go-with-redsn0w-and-pwnagetool/http://downloadsquad.switched.com/2011/04/04/untethered-ios-4-3-1-jailbreak-is-go-with-redsn0w-and-pwnagetool/#comments PwnageTool 4.3 iOS 4.3.1 untethered jailbreak Jailbreakers, your iOS 4.3.1 time has come -- the iPhone Dev-Team has updated their redsn0w and PwnageTool utilities to enable an untethered jailbreak of the latest and greatest iOS version. Redsn0w 0.9.6rc6 and PwnageTool 4.3 both use an exploit discovered by Stefan Esser, a German security researcher, best know to the jailbreak community as the man behind the antid0te framework, which implemented ALSR; a random arrangement of data for increased security against hacking.

So, if you're running an iPhone 3GS or 4 (GSM), an iPod touch third or fourth-generation, or an iPad 1 and want to get your jailbreak on, head on over to the Dev-Team blog for official links to both redsn0w (Windows or OS X) and PwnageTool. If you're an ultrasn0w user however, you best wait a little as there's a fix coming for some bugs between iOS 4.3.1 and the older basebands required for carrier unlock. Apple TV 2 owners can also get in on the action, but are limited to PwnageTool for your jailbreak needs. iPad 2 owners I'm afraid you're left out in the cold on this untethered one, as the iPad 2 requires a bootrom-level exploit to install and Apple's latest device is not susceptible to either the current limera1n or SHAtter bootrom exploits.

Download SquadUntethered iOS 4.3.1 jailbreak is go with redsn0w and PwnageTool for Windows and OS X, minus iPad 2 originally appeared on Download Squad on Mon, 04 Apr 2011 03:45:00 EST. Please see our terms for use of feeds.

Permalink | Email this | Comments]]>iOSiPhone Dev-TeamIphoneDev-teamjailbreakOS XOsXPwnageToolredsn0wsecurityutilitiesWindowsMon, 04 Apr 2011 03:45:00 EST<![CDATA[Gargantuan SQL injection infects 3.8 million URLs, installs rogue antivirus]]>http://downloadsquad.switched.com/2011/04/01/massive-sql-injection-infects-3-8-million-urls-installs-rogue-a/http://downloadsquad.switched.com/2011/04/01/massive-sql-injection-infects-3-8-million-urls-installs-rogue-a/http://downloadsquad.switched.com/2011/04/01/massive-sql-injection-infects-3-8-million-urls-installs-rogue-a/#comments LizaMoon SQL injection rogue AV Over the last few days, a mass SQL injection attack has been quickly gathering speed. Just three days ago only 28,000 URLs were affected, but at the time of writing, there could be up to 3.8 million infected URLs.

Websense has a complete write up the attack, dubbed 'LizaMoon,' but here's the basic gist: it looks like someone is exploiting a vulnerabilty (or vulnerabilities) in hundreds of thousands of websites running on Microsoft SQL Server 2003 and 2005. It's not yet known whether this is a vulnerability in SQL Server, or simply a case of outdated, unmaintained, and easily-exploitable CMSes.

The attack takes the form of an SQL injection, which then inserts a link to a JavaScript file hosted on the attacker's server. This is repeated over and over until every Web page in the SQL database has been infected -- and considering 3.8 million URLs have been infected, you can see that this is a very easy, and automated, attack.

Fortunately, the JavaScript isn't particularly malicious: it pops up a rogue AV program called Windows Stability Center, but that's it. Better yet, the rogue antivirus is already recognized by a bunch of real antivirus suites, including Avast, Panda and Microsoft Security Essentials.

The real problem with SQL injection attacks is that there's nothing we surfers can do about them. There will always be old and unmaintained websites, and thus SQL injections will remain one of the easiest and most lucrative tools of hackers and spammers alike. All you can do is keep your antivirus and anti-malware software up to date, and pray.

Download SquadGargantuan SQL injection infects 3.8 million URLs, installs rogue antivirus originally appeared on Download Squad on Fri, 01 Apr 2011 05:30:00 EST. Please see our terms for use of feeds.

Permalink | Email this | Comments]]>exploitfake antvirusFakeAntvirusjavascriptlizamoonmicrosoft sql serverMicrosoftSqlServerrogue antivirusrogue avRogueAntivirusRogueAvsecuritysql injectionsql serverSqlInjectionSqlServervirusvulnerabilitywebFri, 01 Apr 2011 05:30:00 EST<![CDATA[Fake pirated Walk and Text Android app embarrasses pirates and steals sensitive data]]>http://downloadsquad.switched.com/2011/03/31/fake-pirated-walk-and-text-android-app-embarrasses-pirates-and-s/http://downloadsquad.switched.com/2011/03/31/fake-pirated-walk-and-text-android-app-embarrasses-pirates-and-s/http://downloadsquad.switched.com/2011/03/31/fake-pirated-walk-and-text-android-app-embarrasses-pirates-and-s/#comments
walk and talk pirate SMS
Symantec is reporting that they have detected a malicious Android app doing the rounds on file-sharing sites in the US and Asia. The fake application impersonates a pirated version of an app called Walk and Text, which lets you overlay a keyboard on a live feed from your phone's camera to avoid crashing into things while walking and texting, and is currently available in the Android Market for less than $2.

When the fake app is launched it throws up a simulated dialog showing the Walk and Text app being 'cracked,' but actually what it's doing is collecting your private information including your IMEI, phone number, username, and scanning your address book. The virus then attempts to send that information back to a remote server, but also sends out an SMS to everyone in your address book with the text shown above and a warning that the application isn't licensed with links to buy the real thing:

Trojan warning

Symantec has dubbed the malicious application as the Android.Walkinwat Trojan and categorised it with a 'Very Low' risk level 1. While we can agree with the developer's sentiment, we can't condone their actions; but if you get hit by this Trojan and a nasty invasion of privacy, you've only got one person to blame.

Download SquadFake pirated Walk and Text Android app embarrasses pirates and steals sensitive data originally appeared on Download Squad on Thu, 31 Mar 2011 04:30:00 EST. Please see our terms for use of feeds.

Permalink | Email this | Comments]]>AndroidappsdevelopersecurityTrojanutilitiesVirusThu, 31 Mar 2011 04:30:00 EST<![CDATA[Top Facebook scams revealed by BitDefender (infographic)]]>http://downloadsquad.switched.com/2011/03/29/top-facebook-scams-revealed-by-bitdefender/http://downloadsquad.switched.com/2011/03/29/top-facebook-scams-revealed-by-bitdefender/http://downloadsquad.switched.com/2011/03/29/top-facebook-scams-revealed-by-bitdefender/#comments Security company BitDefender -- which recently released the Safego app to protect your Facebook account -- has put together an infographic illustrating information about the state of scams on the social networking site.

At an impressive 7,532 pixels tall, the graphic offers plenty of insight into the dark underbelly of Facebook. The company found profile insight apps -- like those which promise to show you who's viewing your page and who deleted you -- to be the most widespread scam. BitDefender estimates that this particular type of scam has generated more than 1.4 million clickthroughs. Facebook's popular social games are a common trap as well, but are in a distant second, with less than half the clickthroughs.

Somewhat surprisingly, shocking image and video posts came in at number three on the list. We've seen so many of this type of scam appear in our security feeds that we thought they'd be the most common.

Download SquadTop Facebook scams revealed by BitDefender (infographic) originally appeared on Download Squad on Tue, 29 Mar 2011 09:00:00 EST. Please see our terms for use of feeds.

Permalink | Email this | Comments]]>facebookinternetmalwarescamscamssecuritysocialsocial networkingsocialnetworkingwebTue, 29 Mar 2011 09:00:00 EST<![CDATA[BufferZone sandboxing for Windows goes 64-bit, beta available for download]]>http://downloadsquad.switched.com/2011/03/28/bufferzone-sandboxing-for-windows-goes-64-bit-beta-available-fo/http://downloadsquad.switched.com/2011/03/28/bufferzone-sandboxing-for-windows-goes-64-bit-beta-available-fo/http://downloadsquad.switched.com/2011/03/28/bufferzone-sandboxing-for-windows-goes-64-bit-beta-available-fo/#comments trustware bufferzone pro 4 sandboxing Trustware BufferZone is a great way to add an additional layer of security to your Windows computer. It's a sandboxing application, which means it helps isolate programs so they can't directly interfere with your Windows installation. Sandboxing is a terrific way to defend against malware infections.

Unfortunately, BufferZone had one serious shortfall. When Windows 7 arrived and the push to 64-bit kicked into high gear, the program wasn't compatible. That has now changed, with the release of BufferZone Pro 4 beta which supports both Windows Vista and Windows 7 x64.

Interested testers can register for the beta, and it's worth trying out. Additional security -- especially at no charge -- is usually worth a trial run.

Download SquadBufferZone sandboxing for Windows goes 64-bit, beta available for download originally appeared on Download Squad on Mon, 28 Mar 2011 11:35:00 EST. Please see our terms for use of feeds.

Permalink | Email this | Comments]]>appsbufferzonesandboxsandboxingsecuritytrustwareutilitieswindowsMon, 28 Mar 2011 11:35:00 EST<![CDATA[March 31 is World Backup Day 2011]]>http://downloadsquad.switched.com/2011/03/28/march-31-is-world-backup-day-2011/http://downloadsquad.switched.com/2011/03/28/march-31-is-world-backup-day-2011/http://downloadsquad.switched.com/2011/03/28/march-31-is-world-backup-day-2011/#comments World Backup Day 2011 Those benevolent armchair philanthropist Redditors are at it again! Four days ago a 'self' post extolling the potential virtues of a Backup Day exploded with 2500 upvotes and 1000 comments -- and now World Backup Day 2011 is actually happening.

On March 31, as part of the global data-saving initiative, you are encouraged to back up all of your cherished photos and videos, and important documents. If you've ever had a hard disk fail, and not had a backup to fall back on, you'll know that it's a bit like losing a sizable fragment of your soul. If you've never backed up your important files -- or if you only back up sporadically -- do it on World Backup Day!

It's not hard to back up your data, either. A 2TB drive costs only a fistful of dollars, and it takes just a few minutes to set SyncToy for Windows, or Time Machine for Mac, to mirror your data every night. If you prefer a cloud-based solution, there's always SugarSync and Dropbox. Finally, don't forget that Bundlelytic has a charity giveaway for three excellent data-backup-and-recovery tools -- $160 of software for only $25, and 100% of the proceeds to go the Japanese Red Cross.

For even more backup options, for Windows, Mac OS X, and Linux, check our list of 13 great backup programs.

Download SquadMarch 31 is World Backup Day 2011 originally appeared on Download Squad on Mon, 28 Mar 2011 07:30:00 EST. Please see our terms for use of feeds.

Permalink | Email this | Comments]]>back upbackupbackup dayBackupDaybackupsdatadata protectiondata recoveryDataProtectionDataRecoveryworld backup dayWorldBackupDayMon, 28 Mar 2011 07:30:00 EST<![CDATA[AVG Mobilation for Android tablets is a full-featured security suite]]>http://downloadsquad.switched.com/2011/03/25/avg-mobilation-for-android-tablets-is-a-full-featured-security-s/http://downloadsquad.switched.com/2011/03/25/avg-mobilation-for-android-tablets-is-a-full-featured-security-s/http://downloadsquad.switched.com/2011/03/25/avg-mobilation-for-android-tablets-is-a-full-featured-security-s/#comments avg mobilation android tablet AVG has been offering a pair of Android security applications for a while, and both the free and paid versions of its app have proved to be extremely popular with Android users. Now the company has launched a tablet-specific version as well.

Called AVG Mobilation for Android, the new app offers protection from malware, and a handful of other useful functions. Mobilation also provides a backup system which can secure your contacts, call logs, bookmarks, apps, and SMS messages. There's an App Locker, which allows you to password protect any app you've got installed on your Android device, and as if that wasn't enough, AVG has also built spam blocking and and task killing functionality into Mobilation.

Free and Pro versions of AVG Mobilation for Android tablets are due soon, but pricing and dates have yet to be confirmed.

Download SquadAVG Mobilation for Android tablets is a full-featured security suite originally appeared on Download Squad on Fri, 25 Mar 2011 10:30:00 EST. Please see our terms for use of feeds.

Permalink | Email this | Comments]]>androidantimalwareantivirusappsavgavg mobilationAvgMobilationmobilationmobilesecurityspamtask killerTaskKillerFri, 25 Mar 2011 10:30:00 EST<![CDATA[Adobe patches latest Flash and Reader vulnerabilities]]>http://downloadsquad.switched.com/2011/03/22/adobe-patches-latest-flash-reader-vulnerabilities/http://downloadsquad.switched.com/2011/03/22/adobe-patches-latest-flash-reader-vulnerabilities/http://downloadsquad.switched.com/2011/03/22/adobe-patches-latest-flash-reader-vulnerabilities/#commentsJust recently, new critical vulnerabilities were reported in Adobe Flash Player and Adobe Reader. While Google and Adobe managed to deliver an update to secure Chrome users, it took a few more days to put together the necessary bits for the general Flash and Reader using public.

Fortunately, the work is now complete, and Adobe has posted updated downloads for both products. You should be notified via the Adobe Updater that a new version is available, but you can always download manually as well. We'd recommend doing so immediately rather than waiting on a notification.

You can find the updated Flash Player and Reader downloads on Adobe's site, and Windows versions are available on Filehippo (Reader and Flash) as well.

Download SquadAdobe patches latest Flash and Reader vulnerabilities originally appeared on Download Squad on Tue, 22 Mar 2011 08:17:00 EST. Please see our terms for use of feeds.

Permalink | Email this | Comments]]>adobe flashadobe flash playeradobe readerAdobeFlashAdobeFlashPlayerAdobeReaderappsexploitflashpatchplug-inspluginsreadersecurityvulnerabilitiesTue, 22 Mar 2011 08:17:00 EST<![CDATA[BitDefender Traffic Light protects your Web browser from malware and phishing]]>http://downloadsquad.switched.com/2011/03/21/bitdefender-traffic-light-protects-your-web-browser-from-malware-phishing/http://downloadsquad.switched.com/2011/03/21/bitdefender-traffic-light-protects-your-web-browser-from-malware-phishing/http://downloadsquad.switched.com/2011/03/21/bitdefender-traffic-light-protects-your-web-browser-from-malware-phishing/#comments bitdefender traffic light browser malware We've seen several browser toolbar security tools before here at Download Squad. Nearly every big-name antivirus company offers one nowadays, but BitDefender Traffic Light has one key advantage: it's available on all five major browsers! Internet Explorer, Firefox, Google Chrome, Opera, and Safari.

It's also not nearly as in-your-face as some browser malware defense tools. Traffic Light displays only a small slide-out grab tab that you can click to display its analysis of the current page. When malicious activity is detected, however, Traffic Light will spring into action and prevent the offending code from executing. You'll be giving up a bit of memory -- somewhere between 20 and 30 megs -- but most of us can spare at least that much, especially for some additional Web security.

To install Traffic Light in your browser, visit the BitDefender site. A few clicks later an you'll have unobtrusive malware protection hiding just below your browser's toolbar.

Download SquadBitDefender Traffic Light protects your Web browser from malware and phishing originally appeared on Download Squad on Mon, 21 Mar 2011 14:30:00 EST. Please see our terms for use of feeds.

Permalink | Email this | Comments]]>appsbitdefenderbrowserbrowsersfirefoxgoogle chromeGoogleChromeinternet explorerInternetExploreroperasafarisecuritytraffic lightTrafficLightwebMon, 21 Mar 2011 14:30:00 EST<![CDATA[Zero-day Flash vulnerability fixed in Chrome, still unpatched elsewhere]]>http://downloadsquad.switched.com/2011/03/21/zero-day-flash-vulnerability-fixed-in-chrome-still-unpatched-el/http://downloadsquad.switched.com/2011/03/21/zero-day-flash-vulnerability-fixed-in-chrome-still-unpatched-el/http://downloadsquad.switched.com/2011/03/21/zero-day-flash-vulnerability-fixed-in-chrome-still-unpatched-el/#commentsGoogle, proving the efficacy of Chrome's built-in Flash Player and its early, insider access to Adobe's developer builds, has fixed the zero-day vulnerability that emerged last week.

The hole will be plugged on other platforms and browsers by a new version of Flash 10.1 and 10.2 that should've been released by now.

If you've restarted Google Chrome in the last few days, you should now have the updated Flash Player. Otherwise, go ahead and restart your browser now and it will automatically update.

Download SquadZero-day Flash vulnerability fixed in Chrome, still unpatched elsewhere originally appeared on Download Squad on Mon, 21 Mar 2011 09:45:00 EST. Please see our terms for use of feeds.

Permalink | Email this | Comments]]>adobeadobe flash playerAdobeFlashPlayerbrowserschromeflashgooglegoogle chromeGoogleChromesecuritywebzero-dayMon, 21 Mar 2011 09:45:00 EST<![CDATA[LastPass Sesame enables two-factor authentication for your password vault]]>http://downloadsquad.switched.com/2011/03/18/lastpass-sesame-enables-two-factor-authentication-for-your-passw/http://downloadsquad.switched.com/2011/03/18/lastpass-sesame-enables-two-factor-authentication-for-your-passw/http://downloadsquad.switched.com/2011/03/18/lastpass-sesame-enables-two-factor-authentication-for-your-passw/#comments Two-factor authentication is a good way to add a strong, additional layer of security to your online accounts. While it's certainly important to use with something like your Google account (which recently added support), a password manager like LastPass is an even better place to batten down the hatches this way.

LastPass users who have a premium account should definitely check out Sesame, a program for Windows, Mac, and Linux which creates one-time use passwords for two-factor authentication. Simply enable two-factor authentication in your LastPass settings, launch Sesame, and select the account for which you need to generate a password.

You do need a $12 per year premium account to utilize Sesame, but the increased security two-factor authentication provides certainly seems worth one measly dollar per month to us.

You'll find LastPass Sesame on the company's download page -- just click through to your OS of choice. To see Sesame in action, check the video after the break!

Continue reading LastPass Sesame enables two-factor authentication for your password vault

Download SquadLastPass Sesame enables two-factor authentication for your password vault originally appeared on Download Squad on Fri, 18 Mar 2011 11:43:00 EST. Please see our terms for use of feeds.

Permalink | Email this | Comments]]>appsauthenticationlastpasslinuxmacpasswordpasswordssecuresecuritysesametwo-factorwindowsFri, 18 Mar 2011 11:43:00 EST<![CDATA[WhisperCore Beta for Android encrypts your data for free, only works on the Nexus S for now]]>http://downloadsquad.switched.com/2011/03/16/whispercore-beta-for-android-encrypts-your-data-for-free-only-w/http://downloadsquad.switched.com/2011/03/16/whispercore-beta-for-android-encrypts-your-data-for-free-only-w/http://downloadsquad.switched.com/2011/03/16/whispercore-beta-for-android-encrypts-your-data-for-free-only-w/#comments Whispersystems WhisperCore for Android
WhisperCore is a new app for Android that lets you encrypt your system disk and/or SD card. It's free for personal use, and pricing for commercial use varies according to the size of deployment. WhisperCore uses 256 bit AES encryption, a popular choice in the encryption space, also seen in tools such as TrueCrypt and Linux Unified Key Setup.

Once you install the app, you set a passphrase that will be used to generate the key that's then used to encrypt all the data on the disk. The lack of full data encryption on Android is something many companies are basing future products upon, but WhisperCore may have a head start.

The app is in beta stage right now, and it has an important caveat you need to be aware of: it only runs on the Google Nexus S. This will obviously change in the future, but at the moment having one single hardware environment probably makes it a lot easier to track bugs. Also, the ability to encrypt SD cards is pretty much useless at this point, with the Nexus S not having an SD card slot.

If you feel like giving WhisperCore a try, you can download it from the developer's site. Note its beta state though, so expect quite a few bugs and quirks, and as such perhaps refrain from trying it on your main phone just yet, unless you're the adventurous type.

Download SquadWhisperCore Beta for Android encrypts your data for free, only works on the Nexus S for now originally appeared on Download Squad on Wed, 16 Mar 2011 18:00:00 EST. Please see our terms for use of feeds.

Permalink | Email this | Comments]]>androidappsData EncryptionDataEncryptionencryptionfreeFull disk encryptionFullDiskEncryptionsecurityutilitieswhispercoreWhisperSystemsWed, 16 Mar 2011 18:00:00 EST<![CDATA[Facebook for Android update improves images, security (in theory)]]>http://downloadsquad.switched.com/2011/03/16/facebook-app-android-update-improves-images-security-in-theory/http://downloadsquad.switched.com/2011/03/16/facebook-app-android-update-improves-images-security-in-theory/http://downloadsquad.switched.com/2011/03/16/facebook-app-android-update-improves-images-security-in-theory/#comments Facebook updated its official app for Android devices last night, bringing significant image-posting improvements, bug fixes, and a promise of "improved security using SSL."

Changes for the app's handling of images include users now being able to upload photos to their friends' walls and also to groups. Photos are now supposed to always maintain their correct orientation when uploaded, but that won't help the people who are notorious for knocked-over portraits (we all know one).

As for the bolstered usage of SSL, it wouldn't normally be a big deal. You may, nowever, remember recent rumblings about the app sending huge amounts of data in the clear. That news caused plenty of users to be more than slightly perturbed -- and rightly so, given the importance of a secure connection in the world of social networking. It's good to see the devs at Facebook working to correct this problem, but nothing's really final until the updated app has been run over a packet-sniffed network.

Now the bad news. Within an hour of the update's release, over 10 pages of shriekingly bad reviews were posted, reporting that images (which were supposed to be a plus) weren't showing up at all, and that the app was crashing almost immediately upon opening it. Several reviewers noted that they were using older versions of Android, so it could simply be an issue of OS fragmentation since it works for me on Gingerbread (2.3.3).

So, as usual, buyer beware, and if you're not scared off by the reviews then you can grab the update at the Android Market.

Download SquadFacebook for Android update improves images, security (in theory) originally appeared on Download Squad on Wed, 16 Mar 2011 12:00:00 EST. Please see our terms for use of feeds.

Permalink | Email this | Comments]]>androidappscellphonesfacebookmobilephotographysecuritysocial networkingSocialNetworkingsslWed, 16 Mar 2011 12:00:00 EST<![CDATA[Google mandates longer Apps passwords]]>http://downloadsquad.switched.com/2011/03/16/google-mandates-longer-apps-passwords/http://downloadsquad.switched.com/2011/03/16/google-mandates-longer-apps-passwords/http://downloadsquad.switched.com/2011/03/16/google-mandates-longer-apps-passwords/#commentsStrong, carefully-crafted passwords are imperative nowadays. Google seems to agree, and the company has announced that it is now requiring all Apps for Domains passwords to be a minimum of 8 characters -- two more than the previous limit.

How much difference can two measly characters make? Plenty. A quick test with a few different combinations over at How Secure is My Password bumped the time-to-crack from 8 seconds (6 characters) to more than a day. That's a substantial difference, and it's nice to see Google enforcing the 8-character minimums.

If you can handle something longer, go for it. You're only going to make things harder for the bad guys, after all. A bump to 10 characters pushes your time-to-crack to about 10 years.

Download SquadGoogle mandates longer Apps passwords originally appeared on Download Squad on Wed, 16 Mar 2011 09:00:00 EST. Please see our terms for use of feeds.

Permalink | Email this | Comments]]>apps for domainsAppsForDomainsgooglegoogle appsGoogleAppslengthminimumpasswordpasswordssecuritywebWed, 16 Mar 2011 09:00:00 EST<![CDATA[Twitter adds permanent HTTPS option for improved security]]>http://downloadsquad.switched.com/2011/03/16/twitter-adds-permanent-https-option-for-improved-security/http://downloadsquad.switched.com/2011/03/16/twitter-adds-permanent-https-option-for-improved-security/http://downloadsquad.switched.com/2011/03/16/twitter-adds-permanent-https-option-for-improved-security/#comments
Those of you who don't want your Twitter account 'jacked like so many unsuspecting Firesheep victims, take heed! Twitter has added an "always use HTTPS" option to its settings page for added security while you tweet, @mention, and DM.

There's really no reason not to enable permanent HTTPS, so click the drop down by your avatar, choose settings, and then head all the way to the bottom of the page. Pop in a checkmark, enter your password, and save. Now each time you visit the site, your activity will be wrapped in 256-bit AES encryption.

Twitter's mobile website does not currently support the permanent setting, but the company says it's being worked on.

Download SquadTwitter adds permanent HTTPS option for improved security originally appeared on Download Squad on Wed, 16 Mar 2011 07:30:00 EST. Please see our terms for use of feeds.

Permalink | Email this | Comments]]>aesencryptionfiresheephttpssecuresecuritysocialnetworkingssltwitterwebWed, 16 Mar 2011 07:30:00 EST<![CDATA[Flash and Reader zero-day vulnerability going unfixed for a week]]>http://downloadsquad.switched.com/2011/03/15/flash-and-reader-zero-day-vulnerability-going-unfixed-for-a-week/http://downloadsquad.switched.com/2011/03/15/flash-and-reader-zero-day-vulnerability-going-unfixed-for-a-week/http://downloadsquad.switched.com/2011/03/15/flash-and-reader-zero-day-vulnerability-going-unfixed-for-a-week/#commentsDon't get us wrong -- Adobe has gotten better about responding to security risks over the past year or so -- but news of a new, critical Flash zero-day exploit going unfixed for a week has us hearing the sad trombone noise all over again.

The flaw lies in both the Flash Player and authplay.dll, which ships with Windows versions of Reader. Flash is affected on all operating systems, however.

Adobe has already received reports of attackers utilizing the exploit via an Excel sheet with a specially crafted .SWF embed. There have been no reports of Reader being attacked as of yet. It's also worth noting that Reader X would not be vulnerable, thanks to its sandboxing kung fu.

As always, the key with attacks like this is vigilance. Cast a skeptical eye on attachments you receive, especially those from untrusted sources. Since this particular attack appears to only be targeting Flash via an Excel sheet at the moment, it might not be a bad idea to use a Web-based viewer to open any .XLS or .XLSX attachments you receive. The Google Docs Viewer and Zoho Viewer are both good options.

Once Adobe's got the fix ready next week, you should receive an update notification. Make sure you update, rather than hiding the alert and going about your business... Not that you (or we) would ever do that.

Download SquadFlash and Reader zero-day vulnerability going unfixed for a week originally appeared on Download Squad on Tue, 15 Mar 2011 07:47:00 EST. Please see our terms for use of feeds.

Permalink | Email this | Comments]]>adobeauthplay.dllembedexcelexploitflashflash playerFlashPlayerreadersecurityswfxlszero dayZeroDayTue, 15 Mar 2011 07:47:00 EST<![CDATA[iOS in-app purchases now always require password]]>http://downloadsquad.switched.com/2011/03/11/ios-in-app-purchases-require-password/http://downloadsquad.switched.com/2011/03/11/ios-in-app-purchases-require-password/http://downloadsquad.switched.com/2011/03/11/ios-in-app-purchases-require-password/#commentsiOS in-app purchase logoApple's in-app purchasing mechanism has suffered a small, but important change in iOS 4.3. Whereas before you could make as many in-app purchases as you pleased without having to enter your iTunes password for 15 minutes after last entering that password (for example, when purchasing an app or game), from now on entering the password will be required for each and every in-app purchase. This will surely make parents everywhere breathe a collective sigh of relief, since it certainly seems like they were the biggest proponents of such a change.

Why? Well, imagine this. Your child asks you (nicely) to enter your iTunes password so he or she could download the latest and greatest game that all their friends are playing (the game may even be free). You do so, and then they start playing, but, unknown to you, they purchase a $99 in-app item such as an 'animal', or who knows what. Children may not even understand that they've used real money off your credit card for that purchase. Then, at the end of the month, your credit card statement comes in, and... you get the idea. The above isn't possible anymore, and that's certainly a good thing. And, perhaps, one more reason to update your iPhone, iPad, or iPod touch to the latest version of the OS.

Let's hope Google decides to implement such security measures for in-app purchases from the beginning, whenever it finally decides to launch that system for Android-powered devices.

Download SquadiOS in-app purchases now always require password originally appeared on Download Squad on Fri, 11 Mar 2011 17:30:00 EST. Please see our terms for use of feeds.

Permalink | Email this | Comments]]>Applein-app purchasesIn-appPurchasesIOSios 4.3Ios4.3ipadiphoneipod touchIpodTouchsecurityFri, 11 Mar 2011 17:30:00 EST<![CDATA[iPhone and BlackBerry browsers fall at Pwn2Own]]>http://downloadsquad.switched.com/2011/03/11/iphone-and-blackberry-browsers-fall-pwn2own/http://downloadsquad.switched.com/2011/03/11/iphone-and-blackberry-browsers-fall-pwn2own/http://downloadsquad.switched.com/2011/03/11/iphone-and-blackberry-browsers-fall-pwn2own/#commentsHackers Ahead signOne day after IE8 and Safari fell prey to eager hackers during Pwn2Own's first day this year, the iPhone 4 and the BlackBerry browser have been exploited as well. The former was pwned by veteran Pwn2Own winner Charlie Miller, who developed an exploit that enabled him to run arbitrary code on the iPhone after visiting a specially-formatted Web page. Once he was 'in' the iPhone, he was able to perform any action he wanted. The iPhone was running iOS 4.2.1, but the same vulnerability that allowed control over it is also present in iOS 4.3. However, the specific exploit that Miller used won't work on the latest version of Apple's mobile operating system.

Pwning the browser in the BlackBerry Torch 9800 proved a bit more difficult, but not because that particular piece of software was more secure. It just so happens that there's no debugger available for that version of the BlackBerry browser, so pwning it required combining two information leak bugs, an integer overflow bug, and a lot of trial and error work for the multinational team of researchers that decided to do this. Again, the only requirement for the exploit to work was that a specially-crafted website had to be visited. There is a newer firmware version for the Torch than that which was exploited, but the flaws are still there.

The Android-powered Google Nexus S and a Windows Phone 7 device were also supposed to be tested, but the researchers that had been chosen to do so did not show up.

Download SquadiPhone and BlackBerry browsers fall at Pwn2Own originally appeared on Download Squad on Fri, 11 Mar 2011 16:30:00 EST. Please see our terms for use of feeds.

Permalink | Email this | Comments]]>AppleBlackBerryBlackBerry browserBlackberryBrowserbrowserscompromiseddeveloperIOSios 4.2.1Ios4.2.1iphoneiphone 4Iphone4Pwn2Ownpwn2own2011RIMsafarisecurityvulnerabilityFri, 11 Mar 2011 16:30:00 EST<![CDATA[Charlie Sheen death hoax spreads malware on Facebook and Twitter]]>http://downloadsquad.switched.com/2011/03/11/charlie-sheen-death-hoax-spreads-malware-on-facebook-and-twitter/http://downloadsquad.switched.com/2011/03/11/charlie-sheen-death-hoax-spreads-malware-on-facebook-and-twitter/http://downloadsquad.switched.com/2011/03/11/charlie-sheen-death-hoax-spreads-malware-on-facebook-and-twitter/#comments Facebook Charlie sheen scam No, despite what you may have heard on Facebook and Twitter, Charlie Sheen is not yet dead.

With the eye-catching title of "RIP! Charlie Sheen found Dead at his House," a massive clickjacking hoax is doing the rounds on Facebook and Twitter. Clicking the link will take you to a fake YouTube page -- and if you click anywhere on the page, the hoax will infect your Facebook profile and begin sharing the link to your friends.

You are then asked to complete a survey (why does anyone complete these surveys?) Finally, to consummate the malware trifecta, some users are reporting that malware is downloaded to your computer.

If you've fallen prey to this drug-and-porn media orgy and clicked the "RIP!" link, head to Account > Privacy Settings > Edit your settings (bottom left). Alternatively, click this link to go straight to your app settings. From there, revoke any applications that look spammy (they'll be at the top of the list).

You should also update and run your antivirus/anti-malware software to clean up any residual mess.

Finally, to protect yourself from future scams, you really should follow FaceCrooks, which is dedicated to uncovering and publicizing the latest Facebook scams.

Download SquadCharlie Sheen death hoax spreads malware on Facebook and Twitter originally appeared on Download Squad on Fri, 11 Mar 2011 07:30:00 EST. Please see our terms for use of feeds.

Permalink | Email this | Comments]]>charlie sheenCharlieSheenclickjackingfacebookhoaxmalwareprivacyscamsecuritysocial networkingsocial-networkingSocialNetworkingspamFri, 11 Mar 2011 07:30:00 EST<![CDATA[Safari 5.0.4 fixes a horde of security issues, improves stability]]>http://downloadsquad.switched.com/2011/03/10/safari-5-0-4-has-many-security-and-stability-fixes/http://downloadsquad.switched.com/2011/03/10/safari-5-0-4-has-many-security-and-stability-fixes/http://downloadsquad.switched.com/2011/03/10/safari-5-0-4-has-many-security-and-stability-fixes/#commentsSafari logoApple has updated Safari today, bringing the browser to version 5.0.4 for Windows and Mac. Although, as hinted at by the version number, this isn't a major release that adds new features and functionality, it's a highly recommended update because of the sheer number of security vulnerabilities that it fixes: 62. These vulnerabilities are detailed in a dedicated Apple knowledge base article. While Apple doesn't assign severity levels to the vulnerabilities found in its software, thus making it harder to quickly grasp the importance of such problems, Naked Security reports that 57 of those 62 bugs can be exploited if the user simply visits a specially constructed website. So, in a word -- update!

Safari 5.0.4 also brings a host of stability and compatibility improvements compared to its predecessors. Issues with stability when running multiple instances of plug-ins, compatibility with pages with image reflections and transition effects, printing with incorrect layouts, content display on pages with plug-ins, and the screen saver appearing while playing video in Safari, have all been fixed.

Safari 5.0.4 works on Mac OS X 10.5.8 or newer, as well as on Windows XP, Vista, or 7. The update has already been pushed through Apple's Software Update mechanism. You can also just download Safari 5.0.4 directly from Apple's website.

Download SquadSafari 5.0.4 fixes a horde of security issues, improves stability originally appeared on Download Squad on Thu, 10 Mar 2011 12:35:00 EST. Please see our terms for use of feeds.

Permalink | Email this | Comments]]>Appleappsbrowserssafarisafari 5safari 5.0.4Safari5Safari5.0.4securityThu, 10 Mar 2011 12:35:00 EST<![CDATA[Internet Explorer and Safari first to fall at Pwn2Own 2011, Chrome and Firefox still standing]]>http://downloadsquad.switched.com/2011/03/10/ie8-and-safari-first-to-fall-at-pwn2own-2011-chrome-and-firefox/http://downloadsquad.switched.com/2011/03/10/ie8-and-safari-first-to-fall-at-pwn2own-2011-chrome-and-firefox/http://downloadsquad.switched.com/2011/03/10/ie8-and-safari-first-to-fall-at-pwn2own-2011-chrome-and-firefox/#comments Pwn2Own Firefox and Chrome still standing Pwn2Own, the annual three-day browser hackathon, has already claimed its first two victims: IE8 on Windows 7 64-bit, and Safari 5 on Mac OS X. Google Chrome looks set to survive for its third year in a row.

Internet Explorer 8 was thoroughly destroyed by independent researcher Stephen Fewer. "He used three vulnerabilities to bypass ASLR and DEP, but also escape Protected Mode. That's something we've not seen at Pwn2Own before," said Aaron Portnoy, the organizer of Pwn2Own.

Safari 5, running on a MacBook Air, was compromised in just five seconds by French security company Vupen. Both attackers netted $15,000 for successfully compromising a browser.

The contest continues today and tomorrow. Firefox 3.6 is yet to be attacked, and tomorrow will see the very first mobile browser deathmatch. Windows Phone 7, iOS, Android and RIM OS, all with their stock browsers, will be attacked by security researchers to find out just how secure mobile browsing is. Again, $15,000 is available for the first person or team to compromise each of the browsers.

Google, Apple and Mozilla, incidentally, all rolled out updates to their browsers just before Pwn2Own. It was not a coincidence.

Download SquadInternet Explorer and Safari first to fall at Pwn2Own 2011, Chrome and Firefox still standing originally appeared on Download Squad on Thu, 10 Mar 2011 10:15:00 EST. Please see our terms for use of feeds.

Permalink | Email this | Comments]]>applebrowserschromecompromisedfirefoxfirefox 3.6Firefox3.6googlegoogle chromeGoogleChromeie8internet explorerinternet explorer 8InternetExplorerInternetExplorer8microsoftmozillapwn2ownsafarisafari 5Safari5securityvulnerabilitywebThu, 10 Mar 2011 10:15:00 EST<![CDATA[Zeus malware variant begins targetting BlackBerry users]]>http://downloadsquad.switched.com/2011/03/07/zeus-malware-variant-begins-targetting-blackberry-users/http://downloadsquad.switched.com/2011/03/07/zeus-malware-variant-begins-targetting-blackberry-users/http://downloadsquad.switched.com/2011/03/07/zeus-malware-variant-begins-targetting-blackberry-users/#commentsIt's been widely reported that the world's millions of smartphones are the next juicy target for malware creators, and we're beginning to see the shift. Trojanized apps recently infiltrated the Android Market and now Trend Micro is reporting that a Zeus trojan variant has begun infecting BlackBerry devices.

The trojan installs silently and then notifies its administrators that the compromised device is ready to receive instructions. Trend notes that an infected BlackBerry can be forced to block calls and phone numbers, add administrator accounts, turn the device on or off, and forward, delete, and display SMS messages.

While BlackBerry devices seem to be the primary target, Zeus variants have also been spotted on Symbian and Windows Mobile phones.

As is the case with desktop malware, vigilance and knowledge is the best defense: don't install untrusted apps and don't visit links you're unsure of on your mobile device.

Download SquadZeus malware variant begins targetting BlackBerry users originally appeared on Download Squad on Mon, 07 Mar 2011 09:00:00 EST. Please see our terms for use of feeds.

Permalink | Email this | Comments]]>blackberrymalwaremobilesecuritytrend microTrendMicrotrojanviruszeusMon, 07 Mar 2011 09:00:00 EST<![CDATA[Google promises tighter Android Market security in wake of Trojan outbreak]]>http://downloadsquad.switched.com/2011/03/06/google-promises-tighter-android-market-security-in-wake-of-trojan-outbreak/http://downloadsquad.switched.com/2011/03/06/google-promises-tighter-android-market-security-in-wake-of-trojan-outbreak/http://downloadsquad.switched.com/2011/03/06/google-promises-tighter-android-market-security-in-wake-of-trojan-outbreak/#commentsWhen we first reported on applications in the official Android Market being infected with a Trojan backdoor, 21 malicious apps were found. After the dust had settled, the total was closer to 60 -- and Google has now announced what it is doing to undo the damage and prevent future outbreaks in the Market.

For starters, Google is remotely wiping the rogue applications from users' devices and pushing a security update for the Android Market app. Google will also email a notice to affected users to let them know that the update has been applied and that changes made by the Trojan-bearing apps have been undone. A confirmation notice will also be sent once the cleanup has finished.

Google also promised to beef up the Android Market's security systems and stated that work is underway with various partners to address "underlying issues."

The Android Market is now at the point where it's got a vast number of high-quality apps. Perhaps now that its security shortcomings have been exposed, it's time to slow the inrush of new apps and devote more time and resources to making sure no more Android users fall victim to such attacks.

Download SquadGoogle promises tighter Android Market security in wake of Trojan outbreak originally appeared on Download Squad on Sun, 06 Mar 2011 10:00:00 EST. Please see our terms for use of feeds.

Permalink | Email this | Comments]]>androidandroid marketAndroidMarketappsgooglemobilesecuritytrojanSun, 06 Mar 2011 10:00:00 EST<![CDATA[How Secure is My Password lets you know just that]]>http://downloadsquad.switched.com/2011/03/05/how-secure-is-my-password-lets-you-know-just-that/http://downloadsquad.switched.com/2011/03/05/how-secure-is-my-password-lets-you-know-just-that/http://downloadsquad.switched.com/2011/03/05/how-secure-is-my-password-lets-you-know-just-that/#comments howsecureismypassword We've all heard it before; you need to select a lengthy password, one that's hard to guess. Not a dictionary word. And it has to have some capital letters in it too, and some digits, and a symbol or two won't hurt either.

That's a handy set of rules to keep in mind, but How Secure is My Password helps us understand why they're important.

It's basically like a full-screen version of one of those password-strength meters websites sometimes use. But instead of showing you a bar going from "weak" to "strong", it shows you an estimation of how long your password would take to crack. That's a much more visceral way to understand why your password is strong.

For example, when I entered "rabbit", it came back with "your password is one of the 500 most common passwords. It could be cracked almost instantly". "rabbit5" would take two hours, "$rabbit5" would take 38 days, and "$rabbitZ5" would take 237 years. It's quite enlightening to see what a difference three simple characters can make.

Download SquadHow Secure is My Password lets you know just that originally appeared on Download Squad on Sat, 05 Mar 2011 14:00:00 EST. Please see our terms for use of feeds.

Permalink | Email this | Comments]]>appspasswordsprivacysecuritywebSat, 05 Mar 2011 14:00:00 EST<![CDATA[WordPress.com hit by massive DDoS attack]]>http://downloadsquad.switched.com/2011/03/03/wordpress-com-hit-by-massive-ddos-attack/http://downloadsquad.switched.com/2011/03/03/wordpress-com-hit-by-massive-ddos-attack/http://downloadsquad.switched.com/2011/03/03/wordpress-com-hit-by-massive-ddos-attack/#commentsDDoS attacks aren't entirely uncommon nowadays, but the scale of the attack against WordPress.com is truly staggering. CEO Matt Mullenweg told TechCrunch that the attack has affected all three of the company's data centers -- which are located in Chicago, Dallas, and San Antonio. The sites were being blasted by tens of millions of packets (and multiple Gigabits) per second.

Mullenweg says the attacks have been neutralized for now and notes that Automattic is taking precautionary steps to avoid possible aftershocks. As for the cause of the attacks, Mullenweg speculates that they "may have been politically motivated against one of our non-English blogs but we're still investigating and have no definitive evidence yet."

You can check on the current status of the WordPress service on its Public Website Health status page.

Download SquadWordPress.com hit by massive DDoS attack originally appeared on Download Squad on Thu, 03 Mar 2011 16:15:00 EST. Please see our terms for use of feeds.

Permalink | Email this | Comments]]>automatticcmscontentddoshostingpublishingsecuritywebwordpressThu, 03 Mar 2011 16:15:00 EST<![CDATA[Google pulls 21 Android malware apps with Trojan rootkit, over 50,000 users infected]]>http://downloadsquad.switched.com/2011/03/02/google-pulls-21-android-malware-apps-with-trojan-rootkit-over-50000-infected/http://downloadsquad.switched.com/2011/03/02/google-pulls-21-android-malware-apps-with-trojan-rootkit-over-50000-infected/http://downloadsquad.switched.com/2011/03/02/google-pulls-21-android-malware-apps-with-trojan-rootkit-over-50000-infected/#commentsThanks to a tip-off by a redditor, and some investigation by Android Police, Google has pulled 21 Android Market apps that were infected with a backdoor Trojan rootkit. If you downloaded any of the infected apps, they will be automatically deleted from your phone.

The attack vector was ingenious, and plays on the Android Market's biggest weakness: the almost complete absence of app moderation. The nefarious developer crafted 21 apps that share the name of legitimate apps (such as 'Chess'), and into each of them he inserted some Trojan code. The apps then quietly report your sensitive data back to a remote server, while you play with your free app.

According to Android Police, the apps include a feature that automatically roots the phone (using the well-known rageagainstthecage rooting tool), which allows it to download and execute arbitrary code. Even though Google has pulled the infected apps, these downloaded bits of code could still remain on over 50,000 infected devices. If you think you be infected, you might want to perform a factory reset.

The scary thing is, there's nothing to stop the same app publisher from creating more malware-infected apps in the future, perhaps with the grander plan of creating a botnet. That's the problem with unmoderated ecosystems like the Android Market: you have to take the good with the bad, whether you like it or not. It's a bit like the Wild West in that regard.

Download SquadGoogle pulls 21 Android malware apps with Trojan rootkit, over 50,000 users infected originally appeared on Download Squad on Wed, 02 Mar 2011 06:30:00 EST. Please see our terms for use of feeds.

Permalink | Email this | Comments]]>androidandroid marketAndroidMarketantivirusmalwaremobilerageagainstthecagesecurityvirusWed, 02 Mar 2011 06:30:00 EST<![CDATA[Intel acquisition of McAfee approved by regulators]]>http://downloadsquad.switched.com/2011/03/01/intel-acquisition-of-mcafee-approved-by-regulators/http://downloadsquad.switched.com/2011/03/01/intel-acquisition-of-mcafee-approved-by-regulators/http://downloadsquad.switched.com/2011/03/01/intel-acquisition-of-mcafee-approved-by-regulators/#comments intel mcafee In August of 2010, Intel announced it was purchasing McAfee for a cool $7.7 billion in cash. The deal had been held up by U.S. and EU regulators ever since, but the transaction has finally been given the all-clear.

The two companies plan to develop security solutions which more tightly integrate hardware and software, a move both claim is imperative in today's rapidly evolving threat landscape. In a press release, Intel's Renée James said "The acquisition of McAfee adds not only world-leading security products and technologies to Intel's computing portfolio, but also brings incredibly talented people focused on delivering products and services that help make connecting to the mobile Internet safer and more secure."

Intel already revealed at least one component of its mobile security strategy -- an SMS-powered remote kill switch in its Sandy Bridge chips, which can be used to disable stolen laptops. We're curious to see what additional integrated defenses Intel and McAfee release now that the acquisition has been finalized.

Download SquadIntel acquisition of McAfee approved by regulators originally appeared on Download Squad on Tue, 01 Mar 2011 07:30:00 EST. Please see our terms for use of feeds.

Permalink | Email this | Comments]]>acquisitionbusinesschipcpuenterpriseintelmalwaremcafeeprocessorremote killRemoteKillsecuritythreatvirusTue, 01 Mar 2011 07:30:00 EST<![CDATA[BlackHole RAT Mac OS X backdoor Trojan virus mimics password prompt]]>http://downloadsquad.switched.com/2011/02/28/mac-os-x-backdoor-trojan-virus-discovered-computer-is-vulnerable/http://downloadsquad.switched.com/2011/02/28/mac-os-x-backdoor-trojan-virus-discovered-computer-is-vulnerable/http://downloadsquad.switched.com/2011/02/28/mac-os-x-backdoor-trojan-virus-discovered-computer-is-vulnerable/#comments BlackHole RAT, Mac OS X Trojan A new backdoor Trojan virus that targets Mac OS X has emerged, Sophos reports. Interestingly, the new virus, which is called BlackHole RAT (or OSX/MusMinim-A in virus definition speak), is a variant of the 'legitimate' Windows Trojan DarkComet-RAT.

Fortunately, the virus doesn't seem to be very malicious. It allows a remote controller to reboot or shutdown an infected computer, or pop up a fake 'Administrator Password' box that can be used to phish a user's password -- but for the most part, it actually seems to be a proof of concept; a warning to Mac users that their OS can be infected.

One of BlackHole RAT's functions pops open a full-screen dialog with only a 'reboot' button, and the following, vaguely sociopathic message:
"I am a Trojan Horse, so i have infected your Mac Computer. I know, most people think Macs can't be infected, but look, you ARE Infected!

I have full controll over your Computer and i can do everything I want, and you can do nothing to prevent it.

So, Im a very new Virus, under Development, so there will be much more functions when im finished."
You kind of expect 'muhahaha!!1' to be at the end.

As for how the virus is distributed, it is probably via the usual channels: pirate downloads, or vulnerable browser plug-ins. Sophos notes that its Anti-Virus for Mac Home Edition, which is a free download, identifies and removes the virus. You should probably run it, just to make sure you're not infected.

Download SquadBlackHole RAT Mac OS X backdoor Trojan virus mimics password prompt originally appeared on Download Squad on Mon, 28 Feb 2011 10:15:00 EST. Please see our terms for use of feeds.

Permalink | Email this | Comments]]>anti-malwareanti-virusantimalwareantivirusappsblackhole RATBlackholeRatdarkcometmacmac os xMacOsXmusminim-aos xosxsecuritysophostrojanvirusMon, 28 Feb 2011 10:15:00 EST<![CDATA[LastPass XSS vulnerability found, website and browser add-ons affected (updated)]]>http://downloadsquad.switched.com/2011/02/27/lastpass-xss-vulnerability-found-website-and-browser-add-ons-af/http://downloadsquad.switched.com/2011/02/27/lastpass-xss-vulnerability-found-website-and-browser-add-ons-af/http://downloadsquad.switched.com/2011/02/27/lastpass-xss-vulnerability-found-website-and-browser-add-ons-af/#commentsMike Cardwell, the Stallmanite who recently discovered a fantastically covert way of working out which Web services you're currently logged in to, has found a nasty XSS vulnerability in the LastPass password manager. The cross-site scripting (XSS) vulnerability not only allows nefarious types to see which sites you've recently logged in to, but it also provides access your email address and password reminder.

First off: don't worry. Cardwell reported the vulnerability to LastPass before writing it up, and it has since been fixed. We're not sure if the fix has propagated out to the Chrome and Firefox add-ons -- but we have to assume that Cardwell wouldn't have written his blog post if the vulnerability still existed.

With that said, you should still be more than a little concerned about the fundamental architecture of LastPass as an in-the-cloud password manager. While this cross-site scripting attack was fixed quickly, Cardwell thinks a similar attack "could easily happen again in future."

Beyond being susceptible to XSS attacks, LastPass doesn't even use HSTS, which means that man-in-the-middle (MITM) attacks are also rather easy to pull off.

It's very hard for us to recommend LastPass as a password manager when further vulnerabilities will almost certainly be found. For the time being, you should check out KeePass, an offline password manager that, for now, is a lot more secure than LastPass.

Update: LastPass has now implemented HSTS and a few other features to make their website and browser add-ons a lot harder to attack in the future. Hooray!

[Thanks to Brad for the tip!]

Download SquadLastPass XSS vulnerability found, website and browser add-ons affected (updated) originally appeared on Download Squad on Sun, 27 Feb 2011 10:30:00 EST. Please see our terms for use of feeds.

Permalink | Email this | Comments]]>appsbrowserscross-site scriptingCross-siteScriptingkeepasslastpasspassword managerPasswordManagersecurityvulnerabilitywebxssSun, 27 Feb 2011 10:30:00 EST<![CDATA[Microsoft Security Essentials vulnerability reminds that security risks are everywhere]]>http://downloadsquad.switched.com/2011/02/26/microsoft-security-essentials-vulnerability-reminds-that-securit/http://downloadsquad.switched.com/2011/02/26/microsoft-security-essentials-vulnerability-reminds-that-securit/http://downloadsquad.switched.com/2011/02/26/microsoft-security-essentials-vulnerability-reminds-that-securit/#commentsMicrosoft recently delivered a patch for its malware and antivirus tools, including Security Essentials, Windows Defender, MSRT, and Forefront -- its enterprise antivirus solution. The patch addresses a flaw in Microsoft's scanning engine which could allow an attacker who had a valid username and password to gain elevated rights on a system.

As is often the case with these flaws, the fact that the attacker has valid credentials is arguably a bigger problem than the vulnerability itself. However, there's an important takeaway: at any time, any program on your computer could be putting you at risk. Even your antivirus or anti-malware app.

It's important (and imperative) to keep your operating system and apps as up-to-date as possible. It also helps to know what other programs you can use to ensure your system is safe. Free Windows programs like Secunia PSI -- which scans your system for vulnerable programs -- and Returnil's System Safe -- which lets you complete roll back changes to your computer, including those made by malware -- can be a big help in locking down your system.

Download SquadMicrosoft Security Essentials vulnerability reminds that security risks are everywhere originally appeared on Download Squad on Sat, 26 Feb 2011 10:00:00 EST. Please see our terms for use of feeds.

Permalink | Email this | Comments]]>antivirusappsexploitflawmalwaremicrosoftmicrosoft security essentialsMicrosoftSecurityEssentialsmsepatchreturnilsecuniasecunia psiSecuniaPsisecuritysecurity essentialsSecurityEssentialstrojanviruswindows defenderWindowsDefenderSat, 26 Feb 2011 10:00:00 EST<![CDATA[Facebook for Android vulnerable to simple snooping tricks]]>http://downloadsquad.switched.com/2011/02/24/facebook-for-android-vulnerable-to-simple-snooping-tricks/http://downloadsquad.switched.com/2011/02/24/facebook-for-android-vulnerable-to-simple-snooping-tricks/http://downloadsquad.switched.com/2011/02/24/facebook-for-android-vulnerable-to-simple-snooping-tricks/#commentsFacebook's Android app has some serious security issues, according to a computer science professor at Rice University. Professor Dan Wallach and his students set up simple sniffers using freely-available software (including Wireshark and Mallory) and found that Facebook for Android sends a lot of data in the clear. That means it's possible -- easy, even -- for people to eavesdrop on your Facebook postings.

Even more troubling is Wallach's finding that the lack of OAuth or another signature method in Facebook for Android means someone could theoretically post to your Facebook account. There's also a possible SQL injection vulnerability which could cause all kinds of trouble.

To protect yourself from potential exploits, you can sign into the secure version of Facebook's site -- https://www.facebook.com -- and get a third-party encryption app that will let you use the secure site by default. Hopefully Facebook will quickly address these issues and release an updated, more secure version of the Android app.

Download SquadFacebook for Android vulnerable to simple snooping tricks originally appeared on Download Squad on Thu, 24 Feb 2011 15:00:00 EST. Please see our terms for use of feeds.

Permalink | Email this | Comments]]>androidappseavesdroppingfacebookmobilesecuritysnoopingThu, 24 Feb 2011 15:00:00 EST<![CDATA[Avast 6 ready for download, adds sandboxing to antivirus defense]]>http://downloadsquad.switched.com/2011/02/24/avast-6-free-antivirus-windows-download/http://downloadsquad.switched.com/2011/02/24/avast-6-free-antivirus-windows-download/http://downloadsquad.switched.com/2011/02/24/avast-6-free-antivirus-windows-download/#comments avast 6 free antivirus windows After only a few weeks in beta testing, Avast 6 is now ready for download. If you're looking for a good, free antivirus program for your Windows computer, Avast is still one of the best options -- and version 6 adds one very powerful defense mechanism.

Sandboxing -- which allows your computer to run unknown and untrusted programs in an isolated spece where they can't harm your operating system or data -- has been added to Avast 6. It's even there in the free version, and it's a very compelling reason to take another look at Avast. Since Avast 6 can automatically sandbox programs, you're protected even if its definitions and behaviorial scanning can't tell that program is malicious. In paid versions, Avast has added a new Safe Zone designed to offer increased protection when transmitting sensitive data to banks or other Web sites.

Continue reading Avast 6 ready for download, adds sandboxing to antivirus defense

Download SquadAvast 6 ready for download, adds sandboxing to antivirus defense originally appeared on Download Squad on Thu, 24 Feb 2011 10:00:00 EST. Please see our terms for use of feeds.

Permalink | Email this | Comments]]>antimalwareantivirusappsavastavast 6Avast6malwaresandboxsandboxingsecuritytrojanviruswindowsThu, 24 Feb 2011 10:00:00 EST<![CDATA[BufferZone Pro sandboxing software now a totally free download]]>http://downloadsquad.switched.com/2011/02/23/bufferzone-pro-sandboxing-software-now-a-totally-free-download/http://downloadsquad.switched.com/2011/02/23/bufferzone-pro-sandboxing-software-now-a-totally-free-download/http://downloadsquad.switched.com/2011/02/23/bufferzone-pro-sandboxing-software-now-a-totally-free-download/#commentstrustware bufferzone pro free download Trustware's BufferZone was an early entrant into the desktop sandboxing arena. Sandboxing, of course, is the security-by-isolation system which has since been built into apps like Google Chrome and Adobe Reader X. Recently, Trustware launched a promotion and gave away BufferZone Pro for free -- and now the company is making the discount permanent. From now on, BufferZone Pro will be freeware.

But, wait -- BufferZone still doesn't support x64, and maybe you're thinking that there will be a paid version once a 64-bit Windows version arrives. Not so, Trustware's Efrat Schneider told me in an email: "The product will continue to be free," he replied.

If you're looking for a free way to tighten up security on your Windows system, BufferZone is an excellent app for the job. We'll let you know when the 64-bit version becomes available.

Download SquadBufferZone Pro sandboxing software now a totally free download originally appeared on Download Squad on Wed, 23 Feb 2011 14:00:00 EST. Please see our terms for use of feeds.

Permalink | Email this | Comments]]>appsbufferzonebufferzone proBufferzoneProfreefreewareprosandboxsandboxingsecuritytrustwarewindowsWed, 23 Feb 2011 14:00:00 EST<![CDATA[Lavasoft Rogue Gallery puts fake antivirus and rogue applications on display]]>http://downloadsquad.switched.com/2011/02/21/lavasoft-rogue-gallery-puts-fake-antivirus-and-rogue-application/http://downloadsquad.switched.com/2011/02/21/lavasoft-rogue-gallery-puts-fake-antivirus-and-rogue-application/http://downloadsquad.switched.com/2011/02/21/lavasoft-rogue-gallery-puts-fake-antivirus-and-rogue-application/#comments
It's hard for less-savvy computer users to stay out of trouble on the Internet, and part of the problem is that they just don't know how to identify potential threats. Fortunately, there are plenty of great online resources you can use, or point your friends and family to. We've already covered the excellent Facecrooks, which helps users avoid trouble on Facebook, and today we're taking a look at the Lavasoft Rogue Gallery.

Lavasoft is the company behind Ad-Aware, the granddaddy of adware removal apps. Though its malware cleanup crown has been snatched away by Malwarebytes in recent years, Ad-Aware remains enormously popular -- and Lavasoft provides a nice public service by displaying the fake antivirus (fakeAV) and rogue applications it discovers for all to see.

Rogue applications are those nasty programs which appear to be useful utilities like antivirus or Windows tune-up tools. In reality, of course, they're some of the nastiest threats around. They're easy enough to spot if you know what to look for, so spending a few minutes going through the Lavasoft Rogue Gallery is highly recommend to anyone who needs a bit of help avoiding Internet dangers.

Download SquadLavasoft Rogue Gallery puts fake antivirus and rogue applications on display originally appeared on Download Squad on Mon, 21 Feb 2011 11:00:00 EST. Please see our terms for use of feeds.

Permalink | Email this | Comments]]>ad-awarefake antivirusFakeAntivirusfakeavlavasoftmalwareroguerogue applicationrogue galleryRogueApplicationRogueGalleryroguessecurityspywarewebMon, 21 Feb 2011 11:00:00 EST<![CDATA[Winamp forums attacked, accounts and email addresses exposed]]>http://downloadsquad.switched.com/2011/02/16/winamp-forums-attacked-accounts-and-email-addresses-exposed/http://downloadsquad.switched.com/2011/02/16/winamp-forums-attacked-accounts-and-email-addresses-exposed/http://downloadsquad.switched.com/2011/02/16/winamp-forums-attacked-accounts-and-email-addresses-exposed/#commentsWinamp Hacked
 [Full disclosure: AOL is the parent company of both Winamp and Download Squad]

Hackers have broken through security protecting the Winamp forum database, compromising the user forums, exposing accounts and email addresses in the process. In a post on the company's forum, Winamp's General Manager, Geno Yoham, explained that an attack was quickly detected and isolated to the Winamp forum database, protecting the rest of the Winamp sites and communities. The developer portal, Winamp.com, and accounts associated with the Winamp Desktop Media Player were unaffected.

Winamp is urging anyone who could have been affected to change their forum password, which is good advice regardless of whether or not you think your account might have been breached. They're also advising that if you happen to have reused your Winamp forum password on any other sites, that you change those login details too. It's a poor, yet common, practice to reuse the same login details across several different sites, making a breach of one lead to many compromised accounts across many different sites.

Winamp has apologized for any inconvenience this has caused and is putting additional security measures and procedures in place in an attempt to prevent a similar breach occurring in the future.

Download SquadWinamp forums attacked, accounts and email addresses exposed originally appeared on Download Squad on Wed, 16 Feb 2011 13:30:00 EST. Please see our terms for use of feeds.

Permalink | Email this | Comments]]>AOLbreachhackedprivacysecurityWebwinampWinamp forumWinampForumWed, 16 Feb 2011 13:30:00 EST<![CDATA[VMware put an Android in your Android, so you can VM while you VM]]>http://downloadsquad.switched.com/2011/02/15/android-dalvik-vmware-virtualization/http://downloadsquad.switched.com/2011/02/15/android-dalvik-vmware-virtualization/http://downloadsquad.switched.com/2011/02/15/android-dalvik-vmware-virtualization/#comments So apparently VMware heard you like virtualization (or at least, that corporations do), so it made an Android virtual machine that can run inside Android's own Dalvik VM. The idea being, of course, that busy corporate types could play all night on their nifty new Android superphones, but still be able to dive into a minimalist, business-first environment with one tap when it's time to go to work. Judging from the video that our cohorts at Engadget posted earlier today, the whole thing seems to be pretty awesome, even if it is only working on an LG phone for the time being.

Continue reading VMware put an Android in your Android, so you can VM while you VM

Download SquadVMware put an Android in your Android, so you can VM while you VM originally appeared on Download Squad on Tue, 15 Feb 2011 18:30:00 EST. Please see our terms for use of feeds.

Permalink | Email this | Comments]]>androidappscellphonesmobileproductivitysecurityutilitiesvirtual machineVirtualMachinevmvmwareTue, 15 Feb 2011 18:30:00 EST