Skype divulges user IP addresses

skype_logo200The H-Online: According to a blog post, a modified version of the Skype VoIP software can be used to easily find out the IP address of any valid Skype user. No contact has to be made with the user in order to get the information. This IP could then be used to find out other personal details about the user, such as their location or even their employer.

With a certain registry key, the manipulated version of Skype will create a log file with information including other users’ external and internal IP addresses. These IPs can be retrieved simply by opening up a user’s profile with the Skype client. In a test conducted by The H’s associates at heise Security, the log file always showed the correct IPs – and when a user was logged in with multiple clients, the IP addresses for all the clients were visible.

skypeipShortly after this was discovered, a hacker known as “Zhovner” put together the skype-ip-finder.tk web service. After a CAPTCHA has been submitted, the service can be used to find out IPs even without the special Skype client, and therefore without having to use a valid Skype account.

The service uses a modified version of Skype’s SkypeKit SDK that is currently only available via BitTorrent, and Zhovner has put the necessary Python scripts on GitHub. In a post on Hacker News, Zhovner says that Skype has already banned his account, likely because of his experiments.

Mozilla to auto-upgrade Firefox 3.6 users to version 12

Firefox_Logo_200H-Online: Soon, users running Firefox 3.6.x will start being automatically upgraded to the current version 12.0 release of the open source web browser. The plan to auto-update these users has been being discussed since the end of March, when Mozilla Release Manager Alex Keybl proposed the move on a Mozilla planning discussion thread.

According to Keybl, Firefox 3.6.x users with updates enabled should start being upgraded in early May – the specific date has yet to be confirmed. The 3.6.x branch of Firefox, the first release of which arrived in January 2010, reached its end of life last week on 24 April; the last update to the 3.6 series was version 3.6.28 from early March.

For users and organizations that don’t want to upgrade to version 12 of Firefox because of the Rapid Release process – which sees a new browser update every six weeks – Mozilla has an Extended Support Release (ESR) of Firefox specifically aimed at enterprises and other large organizations. The current Firefox ESR release, version 10.0.4, is based on Firefox 10.

Those who don’t want to upgrade can turn off updates in Firefox – on Windows, updates can be disabled via Tools –> Options –> Advanced –> uncheck “Firefox” under “Automatically check for updates”. Mac users can access these settings from Preferences under the Firefox menu; however, some Mac OS X users will not be able to upgrade from 3.6.x as newer versions of Firefox no longer support PowerPC-based systems or version 10.4 of the operating system.

This isn’t the first time that Mozilla has opted to auto-update users: a year ago the organization decided to aggressively ended Firefox 3.5’s life by using auto-update.

Warning: Fake Biophilla app on Android is malware

Corss-posted from ZDNet: Summary: Cyber criminals have created a fake Biophilla app for Android that is really just malware in disguise. Your first red flag should be that Biophilla is officially available on iOS, but not on Android.

biophilla_fake_android

During April alone, we’ve already seen malicious versions of Angry Birds Space and Instagram in the wild. Both are Android apps that are really just malware designed to generate money from unsuspecting users by sending expensive international text messages. Now the same is happening with the popular Biophilla app.

Here’s the official description of the app:

Biophilia is an extraordinary and innovative multimedia exploration of music, nature and technology by the musician Björk. Comprising a suite of original music and interactive, educational artworks and musical artifacts, Biophilia is released as ten in-app experiences that are accessed as you fly through a three-dimensional galaxy that accompanies the album’s theme song Cosmogony. All of the album’s songs are available inside Biophilia as interactive experiences: Crystalline, Virus, Moon, Thunderbolt, Sacrifice, Mutual Core, Hollow, Solstice, and Dark Matter.

Björk recently invited hackers and pirates to port her app from iOS to other platforms, but somehow I don’t think Android malware is what she had in mind. Symantec identified the social engineering scam on third-party Android app download sites and described the malware as follows:

The app itself comes in two parts: the front-end, which has the ability to stream songs, and a background service with the name ‘Market’. Upon examination of the background service (designed to activate every time the phone starts) it appears to belong to the Android.Golddream family of threats. The authors of this family of threats are known to target third-party apps with malicious versions of popular apps, drawing revenue from premium SMS scams.

To reiterate, Biophilia is not available for Android. Some may have managed to port it illegally, but please beware that they may have included malware inside. If you want to get the official iOS version, get it from the official Apple App store. Here is the direct link: itunes.apple.com/app/bjork-biophilia/id434122935.

DropBox 1.4 Released

gHacks: Dropbox has just released a stable update that brings all desktop clients of the file synchronization and hosting service to 1.4. Feature-wise, it is not really a big change to previous versions, especially not so if you have been running experimental versions of the client before.

When you look at the new feature set, you will notice that photo import from cameras, phones and SD cards is on top of that list. This is followed by a new batch upload and download option for files, and smaller cosmetic changes, like a fix for the missing camera upload icon on Mac OS X, or new tour screens for first time users.

The developers note that Dropbox users running version 1.3.4 of the client will be automatically updated to the new version once it gets picked up by the local installation. Dropbox users who do not want to wait for this to happen can head over to the Dropbox website to download the new desktop clients for their operating system right away.

Today we’re ready to tell the second part in our photos story: now with Dropbox you can automatically upload from just about any camera, tablet, SD card or smartphone — pretty much anything that takes photos or videos! Plus, you can view your uploaded pictures on the web from our spiffy new Photos page!

Dropbox users who make use of the new photo upload feature benefit from this in two ways. They first can increase their available cloud storage by up to 3 Gigabytes doing so, and they second can watch their photos on the new photos page that is offering previews of photos directly on the Dropbox website.

dropbox-photos

Photos are displayed as thumbnails on the photos pages sorted by month. A click opens them in full size in the browser, with options to download them to the local PC, or to use the service’s sharing feature to share them with a link.

PHP 5.4.1 and PHP 5.3.11 released

PHP_Logo_200The H-Online: The PHP developers have released the first update for PHP 5.4, the latest version of their popular scripting language, and an update to PHP 5.3, the older stable branch of the language. The developers say “All users of PHP are strongly encouraged to upgrade” to the new releases.

PHP 5.4.1 has more than 20 bug fixes, including some related to security. One security bug concerned insufficient validating of the an upload name, which then led to corrupted $_FILES indices. Another notable change was open_basedir checks being added to readline_write_history and readline_read_history.

The PHP 5.3.11 update fixes nearly 60 bugs including correcting a regression in a previously applied security fix for the magic_quotes_gpc directive. A new debug info handler was also added to DOM objects, and the developers have added support for version 2.4 of the Apache web server.

A full list of improvements and bug fixes for both versions can be found in the PHP 5 change log. PHP 5.4.1 and 5.3.11 are available to download as source or as Windows binaries from the project’s site. PHP is distributed under the terms of the PHP License v3.01.

Hotmail hacked for $20

hotmail-170The H-Online: The whitec0de.com blog reports that, for $20, a member of a hacker forum offered to crack any Hotmail account within a minute – and that he kept his word. Apparently, the hacker found out about a critical vulnerability in Microsoft’s email service on a security forum, and the hole allowed him to change the passwords of arbitrary Hotmail users.

The blog says that various users were affected as a result, for example because they used their Hotmail accounts to access services such as PayPal. Allegedly, the vulnerability was also exploited to change the ownership of particularly attractive, short account names such as ab@hotmail.com and xxx@hotmail.com.

Benjamin Kunz Mejri, a security expert who discovered the hole at around the same time as the incidents described above, has released details about the vulnerability in an advisory. According to the expert, the hole was contained in the “password reset” functionality – during one step, the Hotmail server apparently checked the existence of a token but not its value.

The advisory says that by injecting a token such as “+++)-” into certain requests, attackers were able to take control of any account. Kunz Mejri added that he notified Microsoft on 6 April, and that the company fixed the problem on 21 April.

No, This is not a love song

Did you ever try hard to reach someone and when you did you find your mouth shut? I did several times and it drive me crazy!

That’s not a nice feeling and I don’t know what’s the reason of this weakness, I hope its not what I think it may be.

Well, “Low Self-Esteem” can be one of the reasons, But self-esteem itself can be affected by many other factors like environment, economic situation, personal factors like ‘culture’ or ‘look’, social position, education, intelligence, health etc.…

Ok lets keep it simple and don’t go into complicated topics, I will try to show the situation from another view: How does it come that sometimes in meeting with some ‘common’ people we (or at least I) feel extremely weak? Where I count the seconds for the meeting and when I reach the meeting I found no word to talk about and waste the time… When it happens I wish I could go live on a planet that there are no other human to get rid of this feeling and don’t get into this again.

Excuse me if this post looks fragmented and changing from a subject to another, its because I don’t know how to change what’s on my mind into text, I’m writing whatever that comes into my mind at the moment, hope it will stay clear…

I don’t know what’s wrong and what’s normal now, I don’t know what I’m doing right and what wrong, I don’t know what to do, but I know this way I will end up in madhouse!

When I’m alone I feel fine, I’m stay away from troubles and many pressures, that’s good, but from time to time I will feel some ‘gap’ and recently its going to hurt more, ruining all my days and I want to stop it, I’ve enough trouble and don’t need new ones…

Well, I will finish this post here because I don’t know if I continue it where it will go.

http://www.youtube.com/watch?v=Ryfwfc_946w

Get ready for exciting changes coming to Firefox 13, 14 and 15

Firefox-Nightly-300x300Cross-posted from BetaNews: Following on from the release of Firefox 12 FINAL, Mozilla has updated its developmental branches to versions 13 (Beta), 14 (Aurora) and 15 (Nightly/UX), respectively. Those looking for major changes in version 12 will may be disappointed, but future builds promise a number of radical new features, including redesigned Home and New Tab pages, plus panel downloads manager and inline preferences screen.

Get a head’s up on what’s coming and discover which build is best for your personal needs with our essential guide to what’s coming up in the near future for Mozilla’s open-source, cross-platform browser.

Firefox 12.0 FINAL
This is the recommended release for most users, being the latest, stable build available. That said, version 12 will not go down in the annals of Mozilla folklore as a notable release, with a minor refresh of the HTML5 controls and the move to silent updates on Windows machines being the only two changes of note. Ordinarily we’d caution against moving rapidly on to the next version, but read on to discover why you may not be able to resist taking the plunge and moving to the beta channel.

Firefox 13.0b1 Beta

Last August, Mozilla unveiled a presentation of how it sees the Firefox user interface changing in the months ahead. A few minor tweaks have already landed in Firefox, but version 13 sees two noticeable new features making their first appearance: a new Home page, and a New Tab page.

Firefox’s new Home page (type about:home into the Address bar) provides users with a customized page that includes shortcuts to bookmarks, downloads, add-ons, history, sync, settings and an option for restoring the previous session. This latter feature is another new addition to Firefox’s feature set, and restores all open tabs from a previous browsing session.

The home page, which can be pinned permanently as an app tab for easy access, is fully functional already, but will evolve further in time; Mozilla plans to use it as a portal to the upcoming Apps Market, for example.

Firefox 13 also introduces a redesigned New Tab page that will be familiar to Chrome and Opera users: thumbnail previews of frequently visited sites. On first visit these will appear blank, but as time goes on and you visit said sites, they should start to populate themselves with thumbnail images of the site itself.

Sites can be permanently removed (click X), pinned to the list and even dragged and dropped into a new order, and those who hate the new feature will find a small button in the top right-hand corner that toggles between this new view and the traditional blank tab page.

There’s one other major change in version 13: smooth scrolling is now enabled by default, despite the acknowledgement of one bug that may cause issues on certain web pages. Meanwhile, Android users will be pleased to learn that support for Flash is finally being enabled in version 13 of the mobile app, but only if you’re running Android 2.x or 4.x.

Firefox 14.0a2 Aurora

Aurora is an “alpha” build of Firefox, which means it’s undergone minimum testing only. As such it’s not suitable for everyday use, which is why Firefox Aurora is installed as a separate build alongside the stable or beta build, allowing you to test its features without affecting your day-to-day browsing. Settings are shared between Firefox Aurora and your other builds, however, so again caution should be exercised before installing it.

After all the excitement of Firefox 13 Beta, you’d think the Mozilla developers would rein things in for v14, but none of it. The most exciting features planned are currently listed as in definition, design or development, which means there’s no guarantee they’ll appear in Firefox 14. These include a version of Firefox that runs in Windows 8’s new Metro interface, support for desktop apps (which can be installed and used independently of Firefox, even when offline), and the panel-based download manager that’s been a staple of the UX build for a long time.

One other tweak in development is an extension to the silent updates feature introduced in Firefox 12, and that’s the ability of Firefox to update itself in the background, so the user will never have to worry about manually updating again. This is slated for version 14, but may yet slip to version 15 due to a current slew of issues undergoing fixes.

The inline autocomplete function remains stubbornly part of Aurora, where it has been since version 12’s release. This is designed to anticipate what URL is being typed into the Address Bar, pre-loading the web page in the background before the URL has been entered.

Other “landed” features are minor, and behind-the-scenes tweaks. These include incremental garbage collection, hang detector and reporter, and cycle collector performance improvements, some of which were slated for Firefox 13 Beta and may yet be implemented in this version.

As things stand, there’s nothing visible to get excited about in Firefox Aurora, which makes us think it’s probably best to wait until it gets to Beta before seeing if any of the more exciting new features mentioned above are ready for their move to primetime.

Firefox-Aurora

Firefox 15.0a1 Nightly/Firefox 15.0a1 UX

Firefox’s two Nightly channels give users access to code hot off the press, but while you’re looking at the latest bleeding-edge version of Firefox, you’re also venturing into uncharted waters because much of this new code has had no testing at all. Nightly builds update regularly, so once installed you’ll find your build updating on a much more frequent basis than other unstable releases.

After the excitement of features being developed in versions 13 and 14, Firefox 15 looks like being a more minor release at this early stage in its development. At the present time only three new improvements are in the pipeline: two performance-related (faster start-up times for Windows users, and tweaks to session restore so it doesn’t slow down the browser restart process) and one that’s being developed by students at Michigan State University.

This latter feature, “in-content preferences”, will see Firefox’s Options dialogue box removed and the program’s preferences moved into a browser window, similar to how Chrome’s preferences currently work. This is currently accessible in Firefox 15.0a1 UX, the parallel nightly build of Firefox where interface improvements such as the panel-based downloads manager and New Tab pages first made their appearance.

When selecting Options, you’ll see the old pop-up window is replaced by a new tab with a series of buttons to choose from. Click one to access that section’s settings — at present this feels a little clunky, but we suspect it’ll evolve into something sleeker in time.

Windows and Linux 64-bit users may be interested in trying Firefox 15.0a1 Nightly 64-bit and Firefox 15.0a1 UX 64-bit. We’d recommend all but developers and serious, knowledgeable enthusiasts avoid the Nightly builds of Firefox.

So, to Summarize…

Which version of Firefox should you try? Stick to the most stable version you feel comfortable with, although the temptation to sneek a peek ahead is actually quite compelling with these latest developmental builds.

That said, it’s hard not to recommend people check out Firefox 13 Beta — the new features will make a difference to the way you use your browser going forward, and it’s a shame one or other couldn’t have been made ready to provide version 12 with a little more pizzazz.

If you do plan to take a look into the future of Firefox, back up if you plan before installing Beta or Aurora builds of Firefox. And If you do decide to give the Nightly or UX builds a try, consider using a non-critical machine or virtual setup (try VirtualBox) instead of your main computer, just in case…

WikiPharmacy? Fake Notifications Spammed Out

Symantec Connect: Symantec is intercepting a resurgence of spam attacks on popular brands. Spam messages that are replicas of the Wikipedia email address confirmation alert are the new vector for the present. The said spam messages pretend to be originating from Wikipedia, and are selling meds, with the following subject line: “Subject: Wikipedia e-mail address confirmation”.

The spoofed Wikipedia page is a ploy to give legitimacy to the sale of meds online. The embedded URL in the message navigates to a fake online pharmacy site that is dressed up as a Wikipedia Web page. Furthermore, to give the email a legitimate look, the spammer has added the recipient’s IP address in the body of the spam mail. Needless to say this IP does not belong to the user.

wiki0

Figure 1: Part of the spam message

 

wiki1

Figure 2: An example spam message

 

wiki2

Figure 3: The corresponding WikiPharmacy Web page

 

This is another social engineering tactic where popular brands are exploited for spamming. Symantec anticipates a surge of such attacks due to increasing popularity; a trick used by spammers from time to time to make their clandestine efforts look legitimate.

Beware of any purchases from such sites as it will put the user’s personal and banking information at risk. We recommend users not click on any URLs from such unsolicited emails.

Security improvements in Opera 12 beta

Opera-logo-new200The H-Online: A beta of version 12 of the Opera web browser has been released with privacy and security-focused improvements. Code-named “Wahoo”, the Opera 12.00 beta now runs plugins out-of-process and includes optimizations for better SSL handling. Running plugins in their own process not only improves the smoothness and stability of the browser but can limit the damage some plugin exploits can do. Privacy is enhanced with support for the “Do Not Track” (DNT) header, which is used to tell web sites that the browser user wishes to opt-out of online behavioral tracking.

Opera_12_BetaThe DNT header is designed to help users retain their privacy when faced with online advertising networks that use cookies and other web technologies to recognize them and serve them tailored advertising. Users can enable the header, which is currently disabled by default, in the preferences dialog by selecting Preferences –> Advanced –> Security –> “Ask websites not to track me”. “Do Not Track” requires web sites and services to acknowledge the header, but a number of advertising companies have said they will adopt it and Yahoo plans to roll out support across its sites. The Whitehouse has also proposed wider use of “Do Not Track” and the US Federal Trade Commission has called for its use. To make it easier for users to see the privacy and security settings on sites they visit, the security badges that appear in the Opera address bar have been redesigned and color coded.

Non-security related changes in the Opera 12 beta include 64-bit support on Windows and Mac OS X, faster startup times and page loading, new themes, and experimental hardware acceleration and WebGL support (off by default). Support for several other web standards, such as CSS3 Animations and Transitions, HTML5 Drag and Drop, and Web Real Time Communication (WebRTC) have also been added.

Some features found in previous versions of Opera are being discontinued in the new version. These include the Opera Unite personal cloud media platform and Opera Widgets, which are removed by default for new users. Support for the built-in speech recognition and text-to-speech technologies is also being phased out.

More details about the beta version of Opera 12, including download links, can be found on the company’s Opera Next web site. The current stable release is Opera 11.62, a security update from late March.