How to avoid Malware meltdown

Will YOU lose the internet on Monday?

• Hundreds of thousands of PCs still at risk worldwide
• FBI 'ring-fenced' the virus late last year - but protection ends on Monday
• See below for advice on checking if your computer has been infected

Tens of thousands of Americans whose computers are infected with malware will lose Internet service on Monday - but the meltdown is preventable by following a few simple steps.

The impending crash will affect those whose computers have been infected with the nasty 'Alureon/DNS Changer bot' when the FBI takes down the servers at 12.01 a.m. on Monday, July 9.

To avoid the meltdown, users need to determine if their computer is infected with DNS Changer. Antivirus software will not have offered protection, and Mac computers are also at risk.

Cyber Security

Electronic communications networks must be ultra secure in order to build confidence, disposal of physical documents also poses a security risk 

INFORMATION security experts last week urged businesses in SA that deal with personal information to review their cyber security and the disposal of physical documents practices constantly to protect clients’ and employees’ information.

Data events such as hacking, data loss, unauthorised data use, and the physical disposal of documents all present risk to businesses and consumers.

Rogue Utilities

This week the Rogue Blog reports a strong surge in a different type of rogue, one that pretends to be a system utility. Typical scareware pretends to be antivirus software, "finds" all kinds of threats, and demands that you pay before it will clean up the pretend problems it found. Utility-style scareware follows a similar pattern. It pretends to find errors on your system such as disk fragmentation or file system integrity problems. Naturally the scan is free; naturally you have to pay if you want to fix the alleged system problems.

The Rogue Blog post pointing out this trend includes numerous screenshots and identifies many of the culprits by name. UltraDefragger, ScanDisk, and WinHDD are among the real-sounding names used by current fraudulent system utilities.

How can you distinguish a fake optimization tool from a real one? If you see a report from a utility that you never installed and never launched, it's probably a fraud. If the utility comes advertised in a spam message, Sunbelt suggests you avoid it. The rogues invariably display dire warnings about system problems, but don't reject every warning. A legitimate disk utility might do the same if your system is truly failing.

Here's an odd one: apparently these rogue utilities will often tell you that you must update your browser to a version earlier than what you're actually running. If you're careful you can avoid getting burned. Don't ever rely on a third-party system utility that you didn't install or launch, as it's almost certainly a fraud.

Your antivirus software or security suite should protect you from rogues of any kind, providing you keep it up to date. And when you go shopping for disk tools do a little research to make sure they're legitimate. Check PCMag.com for reviews, to start, and Google the name to see if others are reporting problems. If you're still not sure, a visit to the Rogue Blog should clear up any confusion.

Originally posted on Yahoo News

Tech Scams to Avoid This Holiday

The holiday shopping season is a great time to get tech products at discounted prices, but it also creates a golden opportunity for the Web's scam artists. The FBI, McAfee, the Better Business Bureau and F-Secure are all warning about cybercriminals who will try to take you for a ride this holiday season. Here are their most pertinent warnings and tips for staying safe:

The Infamous Free iPad 

Bogus free iPad offers started popping up immediately after Apple's tablet went on sale, and they've since been banned from Facebook. Still, you might see similar offers around the Web, McAfee says, prompting you to buy other products as a condition of getting the free iPad. By now, you should realize it's too good to be true.

Gift Card Scams 

That free $1,000 gift card offer you saw on Facebook? Bogus, of course. McAfee says that cybercrooks lure people into giving away their personal information or taking quizzes in exchange for these cards, which never arrive. The information is then sold to marketers or used for identity theft.

The FBI also says to use caution when purchasing gift cards through auction sites or classified ads. These can be fraudulent, and you won't get your money back. Buy directly from retailers instead.

Bogus Auctions and Classifieds 

Here's a particularly tricky scheme pointed out by the FBI: On auction and classified sites, fraudsters use their own order forms to get payment details from holiday gift buyers. Then, they charge the victim's credit card and use a stolen credit card to buy the actual item, which is sent directly to the victim. In other words, you'll still get the product, but you might be liable for receiving stolen goods. To avoid this scam, be sure to use legitimate payment services like Paypal instead of providing money directly to the seller.

The feds also warn of a related scam for free or reduced-price shipping offered on auction and classified sites. The fraudsters provide fake shipping labels to the victim, and the product ends up being intercepted in transit, never delivered to its destination.

Malicious websites

For cybercriminals, spamming Google with bogus holiday gift pages is a yearly tradition. These pages could be loaded with malware or payment forms intended to steal your identity. F-Secure has created a list of what it thinks will be the highly targeted search terms this year, including Kinect for Xbox, Call of Duty: Black Ops, Amazon Kindle and Apple iPad.

Visit retailers' websites directly when possible, use Internet security software if you must and always check for "https" in the URL bar before ordering online to ensure that the page is secure.

Wi-Fi Hackers 

Public Wi-Fi networks will get a workout this holiday season as people travel, McAfee notes. This is especially true with Google offering free Wi-Fi on domestic flights from three major airlines. Check out our security tips from Google's free Wi-Fi offer at airports last year, most of which are still relevant in the skies. Number one tip: Avoid shopping and paying bills over a public network.ls over a public network.

Related articles

• Latest McAfee warns of "The 12 scams of Christmas" (helpwithdebtnow.com)
• Bogus iPads Top 12 Scams of Christmas (cultofmac.com)

Originally posted on PCWorld

Identity Theft Misconceptions

A recent survey by Kindsight revealed some misconceptions by internet users what they perceive as identity theft risks.

Anyone living in the modern world can't help but be aware that identity theft is real, and that it's a real problem. But how well do people understand what their own risks are? Not surprisingly, virtually all of those questioned had some understanding of identity theft. However, many had only a limited understanding of just what kinds of behavior put them at risk.

It appears that many consumers still are not entirely sure of what type of activities to avoid, and what they can do to protect their identities online. Five key misconceptions about cybersecurity emerged:

Misconception #1 I’m safe because I never shop online 
Misconception #2 I’m safe because I have anti-virus protection 
Misconception #3 I’m safe because the website is secure 
Misconception #4 I’m safe because it’s easy to recognize fake sites 
Misconception #5 Facebook is safe enough; no need to worry

Cybercriminals are becoming more sophisticated and always looking for new and better ways to steal your identity online.

LimeWire music -sharing service shut down

A U.S. federal judge on Tuesday granted the music industry's request to shut down the popular LimeWire file-sharing service, which had been found liable for copyright infringement.


The ruling by Judge Kimba Wood in Manhattan federal court halts one of the world's biggest services for letting consumers share music, movies and TV shows for free over the Internet.

Saying that LimeWire's parent Lime Wire LLC intentionally caused a "massive scale of infringement" involving thousands of works, Wood issued a permanent injunction that requires the company to disable its "searching, downloading, uploading, file trading and/or file distribution functionality.

" Record companies "have suffered -- and will continue to suffer -- irreparable harm from Lime Wire's inducement of widespread infringement of their works," Wood wrote. She called the potential damages "staggering," and probably "well beyond" the New York-based company's ability to pay.

The signed ruling was made available by The Recording Industry Association of America, which represents music companies. It has said Lime Wire has cost its members hundreds of millions of dollars in revenue. A copy of the ruling was not immediately available on the public court docket. Read more

Google Spying?

MPs have accused internet giant Google of deliberately spying on households for commercial gain.

Tory Robert Halfon said it was "hard to believe" that Google could copy millions of computer passwords and email details and "not know what it was doing". And Liberal Democrat Don Foster said it was "not surprising" that the company "want to capture as much of the data as they can to use it for commercial purposes".

Google has admitted "mistakenly" collecting information from wireless networks as its vehicles drove around residential streets taking photographs for its Street View mapping product. The Information Commissioner's Office (ICO), the UK's privacy watchdog, is now investigating the matter.

During a Westminster Hall debate on privacy and the internet, Mr Halfon said: "It's not good enough, as Google have suggested, that the whole thing was an innocent mistake. "That was their line when Street View uploaded images of naked children without the consent and knowledge of those involved. That was their line when a Google engineer was able illegally to access children's private email accounts and telephone records - and then Google took disciplinary action only after parents complained that the engineer had illegally used Google data to harass their children. "I find it hard to believe that a company with the creative genius and originality of Google could map the personal wifi details, computer passwords and email addresses of millions of people across the world and not know what it was doing.

Mr Foster said: "It is for commercial purposes that they (Google) are doing this. Only today we have had revealed the latest figures on the value of e-commerce in this country, which has gone in a very, very short number of years from nothing to £100 billion, which is 7% of the economy of this country - and we all know it's going to rise. So it's not surprising that Google want to capture as much of the data as they can to use it for commercial purposes."

 Mark Lancaster, Tory MP for Milton Keynes North, spoke of a women's refuge in his constituency whose need for anonymity had been "ignored" by Google. "Imagine their (potential refugees') great concern when on entering the name of the organisation on Google, a picture of the building the refugees use and also their address appear on the search engine," he said.

Requests to Google to remove the women's refuge from the map had received no response, he added. Mr Halfon called for a "serious commission of inquiry" that would seek to "redress the balance" between the freedom of the internet and users' civil liberties. This commission of inquiry would be composed of members with expertise on civil liberties, the internet and commerce, he said.

Originally posted at Yahoo news UK

New "Attack Page" Scam in Firefox and Chrome

F-Secure reported a new malware campaign takes advantage of the "malicious site" warnings commonly displayed by both Firefox and Chrome to trick unsuspecting users into downloading a rogue antivirus application

The attack happens when Web surfers visit a page offering "SecurityTool," a known malware application that purports to be antivirus software. On both Firefox and Chrome, a fake warning page then pops up that mimics the messages those browsers normally give users who visit suspect sites.

On Firefox, the warning alert is titled, "Reported Attack Page!" while on Chrome the page reads, "Warning: Visiting this site may harm your computer!" Both such warnings invite users to "Download Updates." Users who click the download button then end up with a file called "ff_secure_upd.exe" on Firefox or "chrome_secure_upd.exe" on Google's browser; either way, what they really get is the rogue antivirus file and an invitation to pay a license fee for supposed protection.

Firefox users with scripts enabled, in fact, don't even have to click the "Download Updates" button--rather, they'll just be prompted to click "OK" to download "Firefox secure updates." Clicking "Cancel" only results in a repeated warning that updates need to be downloaded, F-Secure reported.

In addition to the "scareware," a hidden iFrame that's also part of the attack loads a Phoenix exploit kit from a different site, the security researcher noted, thereby exposing users to further exploitation. This latest attack is very similar to one uncovered in July, through which SecurityTool used a similar technique purportedly prompting Firefox users to update their Adobe Flash Player. In that case, the attack presented users with a fake version of the Firefox "Just Updated" page, which is typically shown when users open the browser for the first time after an update is downloaded.

On the fake version, however, the message warned that Adobe Flash Player hadn't yet been updated, and it prompted the user to download a file that is in fact the rogue antivirus software, according to F-Secure. The new "Reported Attack Page!" alert, however, relies particularly heavily on Firefox users' uncertainty as to what genuine warning pages look like. In fact, such pages never request that users download updates; rather, they give the option of either leaving the site or overriding the block and continuing to load the page. F-Secure's blog post includes an authentic Firefox block page for users who want a reliable visual image.

Originally posted at Yahoo News

Major Microsoft Patches

Microsoft said it will deliver a record 16 security updates next week to patch a whopping 49 vulnerabilities in Windows, Internet Explorer (IE), Office and SharePoint. Andrew Storms, director of security operations for nCircle Security, called the massive update "daunting, again."

Four of the 16 updates were tagged with Microsoft's "critical" label, the highest threat ranking in its four-step scoring system. Another 10 were marked "important," the second-highest rating, while the remaining pair were labeled as "moderate."

Nine of the updates could be exploited by attackers to inject malicious code into vulnerable PCs, Microsoft said in its usual bare-bones advance notification of the updates scheduled for release October 12. Microsoft often labels remote code executable bugs -- the most dangerous -- as important when the vulnerable components are not switched on by default or when other mitigating factors, such as defensive measures like ASLR and DEP, may protect some users.

Nine of Tuesday's Windows updates will apply to Windows 7 -- including all three of those marked critical -- while Windows Server 2008 R2 will also receive nine updates, two of them critical. While Microsoft has touted Windows 7 as its most-secure OS ever, and wants Windows XP users to ditch the nine-year-old software for the new edition, fewer of next week's updates apply to the aged operating system than to Windows 7. XP will be affected by eight of the 13 bulletins, and just two of the three pegged as critical. The critical IE update will affect IE6, IE7 and IE8. Microsoft did not reply to questions about whether it will also update IE9, which was released as a beta three weeks ago.

Originally posted at PCWorld

EEye Digital launches Zero Day Tracker site

Until a patch is released, a security hole--known as a zero-day vulnerability--in effect makes your computer a sitting duck for anyone who writes an exploit for it and bothers to distribute it via e-mails and drive-by downloads on Web sites.

EEye Digital Security launched a Web site yesterday that lists current zero-day vulnerabilities and offers an archive on ones that have been patched. The Zero Day Tracker compiles information on publicly disclosed security holes and provides details on them including what software they affect, how severe they are, the potential impact and suggestions for workarounds and other protection techniques.

Marc Maiffret, co-founder and chief technology officer of eEye, describes the free site as a "one-stop shop" for zero-day information. "For the longest time the only company that would notify you about zero-days was Microsoft, and recently Adobe has started doing that," he said. "But there are still many other companies that have zero-day vulnerabilities that go unreported."

How good is Microsoft's free antivirus software?

Microsoft has officially unveiled its long-awaited consumer antivirus offering. Formerly code-named “Morro,” it’s now been christened Microsoft Security Essentials, and it will enter public beta testing next week. If you have a licensed copy of Windows XP (Service Pack 2 or above), Windows Vista, or Windows 7, you’ll be able to download and install the software at no additional charge. No subscription is required for ongoing definition updates, either. The final release is scheduled for this fall.

The public beta will be limited to 75,000 downloads, Microsoft says, and the targets are global. The initial beta release is limited to the United States, Israel (where a core development team is based), and Brazil. Next month, the beta will open up for users in China. It’s no coincidence that Microsoft is rolling out early in Brazil and China, which are large-scale vectors of malware infections because of the sheer number of Windows users running without antivirus protection. According to Microsoft, barriers to adoption of paid security software are especially high in developing markets, where internet access is slower and credit cards are unavailable to a large percentage of the population.

Microsoft Security Essentials requires validation, which means it won’t be available to anyone using a pirated copy of Windows. But it won’t require registration or personal information of any kind. In an interview last week, Theresa Burch, director of product management for Microsoft Security Essentials, confirmed that decision in no uncertain terms: “We collect no information from you at all,” she told me. No Windows Live ID, nothing. You agree to the EULA, validate, download, and you’re done.”

Originally posted on ZDNet

Ika-tako Virus Replaces Your Files With Octopus Photos

It’s always frustrating to find that your computer has been infected with a virus, especially one that can potentially wipe your files. However one hacker decided that he would bring a little humor to viruses by replacing any infected file with a particularly cute sea creature anime. The Ika-tako virus (which is Japanese for Squid-Octopus) as it has been named first came to shore in May via Japanese file sharing Website Winny.

Since then, it has reportedly gone on to infect somewhere between 20,000 and 50,000 computers, according to Asahi.com. The virus disguises itself in music files, which users then download. Once the file is played, the malware runs through the computer’s hard drive, infecting anything from family photos to important OS files. The infected files are swapped with the squid, octopus or sea urchin pictures and removed, then supposedly sent to the hacker's server.

The good news is that the hacker, Masato Nakatsuji, was found and arrested. It’s not the first time this guy has been arrested for malware creation either--he was convicted for crafting a similar virus back in 2008, but had used images from the copyrighted anime cartoon Clannad.

He reportedly told police this time that he wanted to see “how much my computer programming skills had improved since the last time I was arrested.” This time, he was arrested on the grounds of property destruction, a first for police in Tokyo. At least he handmade the images himself this time I guess. 

Unfortunately there is no known fix for the virus just yet, so bad news for those already infected, unless police can get into the server he set up. However, considering he had thousands of people’s information stored on the server, it shouts to me that there was a bigger motive behind this virus that just practicing his computer skills.

Originally posted at PCWorld

Trojan Monitors Your Porn Surfing Habits

In an era where online privacy seems like an oxymoron, is it so bad to have your browsing history publicly available? Or to pay less than $20 to have these details removed from the Internet? Several Trojan horses spreading around the Internet these days spam your entire address book with bogus messages and attempt to delete your computer’s security software.

But the Kenzero Trojan out of Japan goes further than pretending to be a legitimate program: Hackers behind the program not only post your browser history, favorites, illegally-downloaded porn, and clipboard content to a public Website, they demand payment of about $18 to remove the personal details of your browsing history.

Kenzero is a Trojan of the “ransomware” variety, where a malicious program masquerading as a game registration window takes your personal details then attempts to extort money out of you. The Trojan then posts that you’ve been downloading illegal Hentai (explicit anime) games, and that instead of just being out $20, you’ll find that scammers have sold your credit card information to the highest bidder. How does Kenzero spread? Mostly via the Winny file-sharing network, which has approximately 200 million users).

Though if you’re illegaling downloading computer games, why would you give personal details to a pirated piece of software? It's food for thought. While you’re mulling that, there’s even a paper [PDF] on similar Japanese scams being presented at the upcoming Association for Computing Machinery Computer and Communications Security conference.

Originally posted at PCWorld

zero-day hole in Flash Player

Adobe Systems on Monday warned of a zero-day hole in Flash Player that reportedly is being exploited in the wild and could allow an attacker to take control of a computer.

 The critical vulnerability affects Adobe Flash Player 10.1.82.76 and earlier versions for Windows, Mac, Linux, Solaris, and Android. It also affects Adobe Reader 9.3.4 and earlier version for Windows, Mac, and Unix and Adobe Acrobat 9.3.4 and earlier versions for Windows and Mac. Adobe is not aware of any attacks exploiting the hole against Adobe Reader or Acrobat, the company said in its security advisory. 

Adobe is finalizing a fix for the hole and expects to provide an update for Flash Player for Windows, Mac, Solaris, and Android during the week of September 27, the advisory said. Updates for Adobe Reader are expected during the week of October 4. Adobe is moving up the date of its next quarterly security update for Adobe Reader and Acrobat and will also release a patch the week of October 4 for a critical zero-day hole in Adobe Reader and Acrobat that was disclosed last week and is being exploited in attacks on. As a result, there will be no updates on October 12, which was the next scheduled quarterly release date. In the meantime, Microsoft has a tool that can help block the attacks on Adobe Reader and Acrobat on Windows machines. Read more:

"Here You Have" worm is a Windows Problem

Every time a virus like the current "Here You Have" worm comes around, people shake their heads, wring their hands and wonder how "computer security" can be improved.

The assumption, for many, is that malware like this is simply part of having a computer. Thank goodness for the PC security industry, working hard to protect us with expensive software! The fact, however, is that malware like this does not go hand-in-hand with having a networked computer--it goes hand-in-hand with Windows. Microsoft Windows is the reason our culture gets threatened again and again by malware; if the world ran Linux instead, it wouldn't be a problem. Here's why.

1. Users Are Dumb
There's no point denying it -- humans are extremely gullible, forgetful, distracted, and yes, just plain stupid sometimes. That is simply a fact of life, and no "helpful reminders" or even automated warning systems are going to keep them from being stupid. Offer them pictures of cute puppies or porn, and they'll go wherever you want them to.

This is only a problem, however, because of Windows. Rather than protecting foolish users from themselves by minimizing the potential consequences--which is what a good operating system should do--Windows gives them all administrator access by default. That means that they pretty much have the keys to the castle at all times--which, in turn, means that viruses do too.

As I've said before, it's like giving terrorists high-level government positions. With Linux, on the other hand, users do not have "root" privileges by default. So, even if a Linux system is compromised--which is rare--the virus won't have the access it would need to do damage systemwide; rather, just the user's local files and programs would typically be affected. That's much less motivating for evil-doers.

 2. It's a Monoculture
So Windows gives each and every user the keys to his or her local castle, which--thanks to the Internet--is linked to every other castle on the planet. Since the majority of those also run Windows, imagine the fun viruses can--and do--have! It's a simple matter of frolicking from one castle to another--again and again and again--taking the keys, and then watching the email servers fall! It's a worm's dream come true.

That, of course, is why Linux isn't popular with worm developers. With the diversity of environments that Linux includes--Ubuntu, Debian, Fedora, and so on, not to mention all the many shells, packaging systems, mail clients and even underlying architectures-- reaching more than a relatively small part of the Linux community is much more difficult. Much less gratifying for worms.

 3. Closed Access
Less applicable in the present case, and yet still a factor in Windows' relative insecurity, is the fact that its code is closely guarded by Microsoft. No matter how many developers Redmond has, it simply can't compare with the countless users around the globe constantly scrutinizing Linux's open code for vulnerabilities. Microsoft developers also don't typically tell anyone about the problems they've found until a solution has been created, leaving the door open to exploits until that happens.

I'm certainly not saying that Linux is perfect, and any business user, in particular, should still enable firewalls, minimize the use of root privileges, and keep the system up to date. They could even implement a virus scanner for Linux, such as ClamAV.

The difference, though, is that such extra measures are not simply an accepted part of computing in the Linux world--they're additional steps you can take, if you want extra peace of mind. Malware is primarily a Windows problem. Use Linux, and you can mostly forget all about it.

Originally posted at Yahoo News

Firefox patches DLL load hijacking vulnerability

Mozilla has joined Apple in being among the first to fix the DLL load hijacking attack vector that continues to haunt hundreds of Windows applications. The open-source group released Firefox 3.6.9 with patches for a total of 15 vulnerabilities (11 rated critical), including the publicly known DLL load hijacking flaw that exposes Windows users to remote code execution attacks.

The majority of the 15 vulnerabilities in this Firefox patch batch could be exploited to launch drive-by download attacks from booby-trapped Web sites. According to Firefox, the DLL load hijacking issue only affects Windows XP users:

 Firefox could be used to load a malicious code library that had been planted on a victim’s computer. Firefox attempts to load dwmapi.dll upon startup as part of its platform detection, so on systems that don’t have this library, such as Windows XP, Firefox will subsequently attempt to load the library from the current working directory. An attacker could use this vulnerability to trick a user into downloading a HTML file and a malicious copy of dwmapi.dll into the same directory on their computer and opening the HTML file with Firefox, thus causing the malicious code to be executed. If the attacker was on the same network as the victim, the malicious DLL could also be loaded via a UNC path. The attack also requires that Firefox not currently be running when it is asked to open the HTML file and accompanying DLL.


Originally posted zdnet

'Private Browsing' Not So Much

Security researchers have revealed that 'private browsing' modes on web browsers, which are designed to remove all traces of the sites a user has visited, can leak information.

A study by Dan Boneh from Stanford University which is due to be presented at the Usenix Security Symposium in the U.S. next week claims that many browser add-ons or website security measures stop the 'private browsing' mode from working properly.

Boneh and his team looked at the private browsing functions on Mozilla's Firefox browser along with Microsoft Internet Explorer, Google Chrome and Apple's Safari, and said all four programs were affected.

We discovered that all these browsers retain the generated key pair even after private browsing ends," the study said.

"Again, if the user visits a site that generates an SSL client key pair, the resulting keys will leak the site's identity to the local attacker."

The study also revealed that the function is more likely to be used by those browsing adult websites than those purchasing 'suprise' gifts for family and friends.

Artwork: Chip Taylor"We found that private browsing was more popular at adult web sites than at gift shopping sites and news sites, which shared a roughly equal level of private browsing use," Boneh said in the report.

"This observation suggests that some browser vendors may be mischaracterising the primary use of the feature when they describe it as a tool for buying surprise gifts."

Boneh and his researchers believe they are the first to demonstrate that 'private browsing' can be compromised.

Source: PC World

Related articles by Zemanta

• 'Porn mode' browsing not really that private (msnbc.msn.com)
• Experts uncover flaws in 'private browsing' (v3.co.uk)

New Gmail phone service

Google disclosed that Gmail's new phone service has been used to place 1,000,000 calls in the 24 hours since it was launched.

Google confirmed yesterday that it was rolling out the new function, which allows users to make direct calls to telephones through its email service using the inbuilt speakers and microphones on their computers, in the US and Canada. The “Calls from Gmail” service, which was launched with immediate effect following yesterday's announcement, will allow free calls to American and Canadian numbers “for at least the rest of the year”.

Selected British users are also being given access to the function. Low rates, which could be as low as two cents per minute to Europe, China and Japan, will also be available for international calls.

Writing on the official Gmail Blog, Robin Schriebman, a software engineer, said that the addition was a development of the company’s current, computer-to-computer voice and video chat services.

His post said: "Gmail voice and video chat makes it easy to stay in touch with friends and family using your computer’s microphone and speakers. But until now, this required both people to be at their computers, signed into Gmail at the same time.

"Given that most of us don’t spend all day in front of our computers, we thought, “wouldn’t it be nice if you could call people directly on their phones? Starting today, you can call any phone right from Gmail."

The move will put Google into direct competition with new media companies such as Skype, as well as traditional phone operators such as BT. It will work by adding another option to the chat list in Gmail, as well as offering a traditional-style on-screen keypad. Todd Rethemeier, an analyst at Hudson Square, told Reuters that Google’s move presented “a risk to Skype”. He said, however, that it was the attraction of cheap international calls that would be likely to drive people to use the service. Google has not yet announced any plans to operate the service in the UK or on its mobile phones.

Originally posted at Telegraph.co.uk

Google Chrome's web store coming in October

Google's Chrome Web Store could be ready to launch by October of this year, suggesting that Chrome OS devices are likely on a similar schedule. Google appears to be getting ready to let Web application developers start playing around with its Chrome Web Store, if a recent presentation at the Game Developer Conference in Europe is any indication. 1UP.com has a report out with pictures and video of Google's Mark DeLoura and Michael Mahemoff explaining how developers will be able to submit apps to the store, which was announced in May at Google I/O.

Most of the presentation was discussed during Google I/O, but a few interesting tidbits have emerged. Most importantly, it suggests that the Chrome Web Store will be ready to go in October of this year, implying that Chrome OS-based devices could be ready to go the same month. The only timing Google has provided to date about the launch plans for Chrome OS Netbooks has been "late fall."

Google also plans to only charge developers a 5 percent "processing fee," according to the report, deviating from the usual application store practices where the store operator gets a 30 percent cut of the revenue from application sales. Support for multiple currencies and in-game transactions won't arrive until next year.

Originally posted at cnet

Related articles by Zemanta

• Chrome Web Store coming in October? (news.cnet.com)
• Report: Google's Chrome Web Store Coming in October (globalthoughtz.com)

Parked Domains on Network Solutions serving Malware

This screenshot shows the fake chat message and the malicious widget on the test site that Armorize registered to test the attack. (Credit: Armorize)

 Some parked domains from Network Solutions that display "page under construction" messages were found to be serving up malware from a widget that was later disabled over the weekend, a security researcher told CNET on Monday.

However, parked domains still had malware in the form of a malicious script that targets IP addresses coming from Taiwan and Hong Kong and which serves up a fake chat message and redirects to other Web sites, said Wayne Huang, co-founder and chief technology officer at security firm Armorize. The company is still analyzing the malware and it is unclear exactly what happens when computers are redirected, he said.

The malware that was embedded in the now-disabled "Small Business Success Index" widget, from Network Solutions' GrowSmartBusiness.com site, did what is called a "drive-by-download," according to Huang. It monitored what Web pages were visited and served up ads based on search queries, among other actions, he said.

For more on this story, read Parked Network Solutions Domain Served up malware on CNET News.