Web

Hackers Target Home PCs As Browser Bugs Soar
Hackers racked up attacks on home PC users and financial services companies in the first half of this year, according to the latest Symantec Internet Security Threat Report Trends.
The report tracked Internet threat trends from January to June this year and discovered a new high in the volume of emerging vulnerabilities.
Employing a network of 40,000 sensors spread across 180 countries, Symantec identified 2,249 new vulnerabilities, with the majority of the new threats (69 per cent) being in Web applications.
Vulnerability researchers (now, there’s a job title!) found 47 flaws in the Mozilla Firefox and Mozilla browsers, a hefty increase of 17 flaws from the previous six months.
As expected, Microsoft led the pack with new threats, recording a total of 38 new threats affecting Microsoft’s Internet Explorer, up from 25 in the earlier period, with even Apple’s Safari browser notching up six more flaws to hit a total of 12 flaws.
Opera was the sole browser to see a drop in recorded vulnerabilities over the six months, dropping from nine to seven during the period.
No safe browser
“There is no safe browser,” senior director with Symantec Security Response, Vincent Weafer, finger-wagged. “If you’ve got a browser, make sure you’re configuring it correctly,” he added.
Although more bugs were found lurking in Mozilla than in IE, Symantec commended the open-source project for its prompt bug-fixing, with bugs usually being patched within one day of their public disclosure – the snappiest response of all measured browsers.
Opera came in second with an average two days to fix bugs, with Apple’s Safari recording a rather tardy five-days.
The notoriously leisurely Microsoft averaged nine days per patch, but that snail-like response was still faster than Sun Microsystems.
The report found that home users were targeted most (86 per cent), with the US being the numero uno source of online attacks (37 percent), thanks to its large number of compromised machines with broadband connections,
“What really surprises is the way that attackers are moving,” says Dean Turner, editor of the bi-annual threat report.
“They’re now starting to target home users quite heavily primarily because home users are the weakest link in the security chain,” says Turner.
Phishing, spamming and badboy bots
Phishing continues to grow in popularity, with Symantec identifying a total of 157,477 distinct phishing messages over the six month period, while spam accounted for 54 per cent of all monitored email traffic, up 50 per cent.
Symantec also detected more than 4.6 million active bot network computers, registering an average of 57,717 active bot network computers per day.
Bot networks are commonly used in denial-of-service (DoS) attacks and their stats revealed an average of 6,110 DoS attacks per day.
The report concluded that polymorphic viruses are likely to grow, with Web 2.0 technologies and Instant Messaging affording new opportunities for pesky hackers to wreak havoc.
The real battleground, however, should come with the release of Microsoft’s Windows Vista operating system, which will see hackers doing their damndest to circumvent its new security features.
Symantec
26 September, 2006
US Mobile TV Audience Grows 45 Percent: Telephia
The mobile TV audience soared 45 percent to 3.7 million subscribers in Q2 2006, according to a new report by telecom and new media researchers, Telephia.
Telephia’s Mobile TV Diary Report says that quarterly mobile TV revenues increased to $86 million last quarter, representing a thumping great increase of 67 percent since Q1.
“Mobile TV is the fastest growing wireless data service and marketers are working quickly to figure out how they can capitalize on what has the potential to be the most important new form of media since the advent of the Internet,” roared Tamara Gaffney, Director of Product Management, Telephia.
Telephia’s figures put ABC News as the most watched mobile TV channel in Q2 2006, notching up a hefty 40 percent share of the total mobile TV audience, followed by The Weather Channel with 32 per cent of the market.
US sports fans keen to keep up to date with results from their one-country World Championships gave Fox Sports and ESPN 31 and 29 percent, respectively.
“News and information is the killer app for mobile television. With just a quick flip of their phone it gives consumers instant gratification,” added Gaffney.
“While still in its nascent stages, mobile TV shows significant and unique promise given the ability of the consumer to shift viewing from location to location,” he continued
Mobile TV Channels Total Audience Share
1. ABC News 40%
2. The Weather Channel 32%
3. Fox Sports 31%
4. ESPN 29%
5. Fox News 22%
6. NBC Mobile News 20%
7. Comedy Central 16%
8. AccuWeather 15%
8. Discovery Kids 15%
10. Discovery Channel 13%
11. CNN 12%
11. E! 12%
Telephia
More details [businesswire.com]
12 September, 2006
‘Keeping The Faith’ Pro-Blair Website Comes Unstuck
One thing the Web is great for is reaching out to a potential audience of millions to garner support for your cause.
Politicians, campaigners and grass roots activists have all been quick to embrace the Internet as a means of furthering their political goals and spreading the message about their mission. This week has seen Tony Blair come under heavy pressure from his own party to resign as leader, with eight junior government members quitting in protest. So what better time for a Labour activist to launch an appeal on the Web to whip up support for poor old beleaguered Tony? Step forward David Taylor who has risen to the challenge and launched a new site called ‘Keeping the faith.’
Opening up with a plea to allow Tony “to get on with the job,” the site claims to represent ‘Labour members, activists and voters backing Tony Blair against a minority of MPs who want to bring him down.”
A page lists “Tony Blair’s top 50 achievements since being elected in 1997,” supported by backslapping quotes from senior Labour figures who are backing ol’ big ears all the way.
To further promote Tony’s cause the author has invited surfers to sign a petition to register their support, with a form inviting people to enter their name, email address and short comment.
There’s also a link inviting you to see who’s already signed up their support for Blair, and clicking on this takes you to a long list of names.
It starts off well, with regular members of the public adding their names until some wag realised that the site’s author wasn’t monitoring the signatories, neither had he set up email confirmations or IP checking -so people were free to post up as many times as they liked.
Quickly, the petition descended into farce, with characters like “Willo the Wisp”, “o rly?”, “Ming the Merciless” (both ordinary and ‘classic’ versions), “the guy from the picture insurance advert” and “Val Kilmer (in the style of Jim Morrison)” all joining up to support our Tony.
Before long, posters had worked out how to add pretty colours to their signatures and then moved on to embedding images.
As we went to press the petition was finally taken offline as the pages continued to fill up with daft names and pictures.
The author’s experience should hopefully serve as a lesson to anyone trying to use the web to further their political aims.
Rule one: Online petitions are like naughty children – turn your back on them for a minute and all hell is likely to break loose.
Rule two: If people can mess it up, they will.
Rule three: Like suitcases on tube stations, never, ever, leave an online form unattended.
keepingthefaith.org.uk
7 September, 2006
87% Of Email Is Steeenkin’ Spam
A new report from anti virus firm SoftScan has revealed that spam levels remain hideously high at 87.72% of all email traffic, while reports of phishing activity have soared.
Virus levels have doubled, but at 1.02% they still represent a tiny proportion of the total email scanned by SoftScan last month.
The company said that 89.5 per cent of all viruses scanned were classified as phishing malware, although this increase could be attributed to improved or additional antivirus detection.
Diego d’Ambra, chief technical officer at SoftScan, said: “Recent enhancements and developments by the antivirus industry to their scanners has meant an increase in detecting phishing emails as malware, as opposed to spam. This gives the impression that phishing has risen significantly, but is really due to the reclassification from spam to malware.”
Spam levels are expected to reduce by a few per cent soon, with the post-summer holiday rise in legitimate business email pushing the spam percentage back down to its usual level of around 85 per cent.
A breakdown of the the top five virus groups in July are as follows:
1 Phishing: 89.50%
2 Netsky: 2.44%
3 Mytob: 2.19%
4 Bzub 1.42%
5 Bagle 1.22%
Mailwasher
Here in Digital Lifestyle towers, we’re plagued with spam like everyone else, but have been long time users of the excellent Mailwasher Pro software (Windows/Mac/Linux) which lets us swot spams from our server without having to download the things.
The software analyses each email as it arrives and flags up a warning if it is suspected junk mail using fuzzy logic and filtering, and there’s also the ability to set up custom filters.
There’s also a free version available for single accounts: Mailwasher freebie – well worth checking out for nowt!
5 September, 2006
Commodore 64 Emulated In Flash
How fantastic is this? A couple of turbo-code monkeys have written a Commodore 64 (C64) emulator that runs within Flash on a Web browser.
Darron Schall from Pennsylvania and Claus Wahlers from Brazil have been working together to create this beauty.
The Flash code emulates the C64 main CPU, the 6510 (a derivative of the 6502) and most of the other chip-ery, allowing the loading of old Commodore 64 programs and run them.
The C64 was a revelation when it was first released in 1982, opening up personal computing to a whole new generation, offering the shockingly large 64k of RAM and the ability to load and save programs to a trusty audio tape recorder.
Software emulating old computer circuitry has been around for quite some years, with MAME (Multiple Arcade Machine Emulator) being a very strong example that’s coming up for its 10th birthday.
MAME was a huge revelation when it first arrived, letting users load up the ROM sets from old arcade machine and play them as if it was on the original hardware.
One of the problems with the original approach was a need to write a different version of the code for each hardware platform. This, over time, lead to MAME on Dos, MAME32 on Windows xMAME for unix-based machines, and MacMAME for Mac OS X.
The benefit of writing it in Flash is that, by writing it for a software platform (Flash), it should work on all machines that run Flash, without it needing to be re-written.
All of the emulators are a clear demonstration that the power of hardware has increased tremendously.
Software like FC64 reminds us that any hardware, or software that runs on it can, in time, be emulated as processors continue to become powerful. Beyond the fun of video games, security system can also be emulated, an argument used by those who oppose their blind use.
FC64
FC64 emulator demo
(via BoingBoing)
24 August, 2006
Camouflage Your Online Searches With Lostinthecrowd.org
Unspam Technologies has announced the launch of a new website – lostinthecrowd.org – that sneakily helps keep Web searches private.
When you use a search engine, your search enquiry is associated with a unique identifying “cookie” stored in your browser’s cache, and this can be easily accessible to prying eyes (or, in the recent case of AOL, made available to all and sundry on the Web and now fully searchable here ).
Over time, these records can provide an in-depth record of your surfing habits and provide snoopers with information you’d perhaps like kept to yourself.
Of course, routinely clearing the cookies from your browser is the safest option, but Lost in the Crowd takes a different approach by automatically placing random queries through the search engines you use from your tracking cookie.
While it won’t stop your search queries being indexed, it will help camouflage your activities as Eric Langheinrich, CTO of Unspam explains, “It’s as if you had a bunch of monkeys running searches on your behalf. While search engines would still see your real searches, it would be hard for them, or anyone who may subpoena their data, to separate those searches you care about from those the monkeys randomly typed in.”
“Your identity, in any meaningful way, becomes ‘lost in the crowd,” he added.
Langheinrich said that Unspam has no intention of making any money out of the service, citing that the site’s sole purpose was to focus people to the issue of online privacy.
Although we can see this coming in useful in some situations, we’d always recommend that users make a habit of regularly cleaning out their browser’s history (in Firefox, it’s Options -> Privacy -> History), or use the truly excellent freeware cleaning application CCleaner (Windows only, www.ccleaner.com)
www.lostinthecrowd.org
23 August, 2006
Mobile Internet Population Hits 34.6 Million In US
With more Internet-enabled handsets on the market, it’s not surprising that more punters are getting a bit of Web action on the move, with email and weather sites being the top two most visited mobile sites.
According to mobile data spods Telephia, the population of the “mobile Internet” clicked up to 34.6 million users in June 2006, up 6 percent from the 32.7 million users recorded by the company in January.
Their figures also revealed that once punters are hooked up to the mobile Internet, their addiction grows, with users notching up an average 34.3 sessions in June, compared to 31.4 user sessions in January.
Bernard Brenner, director of mobile content for Telephia commented, “Even as the subscriber rate grows, the number of people using the mobile Web is also increasing. It’s an increasing number in an increasing market.”
Top US Mobile Websites (June 2006)
The top ten of the most popular mobile Websites contains the expected big names, with Yahoo Mail being the most viewed, registering a unique audience of 6.51 million mobile users, accounting for 3 percent of subscribers.
This is followed by the Weather Channel with 5.9 million users and a 2.7 percent share, with ESPN.com in third place with 5.3 million users /2.5 percent.
In fourth place is Google Search (4,356/2.0 per cent) and then MSN Hotmail (3,441, 1.6 per cent), MapQuest (3,067/1.4 per cent), AOL Mail (2,907/1.4 per cent), CNN (2,799/1.3 per cent), Yahoo! Weather (2,740/1.3 per cent) and, finally, Yahoo! Search (2,531/1.2 per cent).
When it comes to mobile browsers, Openwave, Motorola and Nokia browsers have the highest adoption rates, with Openwave registering more than a quarter of all mobile Web users.
Telephia
16 August, 2006
Visual Radio Finally Launches with O2 and Virgin Radio
We’ve been keeping our eyes on Background on how it all works).
Today it’s been announced that two radio stations in the UK, Virgin Radio in London, and GWR FM in Bristol will be launching support for the service, with Virgin Radio leading this week.
There are three partners involved, HP supplying the backend, O2 carrying the data, and the radio stations providing the content.
James Parton, Head of Music, TV and Radio products at O2 comments, “The in-built radios in many of our handsets have always been popular with people who are always on the move, but now visual radio lets you really interact whether that is with the actual DJ themselves or downloading ringtones of your favourite songs over the O2 network.”
In covering the main reason that Virgin Radio are interested in it, James Cridland, Director of Digital Media at Virgin Radio, said “It can also give advertisers a more dynamic platform to communicate their messages.”
As we’ve covered many times before, one of the sticking points is whether the already-burdened mobile subscriber will be prepared to pay extra money to use these services.
O2 have announced the usage charges of Visual Radio. At O2’s standard data rates of £3.00 per Mb dependent on tariff or O2 Browse and Download bolt-ons from £3 for 2mb and £5 for 4mb.
Although the amount of data that will be transferred won’t be that considerable, with small graphics being the most hefty, it will still cost people money to listen to the radio – something they’re not used to.
People may also legitimately ask why they should pay to help enhance people advertising to them.
Earlier this week Nokia bought Loudeye, the company that they partnered with to process their music.
Visual Radio
11 August, 2006
Google Adds New Security Features
Search engine giants Google have introduced a new feature which alerts punters about search results that could potentially lead them to dodgy sites with malicious code.
Using data from the Stop Badware Coalition – a non-profit organisation who also enjoy support from Sun Microsystems and Chinese PC maker Lenovo – Google will now flag up sites that could be hosting malicious software.
Whenever a suspect link is clicked on from Google’s search engine results, punters will be whisked off to a warning page which says, “Warning – the site you are about to visit may harm your computer!”
If that hasn’t already scared the bejesus out of surfers, the page suggests that users trot along to StopBadware.org in double quick time and, “learn more about malware and how to protect yourself.”
The ‘interrupt page’ also offers options for users to return to the search page and select a different result, try another search, or – if they’re feeling brave/stupid enough – continue on to the potentially dodgy site.
In time, Google says it will replace the generic “DANGER WILL ROBINSON!” alerts with pages containing more specific information about the iffy Web sites.
285 million dodgy clicks a month
It is hoped that this new initiative will go some way to solving the problem that is partly created by the search engines themselves.
With search engine results routinely displaying links to sites stuffed full of spyware and adware, it is reckoned that US surfers arrive at on malicious sites about 285 million times per month – all from clicking on search results from the five major search engines.
Curtain twitching for surfers
John Palfrey, a professor at the Harvard Law School and one of the main movers behind the scheme, explained the Coalition’s motives: “We’re not going to say don’t do it. What we want to do is basically give people some more information about what might happen to their computer.”
Likening the scheme to a “Neighbourhood Watch” programme, the program is a collaborative effort between Harvard and Oxford University, and invites surfers to report sites that have malicious code on them whenever they find them.
All reported sites are then checked by a human before being flagged as a wrong ‘un.
So far, Google is the only major search engine to sign up to the Stop Badware Coalition, but Palfrey hopes that others will start to use their database of dodgy sites too.
StopBadWare
7 August, 2006
Online Banking In The UK Leaves Customers Short-Changed
UK banks may be gleefully reporting big fat profits every quarter, but new research from eService provider Transversal claims that online customer service from Britain’s banks has sunk to an all time low.
Their study found that fifty per cent of the major banks surveyed were so rubbish that they were unable to answer a single one of ten basic customer questions asked via their websites (these questions were based on typical customer enquiries about credit card offers, borrowing and mortgages etc).
A minority of banks, however, achieved excellent results, revealing the growing gulf between the best and worst performing banks.
Taken as a whole, the sector registered a lamentable average of 2.5 out of ten, managing to answer just 25 per cent of common questions.
Although this looks like an utterly abysmal score, things have actually got worse over the past year, with only two banks scoring nul points in 2005, and the sector mustering up a mighty average of three questions answered.
Despite 56 per cent of Brits now using online banking, these results suggest that banks are more interested in increasing profits by closing down High Street stores than serving their customers, with further cost-cutting measures seeing call centres shunted offshore into unknown foreign lands, often increasing customers’ frustration.
No email contacts for customers
As if to wind up their customers further, sixty per cent of bank websites didn’t allow consumers to contact them via email, forcing them to ring up and face the horrors of ‘on hold’ phone music.
Of the forty per cent that bothered to provide an email address, there was clearly no rush to answer their customers’ questions, with the banks taking a leisurely average of 22 hours to respond.
The fastest response was a still-casual 8 hours – a whole working day – while the slowest was a massive 69 hours: enough time, the report noted, for the beleaguered customer to hop on a plane and travel to the offshore centre to ask the question personally.
The study also noted that only half of the major banks troubled themselves to provide a Frequently Asked Question (FAQ) page, and in many cases these were lurking in dark corners of the site, and not clearly marked for users.
A summary of the overall 2006 average banking results is as follows:
Average number of questions answered online: 2.5 out of 10 (2005 findings: 3)
Percentage of companies that responded to email correctly: 40% (2005 findings: 55%
Average email response time: 22 hours (2005 findings: 17 hours)
Percentage with customer FAQ pages: 50% (2005 findings: 60%)
Percentage with customer search: 60% (2005 findings: 40%)
Transversal
2 August, 2006