Movie Techno Latest

Last week, security company announced triumphantly VUPEN have found a serious vulnerability in the role sandboxing (isolation of processes) Chrome browser. Google categorically denies the information.

In March 2010, Google announced a rewards program for detection of vulnerabilities in Chrome and Chromium. This standing offer has interested many hackers and computer security companies, especially because Chrome has proved impenetrable, especially when compared with competing browsers, Internet Explorer, Safari and Firefox, among others.

On 10 May, the company said VUPEN have detected a serious vulnerability in the sandbox of Chrome, which according to its description could be used to destroy all the security features of the browser. The alleged vulnerability was demonstrated in a video, but Google could not initially confirm or deny the report because they did not get the technical details of VUPEN.

However, several developers of Google studied the subject for its own account and categorically rejected that the vulnerability is based in Chrome itself. Via Twitter, the programmer Tavis Ormandy attributed the problem to a bug in flash, but not before mentioning that “As usual, security journalists do not bother to check facts. VUPEN not understand how that works sandboxing Chrome. “

Meanwhile, the security expert Dan Kaminsky, who is not connected or Google or VUPEN, has posted on his blog a post titled
VUPEN versus Google: Both are right (almost), which gives reason to VUPEN noting that Google has failed to penetrate the basic sandbox Chrome. Instead, he says, VUPEN has taken a detour around the sandbox attacking the sandbox where Google runs its special version of Flash Player. This last item would be much less secure than primary sandbox, said the expert. Kaminsky notes that Google itself said during the recent Google I / O, that this element is a “partial sandboxing.”

However, Kaminski differs from Google’s efforts to disqualify VUPEN, and if the company has violated or not the browser Chrome. Kaminsky says Google, the distributed Flash Player with Chrome, must assume full responsibility, because Flash is equivalent to other third-party solutions are incorporated into the browser, such as WebKit, SQLite and WebM. “It is quite normal to take responsibility for imported libraries,” writes Kaminsky.

Image: The literal translation of sandbox is “sandbox”, but in this case refers to the isolation of processes in the browser, just for security purposes.

Mafiaa extension, Firefox, find alternative domains for sites closed by authorities. Mafiaa extension has caused discomfort in the U.S. security agency within Homeland Security, because it allows to circumvent the administrative or judicial action that led to the closure of the site. Why Homeland Security has contacted Mozilla, demanding to withdraw from circulation the controversial application.

However, Mozilla refuses to accede to the request, saying that Homeland Security has no right to demand it, and that any request must be issued by the U.S. courts, not the executive.

“Homeland Security has not returned to contact, nor have we received a legal opinion on the matter, ” writes Harvey Andersson, head of legal affairs for Mozilla, the organization’s blog.

Andersson also relates to the substantive issue, questioning the power of the authorities, and openly reviewing the request of Homeland Security violates a free Internet. Andersson points out that the Mozilla Foundation at all times be governed by judicial opinions and other requirements covered by the law. Add that to the case of Mafiaa, still no legal requirement whatsoever that supports the request of Homeland Security.

Source: Blog of Mozilla Andersson Havey

An unidentified group of hackers Sony announces new attacks, allegedly as punishment for the way the company reacted to the first spike, in which information was stolen 77 million users.

Reportedly, Sony waited a week before informing the public about what happened. Also in the forums dedicated to the subject there are many voices saying that the company has not been generous in offering compensation to affected users.

Sony has not given reliable information to confirm or disprove whether the unknown carved out credit card information during its intrusion. On the other hand, no reliable information has emerged to confirm the theft.

According to Cnet, hackers, identity unknown, say they have full access to the servers of Sony, despite all the security measures installed by the company after the attacks of recent weeks. Cnet indicates that it is the same group of hackers responsible for the attack on Easter.

Sony itself has attributed the attacks to the group of “hacktivism ” Anonymous, but without providing concrete evidence. When Sony came under attack in early April, the organization itself Anonymous has claimed responsibility for cyber hostilities. At that time, the Anonymous was committed in revenge for legal actions against Sony hacker GeoHolt “who managed to breach security systems PS3, making it possible to run pirated games on the console.

Sony’s legal action ended in a settlement with GeoHolt.

A few months ago we refer to a powerful computer virus Stuxnet and Windows still weak points in front of him. For those who do not know, this worm was the same as that rocked Iran’s nuclear program a few months ago.

The computer virus and born Israeli intelligence

We has seen a new information about this computer virus, it is not something that is not of course had as its principal victim was the government of Iran, but require confirmation. The State of Israel was responsible for expanding the Internet.

Read the rest of this entry »

The protection of an iPhone using a PIN code is insufficient. Following five simple steps, an identity thief can access the list of passwords stored in your Apple.

When removing the SIM card and make a jailbreak the phone (ie, alternative software installed on it not certified by Apple) and upload to the device a script (automated procedure, security experts Fraunhofer Institute Secure Information Technology (Fraunhofer SIT) were able to access the registry keys (keychain) of an iPhone. Keychain contains all user names and passwords phone, stored in a simple text list.

Read the rest of this entry »