ID: IRCNE2011071180
Date: 2011-07-12

According to "ITPRO", Yahoo has been called on to change its terms and conditions so it can’t legally scan user emails.
The internet giant was criticised by Which?, the consumer group, which said Yahoo had introduced changes to its T&Cs so it could scan emails for data to use for advertising purposes.
Yahoo said its scanning technologies were being implemented to block spam as well as to offer relevant adverts to users.
Yahoo should abandon these changes before the crucial bond of trust between it and its users is damaged beyond repair.
Big Brother Watch director, Daniel Hamilton, said today the email provider’s actions were “disappointing,” calling on the company to go back on its decision.
“Web users have a right not to see their personal messages trawled through in order to boost Yahoo's advertising revenue,” Hamilton told IT Pro.
"Yahoo should abandon these changes before the crucial bond of trust between it and its users is damaged beyond repair."
A Yahoo spokesperson told the BBC a box would appear asking for users' consent before any scanning ensued.
The technology will “look for keywords and links to further protect you from spam, surface photos [photos sent from friends which then won't go straight to spam] and in time, serve users with interest-based advertising,” the spokesperson said.
Yahoo isn’t the only provider which carries out email scanning. Google does the same with Gmail, saying it does so to filter spam and identify potentially harmful material.

ID: IRCNE2011071179
Date: 2011-07-12

According to " infosecurity-magazine", Panda Security is offering a free edition of its flagship IT security software with a three month licence.
The promotion involves users playing a simple online game called `Malware Invasion' after which internet users can obtain a free copy of the software, plus a three month licence.
The game forms part of a new campaign entitled `Protect your family' that Panda is launching this summer, which seeks to raise the awareness of IT security in several markets.
According to Lucian Constantin of Softpedia, the gameplay is pretty simple and only requires mouse clicks. The goal, he notes, is to catch infected files before they reach a virtual hard disk.
"Players can choose to battle with several types of threats including viruses, worms, trojans, phishing and spam.
Interestingly, the version of the software that Panda is offering is an extended trial edition that requires no registration or licence key information.
Softpedia notes that users do not even need to provide an email address to register the product.

ID: IRCNE2011071178
Date: 2011-07-12

TechWorld- Google's new social networking site Google+, built to beat Facebook primarily on privacy features, has several privacy bugs the company is working to fix.
While some enthusiastic beta testers clamour for Google to open the social networking site to everybody now, it's clear Google needs to address these issues before launching Google+ more broadly.
Stumbling right out of the gate over privacy problems would likely doom Google+'s chances of emerging as a viable, realistic rival to Facebook, which rules the social networking market with about 700 million account holders.
So far, beta testers have been mostly positive about Google+, particularly over its design to make it easier for users to share posts and content with different sets of people, as opposed with their entire list of contacts.
Many of the existing privacy bugs in Google+ revolve around the site's mechanism to block users, according to a list of known problems Google has published and is in the process of fixing.
For example, after a user blocks someone, that blocked person may not always be removed from the user's extended circles and the blocked person's posts will remain on the user's activity stream. Likewise, the user's posts made prior to the blocking will remain on the blocked person's stream.
In addition, after blocking someone, a user could remain on the blocked person's circles, and the user may still appear on the blocked person's profile as being part of their circle. About the latter bug, Google wrote: "We're working hard to improve this experience."
Google is also working to address a number of non-privacy related bugs.

ID: IRCNE2011071177
Date: 2011-07-12

According to"computerworld", Security researchers have found more malicious Android apps on Google's official download site and being spread through Chinese app stores.
On Friday, Lookout Security spotted four apps on the Android Market that were infected with a variant of the "DroidDream Light" malware which has now plagued the e-store three times this year.
And today, researchers announced they had found new malware that forced Android smartphones into texting a premium number.
Lookout's find was the third instance of DroidDream-infected applications making it into Google's e-store, following an original run in March and a second in early June. Those two campaigns forced Google to pull over 80 poisoned apps from its store.
On an Android smartphone, DroidDream Light can prompt owners to download other apps from the market, bait users with a malicious URL or even automatically download more apps to the device.
Lookout said one way that Android users can avoid malware is to carefully examine the access permissions an app asks for.

Link:
Google removes suspicious apps from Android Market

شماره: IRCNE2011071176
تاريخ:20/4/90

شركت اپل روز پنجشنبه اعلام كرد كه در حال رفع رخنه امنيتي سيستم عامل موبايل iOS است كه اين سيستم عامل به صورتjailbreak در دستگاه هاي آي پد، آي فون و آي پد لمسي استفاده مي شود و ممكن است به زودي توسط افراد خرابكار مورد سوء استفاده قرار بگيرد. اين رخنه امنيتي كه شامل دسته فونت هاي iOS جاسازي شده در فايل هاي pdf است، روز چهارشنبه با انتشار JailbreakMe 3 آشكار شد. JailbreakMe3 ابزاري مبتني بر وب است كه به كاربران اجازه مي دهد به راحتي دستگاه هاي خود از جمله آي پد 2 را مجهز به jailbreak كنند. Jailbreaking به كاربران اجازه مي دهد تا يك دسترسي كامل به دستگاه هاي آي پد خود داشته باشندتابتوانند آي پد لمسي خود را به ميل خود تغيير دهند و همچنين بنوانند برنامه هايي غيراز برنامه هاي تائيد شده توسط اپل را روي دستگاه هاي خود نصب كنند.
شركت اپل اظهار داشت، انتظار آن را دارد كه در يك به روز رساني امنيتي در آينده اي نزديك اين آسيب پذيري را اصلاح كند.
اداره امنيت اطلاعات آلمان روز چهارشنبه پيامي مبني بر اينكه، اين رخنه امنيتي مي تواند توسط افراد خرابكار منجر به نصب بدافزار روي دستگاه كاربران شود، منتشر كرد.
اين رخنه امنيتي روي دستگاه هاي آي پد، آي فون و آي پد لمسي كه سيستم عامل iOS نسخه هاي 4.3 تا 4.3.3 روي آن ها نصب شده است، تاثير مي گذارد. كاربران اين دستگاه ها بايد قبل از باز كردن اسناد pdf از منابع نامعتبر احتياط كنند.
هكر jailbreakMe 3 كه از نام مستعار Comex استفاده مي كند، يك اصلاحيه غيررسمي براي اين رخنه را منتشر كرده است و آن را روي برنامه هاي كاربردي فروشگاه Cydia قرار داده است. اين اصلاحيه كه با عنوان اصلاحيه 2 pdf شناخته مي شود، تنها روي دستگاه هاي jailbroken قابل نصب است.

مطالب مرتبط:
هك شدن iPhone بواسطه آسيب پذيري فونت zero-day

شماره: IRCNE2011071175
تاريخ:20/4/90

موزيلا روز جمعه اعلام كرد كه براي مقابله با مشكلي كه در سيستم عامل Lion شركت اپل وجود دارد، فايرفاكس را به روز رساني مي كند.
موزيلا در وبلاگ خود اعلام كرد كه فايرفاكس نسخه 5.0.1 به زودي عرضه مي شود اما تاريخ دقيق انتشار آن را مشخص نكرد. اين به روز رساني، خارج از نوبت بوده و تنها براي كاربران Mac است و كاربراني كه از سيستم عامل هاي ويندوز و لينوكس استفاده مي كنند، نيازي به اين به روز رساني ندارند. به گفته موزيلا سيستم عامل Mac OS X نسخه 10.7 معروف به Lion حاوي يك اشكال است كه باعث مي شود موزيلا نسخه 5، به هنگام نمايش وب سايت هايي كه نياز به فونت هاي قابل دانلود دارند، با مشكل مواجه شود.
كريستوفر بليزارد مدير پلت فرم وب سايت موزيلا در وبلاگ اين شركت اعلام كرد: ما قبل از انتشار Lion به اپل در مورد اين مشكل هشدار داديم ولي آن ها قبل از انتشار Lion مشكل را برطرف نكردند. بليزارد اضافه كرد: اگر مشكل سيستم عامل Lion برطرف نشود باعث بروز مشكلات جدي براي كاربران موزيلا نسخه 5 مي شود.
به همين منظور موزيلا فايرفاكس نسخه 5.0.1 را منتشر مي كند، هم چنين شركت موزيلا فايرفاكس نسخه 3.6 را به روز رساني مي كند تا در صورت اجراي اين مرورگر روي سيستم عامل Lion، فونت هاي وب قابل دانلود غير فعال شوند. بليزارد به كاربران فايرفاكس نسخه 3.6 هشدار داد كه ممكن است با مشكل ديگري نيز مواجه شوند.
احتمالا موزيلا، اواسط آگوست فايرفاكس نسخه 3.6 را بعد از آخرين به روز رساني امنيتي، بازنشسته كند.
موزيلا در حال حاضر API فونت هاي جديد در نسخه هاي مك را براي هر دو نسخه بعدي اين مرورگر يعني نسخه هاي 6 و 7 تغيير داده است. فايرفاكس نسخه 6، كه هفته گذشته به وضعيت بتا رسيد، براي انتشار در 16 آگوست آماده است. حال آنكه فايرفاكس نسخه 7 كه موزيلا آن را "Aurora" مي نامد، 27 سپتامبر عرضه مي شود.

ID: IRCNE2011071176
Date: 2011-07-11

According to" scmagazineus", Apple on Thursday said it is working to fix a security flaw in its iOS mobile platform that is being used to jailbreak iPad, iPhone and iPod Touch devices and may soon be leveraged by more nefarious individuals.
The flaw, which involves the way iOS handles fonts embedded in PDF files, was revealed on Wednesday with the release of JailbreakMe 3, a web-based tool that allows users to easily jailbreak their devices, including the iPad 2.
Jailbreaking allows users to gain full or “root” access to their device and thereby install applications that are not available through Apple's official App Store.
Apple said it expects to fix the vulnerability in a forthcoming security update, but did not specify a time frame.
Germany's Federal Office for Information Security on Wednesday issued a warning that the flaw could be used by criminals to install malware on users' devices and steal confidential information.
The flaw affects iPad, iPhone and iPod Touch devices running iOS versions 4.3 through 4.3.3. Users of these devices should be cautious before opening PDF documents from unknown sources, German officials warned.
The hacker behind JailbreakMe 3, who uses the alias Comex, has released an unofficial patch for the flaw and made it available on the third-party app store Cydia. The fix, known as PDF Patch 2, can only be installed on a jailbroken device.

Link:
iPhone hacked with zero-day font vulnerability

ID: IRCNE2011071175
Date: 2011-07-11

According to 'itworld', Mozilla on Friday said it would update Firefox for the Mac to deal with a bug in Apple's impending Lion operating system.
Firefox 5.0.1 is "coming soon," Mozilla announced in a blog post, but did not set a release date. Users running Microsoft Windows or Linux will not see the update.
According to Mozilla, Mac OS X 10.7, aka Lion, contains a bug that causes Firefox 5 to crash when displaying websites that use downloadable fonts.
"We alerted Apple to the problem before the release of 10.7 but they did not fix the problem before 10.7 went to final release," Christopher Blizzard, Mozilla's Web platform director, said on the company's blog.
The bug in Lion will cause "severe crash problems" for Firefox 5 users if it's not fixed, added Blizzard.
Mozilla releases Firefox 5.0.1 for the Mac, the company will also update the older Firefox 3.6 to disable downloadable Web fonts when the browser runs on Lion.
But Blizzard warned Firefox 3.6 users running Lion that they may notice another problem. Mozilla is planning to retire Firefox 3.6 soon , perhaps as early as mid-August after it ships a final security update for the 18-month-old browser.
Mozilla has already changed to the new font APIs in the Mac versions of both Firefox 6 and Firefox 7, the next two versions of the browser. Firefox 6, which reached beta status last week, is slated for an Aug. 16 release, while Firefox 7, now currently in what Mozilla calls its "Aurora" channel, is to ship Sept. 27

ID: IRCNE2011071174
Date: 2011-07-09

According to 'zdnet', Apple’s newest iPhone devices have been hacked with a zero-day font vulnerability in the latest iteration of the JailbreakMe.com project.
The JailbreakMe.com exploit allows the automated jailbreaking of iPhone/iPad/iPod Touch devices from a specially created Web site.
It is essentially a drive-by download attack that exploits the way Apple’s mobile operating system processes certain fonts. Technical details of the vulnerability are not yet know.
It is likely being combined with a second privilege escalation bug to escape the iOS sandbox, much like the first version of the jailbreak exploit.
Along with the jailbreak exploit, “Comex” also released a patch for the main vulnerability.
“Due to the nature of iOS, this patch can only be installed on a jailbroken device. Until Apple releases an update, jailbreaking will be the best way to remain secure,” he explained.

شماره: IRCNE2011071174
تاريخ:18/4/90

دستگاه هاي جديد iPhone بواسطه آسيب پذيري فونت zero-day در آخرين از سرگيري پروژه JailbreakMe.com، هك شدند.
اساسا اين آسيب پذيري يك حمله راه اندازي بوسيله دانلود (drive-by-download) است كه فونت ها ي مشخصي از پردازش هاي سيستم عامل موبايل اپل را مورد سوء استفاده قرار مي دهد. جزئيات فني اين آسيب پذيري هنوز شناخته شده نيست.
اين احتمال وجود دارد كه اين آسيب پذيري با تشديد يك خطاي امنيتي براي فرار از iOS sandbox تركيب شده است، و بسيار شبيه به سوء استفاده از نسخه اول jailbreak است.
هكر jailbreakMe با نام مستعار "Comex"، نيز همراه با سوء استفاده از jailbreak، يك اصلاحيه غير رسمي براي آسيب پذيري اصلي منتشر كرد.با توجه به ماهيت iOS، اين اصلاحيه تنها روي دستگاه هاي jailbroken مي تواند نصب شود.