http://www.securityn...iphone-bug.html

Apple iPhone and iPad users surfing the Web with Safari could easily and with almost no warning end up on spoofed websites controlled by identity thieves, according to a proof-of-concept hack demonstrated by the German company MajorSecurity. The security glitch exploits a JavaScript error in the way JavaScript's window-opening method handles URLs, and, as David Vieira-Kurz of MajorSecurity wrote in a blog post, "This can be exploited to potentially trick users into supplying sensitive information to a malicious Web site."

Vieira-Kurz said an attacker could theoretically encode the information in the address bar "in a certain way, which may lead users to believe that they're visiting another Web site than the displayed Web site." MajorSecurity demonstrated the proof-of-concept exploit; on a device running iOS 5.1, the researchers tricked the URL bar into displaying www.apple.com, when in fact the website was actually hosted by www.majorsecurity.net.

The flaw affects the mobile Safari browser on iOS 5.1, the most up-to-date version of Apple's smartphone and tablet software, and the previous version, iOS 5.0.1, and has been tested on the iPhone 4, iPhone 4S and both the new iPad and the iPad 2.
Apple did not immediately respond to a request for comment. SecurityNewsDaily tested out the proof-of-concept exploit, and discovered that the spoofed website appears in a very small window on all browsers except iOS Safari. In Safari, the spoofed site takes up the entire screen, preventing victims from knowing they are navigating to a phony, and potentially malicious, site.

http://news.cnet.com...ed-on-april-23/

Though the first announcement is just around the corner, rollouts from Apple, HP, Dell, Sony, Toshiba, and others are expected to be staggered.



by Brooke Crothers April 12, 2012 12:17 AM PDT


The first wave of Ivy Bridge systems from PC vendors should include quad-core mobile laptops like the HP Envy 15.(Credit: Hewlett-Packard)

The first of a series of Ivy Bridge chip announcements is expected on April 23, CNET has learned.
Previously, CNET had been told the launch would happen between April 23 and April 29. Buy today an industry source familiar with Intel's plans said the initial rollout will happen on April 23.

Ivy Bridge is the first in a series of upcoming Intel mainstream chips that emphasize graphics and multimedia processing.
Preliminary benchmarks demonstrate the chip's graphics prowess compared to earlier Intel designs.
Ivy Bridge is also the first Intel chip to employ new 3D transistors and the first to support USB 3.0 (in the companion chipset).

Rumors have Apple bringing out a thinner 15-inch MacBook model in the coming months as well as 13-inch MacBooks. Those systems will likely tap Intel's more power-efficient Ivy Bridge chips.

And Hewlett-Packard, Dell, Sony, Toshiba, Acer, and Asus will update and/or bring out new systems. These will run the gamut of laptop designs, but more systems are expected to be thin. Even many higher performance systems are expected to have a slimmer chassis.

Those laptops typically use a separate graphics chip from suppliers such as Nvidia.

Though the first Ivy Bridge announcement will come this month, rollouts are expected to be staggered. As Intel has done in the past, quad-core chips appear first followed by the most power-efficient processors that go into ultrabooks and the MacBook Air.
Responding to reports about delays earlier in the year, Intel said some power-efficient mobile products may launch a few weeks later than originally planned.

http://www.securityn...-antivirus.html

Anti-virus software is arguably the most critical component to keeping you safe and your computer running smoothly, which makes well-crafted fake anti-virus apps that take advantage of people's security fears such a serious threat. Symantec researchers have discovered a new fake AV app called "Windows Risk Minimizer" that is particularly persistent in scaring its victims into handing over their money. Promoted through spam emails, the scareware scam starts when people click on rigged links in the messages that take them to compromised websites and, ultimately, to the site hosting the fake anti-virus software.

The fake anti-virus software doesn't actually infect victims' computers with any malware, but takes them through a serious of hoops that could end with them paying for protection they don't need.The first part of the multistep fraud scheme arrives in the form of a JavaScript alert claiming the fake AV software — in this step, it's referred to as "Windows Secure Kit 2012" — "has found critical process activity on your PC and will perform fast scan of system files!"

If the poor wording doesn't tip you off that something is suspicious and you click "OK," a fake threat scan appears to take place, and, of course, it tells you, falsely, that yout your computer is infected with numerous worms and Trojans, including Morto, a particularly vicious and evasive Windows worm found last August, as well as Ramnit, a piece of financial malware capable of harvesting Facebook users' credentials. Scary, right? The crooks behind this scam hope so, and the Adobe-Flash-based Web pages make the whole thing seem pretty genuine. And it's a Microsoft product, so it has to be the real thing, doesn't it?

To ease your insecurities, the scammers provide a convenient pop-up "Windows Security Alert" informing you that your system is "at risk of crash," but can be spared if you choose to eliminate the Trojans by clicking "Remove All." That button, however, is the trigger; clicking it prompts users to download the malicious "Windows Risk Minimizer" program, which identifies what it says are even more infections before unleashing an onslaught of pop-up warnings and alerts, ultimately leading to a page that offers to get rid of these problems for $99.

Theoretically, the criminals could deplete your entire account, as the payment page asks for name, your full credit card number, expiration date and three-digit security code.

Scareware scams, especially multistep ones like this, can be difficult to extract yourself from once you've taken the bait, but legitimate anti-virus software can detect these impostors before they get to you. And a little skepticism — don't trust unsolicited emails, suspicious links or pop-up warnings — can go a long way in keeping you safe.

http://youtu.be/xrYRH3PYYT0

PostSecret is a site where people can send in anonymous postcards detailing their secrets.

I've been visiting the site on and off for the pass couple of months and for the most part, it has been enjoyable.

The secrets that are uploaded on a weekly basis every Sunday at the site can be funny, depressing, disturbing, sad, and downright weird. However, some of the so-called secrets are not really secrets; they are attention whore statements where the person who sent them in are receiving attention for them without actually receiving attention. Also, quite a few can scream fake, not true secrets.

A lot of the secrets kind of wake me up to reality in a way of letting me know that there are still some sad, sick n' twisted, racist, manipulative, back-stabbing, and any other negative adjective you can apply to people out here.

Anyhow, I've been tempted to drop off some secrets at the local post office myself but, even though they would be anonymous, I'm still not too keen on my secrets being "spilled" out on the net for everyone to see. Whether people know who the secrets belong to or not.

http://www.postsecret.com/

Here are a couple of secrets from the recently uploaded list for this week today:





Those are pretty mild compared to other ones I've seen but, since the site owner doesn't archive the secrets you have to Google some third party PostSecret archive sites to get to read some older, and much more juicier, crazier secrets.

So, do any of you have secrets at PostSecret? HMMM????

Speak up or forever hold your peace!!!!

Care to explain what's so shabby about the i3, i5, and i7?

Not instigating at all, just really curious.

God help me if I know what they are actually going on about in this song.

Is this a seance for Satan?!

O_O

God help me.

Sweet drums though.

http://www.youtube.c...player_embedded

Yeah, I saw the report on her on Entertainment Tonight.

It's sad though.

Wow, how did you find this? It's awesome! =D

http://www.cracked.c...king-music.html

No.

No.

No.

That's like telling people to ALT-F4.

Or couples who just keep on trying? =/

Anything with the name "Dickface McGee" is malicious. >=(

Uh, yeah, as of today. =/

Ah, yes. I see now.

I remember toonami. That was a long time ago. >.>

Indeed.

But, a good time long ago.

http://www.toonamiaftermath.com/

A lot of you probably already have the various, once shown on Toonami anime in your collection (whether DVD or torrent) and have long since moved on from Toonami. But, sometimes it's nice to relive the good times of your past if you can.

Well, at Toonami Aftermath, you can.

This is NOT self-promotion. >.>

dat space ghost

also also... how is that legal? >_>

Legality! HOW DOES THAT WORK?!

Fucking lawyers be lying and shit, they pissing me OFF!

Nobody knows..... >.>

Hello Hoser! Welcome and have fun!

Not sure how many of these will be as funny sober, but.. >.>


"I wanted to text you marilize legajuana, but then I forgot how to spell marilize legajuana."

"So all you need is a midget to get in there and you can steal those cars?" <~~ Me
"Pretty much.Our car has one of those." <~~ Her
"A midget?" <~~ Me

"He ran away to northern Canada. I mean, who does that? Even Canadians don't go there."

The chosen ones my dear, only the chosen ones.

http://www.securityn...ard-breach.html

10 Million Visa, MasterCard Numbers Breached, Blog Reports


This story was updated with more information at 12:45 p.m. ET and at 5 p.m. Friday.

MasterCard and Visa have reportedly suffered a data breach at a processor that may have resulted in more than 10 million compromised credit- and debit-card numbers.

On his KrebsonSecurity blog, noted cybersecurity researcher Brian Krebs said the breach, at an unnamed U.S. card processor, occurred between Jan. 21 and Feb. 25. In warnings to banks across the country, Visa and MasterCard said full Track 1 and Track 2 data was stolen, "meaning that the information could be used to counterfeit new cards," Krebs said.

(Data on Tracks 1 and 2 on magnetic-stripe cards include a cardholder's name and account number, as well as information that is read by ATM and credit-card processing machines, including the card's expiration date, security-verification code and encrypted PIN.)

Krebs' sources in the financial sector called the breach "massive" and said it may involve more than 10 million compromised credit card numbers. Many of the cards had been used "in parking garages in and around the New York City area." It is not known how many individual cards were compromised. Visa and MasterCard did not return calls for comment from SecurityNewsDaily.

On Wednesday (March 28), Public Service Credit Union (PSCU), a group that provides online financial services to credit unions, alerted 482 credit unions impacted by the breach, Krebs said. A total of 56,455 members' Visa and MasterCard accounts were compromised, the PSCU said, and fraudulent activity was detected on 876 accounts.

UPDATE: Brian Krebs updated his blog posting later Friday morning to include confirmation from Visa, which stressed that the possible breach was at a "third party entity affecting card account information from all major card brands."
The Wall Street Journal reported that the third-party entity was Atlanta-based payment processor Global Payments, Inc.
MSNBC and FoxNews.com received confirmation from MasterCard that the company was "currently investigating a potential account data compromise event of a U.S.-based entity" and that the breach was "the subject of an ongoing forensic review by an independent data security organization."

Both Krebs and financial-security expert Avivah Litan heard from sources that the breach was tied to a Latino gang — Krebs called the gang "Dominican," Litan "Central American" — operating in the New York area. Litan said the gang may have broken into computers at a New York taxi-and-parking company, adding that "if you’ve paid a NYC cab in the last few months with your credit or debit card — be sure to check your card statements for possible fraud."

UPDATE: At the end of the working day Friday, Global Payments, Inc., confirmed to Krebs that it had been breached.
"In early March 2012, the company determined card data may have been accessed," the company's statement read in part. "It immediately engaged external experts in information technology forensics and contacted federal law enforcement. The company promptly notified appropriate industry parties to allow them to minimize potential cardholder impact. The company is continuing its investigation into this matter."

The company will be holding a conference call at 8 a.m. ET Monday (April 2). Krebs has information on how to access the conference call.

I'm going to buy one and then.....

*Cues Lady GaGa*

I'm curious to know if members can create their own themes and possibly have the themes used as an theme option for the forum as a whole?

If so, how would one go about creating the themes?

While my CSS is rusty, I do know it though. Also, would CSS be the only thing needed? Any particular images to use?

Hello, welcome, and have fun!