Facebook has become one of the most popular websites on the internet, 500 million people login to the site every day. While it is a great tool to stay in touch with your friends, Facebook is generating huge profits by targeted ads. But even if you are logged out and also if you are not a Facebook member – Facebook is tracking every step you make on the web by tracking the websites you visit via the like-button that has been implemented on almost every website nowadays.  Does that make you uncomfortable? Well, it probably should. But there is a simple solution.

While Facebook denies that the like-buttons are used to generate surfing profiles it is technically possible. The only way to be sure is to prevent third party websites you visit from sending information back to Facebook. This can be done by simply blocking Facebook services such as the like-button from being loaded in your web-browser. The perfect tool for that is Adblock Plus, a free browser extension available for Firefox and Google Chrome. Adblock Plus is a content blocker, depending on blocking filters it can eliminate any kind of content from the internet. Users can either create their own filters or they can choose from over 40 filter subscriptions that are created by members of the Adblock Plus community and define the elements that are to be blocked. Most people use it to block ads but it can also be configured to block tracking scripts and Facebook integration. All that needs to be done is subscribing to the Facebook Privacy List. If you are on Firefox and have Adblock Plus installed, you just need to click here and confirm the subscription to the filter list by clicking the “Add filter subscription” button.

In Adblock Plus for Chrome, it is a little bit more complicated. To add a filter subscription, right click on the ABP logo in the address bar and choose “Options”.  Under the first tab there is a field to enter the URL of a filter list you wish to activate. Paste the URL of the filter list and click the “Add URL” button. An overview of ll available filter subscriptions can be found here, URL of the Facebook Privacay List is http://www.squirrelconspiracy.net/abp/facebook-privacy-list.txt.

If you don’t have Adblock Plus installed already you can get it for Firefox from Mozilla Addons or for Chrome from the Google Webstore.

Stories you may like:

1. Why You Can’t Block Mark Zuckerberg on Facebook
2. ‘Facebook For Every Phone’ Launched By Facebook; Supports Over 2.5k Phones
3. Facebook Accidentally Leaks Your Private Information

This article, How to Block Facebook from Tracking You, was published at TechBuzz. Please don't violate our copyright

Like any other currency exchange, all trades happening on Mtgox are internal, and you may either withdrawn money in BTC or USD, and the compromised account had a daily withdrawal limit of $1000 USD. Even after selling 500K Bitcoins, the hacker could only get away with $1000. And for those who were lucky enough to purchase Bitcoins at $0.01 per BTC, Mtgox is reversing all the transactions which happened after the big dump. It looks like Mtgox just managed to freeze their site, just before more damage could be done.

Mark Karpeles from MtGox says:

“It appears that someone who performs audits on our system and had read-only access to our database had their computer compromised. This allowed for someone to pull our database. The site was not compromised with a SQL injection as many are reporting, so in effect the site was not hacked. Two months ago we migrated from MD5 hashing to freeBSD MD5 salted hashing. The unsalted user accounts in the wild are ones that haven’t been accessed in over 2 months and are considered idle. Once we are back up we will have implemented SHA-512 multi-iteration salted hashing and all users will be required to update to a new strong password.”

It upsets me to know that financial websites can be so unsecure and easy to compromise. If you had an account with Mtgox, please change your password, and if you have a habit of using a universal password for all your logins, now is a good time to change that.

Stories you may like:

1. Bitcoin Stealing Malware Found, But How to Secure Your Wallet?
2. Get a Free Rapidshare Premium Account.
3. VPS Migration

This article, 500K Bitcoins Traded in 1 Hour, Bitcoin Market Plummets, was published at TechBuzz. Please don't violate our copyright

People have been investing money into buying high-end graphic cards to mathematically generate these Bitcoin, and given the value of Bitcoins, even hackers have taken some interest into stealing Bitcoins by infecting computers with Trojans. The news first broke out when a man lost 25000 Bitcoins worth approximately $433750.

Researchers at Symantec have discovered Infostealer.Coinbit malware which infects Windows computers and scans for your Bitcoin wallet, and sends it back to a server in Poland. Symantec recommends encrypting your wallet.dat with a strong password, so that even if the hacker tries to bruteforce it, he shouldn’t succeed. But the real problem is, even if you encrypt your wallet.dat or your entire hard drive for that matter, Bitcoin clients cannot read or write to an encrypted file. So how do you really protect your Bitcoins?

Now that such a malware is exposed, other hackers would also be keen on embedding Bitcoin stealing abilities to their malwares. If you are serious about this whole mining business, I think switching to Linux is the best option you have.

Image Credits: Solo on Flickr

Stories you may like:

1. Mobile Malware That Can Remotely Control Your Android Phone
2. Google Shows Malware Warning
3. Check how secure your password is with ‘How Secure Is My Password’

This article, Bitcoin Stealing Malware Found, But How to Secure Your Wallet?, was published at TechBuzz. Please don't violate our copyright

“Third parties, in particular advertisers, have accidentally had access to Facebook users’ accounts including profiles, photographs, chat, and also had the ability to post messages and mine personal information. Fortunately, these third-parties may not have realized their ability to access this information. We have reported this issue to Facebook, who has taken corrective action to help eliminate this issue” says Nishant Doshi from Symantec

Access tokens are usually short-lived, which means they expire after a certain time period. In some scenarios, Facebook also issues ageless tokens for application. Changing password is the only way to revoke these permanently set tokens. Symantec has reported this lapse in security to Facebook, and corrective measures have been taken, but it’s still a wise idea to change your password immediately!

Facebook spokeswoman Malorie Lucich says “Unfortunately, their (Symantec’s) resulting report has a few inaccuracies. Specifically, we have conducted a thorough investigation which revealed no evidence of this issue resulting in a user’s private information being shared with unauthorized third parties,”

Facebook seem to be in a damage control mode to prevent any bad PR on their heads. Please change your passwords.

Stories you may like:

1. Facebook takes a dig at Google with @Facebook.com
2. Show Your Facebook Profile to Outsiders
3. Anti Facebook Project to be Launched on 15th September- Are you Ready?

This article, Facebook Accidentally Leaks Your Private Information, was published at TechBuzz. Please don't violate our copyright

If you run a multi-authored blog which allows users to register as contributors or if you have untrusted contributors, considering upgrading WordPress as a soon as possible. Although this affects only WordPress 3.1+ version, it’s still wise to upgrade considering all the new features available for with WordPress 3.1

Backup your WordPress database before upgrading. You can use one-click update from Your Dashboard or manually download it from WordPress.org

Stories you may like:

1. Security Update: WordPress 3.1.1
2. WordPress 2.3.2 Security Update Released
3. WordPress 2.8.5 Security Update is out!

This article, WordPress 3.1.2 Security Update, was published at TechBuzz. Please don't violate our copyright

According to researchers, Apple iPhones and 3G enabled iPads are keeping track and recording all of their owners movements. As per security experts Pete Warden and Alasdair Allan, the data recorded is kept in an unencrypted and a hidden file. The Guardian was the first to report about this.

Apparently, if provided with the right software it is possible to track exactly where the person has been so far more like a tracker of some sort. There is no valid prove or disprove this though. Apple hasn’t commented yet on this alleged revelation. Things get worse since there’s no indication of any sort on the iPhones on the iPads about this. But Apple’s terms of use gives us a slight hint of this – “We may collect information such as occupation, language, zip code, area code, unique device identifier, location, and the time zone where an Apple product is used so that we can better understand customer behaviour and improve our products, services, and advertising”.

The experts however writing on a tech website claimed that this was “clearly intentional” from Apple. They also revealed that the ability to track a user’s movements came with the iOS 4 update which was available from June 2010. This could be a major setback to Apple if proved to be right, however if it isn’t the experts who reported this could be in a world of trouble. I think Apple tracks the user’s movements to a certain extent but it isn’t something that is illegal. So maybe next time reading the terms of use shouldn’t be much of a bother.

Stories you may like:

1. Apple offering exchange of iPads with iPad 2s to some educational institutions
2. iPad Clearance Sales Pisses Apple Fan Boys Off!
3. UK iPad Buyers Jump-in Before Apple Spots their Mistake!

This article, Apple Tracking User Movements With the iPhone and iPad 3G, was published at TechBuzz. Please don't violate our copyright

Malicious Download Protection

Chrome will verify the download URLs against Google’s constantly updated blacklist of malwares and infected downloads – Safe Browsing API. If the download link appears to be in the Safe Browsing Blacklist, Chrome will visually warn users against downloading. You can still save the file, but it will add a message like this next to the Save Button:

Improved Plugin Security

1. Google Chrome will include a built-in PDF viewer, which will run straight from Chrome’s Sandbox. Making it tougher to exploit PDF based vulnerability

2. Google Chrome will decline to run out of date plugins such as flash, and help users upgrade to newer versions

3. Plugins such as Quick Time and Java are not widely used across site. These infrequently used plugins will not autorun on page. Chrome will now advise users before running these plugins, just the way IE used to do with ActiveX plugins

4. Next Generation “Pepper” plugin API will push security to the whole new level by running plugins through Chrome’s Safe Sandbox.

These new security developments will take some time before they are included in the stable builds of Google Chrome, and delivered to you via Auto Update. Meanwhile, you can download experimental builds of Google Chrome from here.

Stories you may like:

1. Google Fixes Critical Security Flaws in Chrome Browser
2. Are You Using Safe WordPress Plugins ?
3. Sneak Peak: Google Chrome’s Forthcoming Extensions Gallery

This article, Google Chrome Beefs Up Security Against Malicious Downloads and Plugins Vulnerability, was published at TechBuzz. Please don't violate our copyright

Microsoft Safety Scanner does not require any installation, does not offer real-time virus scanning functionality and it does not have the update functionality unlike other anti-virus tools. It weighs up around 70.3MB, and contains up-to-date virus definitions. Once downloaded, the Safety Scanner will expire in 10 days, pushing you to download a different copy to get new virus definitions.

Microsoft Safety Scanner – Pros:

1. First of all, it’s portable. You can use it to scan for viruses and malware without removing your active virus scanning software. You cannot install two different anti-virus tools together, so in this scenario, Microsoft Safety Scanner works as your second line of defense, without many hassles.

2. You don’t need to worry about installing or configuring Microsoft Safety Scanner. Just download it and use it.

Microsoft Safety Scanner – Cons:

1. Cannot pause the virus scan once started

2. No auto-update feature to get new virus definitions. Expires in 10 days after download.

Microsoft Safety Scanner is very simple to use. Once downloaded, you can run it straight without set-up (remember: you need to be logged in as administrator to use it).

Just select the depth of the scan: Quick Scan, Full Scan or Customized Scan of user-specified folder. You cannot minimize the scan window, or pause the scan once started. Download Microsoft Safety Scanner from here.

Stories you may like:

1. NanoScan:The Fastest Online Virus/Malware Scanner
2. Download AVG Anti-Virus 7.5 Professional for Free
3. AOL launches Free Antivirus Software

This article, Free Portable Virus Scanner – Microsoft Safety Scanner, was published at TechBuzz. Please don't violate our copyright

Here’s a quote from Adobe’s Security bulletin released on April 11^th:

“This vulnerability (CVE-2011-0611) could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that this vulnerability is being exploited in the wild in targeted attacks via a malicious Web page or a Flash (.swf) file embedded in a Microsoft Word (.doc) or Microsoft Excel (.xls) file delivered as an email attachment, targeting the Windows platform. At this time, Adobe is not aware of any attacks via PDF targeting Adobe Reader and Acrobat. Adobe Reader X Protected Mode mitigations would prevent an exploit of this kind from executing.”

Three additional security weaknesses are fixed in the latest stable build of Google Chrome. While one affects only Windows platform, the rest affect all platforms of Google Chrome:

1. [Windows only] [70070] Critical CVE-2011-1300: Off-by-three in GPU process.

2. [75629] Critical CVE-2011-1301: Use-after-free in the GPU process.

3. [78524] Critical CVE-2011-1302: Heap overflow in the GPU process.

How to Update Chrome?

1. Click on the Wrench Icon in your Chrome Toolbar

2. Choose Update Google Chrome

(If you don’t find “Update Google Chrome”, choose “About Google Chrome” to receive in-browser updates)

Stories you may like:

1. Critical Updates for Windows and Office
2. Microsoft’s Plug-in puts Firefox Users at Risk
3. Google Chrome gets a new logo, looks more flatter now

This article, Google Fixes Critical Security Flaws in Chrome Browser, was published at TechBuzz. Please don't violate our copyright

• Some security hardening to media uploads
• Performance improvements
• Fixes for IIS6 support
• Fixes for taxonomy and PATHINFO (/index.php/) permalinks
• Fixes for various query and taxonomy edge cases that caused some plugin compatibility issues

Backup your database, and use the one-click upgrade from your WordPress dashboard. If that won’t work with your WordPress installation, download WordPress 3.1.1 and manually upgrade.

Stories you may like:

1. WordPress 2.3.1 Security Update Released
2. WordPress 2.8.6 Security Update for Multi-Author Blogs
3. WordPress 2.3.2 Security Update Released

This article, Security Update: WordPress 3.1.1, was published at TechBuzz. Please don't violate our copyright

We all know how our passwords need to be changed regularly and should be a mixture of upper case letters, numbers and even symbols. Some websites even show us if our password is strong, weak or average, seen mostly during the sign-up process.

But what if something tells you how good your password is based on the character count and relevance ? Well, a website called how secure is my password tells you exactly that. All you have to do is type in the password in the box and it tells you how good or secure your password is. And it is very accurate mind you, because if you type something like ‘bunny’ it says, that a desktop pc can crack your password in a sec. But when I tried something lengthy and complicated it gave out different results, saying it would take some million years to crack it. Interesting stuff this.

Via: Download Squad

Stories you may like:

1. Improved Password Saving in Firefox 3
2. Shorten and Password Protect URLs with HideLinks
3. Get Microsoft Soccer Scoreboard without WGA Check

This article, Check how secure your password is with ‘How Secure Is My Password’, was published at TechBuzz. Please don't violate our copyright

Nicknamed “DreamDroid”, it can have root level access to your device, and connect it to command-and-control server over an encrypted connection. It’s capable of pocketing your IMSI (International Mobile Subscriber Identity) and SIM card serial number. Prior to this discovery, malware infected apps were usually hosted on third party sites, and not on Google’s own Android Market.

Android has come a long way, and unlike Apple’s app store, Google doesn’t essentially screen the code of each and every app which pass onto user’s devices from Android Market. Each day, hundreds of new apps flood Android Market place, and it’s not hard for one or two apps to slip out with malicious code. If at all anything, it just reassures everyone how popular Android platform has turn out to be.

Google, nonetheless, has a master switch to remotely uninstall any application from the user’s Android Device. They haven’t pulled the trigger to remotely remove apps yet, but it’s most likely to happen. If you haven’t synced your Android device with your Google Account, it’s high time to do so. Remote uninstalls don’t work otherwise if your phone and Google Account are not synced.

Stories you may like:

1. Google Announces Android Mobile OS
2. Make your own Android avatar with Google’s Androidify app
3. Android market Place hits 225,000 mark

This article, Mobile Malware That Can Remotely Control Your Android Phone, was published at TechBuzz. Please don't violate our copyright

According to security expert, Graham Cluley, the worm has been coded by a hacker calling himself “ikee”. It changed the background wallpaper to Rick Astley’s image along with a message “ikee is never going to give you up”. Changing the wallpaper through settings won’t work.

If you have a jailbroken iPhone or iPod Touch with SSH installed, it’s wise to change the default root password of your device with something other than ‘alpine’ or by disabling SSH. iPhones have same default root password ‘alpine’ and many overlook the need to change that password, which renders their phone defenseless to intrusion and hacking. A detailed guide on how to secure your iPhone can be found here. (Image source: forums.whirlpool.net.au)

Stories you may like:

1. MP3-Eating Worm will delete all your music
2. MySpace Worm Spread through QuickTime
3. 1 Million iPhones Unlocked in 2007

This article, First iPhone Worm Hits Jailbroken iPhones in Australia, was published at TechBuzz. Please don't violate our copyright

Over the past few months WordPress.org has worked hard towards securing their popular blogging platform. In the process they managed to close some serious security loopholes in WordPress 2.8.4. Now they have released another security update to their popular blogging platform in the form of WordPress 2.8.5.

They have identified a number of security hardening changes which they say were back-porting to 2.8 branch and they are suggesting that all bloggers and websites using wordpress 2.8.4 must now upgrade to wordpress 2.8.5 and make all your sites as secure as possible.

The important changes in this release are:

• A fix for the Trackback Denial-of-Service attack that is currently being seen.
• Removal of areas within the code where php code in variables was evaluated.
• Switched the file upload functionality to be whitelisted for all users including Admins.
• Retiring of the two importers of Tag data from old plugins.

Also Peter at WordPress.org made a wise suggestion at the release:

He suggests If you think your site may have been hit by one of the recent exploits and you would like to make sure that you have cleared out all traces of the exploit then we would recommend that you take a look at the WordPress Exploit Scanner.

WordPress Exploit Scanner is a plugin which searches the files on your website, and the posts and comments tables of your database for anything suspicious. It also examines your list of active plugins for unusual filenames.  You can download this plugin here – “WordPress Exploit Scanner”

We suggest that everyone ugprades to the latest version; WordPress 2.8.5 to ensure you have the best protection available for your blog.

Read more about the latest WordPress security release and download wordpress 2.8.5, click here!

[Source: WordPress.org]

Stories you may like:

1. WordPress 2.3.2 Security Update Released
2. WordPress 2.3.1 Security Update Released
3. WordPress template.php Exploit Discovered

This article, WordPress 2.8.5 Security Update is out!, was published at TechBuzz. Please don't violate our copyright

It has now been discovered that the code in the plugin can cause a very serious vulnerability in Firefox, which will potentially expose users to "browse and you’re owned" attacks. According to Microsoft’s Security Research and Defense blog:

A browse-and-get-owned attack vector exists. All that is needed is for a user to be lured to a malicious website. Triggering this vulnerability involves the use of a malicious XBAP (XAML Browser Application). Please not that while this attack vector matches one of the attack vectors for MS09-061, the underlying vulnerability is different.  Here, the affected process is the Windows Presentation Foundation (WPF) hosting process, PresentationHost.exe.

While the vulnerability is in an IE component, there is an attack vector for Firefox users as well. The reason is that .NET Framework 3.5 SP1 installs a "Windows Presentation Foundation" plug-in in Firefox, as shown below.

Good news is that, Microsoft has released a fix (MS09-054), which has been delivered through Windows Update. Firefox users, who haven’t installed this update, please open "Tools"-> "Add-ons" -> "Plugins", select "Windows Presentation Foundation", and click "Disable".

Installing a plugin with vulnerability without user consent into other browsers is a shame on Microsoft’s part, especially when they complain about Google’s Chrome Frame making IE less secure.

Stories you may like:

1. Microsoft Office Users are at Risk of Information Disclosure
2. [Update] WordPress 2.3.3
3. Critical Updates for Windows and Office

This article, Microsoft’s Plug-in puts Firefox Users at Risk, was published at TechBuzz. Please don't violate our copyright

Microsoft Security Essential will replace Windows Live OneCare and is designed to fight viruses, rootkits and other malware. Firewall and anti-spam protection is not covered in the package, but that can be justified since Windows Firewall and Windows Defender are now shipped with Windows.

Independent testing done by AV-Test.org has proved Microsoft Security Essential to be very accurate. Here’s an excerpt of what they had to say:

"We scanned a set of WildList malware (on-demand test) and we also tested the on-access guard with the same set of samples. Our set included 3,194 common virus, bot and worm samples from the most recent WildList 05/2009, released about one week ago.

All files were properly detected and treated by the product. That’s good, as several other AV scanners are still not able to detect and kill all of these critters yet. (Extensive testing of the entire collection of malware files we have will take a lot more time, but we will do this in the coming days.)

We’ve also tested the product against a large set of false positives, but none of the clean files were flagged as being malicious – very good."

Microsoft Security Essential lacks behavior based virus detection, which means the security software relies on definition updates and can’t detect new worms and Trojans based on their generic behavior.

How to install:

You can download Microsoft Security Essential from Softpedia (Size: 4.7 MB). The installation will ask you to validate your copy of Windows before installing. It will automatically update virus and spyware definition and real time protection is enabled by default. You can choose between Quick, Fill and Custom scans.

Screenshots:

The user interface is crispy and clean, and it resembles a lot with the UI of Windows Defender.

Microsoft Security Essential is due for public release in September 09. When I pick any antivirus, I want it to be reliable, quick and consume fewer resources on my computer. I can undoubtedly say MSE passes all these criteria.

Stories you may like:

1. Latest Microsoft Security Updates Released
2. AOL steps into Security
3. Microsoft Expression Beta 1 Released

This article, Download Microsoft Security Essentials Beta, was published at TechBuzz. Please don't violate our copyright

One of the ways to detect suspicious programs on your computer is by running an online virus scan.Although there are a number of online virus scanners like McAfee FreeScan and Trend Micro, most of them take time and consume lot of bandwidth. But recently, I came across NanoScan, which claimed to scan your PC in few seconds.

It initially downloads a small ActiveX file and then starts scanning.I have to admit that not only it does a comprehensive scan but it is also lightning fast.It took only 31 seconds to scan my PC. Here is the screenshot:

Apart from offering NanoScan, its developer Panda Softwares offers TotalScan which detects and removes viruses, unlike NanoScan, which only does a scan and does not remove it. However, I certainly believe that NanoScan is worth giving a shot and is one of the best online virus scanners available.

Stories you may like:

1. Download AVG Anti-Virus 7.5 Professional for Free
2. Google Accidentally Sends Virus
3. AOL launches Free Antivirus Software

This article, NanoScan:The Fastest Online Virus/Malware Scanner, was published at TechBuzz. Please don't violate our copyright