Spyware, Viruses, & Security forum

General discussion

NEWS - August 13, 2010

by Donna Buenaventura / August 12, 2010 6:08 PM PDT
HK banks sold 600k customers' data

Six banks in Hong Kong have sold the information of more than 600,000 clients to third parties for marketing purposes.

Hong Kong Monetary Authority (HKMA) deputy chief executive Arthur Yuen said Thursday that this was discovered after they conducted an investigation into 25 retail banks on the island.

He said the financial institutions have stopped selling the data two years ago or until last month following a public outcry over the privacy row involving the Octopus card company.

Yuen said the banks have transferred its customers' names, contacts, addresses and some of the identity numbers to the third parties, involved four to five insurance companies.

HKMA urged banks to make clear to the customers if they should make any data transfers.

"Banks should not distribute personal information to third parties for marketing purposes until Hong Kong?s privacy commissioner issues guidelines on the matter," it said in a statement.

The Daily Chilli

HK govt to probe data sale

HONG Kong's government was on Friday urged to launch a probe after six banks were found to have sold the personal data of 600,000 customers to insurance companies.

The Hong Kong Monetary Authority (HKMA) said each of the banks had sold the data of 30,000-120,000 customers - including details of their savings and credit card accounts - for marketing purposes over the past five years.

The authority said it made the discovery after surveying 25 banks on their handling of personal data after it emerged that e-payment operator Octopus Holdings sold the information of two million customers for US$5.7 million (S$7.7 milion).

However, the HKMA said the city's banking laws forbid it from revealing the names of the banks involved in the data sales, adding that they banks had already stopped selling the information.

The Strait Times
Discussion is locked
You are posting a reply to: NEWS - August 13, 2010
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: NEWS - August 13, 2010
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Anti-malware tools crumble under Virus Bulletin tests
by Donna Buenaventura / August 12, 2010 6:12 PM PDT
In reply to: NEWS - August 13, 2010

One in three don't make the grade.

About a third of anti-malware products tested by Virus Bulletin failed to secure Windows Vista Business Edition SP2 with several "crumbling" under the pressure of a heavy attack.

Of the 54 products tested by the vendor, 19 failed to reach the standard required for VB100 certification, the latest Virus Bulletin report said.

The VB100 tests assessed anti-malware products against a test set from the WildList - a list of viruses known to be circulating on computers that is maintained by a group of anti-virus researchers.

Products had to detect 100 percent of the malware contained in the WildList test set and "not generate any false alarms when scanning a set of clean files" to achieve VB100 certification.

Some of the products tested by Virus Bulletin in August produced false alarms on clean files from the likes of Corel, Roxio and Adobe.

SC Mag

Collapse -
5 ways employees break your security policy
by Donna Buenaventura / August 12, 2010 6:54 PM PDT
In reply to: NEWS - August 13, 2010

There may have been a time when blocking certain sites was acceptable in most office environments. But what was once considered off-limits is now essential in many organisations. Social media sites like Facebook are a major part of many companies' marketing strategy. Sites like YouTube present opportunities to share information about products or services visually. And IM and chat services like Gchat are free and efficient ways for employees to communicate.

"I think generally the business drives the policy," said Dave Torre, founder and Chief Technology Officer of IT consultancy Atomic Fission. "If you work at the Department of Defence, I don't think any time at a social networking site on a secure computer is acceptable. But if you work in a marketing department, 15 minutes a day isn't nearly enough. Obviously you have to use some common sense as an IT manager and say 'What does our organisation look like and how important are these tools on the internet for our users?'" [...]

Here are five techniques, some simple, some more advanced, that your employees may be using to access the sites you don't want them to visit while on the job.

Workaround 1: Typing IP address instead of domain name
Workaround 2: Finding a cached version
Workaround 3: Hiding behind encryption
Workaround 4: Using proxy servers and other privacy-friendly tools
Workaround 5: Using smartphones

More on the above article with Security Fixes in Computer World UK

Collapse -
Apple patches QuickTime for Windows
by Carol~ Moderator / August 13, 2010 1:55 AM PDT
In reply to: NEWS - August 13, 2010

Apple has released QuickTime 7.6.7 for Windows 7, Vista and XP to close a critical hole discovered about two weeks ago. The flaw is contained in the QuickTimeStreaming.qtx component; it is said to cause a buffer overflow when processing SMIL files whose URLs exceed the maximum length. This allows attackers to inject arbitrary code into a PC and execute it there. Users can potentially fall victim to the attack simply by visiting a specially crafted website.

According to Apple, Mac OS X is not affected by the problem. While the vendor is already offering the new Windows version 7.6.7 of QuickTime to download, users should avoid downloading the version that is bundled with iTunes ? because this version still appears to contain the vulnerable QuickTime 7.6.6.

As Posted Here: http://www.h-online.com/security/news/item/Apple-patches-QuickTime-for-Windows-1058523.html

Collapse -
Malware Pushers Piggyback on Microsoft's Patch Tuesday
by Carol~ Moderator / August 13, 2010 3:07 AM PDT
In reply to: NEWS - August 13, 2010

Security researchers from BitDefender warn of a new malware distribution campaign which tries to capitalize on the noise caused by Microsoft's latest batch of security updates.

Microsoft releases new security fixes during the second Tuesday of each month, a day that has came to be known in the industry as Patch Tuesday.

Two days ago during the latest cycle, the software giant established a new record by putting out 14 security bulletins (eight critical), which address a number of 34 vulnerabilities in Windows and other products.

It looks like cyber criminals are trying to exploit people's trust in Microsoft, the security industry and the media, which are constantly raising awareness about the importance of updating software, especially the operating system.

Researchers from BitDefender have intercepted new spam emails with a subject of "Microsoft Patch" which attempt to pass malware as Microsoft security patches.

"Microsoft's security team investigated the release of a new zero-day flaw that exposes Windows users to blue-screen crashes or code execution attacks.

"Because of this, Microsoft plus 34 security holes in a patch. You can download the patch from here: [malicious URL]/win.exe,
" the rogue email messages read.

The win.exe file is actually an installer for a computer trojan detected by BitDefender as Trojan.SpamBot.CAL. As the name suggests, computers infected with this piece of malware will become part of a spam botnet.

And just in case the first link is taken down by security researchers, the spammers have included a back-up one in the email.

Continued here: http://news.softpedia.com/news/Malware-Pushers-Piggyback-on-Microsoft-s-Patch-Tuesday-152158.shtml

Above Based On : Fake Windows

Collapse -
To trust or not to trust?
by Carol~ Moderator / August 13, 2010 3:08 AM PDT
In reply to: NEWS - August 13, 2010

From the Avast! Blog:

Trust brings together two hot topics that concern our users. First topic ? Win32:Injected-AZ which is suspected by many users of being a false positive. Second topic ? the reliability of digital signatures (authenticode). Here these two topics intersect with some interesting circumstances (that will be soon elaborated): [screenshot]

As you can see from the table, the Aventura package has a valid digital signature. In this case the detected binary is not signed, but its container (WebClient.cab) is properly signed. This means you are supposed to trust the binary when you approach it from outside (and so perhaps does your browser in default settings?!). As in real life ? where you are responsible for everything you sign - the developer is responsible for what he puts into the package and what he certifies. Remember, the balance between benign code injection and malicious code injection is on a razor?s edge. A similar example also arrived at our FP submission system: [Screenshot]

First to mention, Win32:Injected-AZ is not a false positive at all. Binaries detected under this name contain evident signs of unintentional tampering (caused by a file infector ? Win32.Foroux.a). When we look inside, we can see the following parts of code injection:

Continued here: http://blog.avast.com/2010/08/13/to-trust-or-not-to-trust/

Collapse -
Q&A: How we sliced open Palm and Android security
by Carol~ Moderator / August 13, 2010 3:31 AM PDT
In reply to: NEWS - August 13, 2010
A pair of intriguing flaws found in the Palm Pre and Google Android handsets have thrust the spotlight on the security problems faced by smartphones.

Basingstoke-based MWR Labs uncovered the pair of vulnerabilities, which could let hackers use the Pre as a bugging device and crack Google Android handsets to steal passwords.

We spoke to Alex Fidgen, director of MWR Labs, to find out why he believes smartphones are inherently insecure....


The questions addressed by Alex Fidgen:

Why did you decide to test the security of these two systems?
What did you find?
Has Palm fixed the issue?
And what about Google Android?
Will you be testing out any other handsets?
What needs to happen for smartphones to be more secure?
What can users do to avoid being hit by these two flaws?
Should people avoid services such as online banking on their phone?

Continued here: http://www.pcpro.co.uk/news/interviews/360256/q-a-how-we-sliced-open-palm-and-android-security
Collapse -
Microsoft to release IE9 public beta on Sept. 15
by Carol~ Moderator / August 13, 2010 10:20 AM PDT
In reply to: NEWS - August 13, 2010

Microsoft on Thursday announced that it will release a public beta of Internet Explorer 9 on Sept. 15, a little less than five weeks from now.

Only a minority of Windows users will be able to try the beta, however. IE9 will not work on Windows XP, the aged operating system that powers nearly 68% of all PCs running Windows. The new browser requires either Windows Vista or Windows 7.

Thursday's announcement followed a comment made late last month by Kevin Turner, the company's chief operations officer, that the IE9 beta would show up in September. Until today, Microsoft had declined to set a date or even confirm Turner's statement.

Microsoft first announced IE9 in March, and it has released four developer preview builds since then. The most recent one appeared on Aug. 5, and at that time the company said the fourth such preview would be the last.

But while those previews have trumpeted the new browser's "Chakra" JavaScript engine, its graphics-processor-powered hardware acceleration and its support for the new HTML5, as well as the fact that it is more in line with current Web standards, Microsoft hasn't as much as whispered about IE9's look and feel.

Continued here: http://www.computerworld.com/s/article/9180659/Microsoft_to_release_IE9_public_beta_on_Sept._15

Popular Forums
Computer Newbies 10,686 discussions
Computer Help 54,365 discussions
Laptops 21,181 discussions
Networking & Wireless 16,313 discussions
Phones 17,137 discussions
Security 31,287 discussions
TVs & Home Theaters 22,101 discussions
Windows 7 8,164 discussions
Windows 10 2,657 discussions


Help, my PC with Windows 10 won't shut down properly

Since upgrading to Windows 10 my computer won't shut down properly. I use the menu button shutdown and the screen goes blank, but the system does not fully shut down. The only way to get it to shut down is to hold the physical power button down till it shuts down. Any suggestions?