A Chinese Newspaper has written a critical editorial about Secretary of State Hillary Clinton about her speech about the freedom to access information on the Internet. The newspaper, the Global Times, labelled her speech as a "disguised attempt to impose its values on other cultures in the name of democracy".

"The online freedom of unrestricted access is, thus, only one-way traffic, contrary to the spirit of democracy and calculated to strengthen a monopoly," the newspaper wrote in its editorial.

"The online freedom of unrestricted access is, thus, only one-way traffic, contrary to the spirit of democracy and calculated to strengthen a monopoly. These facts about the difficulties of developing nations, though understood by politicians like Clinton, are not communicated to the people of Western countries. Instead, those politicians publicise and pursue their claims purely from a Western standpoint."

Read More »

Facebook currently is the most popular social networking tool, but many don't realise that it hosts a lot of personal data - from birthdays to embarrassing pictures from your friend's 21st birthday party. This, of course, means that many don't realise the how dangerous it can be by posting that much personal information.

In a recent interview to The Rumpus, an anonymous employee of the social network reveals how Facebook staff can access your profile, even as far as typing your user ID and typing a master password comprising of "upper and lower case, symbols [and] numbers" that would spell out Chuck Norris.

Read More »

A bug in the Android OS version 2.0.1 can allow unauthorised access to your phone, bypassing the locking mechanism on the Motorola Droid (or Milestone in Europe and Australia), with a simple phone call to the device.

The Android OS has a unique way of locking the device. Instead of a PIN, you have an 3x3 grid of circles and you create a pattern of 4 to 9 circles. According to The Assurer, which broke the news of the leak, this results in 3,024 to 362,880 different combinations. It sounds secure, and it is - unless you have an incoming calls.

Unlike other devices, the Motorola Droid has a back button when you are asked to put in your pattern combination, and pressing that takes the user back to the Home screen without being asked for the pattern, allowing full access to applications and data. However, it will proceed to ask you to type in the pattern when the call ends.

This is, basically, the easiest way to steal someone's personal data from the phone, and another person, if technically capable to do so, can access your e-mail messages and financial information, like your credit cards and e-statements from banks.

It is unknown if the Nexus One has this similar flaw, and it has not been tested since it uses Android OS version 2.1.

Google has acknowledge the problem and is looking on a fix. A spokeswoman told Techcrunch's Jason Kincaid, "We are aware of the issue and we're working to deliver a fix to Motorola Droids shortly."

NEWS IN BRIEF: President Barack Obama has chosen Howard Schmidt to take up the role as the national cybersecurity coordinator, according to an “administration official” talking to the Washington Post. The role will coordinate cybersecurity policy across the federal government – including the military agencies.

Schmidt, who is the president of the not-for-profit consortium Information Security Forum and was a cyber-adviser to the former Bush administration, will report to the national security advisor. Schmidt was also the chief security officer at Microsoft and the chief information security officer at auction site eBay.

The position is said to be announced on Wednesday (Tuesday in Washington DC), and does not require the Senate to confirm his role.

Reports are coming in that Twitter had been hacked with a message from a supposed group called the “Iranian Cyber Army”, with Twitter admitting that their DNS records were compromised – allowing the group to deface the site with the following message:

IRANIAN CYBER ARMY

THIS SITE HAS BEEN HACKED BY IRANIAN CYBER ARMY

iRANIAN.CYBER.ARMY@GMAIL.COM

U.S.A. Think They Controlling And Managing Internet By Their Access, But THey (sic) Don’t, We Control And Manage Internet By Our Power, So Do Not Try To Stimulation Iranian People To ….

NOW WHICH COUNTRY IN EMBARGO LIST? IRAN? USA?

WE PUSH THEM IN EMBARGO LIST

Take Care.

TechCrunch is also reporting that the same defacement appears on another site, Mowjcamp.com. The attack looks like to be similar to the Twitter defacement, where its DNS records were compromised. A quick search on Google appears to show the website is affiliated with the anti-government protestors after the elections in June.

This appears to be a common link with Twitter and Mowjcamp.com being taken down – as Twitter was instrumental in the coverage of the Iranian protests, with news outlets like CNN and MSNBC using the microblogging site to report on the protests.

Mowjcamp.com has now redirected themselves to another domain and have asked users to use the IP address directly or the other domain; while Twitter remains up.

A Microsoft add-on that was installed silently into Mozilla Firefox last February has now made Firefox, deemed to be one of the safer alternatives for Windows computers, open to an attack. The security hole also leaves Internet Explorer open to the same attack.

The threat, according to its Security Research and Defence blog, is a “browse-and-get-owned” attack, with a user being lured to open a malicious website and exploits the XAML Browser Application component in the Windows Presentation Foundation.

Read More »

SECURITY BRIEF: Users using an older version of WordPress (that is, before the current version 2.8.4) have been asked to upgrade immediately to the latest version in order to avoid an ongoing attack to users self-hosting their own blog and could lock you out of your account.

While blogs hosted on WordPress.com are not affected as they are upgraded as a new version comes out, the vulnerability is said to be growing by the hour. WordPress is used by governments, huge corporations and other known niche blogs (i.e. Mashable, TechCrunch) all over the world.

The attack, according to Lorelle on WordPress, is exploiting a known security hole in previous versions in the blogging software, allowing the attacker to have administrator access to your account and could get into the database via the pretty permalinks.

There are two clues that your WordPress site has been attacked.

There are strange additions to the pretty permalinks, such as example.com/category/post-title/%&(%7B$%7Beval(base64_decode($_SERVER%5BHTTP_REFERER%5D))%7D%7D|.+)&%/. The keywords are “eval” and “base64_decode.”

The second clue is that a “back door” was created by a “hidden” Administrator. Check your site users for “Administrator (2)” or a name you do not recognize.

All users are advised to UPGRADE to the latest version, and those who have already been affected, the only fix is to export all of your posts, uninstall and reinstall WordPress and then re-import all your posts. Because it goes all the way to the database level, it is advised that you use a new database as importing the database would also bring your new blog install affected by the code.

WordPress will also release any new updates immediately with further security improvements if the attackers find a new security hole to exploit.

Remember when Apple confirmed the much-hyped malware protection in Snow Leopard; well, it turns out that its nothing more than a XProtect.plist file that contains five file signatures for only two, and the most popular, trojans out there infecting Macs – OSX.RSPlug and OSX.Iservice.

Both threats, described as very low threats by Symantec, are usually attached as payloads on shady installs of the latest iWork and Adobe CS4 software found in Bit Torrent sites, installing themselves after a user enter their administrator credentials.