Official warning on Mac code bug

The federal US computer security watchdog has issued a warning about a bug in Apple's OS X operating system.

The US Computer Emergency Readiness Team (US Cert) issued the alert after security researchers produced code that could exploit the DMG bug.

The flaw involves the way OS X handles disk images and could be used to crash or take over a vulnerable machine.

So far the DMG bug has only been shown to work under laboratory conditions and has not been seen in the wild.

The DMG bug came to light during a month-long project run by the Info-Pull research group that aimed to find one "kernel" bug a day. The kernel is the heart of an operating system.

The warning from US Cert urged said the memory corruption caused by the bug could make a computer unstable or allow an attacker to hijack it. It urged users to avoid downloading DMG files, which bear a .dmg suffix, from unknown sources.

The bug even affects machines that are patched with the latest fixes.

Apple has yet to provide a fix for the DMG bug though a workaround is known which should stop computers falling victim.

The bug has only been proved to work under laboratory conditions. No cases of it being exploited in the wild are known and no users are thought to be at risk. The availability of the exploit code might tempt some malicious hackers to craft webpages that take advantage of it.

Users of Apple Mac computers are far less likely to suffer security problems because the vast majority of viruses are written to exploit Microsoft's Windows operating system. There are also differences in the way that OS X works which help to prevent malicious code taking hold.

The increasing popularity of Mac computers has led to increasing scrutiny of Apple's operating system and security researchers are unearthing many flaws and potential exploits.

La norme Ethernet à 100 Gbits/s arrivera en 2010

Aux alentours de l'année 2010, peut-être même en 2009, qui sait, la norme Ethernet Gigabit passera à 100 Gbits/s, soit une bande passante de 12,5 Go/s théoriques.

L'information vient d'un groupe d'étude de l'IEEE (Institute of Electrical and Electronics Engineers), qui prévoit donc de multiplier encore par 10 l'actuel standard 10-Gigabit Ethernet, qui assure déjà du 10 Gbits/s, soit un débit de 1,25 Go/s.

Après plus de 30 années d'existence, la norme réseau a démarré sur une base de 10 Mbits/s, pour évoluer en 100 Mbits/s, pour arriver au fameux Gigabit Ethernet, à 1 Gbits/s. Cette interface de communication s'est alors diffusée auprès du grand public, mais servira surtout à tenir les énormes débits que nécessitent certains ordinateurs professionnels dans la vidéo, le stockage de données ou le calcul parallèle.

Jeudi dernier, le groupe IEEE responsable de la norme s'est réuni à Dallas, Texas, pour voter à 75 % de fixer la nouvelle norme 100 Gigabit Ethernet. Les experts avaient le choix entre 40, 80 ou même 120 Gbits/s, mais ils ont finalement préféré un compte rond.

L'IEEE va maintenant devoir former un groupe de travail qui va décider de la technique à adopter pour atteindre un tel débit. La norme devrait donc arriver en 2009 ou 2010, selon les estimations de l'IEEE. Une norme qui n'est certainement pas la dernière dans le secteur...

Internet crime to hit homes hard

Home computer users are now the favourite targets of hi-tech criminals, reveals research.

The report by security firm Symantec found that cyber criminals are targeting home PC owners because they are the easiest to catch out.

It saw an 81% rise in phishing messages which attempt to trick people into handing over personal details.

Another study by a banking industry body shows many home users do not take basic steps to stay safe online.

Criminals typically use bogus or booby-trapped e-mail messages to lure people into handing over banking details.

Risky business

Symantec's bi-annual Internet Threat Report said that more than 157,000 unique phishing messages were sent during the first six months of 2006.

The phishing messages were getting much more sophisticated to make them more effective, said Ollie Whitehouse, Symantec research scientist and one of the authors of the report.

"Organised crime is here and they are very interested in phishing," he said. "They target home users who have become the weakest link."

Many gangs trawl the net for more information about those they target with messages.

"Most people, by now, have left a digital footprint which can be mined," Mr Whitehouse said.

Phishing gangs were also starting to target the customers of smaller banks and financial institutions. In early September the Anti-Phishing Working Group said that in the last year the number of bank "brands" targeted had doubled.

The Symantec report comes as the banking industry body the Association of Payment and Clearing Services reveals research which shows the risks people take online.

Only half of the consumers surveyed for the report said they would ignore phishing e-mail messages and 3.8% said they would respond to an unsolicited e-mail about their online accounts.

The survey also found that less than half of those questioned, 46.3%, kept their anti-virus software up to date. Only 10% had spam-stopping software installed.

"Clearly, it's a concern that so many internet users are still not aware of simple security advice," said an Apacs spokeswoman

Tips to help you stay safe online

There are now thought to be more than 200,000 malicious programs in existence - the vast majority of which are aimed at subverting Windows PCs.

These problem programs can arrive via e-mail, instant messenger, through your internet connection or even your web browser if you visit the wrong website. The threats are so numerous and appear so fast that Windows users must feel under siege.

While there is no doubt that attacks on PC users are getting more sophisticated, it is possible to avoid the vast majority of problems by taking some straight-forward steps and exercising some common sense.

If you are worried about your computer it is possible to scan it via the web to see if it is infected. Companies such as Trend Micro, Kaspersky and Microsoft all offer free scanning services.

Organisations such as the Computer Emergency Response Team (Cert) also offer advice on how to set up a safe net connection.

ANTI-VIRUS

The first piece of security software every PC user needs is some anti-virus software. It must also be regularly updated to ensure it protects you against the latest threats.

One of the ways that virus writers try to catch out anti-virus software is by pumping out enormous numbers of variations of their malicious creations. Good anti-virus programs use heuristic techniques to spot viruses that have not been formally identified but have all the characteristics.

FIREWALL

A firewall is also an essential piece of security software for PC users. Newer versions of Windows XP have a firewall built in and this will give you protection against nuisance attacks and many of the more serious ones.

However some people feel that the Windows XP firewall is a bit limited in its features. Many anti-virus programs have a firewall bundled with them.

There are free firewalls available too from firms such as Comodo and Zone Alarm.

To block some of the attacks it can also be useful to connect to the net via a hub or router. Often these have a firewall built in and, even if not, will do a good job of blocking a lot of the low level attacks.

SPYWARE

Increasingly simply browsing the web can subject you to all kinds of dangers. Specially crafted websites can initiate so-called "drive-by downloads" that exploit weaknesses in Microsoft's Internet Explorer browser to install programs you never asked for.

At best these will annoy you with pop-up ads, at worst they will let someone else take control of your PC. Anti-spyware software will help stop these taking hold and help you clean up your PC if you do get hit.

There are add-ons for browsers, such as McAfee's Site Advisor that warn you about potentially harmful sites. Also Google has now started warning when you are about to visit a potentially unsafe site. Search sites such as Scandoo will also flag sites loaded with malware.

These days adware tends to be very aggressive and it is far better to avoid an infection than try to clean up afterwards.

Security experts recommend migrating away from Internet Explorer to a browser such as Firefox or Opera. At the very least they say to keep Microsoft's browser up to date with patches.

Anti-spyware activists Suzi Turner and Eric Howes run a website that lists the bogus security products to help you avoid falling victim. Microsoft makes free anti-spyware but there are many other products from firms such as Lavasoft and Spybot.

Telephoner de Maurice a l'etranger pour zero sou

Jusqu’au jour où ce dernier lui a parlé de Skype, un logiciel qui connait une popularité grandissante à Maurice et ailleurs. Téléchargeable gratuitement sur le Net, il permet de téléphoner sans dépenser de l’argent à l’aide d’un ordinateur à l’autre via l’Internet (en utilisant une technologie peer-to-peer voix sur IP). Il permet même d’appeler un téléphone fixe ou mobile un peu partout dans le monde à partir de son ordinateur et pour moins d’une roupie pour la plupart des destinations.

Depuis le 7 septembre dernier et jusqu’au 31 décembre 2006, les appels vers les lignes fixes françaises sont par ailleurs totalement gratuits et illimités. En temps normal, le tarif est de 0.02 euro, soit environ 90 sous la minute. Les autres destinations où les Mauriciens passent beaucoup d’appels, c’est-à-dire l’Australie, la Grande-Bretagne, le Canada ou encore la Belgique sont au même tarif. ( Source : Unknown , may change with time - The manager neutralfox ).