Bits & Bytes Computer Store RSS

Tips & Tricks

Interesting News

Cool New Products

 

Located at the Barrie Campus of Georgian College, we are your on-campus source for academic software, Apple and Windows based systems and accessories.

Archive

Jun
19th
Thu
permalink

Firefox Downloads Exceed 1.6 Million on First Day

http://www.e-channelnews.com/ec_storydetail.php?ref=416399

According to Mozilla, Firefox 3 reached 1.6 million downloads by early Tuesday evening. The Web site saw almost 9,000 copies of the free, open-source software downloaded every minute in the opening hours of its availability.

The release of Firefox 3 kicked off Download Day, the Mozilla community’s campaign to set a new Guinness World Record for the greatest number of software downloads in 24 hours.

Michael Gartenberg, an analyst at JupiterResearch, is not surprised at the download numbers, since Mozilla has been pushing the new version heavily for months. “Mozilla certainly threw a nice stunt and Firefox 3 is very good browsing technology,” he said. “Most users, though, are not going to see dramatic differences from what they were using before.”

Speed, Fidelity and Security

Still, Mozilla calls Firefox 3 a major update. “We’re really proud of Firefox 3 and it just shows what a committed, energized global community can do when they work together,” said John Lilly, CEO of Mozilla.

It took the community three years to develop the latest version. It’s available in about 50 languages. It’s two to three times faster than its predecessor and it offers more than 15,000 improvements, including a smart location bar, malware protection, and extensive under-the-hood work to improve the speed and performance of the browser, Mozilla said.

At the end of the day, Gartenberg said, browsing innovations are about speed, displaying Web pages so content presents correctly, and security features to protect users from malicious Web sites.

“Firefox’s big new feature is the ability to search your surfing history and find sites you’ve been to in the last three months,” Gartenberg said. “It’s sort of a mini-search engine for your own browsing experience.”

Many Improvements

Among the other improvements, Firefox 3 now uses less memory and its redesigned page-rendering and layout engine means users see Web pages two to three times faster than in Firefox 2.

Firefox 3 also raises the bar for security. The new malware and phishing protection helps protect from viruses, worms, Trojans and spyware. Firefox 3’s one-click site ID information allows users to verify that a site is what it claims to be. Mozilla’s open-source process leverages the experience of thousands of security experts around the globe.

More than 5,000 add-ons let users customize Firefox 3. Firefox add-ons allow users to manage tasks like participating in online auctions, uploading digital photos, seeing weather forecasts, and listening to music, all from the browser. The new Add-ons Manager helps users find and install add-ons directly from the browser.

May
14th
Wed
permalink

What's the best format for my pictures

http://www.pcworld.ca/news/column/a225b73e0a0104080036ef21e94a0a30/pg0.htm

Dave Johnson
PC World
Monday, July 24, 2006

Why is JPEG so popular? When is it better to use TIFF or RAW formats? PCworld.ca gives you all the information you need to choose the right format and make sure your memories get digitally immortalized without loss of quality.

The next time you start pining for the good old days of computing, keep this in mind: in 1995 we had to negotiate hundreds of image file formats, and no two imaging programs spoke the same language. These days, with just a handful of common file types for digital photos, we’re living on easy street. Even so, it’s rarely obvious which file format is best for a given image. Here’s a look at the strengths and weaknesses of the three most common digital-photo formats.

Go mainstream with JPEG: This format is the default that digital cameras use to save pictures, and every photo editing or viewing program can read it. Because you’re able to adjust JPEG’s compression level, you can make your files smaller, trading off image quality for portability.

If you’re a casual photographer who shoots, prints and shares without much serious editing in between, stick with JPEGs. Just be sure to set your camera to capture pictures at the lowest compression, which equates to the highest image quality. You can always reduce the quality later to shrink the file size, but you can’t bring the lost image data back.

JPEG does have a downside. Every time you make a change to a photo and save it, you’re reducing the quality of the image. It’s like making a photocopy of a photocopy: Eventually the loss of detail will become obvious (often painfully so), even if you always employ the highest quality setting available.

TIFF maintains quality:
The TIFF image-compression format is revered because it’s lossless—no information is lost during the compression (as opposed to JPEG’s “lossy” compression). TIFF files are larger than comparable JPEGs, but nary a pixel or a shade of lavender is lost when you create, edit or save a TIFF.

With TIFF, you’ll neither have to deal with the extra baggage that accompanies the RAW format (which we’ll get to in a moment) nor worry about JPEGs throwing away some colour information every time you save a photo. For best quality, configure your camera to save shots as TIFF files, and keep saving them that way afterward. Or save pictures on your camera at the best JPEG quality and then, after you edit them on your PC, choose File, Save As and select TIFF. You might lose an almost imperceptible bit of quality with the first JPEG save, but once the file is a TIFF, the quality is locked in.

There is a drawback, however: TIFF files are much larger than JPEGs, and the TIFF format is not as universal as JPEG. You’ll still need to save a copy of the TIFF image as a JPEG if you want to share it via email or to place it on the web.

Photo fanatics love RAW:
To wring every last drop of quality out of your photos, use your camera’s RAW mode (if it has one). RAW is lossless, and it offers more colour depth—12 bits of colour per pixel, compared with 8 bits per pixel for JPEG and TIFF. This lets you extract more detail from your photos in such editing programs as Adobe Photoshop and Photoshop Elements. Your camera saves RAW files before any white balance, sharpening or other effects are applied. It’s an unprocessed source file that offers you unlimited creative freedom.

Unfortunately, every camera maker has its own flavour of RAW, and sometimes different models from the same camera vendor vary in their handling of RAW. For example, Nikon calls its RAW files “NEF”, while Canon uses both “CRW” and “CR2” RAW files also require more work on your part. You’ll have to apply white balance, tweak the colours, and perhaps add sharpening to the image. And, since you can’t save your changes to RAW files, you’ll have to keep two copies of your photos—the original RAW version and the edited JPEG or TIFF file. Still, photo fanatics wouldn’t have it any other way.

Try an alternative format: PNG is now the default image-file format for screens captured by Macs, and nearly all browsers can open them. In addition, every photo editing program offers its own proprietary format. Photoshop’s PSD, for instance, is lossless, and it preserves layers, so you can return to an editing project right where you left off. However, such proprietary formats usually can’t be opened outside of the program that created them, so you’ll eventually need to save the files as JPEGs to share them.


May
8th
Thu
permalink

Clean Machine. Does one exist?

http://www.infoweek.ca/index.php?page=shop.product_details&flypage=shop.flypage&product_id=2241&option=com_virtuemart&vmcchk=1

by Thomas Claburn

Since Friday, more than half a million Trojan horse programs disguised as media files have been detected on consumer PCs, according to McAfee Avert Labs.

“This is one of the most prevalent pieces of malware in the last three years,” said Craig Schmugar, a McAfee Avert Labs researcher, in an e-mailed statement. “We have never before had a threat this significant that arrives as a media file.”

The Trojan malware, Downloader-UA.h, was added to the McAfee database several days ago. In the past 24 hours, it has been detected by McAfee VirusScan Online on more than 119,000 computers out of almost 436,000 scanned, an infection rate of 27%. Other malware McAfee is tracking exhibits an infection rate in the 1% to 5% range.

The malware does not affect computers running Mac OS X.

The malicious media files appear to be either MP3 audio files or MPEG video files and can be found on file-sharing services like LimeWire and eDonkey. McAfee believes they were placed there by cybercriminals.

When a user tries to play one of the infected media files, he or she is prompted to download a file called PLAY_MP3.exe, Schmugar explained in a blog post. The file does not contain music or video as advertised. Rather, the Trojan program — Downloader-UA.h — presents users with an end-user license agreement. If the user agrees to the terms set forth in the 4,800-word EULA, he or she consents to the installation of NetNucleus’ Mirar Toolbar adware, and the Trojan downloads the adware “FBrowsingAdvisor” and “SurfingEnhancer,” which serve pop-up and pop-under ads.

“In the end you’re left with a fake MP3 file taking up space, a worthless MP3 player, adware that claims not only to not display popups, but also to block them, and more adware that successfully displays popup and popunder ads,” Schmugar wrote.

In December 2006, NetNucleus threatened to sue security company Sunbelt Software for categorizing its Mirar software as adware. Mirar, the company insisted in a letter, “is a bona fide search tool that collects keywords from Web sites to direct users towards similarly themed sites.” A month later, Sunbelt’s attorney responded, insisting in a letter that Mirar’s designation as adware was accurate.

Apr
9th
Wed
permalink

Web becoming the distribution point for malicious code: Symantec

http://www.echannelline.com/canada/story.cfm?item=DLY040808-1

8-April-2008 
by Vanessa Ho

Volume XIII of Symantec’s Global Internet Security Threat Report (ISTR) reports that the Web has quickly become the attack vector of choice.

Symantec’s Global ISTR provides a six-month update of Internet threat activity and includes analysis of network-based attacks, a review of known vulnerabilities and highlights malicious code activity. It also discusses numerous issues related to online fraud, including phishing and spam.

According to Michael Murphy, vice president and general manager of Symantec Canada, the biggest change in this volume of the report has been attacks to the Web moving from something to watch out for to something that is now is in the realm of reality.

“One of the seismic changes in this threat report is the first real evidence that threats are targeting Web applications almost exclusively while attacks to computers and operating systems has slowly fallen off the screen,” said Murphy.

He added that attacks of today are focused on web applications, Web content and Web sites because that’s where people are hanging out and that’s where data is being collected.

“The ubiquitous nature of the Web and Web applications is why attackers are using it as an attack vector and the expansion of social networking sites are more than ever a conduit attackers are trying to exploit,” Murphy noted.

The report indicated that social networking Web sites have been easy targets for criminals to spoof and because these sites are trusted by users, phishing attacks mimicking them may have a better chance of success.

Murphy indicated that the top four phishing sites that the report observed were social networking sites like MySpace and Facebook.

“The end user is always going to be the weakest link and the attackers are leveraging that because they want to dupe the individual to capture data. If you cull enough data from somebody you can create an identity [that can] be worth a lot of money. The commercialization is what drives the attackers,” he added.

In terms of this underground economy, volume XIII of the ISTR noted that bank accounts were the number one goods and services being sold followed by credit cards and full identities. While Murphy said the pricing of these haven’t changed since the last report, the bulk purchases of bank accounts and the like has.

Another new finding is that attackers are moving away from mainstream developed countries to regions or countries like Peru where security practices, legislation and infrastructure are not well developed.

Other attack trends include Symantec observing an average of 61,840 active bot network computers per day, a 17 per cent increase from the first half of 2007. Canada saw an average of 7,344 active bot infected computers per day. Toronto, Montreal and Calgary were the top bot cities.

Volume XIII also broke out attack trends in terms of malicious activity via ISPs.

Murphy stressed that this doesn’t mean that it’s the ISPs propagating the attacks but their subscribers with IP addresses assigned by them that are the attackers.

But he added that these statistics prove that ISPs can do a better job in educating their customers in the area of security.

“It not about just about offering technology but helping customers understand the challenges facing them and how they can protect themselves beyond anti-virus to include anti-phishing, personal firewall and data loss prevention,” said Murphy.

In terms of vulnerabilities, the Mozilla family of browsers had the highest number of vulnerabilities during this reporting period at 88, a 60 per cent increase over the last report. The window of exposure for these vulnerabilities was three days. While Microsoft showed fewer reported vulnerabilities, its window of exposure was the longest at 11 days.

As well, Symantec documented 239 browser plug-in vulnerabilities in the last six months of 2007 compared to the first six months where browser plug-in vulnerabilities were 237. During the last half of 2007, 79 per cent of those vulnerabilities affected ActiveX components, down from 89 per cent in the first half.

“As much as browsers have become secure, plug-ins have not and patches have not been readily available,” said Murphy.

New in this report is the observation of malicious code trends that noted in the last six months of 2007, seven per cent of the top 50 malicious code samples modified web pages, up three percent from the first half of 2007. In the second half of 2006, none of the top 50 malicious codes samples attempted to modify web pages on compromised computers.

“This is almost a reverse to old school stuff,” said James Quin, senior research analyst with Info-Tech Research Group. “Web site defacement was one of the first types of cyber attacks done just for notoriety and now the same threat is being turned around for monetary gain.”

In the second half of 2007, 40 per cent of malicious code that propagated did so as shared executable files, a significant increase from 14 per cent during the first half of the year.

“Most file sharing is peer-to-peer and SMTP [and are targets] because this is where individuals are most socially engineered,” said Murphy.

While spam has grown 71 per cent from 65 per cent in the previous volume of the report, Murphy noted that spam is becoming less about selling product but more as a conduit for social engineering phishing attacks.

“As long as spam is still lucrative and fast growing, it will still be used,” he added

As for what to watch for in the future, Murphy said there is an increasing trend in the industry to adopt whitelisting.

He explained that whitelisting is list of all applications or things that are good that can get onto a person’s network or computer. Traditionally, blacklisting was used. Blacklisting is a list of all things that are bad that needs to be prevented from entering a network or system.

But now with over a million distinct threats that are out there today, Murphy said it would take a lot of time and effort to maintain a blacklist that long and be portable enough so that a device with enough computing power can hold the list to detect malicious threats.

He added the problem with a whitelist is determining what makes the list but Murphy still believes that whitelisting is the way to go considering how threats are growing.

“Symantec is working on how to best to integrate whitelisting but not at the expense of blacklisting as they have to co-exist together.”

Another trend to watch is the rapid and widespread growth in external storage devices like USB sticks, cellular phones, audio players and cameras that can pose a risk to enterprise data loss.

permalink

Growing Crimeware-as-a-Service (CaaS) industry caters to cybercriminals

http://www.connectitnews.com/canada/story.cfm?item=5572

7 April, 2008
By Erin Bell


Crimeware-as-a-Service (CaaS) is the latest business model for cybercriminals, according to Finjan Inc.’s Q1 2008 Web Security Trends Report.

The report, which outlined the findings of Finjan’s Malicious Code Research Center, said that criminals have started to use online cybercrime services instead of dealing with the technical challenges of running their own Crimeware server, installing Crimeware toolkits or compromising legitimate websites themselves.

“Cybercriminals and criminal organizations are getting better and better at protecting themselves from law enforcement by using the Crimeware services, especially since the operator does not necessarily conduct the criminal activities related to the data that is being compromised but only provides the infrastructure for it,” said Finjan CTO Yuval Ben-Itzhak.

Operating in parallel with legitimate mainstream software providers, the creators and owners of these Crimeware toolkits provide their customer base with update mechanisms while tooling them with sophisticated, anti-forensic attack techniques, as well as the ability to manage and monitor malicious code affiliation networks. It enables a new level of Crimeware availability by supplying anyone willing to purchase an easy-to-use Crimeware toolkit.

During 2007, the MCRC covered the trend of new Crimeware that purely focuses on financial gain, as well as the way it works to get revenue out of each infection. In this report, MCRC showed how the delivery and distribution of malware have been upgraded to deliver a different type of malware to different geographical regions.

“Cybercriminals can now generate more targeted infections and deliver specialized Crimeware for specific geographical regions,” Ben-Itzhak said. “Our report illustrates how these criminals are employing marketing and sales techniques to address the cybercrime economy and ensure that the market they are after gets the proper ‘product’ localized for it.”

According to Finjan, the next phase in the commercialization process of Crimeware will be creating a service for getting straight to stolen data by providing the victim data tailored to the criminal intent. Having such a service eliminates the need for attackers to even have to log-in to manage an attacker profile on a Crimeware-toolkit platform.

Concludes Ben-Itzhak: “The trends described in this report confirm that the security industry and law enforcement agencies should take an innovative approach in handling these Crimeware commercialization threats. Cybercriminals continue to adapt legitimate technologies and business models to support their criminal activities.”

Finjan is a global provider of web security solutions for the enterprise market.