Software And Internet Blog

A new wave of mass SQL injection attacks seen in mid-August to hit over half a million websites, including parts of Apple’s site serves as a weighty reminder of the growing prevalence of mass injections and of SQL injections in general as a favorite means of hackers to tap into organizations’ infrastructure and data resources.

In light of these attacks, security researchers believe now is as good of a time as any to revisit some best practices necessary to prevent mass SQL injections and mitigate the risks associated with injection attacks. These practices are hardly revolutionary, but it is clear that they aren’t being implemented as widely as they need to be.

“You keep seeing the same issues come up over and over again for many years now,” says Alex Rothacker, manager of Team SHATTER, Application Security Inc.’s research arm. “Even with this Apple attack, they used a little bit more advanced attacks, but still it’s stuff that’s been talked about at Black Hat for two years now.”

1. Never trust input.

This should be one of the mantras of developers as they write Web application code. According to Jacob West, security research director for Fortify Security, organizations should “create and enforce secure coding guidelines for software developed in-house that requires SQL be constructed using parameterized queries, which prevent SQL injection attacks by differentiating code from data.”

Developers should work to ensure that inputs are sanitized before querying the database, Rothacker says. “Make sure that the data that people input into your website is exactly the data you’re looking for, so if you’re asking for a social security number, you want to make sure it is actually a social security number and there are no letters in there,” he says.

2. Implement filtering and monitoring tools.

Filtering and monitoring tools at the Web application and database levels will help block attacks and detect attack behavior in order to mitigate risk of exposure to mass SQL injection attacks.

At the application level, West says that organizations should “wear suspenders,” by implementing runtime security monitoring to defend against SQL injection attacks and vulnerabilities in production systems. Similarly, Web application firewalls can help organizations put certain behavior-based rule sets in place to block attacks before they do damage.

On the database, database activity monitoring can also filter attacks from the back end, Rothacker says. “Database activity monitoring is a really great tool against SQL injections,” he explains. “For known injection attacks, there’s always filters out there that will help alert the DBAs that something bad is going on and there’s also some pretty generic filters that look for things that are very typical in SQL injections — things like an uneven number of quotes that break up the SQL code and stuff like that.”
(more…)

Android is a great little mobile operating system for the modern smartphone, but it can feel a little bewildering and complex to the newcomer.

Google’s quest to make everyone feel at home by providing layer upon layer of option screens and hundreds of tweakable settings can leave people a little lost, plus there’s your widgets to worry about, the Home screen layout and much more hidden beneath Google’s green bonnet.

So here, to make things a little easier for Android newcomers and those seeking a few more power tips, we present 50 essential Android facts and techniques.

These tips are mostly for the 2.1 version of Android, which is by far the most common form of the OS out there today - but much of the advice will also work on older and newer versions and those boutique varieties skinned by some hardware makers.

1. Activate the Android Power Strip

The single most important feature in Android 2.1 is its built-in power strip widget. Here, you’re able to quickly disconnect all the phone’s battery-destroying features, like Wi-Fi, Bluetooth and the Great Batter Killer that is GPS. Long-press on the screen and install it via the widgets category.

Android power strip

2. Android call screening

If you’re a paranoid call-screener, Android is there for you. Open up the Contacts listing of the person you’re currently avoiding, then select Menu > Options. From here you’re able to ping all incoming calls from this person directly to voicemail. Give people the brush off with Android.

3. Set up custom caller ringtones

Alternatively, if you like talking to people, the same screen lets you allocate a specific custom ringtone to each caller stored in your Contacts directory.

* 30 best free Android apps

4. Add your alarm clock to your task killer

A classic mistake, this. We’re constantly being told of the (debatable) importance of using a task manager to maximise Android battery life, and if you want to go down that route you’re welcome. However, when killing all your tasks to save battery life, remember that your alarm clock is a task in itself - kill that and you’ll wake up in a panic at 10.15am tomorrow morning.

5. Organise things into folders

While Steve Jobs may have recently made quite a big deal about letting iOS users organise things into folders, Android’s been doing that for ages. Fancy a quick Home screen shortcut to your starred favourite contacts? Long-press the Home screen and make it so.
(more…)

A botnet responsible for a significant amount of spam has been crippled but may reconstitute itself in a matter of weeks, according to vendor M86 Security.

The Pushdo or Cutwail network of hacked computers ranked in the top five or so botnets for spam, responsible for as much as 10 percent of all spam, said Ed Rowley, product manager for M86 Security. The spam often advertises fake software, so-called designer goods and questionable pharmaceutical products.

But security analysts with the computer security company LastLine took action last week, contacting ISPs that were hosting the command-and-control infrastructure for the botnet.

About 30 servers at eight hosting providers were found to be supporting Pushdo. LastLine contacted the ISPs, and about 20 of the servers were taken offline, according to itsblog. Some ISPs, however, were unresponsive.

Spam levels have dropped, Rowley said. LastLine’s action “will almost certainly have a positive effect for two to three weeks,” Rowley said. But “the spammers will be able to find other hosting providers where they will be able to get their systems up and running.”

LastLine appears to have taken down parts of Pushdo and Cutwail, which work together, wrote Atif Mushtaq of FireEye’s Malware Intelligence Lab, in a blog post. Pushdo is a Trojan. Once it infects a computer, it often downloads Cutwail, a piece of malware capable of spamming as well as downloading other bad programs.
(more…)

A serious security vulnerability in iTunes for Windows turns out to affect many other Windows applications — and not just those from Microsoft or Apple — according to a graduate student in California who says he warned the software giant about the problem almost a year ago.

Now, with the flaw having been exposed publicly last week, Microsoft (NASDAQ: MSFT) is moving fast to limit the damage from a vulnerability that experts say poses a danger even though Apple (NASDAQ: AAPL) patched the iTunes vulnerability months earlier. On Monday, Microsoft issued a security advisory providing a fix for users and warning security administrators and developers about the problem. It also said that it had continued working with the researcher, Taeho Kwon, a Ph.D. candidate in computer science at the University of California, Davis, since he first alerted it to the vulnerability.

The flaw stems from the fact that a hacker could plant a malicious Dynamic Link Library (DLL) in a Windows directory. There, it could execute code designed to compromise a user’s PC when the DLL is loaded by an operating system or an application. Kwon and a colleague, U.C. Davis Associate Professor Zhendong Su, detailed the vulnerability in a paper published last month at the Association for Computing Machinery’s International Symposium on Software Testing and Analysis in Trento, Italy.

“Our results show that unsafe DLL loading is prevalent and can lead to serious security threats,” Kwon and Su said in the paper. “Our tool detected more than 1,700 unsafe DLL loadings in 28 widely used software and discovered serious attack vectors for remote code execution.”

Kwon added in an email to InternetNews.com that he notified Microsoft’s Security Response Center (MSRC) about the vulnerability in August 2009.

But all evidently remained quiet until Slovenian research firm Acros Security last week issued its own security advisory regarding the same problem. Acros had already alerted Apple, which fixed the problem in iTunes in February.

Security industry luminary HD Moore, who serves as chief security officer at Rapid7 and chief architect of the Metasploit vulnerability testing tool, also got involved last week. He claimed in a Twitter update that the hole affected a lot more applications than simply iTunes — “about 40 different apps, including the Windows shell.”
(more…)

Google (Nasdaq: GOOG) will launch a Chrome OS tablet on the Verizon network Nov. 26, know to retailers as “Black Friday,” according to the Download Squad. The device is being built by HTC, a company that’s made several Android devices in the past.
If true, the move will fulfill Google’s announcement earlier this year that it would launch Chrome OS tablets in time for the holiday season. However, it’s not yet clear how Chrome OS tablets will coexist with those running the Android operating system, which is also offered by Google. Will they be targeted at different markets? Also, could Oracle’s (Nasdaq: ORCL) lawsuit against Google hamper sales of Chrome tablets?

Suggested Chrome Tablet Specs
The rumored Chrome OS tablet will likely be based on Nvidia’s (Nasdaq: NVDA) Tegra 2 platform, Download Squad speculated.
The Tegra is Nvidia’s low-power HD processor for mobile devices. It has eight separate processors, including an ARM (Nasdaq: ARMHY) CPU and separate graphics and HD video processors. The Chrome OS tablet will reportedly have a 1,280-by-720 multitouch display, 2 GB of RAM, at least a 32 GB solid state drive, GPS, a webcam and possibly expandable storage through a multi-card reader. For connectivity, it will reportedly have WiFi, Bluetooth and 3G capabilities.

Back in December 2009, IBTimes listed the specs of a Google Chrome netbook it said was in the works. This would have a 10.1-inch thin-film transistor (TFT) multitouch display which would be HD-ready, a 64 GB solid state drive, 2 GB of RAM, a webcam, a multi-card reader and WiFi, 3G, Bluetooth and Ethernet capabilities as well as USB ports, according to IBTimes.
Speculation was that this netbook would be offered at less than US$300.

“I expect the product to be very raw, more of a late beta than a true final product for some time, but for some, and I’m likely in that group myself, that can actually be OK, given that we like being the first to try stuff out,” Rob Enderle, principal analyst at the Enderle Group, told TechNewsWorld.

“This is a taste of a product that won’t really be ready until mid-2011,” Enderle added.

“It would be better if Google launched the tablet earlier, but people are buying later now than they did in the past, so Google could still do well as long as the tablet’s available for shipping after the launch,” Maribel Lopez, principal analyst and founder of Lopez Research, told TechNewsWorld.
(more…)

YouTube Downloader 2.6.1 is a YouTube Download product from youtubedownload.altervista.org, get 5 Stars SoftSea Rating, YouTube Downloader is program that allows you to download videos from YouTube, Google Video, Yahoo Video, and many others and convert them to other video formats.The software is easy-to-use, just specify the URL for the video you want to download and click the Ok button!It also allows you to convert downloaded videos for Ipod, Iphone, PSP, Cell Phone, Windows Media, XVid and MP3.You can use YouTube Downloader to download the videos of your choice from home, at the office or in school.Download YouTube Downloader now and get started downloading your favorite videos from YouTube.

General Points:
1. Download videos from YouTube, Google Video, MySpaceTV and many others
2. Allows you to download YouTube videos for which you need to be 18+ years of age
3. Converts video for Ipod, Iphone, PSP, Cell Phone, Windows Media, XVid and MP3
4. Provides the capability to cut and select the output quality of converted videos
5. Uses the FFmpeg engine to convert the videos
6. Plays videos downloaded in Flash
7. Extremely easy-to-use

Why do I get a “No Flash video found” error when trying to download video from Youtube?
This means Youtube Downloader could not find a video file on the web page you asked it to download from. The most common cause of this error is that you’re using an old version of Youtube Downloader. Make sure you have the most recent version installed. The second most common problem is that you’re trying to download video from a web page that is not a single video page such as a Channel. Check the URL, it should be in the format “youtube.com/watch/v=SQkcD8j4…”. If you’re watching a video in a channel, you can get to a single video page by right-clicking on the video while it is playing on Youtube and select “Watch on YouTube” which will open that video in a single video page in your web browser. If you don’t see the “Watch on YouTube” option, look for a link or button below the video window that will open the video in a single video page on YouTube.

Why are some of my videos being downloaded in MP4 format now rather than FLV format?
Youtube now uses MP4 for their HD videos and some of their HQ ones. So when Youtube Downloader downloads one of these videos from Youtube, it will be downloaded and saved as an MP4 video file automatically. To play this file on your computer, you can use the video player built into Youtube Downloader or you will need to find a software that understands MP4 files automatically such as Apple’s Quicktime player. You could also use Youtube Downloader to convert this file to a format your computer understands, such as WMV. SoftSea.com had fully tested, reviewed and uploaded the install files, YouTube Downloader does not contain any adware or spyware, the latest version is 2.6.1, you can download this youtube download software (4.1 MB) from special server of SoftSea.com. The license of this internet software is Freeware, you can free download and free use this youtube download software.

Download Here

Sarch engine optimisation services agree that getting a good ranking for a site is often about what you don’t do. It’s easy to take the wrong path when the way’s not clear, and in SEO the rules change and technology advances so fast that it’s very easy to find yourself lost.

The best way to get the best results for your site and avoid methods that are likely to be detrimental or even unethical is to get advice from a good team of SEO experts. Experienced SEO consultants are likely to have experience of all kinds of methods employed to rank well with search engines, and they’ll be able to guide you in the right direction.

Search engine optimisation involves a lot of factors, and is a complex area of expertise. Having said that, there are some common mistakes that it’s easy to recognise from the beginning. Read our four tips on common mistakes to avoid getting caught out!

1. Style over content. It might seem logical to assume that the better a site looks, the more likely it is to feature on results pages when users conduct a query. It may be a bitter pill to swallow, but that just isn’t the case. A site can be designed to look perfect and still feature very bad search engine optimisation. In fact, a lot of the software used to make sites pretty is counter-productive from an SEO perspective. Flash is a good example of this. It might make your site look modern and appeal to users, but any content in Flash is likely to remain unseen by the software sent to report back on your site. This is because the ‘robots’ sent by search engines don’t read Flash well. They require text in order to be able to read. While advances are being made in this area, most professional SEO services advise on the need to feature text alongside, if not instead of Flash. The same goes for drop-down menus, JavaScript and frames. Links are particularly important. Double check that the robots can see them. If they can’t, entire sections of your site could be unnoticed. Find a balance of style and content the search engines can read if you want to get onto results and reach people! Avoid overusing visually appealing features that get in the way of good SEO.

2. Pre-loading screens put people off. Many publishers make the mistake of featuring pages that inform the user that a page is loading and will be with them soon. While it might seem like a polite gesture and a good way of keeping something on the screen, all evidence points to these pages having a negative impact. If you don’t want users to get bored and leave your site, be sure you’ve got a server that’s loading your pages quickly. Avoid telling users what they already know. If they’re waiting then they should know that a page is loading. Seeing the message can make them think they should expect an eternity.

3. Download a special player to view content? No, thanks. Most users are put off by the idea of having to download special software just to view something on your site. When faced with the yes or no choice of whether to download a new program, most users will click no and move on to another site. While this might be a pity if you have something you really want them to see, it’s worth knowing because losing traffic is not what we’re aiming to do.
(more…)