Outlook.com -A New Email Service Introduced By Microsoft

Outlook.com -A New Email Service Introduced By Microsoft  

After successfully revamping it's popular mail service Hotmail through it's look and features with the name of 'Newmail', now the software giant Microsoft has launched a new email service that shares the name of its famed email software, Outlook. Outlook.com is accessible as a preview now, and anyone can sign up for an account. If you already have a Hotmail or Live email address, you can convert that to an Outlook.com address in the settings now. The old Hotmail/Live address remains active--users will still get mail sent to the old addresses--unless you explicitly choose to delete it. The interface is based on Metro, the user interface you see in Windows Phone and the upcoming Windows 8. This means you get a clean, uncluttered design and simple icons familiar to anyone who has used a Nokia Lumia smartphone. Microsoft is not requiring everyone that has a Hotmail account to switch to the new address, but it seems the plan is to eventually have everyone move over.

Research firm comScore says Hotmail has 41 million monthly unique visitors; AOL, 24 million. That makes them the No. 3 and No. 4 e-mail providers in the U.S., behind Yahoo Mail, with 84 million unique visitors, and Gmail, 68 million. Worldwide, more than 324 million people still use Hotmail monthly, making it the top provider globally. But Hotmail's user base is on the decline.

Like many email clients, you get a list of folders on the left navigation bar. What's interesting is the Quick Views dropdown below the folders, which lets you filter certain kinds of email. By default, it filters emails with documents or photos, flagged messages and those that give you shipping updates. That last one will be useful for those who frequently shop online and are always expecting packages. These categories can be customized to suit your needs.

With Outlook.com, you can also turn on a reading pane that lets you read the message either below or on the right of the email list. As a security measure, it shows a blank message by default, and not the first one in your inbox--you have to explicitly click on a message to show it, reducing the risk of being exposed to malicious emails by accident.

On the far right is an advertisement column. This shows a random selection, unlike Gmail, which uses targeted ads based on the content of your email messages. 

To find out more about the features and design of Outlook.com it will be best if you try it out yourself, just visit www.outlook.com and sign up for an account, or simply switch your current Hotmail/Live email to an Outlook.com one.

-Source (Outlook.com, Cnet)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Outlook.com -A New Email Service Introduced By Microsoft"https://www.voiceofgreyhat.com/2012/08/Outlook.com-New-Email-Service-Introduced-By-Microsoft.html</a>

Microsoft Issues 'fix it' To Close Internet Explorer 0-day Vulnerability

Microsoft Issues 'fix it' To Close Internet Explorer 0-day Vulnerability 

Last few days the whole cyber world have gone through with so many drama of Internet Explorer's security bug, as researchers have unveiled four active exploits of a zero-day vulnerability in the browser. As expected the software giant Microsoft has released an emergency fix to get rid of these major security issues. Microsoft released a “fix it” tool for a critical security flaw in most versions of Internet Explorer 6, 7, 8 and 9  that hackers have been exploiting to break into Windows systems. The company said it expects to issue an official patch (MS12-063) for the vulnerability on Friday, Sept. 21. "While we have only seen a few attempts to exploit this issue, impacting an extremely limited number of people, we are taking this proactive step to help ensure Internet Explorer customers are protected and able to safely browse online," said Yunsun Wee, director of Microsoft Trustworthy Computing in a statement. The zero-day in IE 6-9 is a use-after-free memory corruption vulnerability, similar to a buffer overflow, that would enable an attacker to remotely execute code on a compromised machine. The original exploit payload dropped the PoisonIvy remote access Trojan (RAT) via a corrupted Flash movie file. The latest payload discovered dropped the PlugX RAT via the same corrupted Flash movie, Blasco said. He also said the new exploits are the work of the Chinese hacker group Nitro, the same group behind a pair of Java zero-day exploits disclosed in August.

Blasco also said the new exploits appear to be targeting defense contractors in the United States and India.

Microsoft recommended several workarounds Tuesday morning before announcing its intention to send out a FixIt.

• Setting Internet and local Internet security zone settings to high, which would block ActiveX Controls and Active Scripting in both zones
• Configure IE to prompt the user before running Active Scripting, or disable Active Scripting in both zones

• Use of Microsoft's Enhanced Mitigation Experience Toolkit provides mitigations as well, and would not impact website usability, as both of the first two options might.

Microsoft also said that IE running on Windows Server 2003, 2008 and 2008R2 runs in a restricted mode that mitigates the vulnerability. Outlook, Outlook Express and Windows Mail also open HTML messages in a restricted zone, mitigating the vulnerabilty but should a user click a link in a message, they could still be vulnerable to exploit.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Microsoft Issues 'fix it' To Close Internet Explorer 0-day Vulnerability"https://www.voiceofgreyhat.com/2012/09/Microsoft-Issues-fixit-To-Close-IE-0day-Vulnerability.html</a>

Metasploit 4.2.0 Released With IPv6 Support & Virtualization Target Coverage

Metasploit 4.2.0 Released With IPv6 Support & Virtualization Target Coverage

Earlier we haev discussed many times about one of the most famous and widely used exploitation framework named Metasploit. Yet again the Rapid 7 released another updated version of Metasploit. This update brings Metasploit to version 4.2.0, adding IPv6 support and virtualization target coverage. You'll also notice a new Product News section and update notification for our weekly updates. Since the last major release (4.1.0), added 54 new exploits, 66 new auxiliary modules, 43 new post-exploitation modules, and 18 new payloads. 

Brief About Metasploit:- 

The Metasploit Framework is a penetration testing toolkit, exploit development platform, and research tool. The framework includes hundreds of working remote exploits for a variety of platforms. Payloads, encoders, and nop slide generators can be mixed and matched with exploit modules to solve almost any exploit-related task.

Module Changes:-

•     Novell eDirectory eMBox Unauthenticated File Access

•     JBoss Seam 2 Remote Command Execution

•     NAT-PMP Port Mapper

•     TFTP File Transfer Utility

•     VMWare Power Off Virtual Machine

•     VMWare Power On Virtual Machine

•     VMWare Tag Virtual Machine

•     VMWare Terminate ESX Login Sessions

•     John the Ripper AIX Password Cracker

•     7-Technologies IGSS 9 IGSSdataServer.exe DoS

•     Microsoft IIS FTP Server <= 7.0 LIST Stack Exhaustion

•     DNS and DNSSEC fuzzer

•     CheckPoint Firewall-1 SecuRemote Topology Service Hostname Disclosure

•     CorpWatch Company ID Information Search

•     CorpWatch Company Name Information Search

•     General Electric D20 Password Recovery

•     NAT-PMP External Address Scanner

•     Shodan Search

•     H.323 Version Scanner

•     Drupal Views Module Users Enumeration

•     Ektron CMS400.NET Default Password Scanner

•     Generic HTTP Directory Traversal Utility

•     Microsoft IIS HTTP Internal IP Disclosure

•     Outlook Web App (OWA) Brute Force Utility

•     Squiz Matrix User Enumeration Scanner

•     Sybase Easerver 6.3 Directory Traversal

•     Yaws Web Server Directory Traversal

•     OKI Printer Default Login Credential Scanner

•     MSSQL Schema Dump

•     MYSQL Schema Dump

•     NAT-PMP External Port Scanner

•     pcAnywhere TCP Service Discovery

•     pcAnywhere UDP Service Discovery

•     Postgres Schema Dump

•     SSH Public Key Acceptance Scanner

•     Telnet Service Encyption Key ID Overflow Detection

•     IpSwitch WhatsUp Gold TFTP Directory Traversal

•     VMWare ESX/ESXi Fingerprint Scanner

•     VMWare Authentication Daemon Login Scanner

•     VMWare Authentication Daemon Version Scanner

•     VMWare Enumerate Permissions

•     VMWare Enumerate Active Sessions

•     VMWare Enumerate User Accounts

•     VMWare Enumerate Virtual Machines

•     VMWare Enumerate Host Details

•     VMWare Web Login Scanner

•     VMWare Screenshot Stealer

•     Capture: HTTP JavaScript Keylogger

•     Oracle DB SQL Injection via SYS.DBMS_CDC_SUBSCRIBE.ACTIVATE_SUBSCRIPTION

•     Asterisk Manager Login Utility

•     FreeBSD Telnet Service Encryption Key ID Buffer Overflow

•     Linux BSD-derived Telnet Service Encryption Key ID Buffer Overflow

•     Java Applet Rhino Script Engine Remote Code Execution

•     Family Connections less.php Remote Command Execution

•     Gitorious Arbitrary Command Execution

•     Horde 3.3.12 Backdoor Arbitrary PHP Code Execution

•     OP5 license.php Remote Command Execution

•     OP5 welcome Remote Command Execution

•     Plone and Zope XMLTools Remote Command Execution

•     PmWiki <= 2.2.34 pagelist.php Remote PHP Code Injection Exploit

•     Support Incident Tracker <= 3.65 Remote Command Execution

•     Splunk Search Remote Code Execution

•     Traq admincp/common.php Remote Code Execution

•     vBSEO <= 3.6.0 proc_deutf() Remote PHP Code Injection

•     Mozilla Firefox 3.6.16 mChannel Use-After-Free

•     CTEK SkyRouter 4200 and 4300 Command Execution

•     Adobe Flash Player MP4 SequenceParameterSetNALUnit Buffer Overflow

•     Icona SpA C6 Messenger DownloaderActiveX Control Arbitrary File Download and Execute

•     HP Easy Printer Care XMLCacheMgr Class ActiveX Control Remote Code Execution

•     Viscom Image Viewer CP Pro 8.0/Gold 6.0 ActiveX Control

•     Java MixerSequencer Object GM_Song Structure Handling Vulnerability

•     MS05-054 Microsoft Internet Explorer JavaScript OnLoad Handler Remote Code Execution

•     MS12-004 midiOutPlayNextPolyEvent Heap Overflow

•     Viscom Software Movie Player Pro SDK ActiveX 6.8

•     Adobe Reader U3D Memory Corruption Vulnerability

•     Aviosoft Digital TV Player Professional 1.0 Stack Buffer Overflow

•     BS.Player 2.57 Buffer Overflow

•     CCMPlayer 1.5 m3u Playlist Stack Based Buffer Overflow

•     Free MP3 CD Ripper 1.1 WAV File Stack Buffer Overflow

•     McAfee SaaS MyCioScan ShowReport Remote Command Execution

•     Mini-Stream RM-MP3 Converter v3.1.2.1 PLS File Stack Buffer Overflow

•     MS11-038 Microsoft Office Excel Malformed OBJ Record Handling Overflow

•     Ability Server 2.34 STOR Command Stack Buffer Overflow

•     AbsoluteFTP 1.9.6 - 2.2.10 LIST Command Remote Buffer Overflow

•     Serv-U FTP Server < 4.2 Buffer Overflow

•     HP OpenView Network Node Manager ov.dll _OVBuildPath Buffer Overflow

•     XAMPP WebDAV PHP Upload

•     Avid Media Composer 5.5 - Avid Phonetic Indexer Buffer Overflow

•     Citrix Provisioning Services 5.6 SP1 Streamprocess Opcode 0x40020000 Buffer Overflow

•     HP Diagnostics Server magentservice.exe Overflow

•     StreamDown 6.8.0 Buffer Overflow

•     Wireshark console.lua Pre-Loading Script Execution

•     Oracle Job Scheduler Named Pipe Command Execution

•     SCADA 3S CoDeSys CmpWebServer <= v3.4 SP4 Patch 2 Stack Buffer Overflow

•     Sunway Forcecontrol SNMP NetDBServer.exe Opcode 0x57

•     OpenTFTP SP 1.4 Error Packet Overflow

•     AIX Gather Dump Password Hashes

•     Linux Gather Saved mount.cifs/mount.smbfs Credentials

•     Multi Gather VirtualBox VM Enumeration

•     UNIX Gather .fetchmailrc Credentials

•     Multi Gather VMWare VM Identification

•     UNIX Gather .netrc Credentials

•     Multi Gather Mozilla Thunderbird Signon Credential Collection

•     Multiple Linux / Unix Post Sudo Upgrade Shell

•     Windows Escalate SMB Icon LNK dropper

•     Windows Escalate Get System via Administrator

•     Windows Gather RazorSQL Credentials

•     Windows Gather File and Registry Artifacts Enumeration

•     Windows Gather Enumerate Computers

•     Post Windows Gather Forensics Duqu Registry Check

•     Windows Gather Privileges Enumeration

•     Windows Manage Download and/or Execute

•     Windows Manage Create Shadow Copy

•     Windows Manage List Shadow Copies

•     Windows Manage Mount Shadow Copy

•     Windows Manage Set Shadow Copy Storage Space

•     Windows Manage Get Shadow Copy Storage Info

•     Windows Recon Computer Browser Discovery

•     Windows Recon Resolve Hostname

•     Windows Gather Wireless BSS Info

•     Windows Gather Wireless Current Connection Info

•     Windows Disconnect Wireless Connection

•     Windows Gather Wireless Profile

For additional information click Here. To Download Metasploit version 4.2.0 for windows & Linux click Here.

 -Source (rapid7)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Metasploit 4.2.0 Released With IPv6 Support & Virtualization Target Coverage"https://www.voiceofgreyhat.com/2012/02/metasploit-420-released-with-ipv6.html</a>

Famous Framework Metasploit v4.0.0

The Metasploit Framework is a penetration testing toolkit, exploit development platform, and research tool. The framework includes hundreds of working remote exploits for a variety of platforms. Payloads, encoders, and nop slide generators can be mixed and matched with exploit modules to solve almost any exploit-related task.

New Exploit Modules:

VSFTPD v2.3.4 Backdoor Command Execution
Java RMI Server Insecure Default Configuration Java Code Execution
HP OpenView Network Node Manager Toolbar.exe CGI Buffer Overflow
HP OpenView Network Node Manager Toolbar.exe CGI Cookie Handling Buffer Overflow
Mozilla Firefox nsTreeRange Dangling Pointer Vulnerability
Black Ice Cover Page ActiveX Control Arbitrary File Download
Microsoft Office Visio VISIODWG.DLL DXF File Handling Vulnerability
MicroP 0.1.1.1600 (MPPL File) Stack Buffer Overflow
Lotus Notes 8.0.x – 8.5.2 FP2 – Autonomy Keyview
RealWin SCADA Server DATAC Login Buffer Overflow
Siemens FactoryLink vrn.exe Opcode 9 Buffer Overflow
Iconics GENESIS32 Integer overflow version 9.21.201.01
Siemens FactoryLink 8 CSService Logging Path Param Buffer Overflow
Sielco Sistemi Winlog Buffer Overflow
Blue Coat Authentication and Authorization Agent (BCAAA) 5 Buffer Overflow
HP OmniInet.exe Opcode 20 Buffer Overflow
HP OmniInet.exe Opcode 27 Buffer Overflow
Citrix Provisioning Services 5.6 streamprocess.exe Buffer Overflow
Lotus Notes 8.0.x – 8.5.2 FP2 – Autonomy Keyview

New Post-Exploitation Modules:

Winlogon Lockout Credential Keylogger
Windows Gather Microsoft Outlook Saved Password Extraction
Windows Gather Process Memory Grep
Windows Gather Trillian Password Extractor
Windows PCI Hardware Enumeration
Windows Gather FlashFXP Saved Password Extraction
Windows Gather Local and Domain Controller Account Password Hashes
Windows Gather Nimbuzz Instant Messenger Password Extractor
Windows Gather CoreFTP Saved Password Extraction
Internet Download Manager (IDM) Password Extractor
Windows Gather SmartFTP Saved Password Extraction
Windows Gather Bitcoin wallet.dat
Windows Gather Service Info Enumeration
Windows Gather IPSwitch iMail User Data Enumeration

New Auxiliary Modules:

John the Ripper Password Cracker Fast Mode
Microsoft Windows DNSAPI.dll LLMNR Buffer Underrun DoS
Kaillera 0.86 Server Denial of Service
2Wire Cross-Site Request Forgery Password Reset Vulnerability
SIPDroid Extension Grabber
MSSQL Password Hashdump

Notable Features & Closed Bugs:-

Feature #4982 – Support for custom executable with psexec
Feature #4856 – RegLoadKey and RegUnLoadKey functions for the Meterpreter stdapi
Feature #4578 – Update Nmap XML parsers to support Nokogiri parsing
Feature #4417 – Post exploitation module to harvest OpenSSH credentials
Feature #4015 – Increase test coverage for railgun
Bug #4963 – Rework db_* commands for consistency
Bug #4892 – non-windows meterpreters upload into the wrong filename
Bug #4296 – Meterpreter stdapi registry functions create key if one doesn’t exist
Bug #3565 – framework installer fails on RHEL (postgres taking too long to start)

Armitage integrates with Metasploit 4.0 to:-

Take advantage of the new Meterpreter payload stagers
Crack credentials with the click of a button
Run post modules against multiple hosts
Automatically log all post-exploitation activity
Revision Information:
Framework Revision 13462

Several import parsers were rewritten to use Nokogiri for much faster processing of large import files. Adding to Metasploit’s extensive payload support, Windows and Java Meterpreter now both support staging over HTTP and Windows can use HTTPS. In a similar vein, POSIX Meterpreter is seeing some new development again. It still isn’t perfect nor is it nearly as complete as the Windows version, but many features already work. Java applet signing is now done directly in Ruby, removing the need for a JDK for generating self-signed certificates. The Linux installers now ship with ruby headers, making it possible to install native gems in the Metasploit ruby environment.

Another flexibility improvement comes in the form of a consolidated pcap interface. The pcaprub extension ships with the Linux installers as of this release and support for Windows will come soon. Modules that used Racket for generating raw packets have been converted to Packetfu, which provides a smoother API for modules to capture and inject packets.

To download Metasploit Framework v4.0.0 Click Here

For more information abous MSF click here

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Famous Framework Metasploit v4.0.0"https://www.voiceofgreyhat.com/2011/08/famous-framework-metasploit-v400.html</a>

2011 "The Year of The Hack" A Brief Over View & Prediction of 2012

Everyday when you open voiceofgreyhat.com you see lost of hacks, defacement, data breached, server rooted, database hacked, information leaked and so on and on. Here is some summary where all the recent attacks ware covered. If 2011 was “the year of the hack,” as it was dubbed by Richard Clarke, former White House cyber-security czar

Would 2012 be the year enterprises apply the lessons learned and stop the attacks? 
Apparently not, as security experts are predicting even more sophisticated attacks for 2012. 

Defense contractors, government agencies, and other public and private organizations reported network breaches where attackers stole intellectual property, financial data and other sensitive data. Hacktivist groups such as Anonymous and LulzSec demonstrated how much damage they can cause large organizations by employing fairly well-known techniques against the application layer. 

What’s the security outlook for 2012? 

It’s appears gloomy, as security experts warn that cyber-attackers will target applications, mobile devices and social networking sites. There will be more social engineering as attackers research victims beforehand to craft even more targeted attacks.

2011 was a year in transition, David Koretz, CEO of Mykonos Software, told, the year when sophisticated Web application attacks came of age. Before, people were talking about the threat to Web applications but were unable to quantify the problem. “2011 is the year people started caring about Web security for the first time,” Koretz said

Attackers targeted applications through SQL injection and cross-site scripting attacks to get access to sensitive data, said Lori MacVittie, senior technical marketing manager at F5 Networks. There are more kits and exploit tools released that exploit certain vulnerabilities, making it easier for even less skilled attackers to launch sophisticated attacks. There will be more of these tools in 2012, she said.

Social media has become more ubiquitous. Forrester estimated 76 percent of enterprises allow some access to social networking sites from within the corporate networks,  and 41 percent allow “unfettered access” to these sites. Many of the data breach and cyber-attack headlines in 2011 were social engineering attacks that exploited email and the Web as an attack vector, according to Rick Holland, a Forrester analyst.

Attacks against social network sites accounted for only 5 percent of total social engineering attacks in Verizon’s 2011 Data Breach Investigations Report. Forrester expects this number to “increase significantly” in 2012, Holland said.

Malware for mobile platforms grabbed headlines in 2011, starting with Google removing apps infected with DroidDream malware from Android Market and then remotely removing them from user devices.

Malware developed for mobile platforms exploded in volume and sophistication, according to Juniper Networks’ Global Threat Center. Criminals released a mobile version of the Zeus Trojan designed to intercept security controls used for online banking for several mobile platforms. Many users were infected with malware that turned their smartphones into zombies participating in a botnet without their knowledge.

Mobile device adoption is on track to reach 60 million tablets and 175 million smartphones in the workforce by 2012, according to Forrester. The majority of users will not be using these devices secured within the corporate environment as they will be working from home offices, public hotspots and third-party networks.

Organizations will increasingly shift their content security operations to the cloud to better protect mobile users. Security professionals have to adapt quickly to multiple mobile form factors and evolving threats from sophisticated malware and social networks, Holland said. 

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">2011 "The Year of The Hack" A Brief Over View & Prediction of 2012"https://www.voiceofgreyhat.com/2011/12/2011-year-of-hack-brief-over-view.html</a>

Microsoft pays $US8.5b for Skype

Microsoft Corp plans to buy Internet phone service Skype for $U8.5 billion ($7.9 billion) in its biggest-ever acquisition, placing a rich bet on mobile and the Internet to try to best rivals such as Google.

In a deal that took a month from offer to signing, the software company outbid Google and Facebook, which sources said offered to partner or buy Skype for $US3 billion to $US4 billion.

Microsoft's interest in the money-losing, but popular service highlights a need to gain new customers for its Windows and Office software. Skype has 145 million users on average each month and has gained favor among small business users.

But investors expressed skepticism over the deal, sending Microsoft shares down 1.4 per cent to $US25.46. If those losses hold, the software giant's market value - already exceeded by Apple last year - will slip behind General Electric's and begin to approach IBM's.

Led by private equity firm Silver Lake, eBay Inc and other investors including the Canada Pension Plan Investment Board and Andreessen Horowitz, would make $US5 billion, or three times their investment, a source familiar with the deal said.

Microsoft is putting more energy and resources into mobile and the Internet as the personal computer business underpinning its Windows and Office franchise appears to be under threat.

The Luxembourg-based company, which allows people to make calls at no charge, but has also developed premium services, would give Microsoft a foothold in the video-conferencing market as businesses shift to cheaper ways of communicating.

Skype delayed plans for an IPO that was expected to value the company at more than $US3 billion. It looked tie-ups with Facebook and Google. Such a deal was expected to value Skype at $US3 billion to $US4 billion.

"It doesn't make sense at all as a financial investment," said Forrester Research analyst Andrew Bartels. "There's no way Microsoft is going to generate enough revenue and profit from Skype to compensate."

A mobile presence

Skype could be combined with Microsoft software such as Outlook to appeal to corporate users, while the voice and video communications could link to Microsoft's Xbox live gaming.

Skype also would offer Microsoft another route to develop its mobile presence, an area it has already put more energy and resources into as PC usage comes under threat.
Skype would become a new business division within Microsoft with Skype CEO Tony Bates in charge and reporting to Ballmer.

"Tony didn't look for it. The ownership group, led by Silver Lake, didn't look for it. We just decided (it was) something that we thought made sense for us," a jubilant Ballmer told reporters.

The sum would not stretch Microsoft. It would bankroll the deal with cash sitting overseas, which would be taxed if Microsoft brought it home. But others said the price was high.

"In this atmosphere of Internet Bubble 2.0, picking up an unprofitable online company for roughly 10 times sales probably seems downright cheap," said Shanghai-based Michael Clendenin, managing director of consulting firm RedTech Advisors.

"But if you consider (it) was just valued at about $US2.5 billion 18 months ago when a chunk was sold off, then $US8.5 billion seems generous and means Microsoft has a high wall to climb to prove to investors that Skype is a necessary linchpin for the company's online and mobile strategy," he said.

Skype, which was formed in 2003. EBay Inc bought it in 2005 for $US3.1 billion. Last year, it lost $7 million, according to data in its initial public offering filing.

In 2009, eBay sold a majority stake in Skype for $US1.9 billion in cash and a $US125 million note. EBay retained about a third.

Ballmer said his company did not use Wall Street advisers on the deal, approaching the owners directly. Goldman Sachs and JPMorgan advised Skype.

The deal, the biggest in technology so far in 2011, capped the strongest start to deal-making since 2000, according to Thomson Reuters data.

"I wish they had not done it," said Whitney Tilson, founder and a managing partner of T2 Partners LLC, which owns Microsoft shares. "Everybody I know uses it and I am glad Microsoft owns it. They just probably paid too much for it."

"We aren't big enough to have a big say. But I am sure that everybody else -- the bigger shareholders -- are going to be asking Microsoft, 'why did you this?'" 

Biggest deal

The acquisition is Microsoft's largest, surpassing the purchase of AQuantive Inc for about $US6 billion in 2007.

"This could give Microsoft a much-needed kick-start" in telecommunications, Paolo Pescatore, an analyst at CCS Insight in London, said. In voice services, "Skype has certainly set the benchmark and gained a lot of traction".

The purchase is likely to divert Skype from a plan that it announced last year - to sell $US100 million of shares in an initial public offering. The company has struggled to convert users of its free PC-to-PC phone services into paying customers.

Skype reported about $US775 million in debt, along with a revolving credit line of $US30 million, in a filing in April.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Microsoft pays $US8.5b for Skype"https://www.voiceofgreyhat.com/2011/05/microsoft-pays-us85b-for-skype.html</a>

Google begins war against Windows

Google does battle with Microsoft in most of its business areas, but it's gearing up to tackle the big daddy of them all: Windows.

With Windows -- and Macs and other PC operating systems -- Google sees an inefficient, costly, and decidedly 20th century mode of computing. Data is stored on each PC's hard drive, so if a laptop is lost or damaged, all the data stored on it could be gone forever too. And when PCs break, they're expensive and time-consuming to fix.
 
That's especially true in the corporate world. Gartner estimates that each desktop in a corporation costs between $3,000 and $5,000 per year to manage. Laptops can cost even more.

Ironically, all that spending means offices end up with old, rickety computers that the users would never buy for themselves. The high cost of tech support makes it prohibitively expensive for many companies to keep their hardware and software up to date. Services firm NetApplications says that more than 50% of computers are still using Windows XP -- a 10-year-old operating system.

Google's (GOOG, Fortune 500) solution: Chrome OS, a Web-based operating system that is set for release on June 15.

On computers running Chrome OS, all of a user's information is stored in the cloud, in remote servers controlled by Google or other companies. Instead of a desktop software model, which relies on installed apps like Microsoft (MSFT, Fortune 500) Outlook and Word, customers will use on Gmail or another Web mail program, and Google Docs or Office 365, which exist online only. (Yes, you can run Microsoft's cloud Office software on a Google Chrome device.)

That goes for IT departments too. Intricate administrative software is replaced by a Web page that allows tech staff to manage all Chrome OS PCs. And Chrome OS automatically updates with the newest version, saving businesses from spending a fortune deploying new software versions.

"We're venturing into a really new model of computing," Sergey Brin, Google's co-founder, said at a press conference this week. "This head-to-toe software model eliminates a lot of complexity. Complexity is torturing everyone, and that's a flawed model."
0:00 / 2:51 Google's 'me too!' music cloud

Google believes it can save businesses at least 50% on their desktop support expenses if they switch to Chrome OS.

But Google has a long, long uphill battle to fight against the entrenched corporate behemoth that is Microsoft Windows. More than 90% of the world's computers run Windows.

Not every business is ready to simplify its hardware, since many rely on high-end software that does not yet exist as a Web application. And Google has had a shaky relationship with the enterprise in the past, gaining only tepid support for its cloud-based business applications suite.

Also, this has been tried before with practically zero success.

Nearly 20 years ago, Oracle CEO Larry Ellison predicted that "thin client," hard-drive-less desktops connected to and managed by a server would be the future of business computing. Sun Microsystems -- now owned by Oracle (ORCL, Fortune 500) -- also tried and failed to get businesses to adopt thin clients.

Google acknowledged past failures but says that this time, it's different. The company surveyed 400 businesses of all sizes and found that 75% said they could migrate to Chrome OS.

People are now more accustomed to running applications out of a browser, Google executives say. The company partnered with virtualization giant Citrix to allow Chrome OS computers to run Windows applications hosted in the cloud, letting businesses run Adobe (ADBE) Photoshop, for instance, on Chrome OS.

Also, unlike pervious attempts, Google is providing both the operating system and the computer as one package: For $28 per user per month ($20 for government offices and schools), companies can rent "Chromebook" netbooks from Google and get support included.

"For the first time, hardware and software are being packaged together as a service," said Sundar Pichai, Google's senior vice president of Chrome. "We think this can fundamentally change the way people use computing in companies."

As evidence that companies of any size can deploy Chrome OS, Google itself is in the process of switching over to the new operating system.

"We will be deploying them increasingly internally," Brin said. "I hope to report next year that we have a very small percentage of anything other than Chromebooks at Google."

Google thinks it can change the face of computing. The only obstacles: The world's largest software maker, notoriously stubborn IT departments and decades of history going against it.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Google begins war against Windows"https://www.voiceofgreyhat.com/2011/05/google-begins-war-against-windows.html</a>

Anonymous Threatened To Bring-down Entire Internet By Attacking DNS

Anonymous Threatened  To Bring-down Entire Internet By Attacking DNS

Infamous Anonymous has threatened  to bring down a substantial portion of the entire Internet by attacking the domain name system (DNS) on March 31, 2012. The attack will be part of protest of FBI recent movement of arresting key members of Lulz & Anon as well as the group confirmed that not only this issue but also the attack has a solid relation over the recent take down of the file-sharing website Megaupload. In short it will be the second phase of Operation Megaupload (#OpMegaupload). You can say its a tit for tat by Anonymous. For your reminder FBI also vows to shutdown the DNSChanger name servers on the 8th of this month.

Anonymous members most likely will employ a relatively little-known technique called DNS amplification, which cleverly tricks mis-configured DNS servers into spewing out torrents of useless data that in turn cause other DNS servers to add to the chaos by producing even more useless data that overwhelms limited traffic-handling capacity. Theoretically, the cascade of out-of-control servers could swamp the ability of the Internet to cope, causing millions of websites to seemingly disappear. The financial fallout from being unable to gain access to the websites of online retailers, banks and other institutions could be enormous. Though experts seriously doubt that Anonymous or another group can credibly reduce the Internet to shambles in the near future, but the longer-term outlook is dimmer.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Anonymous Threatened To Bring-down Entire Internet By Attacking DNS"https://www.voiceofgreyhat.com/2012/03/anonymous-threatened-to-bring-down.html</a>

Symantec to Extend Leading Backup Software to the Cloud and Appliances

Symantec Vision -- Symantec Corp. (NASDAQ: SYMC) today announced a new approach to help small and mid-sized organizations protect data through new delivery models including Backup Exec.cloud, Backup Exec appliances, as well as an enhanced version Backup Exec 2010 software. For the first time, a company will be able to leverage the benefits of backup from Symantec as software, as a cloud service, or as an appliance, signaling the end of the complexity and delivering a fast, easy and modern backup infrastructure. 

 "Customers want choice in how they manage their backup environment, and Symantec is leading the transformation of the backup market with new appliances, cloud and enhanced software for Backup Exec," said Amit Walia, vice president of product management, Symantec. "The future of backup will be defined by simplicity, flexibility and allowing companies to deploy a modern infrastructure that best fits their needs."
Backup Exec 2010 Software Updates

• Improved Virtualization Backup Performance: Available worldwide on May 3, Backup Exec 2010 R3 delivers improved backup and deduplication performance in virtualized environments. The V-Ray technology embedded into the core solution gives customers X-Ray vision to easily see, protect and recover their virtual machines with the same solution that protects their physical environments. Additionally, Symantec's Backup Exec Management Plug-in for VMware is now part of the standard agent for VMware providing Backup Exec management through vCenter.
• New Security Layer: Backup Exec 2010 now provides SSL support from the agent to the server, providing an extra layer of security for customers that transmit backup data across the WAN or to a private cloud. The added security features help ensure that backed up data sent over a public Internet connection is secure and protected.
• Improved Archiving for Data Management and Recovery: Archiving complements backup by helping companies identify what to store, what to delete and when to move older data to secondary systems, while ensuring fast discovery and recovery of older data. Symantec continues to streamline the integration between archiving and backup, helping customers to control storage costs and recovery times. Backup Exec 2010 Agent for Enterprise Vault now supports Enterprise Vault 10 beta backup, recovery and migration. Additionally, the Backup Exec Archive Option for Exchange now includes Virtual Vault, allowing users to access archived emails directly from within Outlook.

Backup Exec Cloud Strategy

• Simple, Cloud-Based Backup: Expected to be available later this year, Symantec Backup Exec.cloud will be an ideal solution for small businesses or remote offices that want to offload their IT infrastructure. The hosted backup service will automatically protect the data on Windows desktops and servers with simple, online backup and recovery. Furthermore, customers will benefit from an expanded Symantec.cloud portfolio of SaaS offerings, that provide integrated solutions for security, email management, and data protection.
• Automatic Backups and Easy Restore: Customers will be able to quickly protect their critical data by streaming it over a SSL connection to Symantec's secure, off-site data centers. Backups can be triggered by file changes or run according to a set schedule, while modified files are protected continuously. Should disaster strike, the service will help businesses stay up and running by restoring critical files to any service-enabled machine with just an internet connection. Employees may also take advantage of individual file restore for everyday file retrieval.
• Predictable Pricing: Symantec plans to offer predictable, subscription-based pricing for Backup Exec.cloud.

Backup Exec Appliance Strategy

• Secure, Optimized and Simple: The new Backup Exec appliances, scheduled to be available later this year as part of a phased launch, will provide businesses with purpose-built, secure and easy to manage backups that run Backup Exec software. Symantec will leverage its appliance model success within the enterprise segment to provide a tailored offering that meets the needs of its SMB customers and remote offices for larger organizations.
• Easily Deployed, Consistent Architecture: Backup Exec appliances can be managed alongside other Backup Exec software installations. The appliance form factor assures a consistent technology deployed across an organization, allowing administrators to manage their information from a data center, by a channel partner, or from other remote locations for reliable on and off-site recovery protection.

Supporting Quotes

• "IDC sees Purpose Built Backup Appliances (PBBA) as becoming a preferred deployment option for many companies and as a significant area for growth," said Robert Amatruda, research director, Data Protection and Recovery at IDC. "Symantec's strategy to deliver Backup Exec as a purpose built backup appliance for SMBs makes a lot of sense, and as the market share leader in backup this new strategy has the potential to shift the backup landscape for many years."
• "Software-as-a-Service and online backup are important emerging options for small businesses and are poised for increased adoption," said Lauren Whitehouse, senior analyst, Enterprise Strategy Group. "Backup Exec.cloud promises to deliver simple, reliable backup that requires no on site hardware, and both small businesses and large organizations with remote offices could benefit."
• "The latest version of Backup Exec 2010 has significantly improved install times, increased the speed of our backups, and has become more efficient in recovering data," said Patrick Manness, network analyst, Paul's Hauling Ltd. "Overall, I am impressed with the improvements and it has made my life easier."
• "Backup Exec is comprehensive in its feature set and easy to implement," said Adam Miller, infrastructure services architect, Virginia Institute of Marine Science. "As we move to a virtualized IT environment, I look forward to using Backup Exec that can see into both our virtual and physical servers for greater ease of use."
• "As a Symantec SMB Specialized partner, we understand that our SMB customers need cost-effective products and services that protect their critical information. We have relied on Backup Exec for years to protect our customers' data in both physical and virtual environments," said Dave Irvine, president and CEO, Irvine Consulting Services. "There is no one-sized-fits-all approach, and Symantec is the only major backup vendor that delivers the flexibility and choice for our customers' backup delivery models including software, appliance, or cloud-based solution -- all with deep support for virtual environments." 

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Symantec to Extend Leading Backup Software to the Cloud and Appliances"https://www.voiceofgreyhat.com/2011/05/symantec-to-extend-leading-backup.html</a>

Hackers Sending Rogue 'Microsoft Services Agreement' Emails Exploiting Java Vulnerability

Hackers Sending Rogue 'Microsoft Services Agreement' Emails Exploiting Java Vulnerability

Cyber criminals are distributing mass on the internet while sending rogue email notifications about changes in Microsoft's Services Agreement to trick people into visiting malicious pages that use a recently circulated Java exploit to infect their computers with malware. Oracle left a security flaw in one of the world’s most widely used programs unpatched for four months and then issues a half-baked fix, the company is practically inviting cyber criminals to exploit its users en mass. And as expected the invitation has been accepted.

The rogue email messages are copies of legitimate notifications that Microsoft sent out to users to announce changes to the company's Services Agreement that will take effect Oct. 19. "This email is a legitimate announcement regarding updates to the Microsoft Services Agreement and Communication Preferences," a Microsoft program manager for supporting mail technologies who identifies herself as Karla L, said on the Microsoft Answers website in response to a user inquiring about the authenticity of the email message.

However, she later acknowledged the existence of reports about malicious emails that use the same template. "If you received an email regarding the Microsoft Services Agreement update and you're reading your email through Hotmail or Outlook.com, the legitimate email should have a Green shield that indicates the message is from a Trusted Sender," she said. "If the email does not have a Green shield, you can mark the email as a Phishing scam." 

However, in the malicious versions of the emails, the correct links have been replaced with links to compromised websites that host attack pages from the Blackhole exploit toolkit. Blackhole is a tool used by cybercriminals to launch Web-based attacks that exploit vulnerabilities in browser plug-ins like Java, Adobe Reader or Flash Player, in order to install malware on the computers of users who visit compromised or malicious websites.

This type of attack is known as a drive-by download and is very effective because it requires no user interaction to achieve its goal. The malicious Java applet used in this attack is detected by only eight of the 42 anitivirus engines available on the VirusTotal file scanning service. The Zeus variant has a similarly low detection rate.

"We're receiving multiple reports of a phishing campaign using the template from a legitimate Microsoft email regarding Important Changes to Microsoft Services Agreement and Communication Preferences," Russ McRee, security incident handler at the SANS Internet Storm Center, said Saturday in a blog post.

-Source (Info World)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Hackers Sending Rogue 'Microsoft Services Agreement' Emails Exploiting Java Vulnerability"https://www.voiceofgreyhat.com/2012/09/Hackers-Sending-Rogue-Emails-Exploiting-Java-Vulnerability.html</a>

Webmail gets hacked, corporate passwords exposed

This week, one of our C-level executives suffered a personal security incident that spilled over to the workplace. Here's what happened.

The executive's Yahoo email password was compromised, which she learned after hearing from friends who told her that they had received messages from her requesting money to deal with a crisis. You've probably heard similar stories, but whoever hacked the executive's email was a bit more clever than the average cybercrook. One friend was suspicious of the request and asked for verification of the executive's identity. Most email hijackers would probably give up and move on to another victim at that point, but this hacker had sifted through the executive's emails and learned enough about her family, vacations and health issues to trick the friend and dupe her into wiring the money.

Naturally, the executive had used her Yahoo Mail account for a variety of activities, including setting up accounts with her bank, her brokerage, an airline and various shopping sites. The Yahoo account had received emails containing clear-text passwords when she had forgotten them. Worse, she often used the same password for multiple accounts.

I advised her to abandon the email account and to contact all of her friends and let them know that they should disregard any mail from that address. But that action, or simply changing the password, probably wouldn't be enough to stem the damage. Most identity thieves will download all the email from a compromised account, as well as data such as calendars and contact lists, to a local computer. This is quite simple, since many webmail clients allow customers to use more feature-rich email clients such as Microsoft Outlook to download email. So even if the account were shut down or the password changed, the hacker would probably still have all of its contents.

Because the compromised content could not be safeguarded, I also told her to file a police report; contact all banks, credit card companies, brokerages and other organizations with which she had done business online; file a fraud alert with the major credit agencies; sign up for a credit-monitoring service; and obtain a new email address and update all of her accounts with that address. I also warned her to refrain from using any PCs, including her home PC, until we could verify their integrity, since we still didn't know how her password had been compromised.

Dangerous Habit

In the course of our conversation, I learned that this incident had implications for the company. You see, we have increased our use of software as a service to the point that we now use more SaaS offerings than on-premises applications. Some might see this as an achievement. I see it as a security nightmare.

As I've explained in past articles, most SaaS vendors have focused more on functionality and accessibility than on security. This incident is a perfect example of how that approach can lead to problems. The executive had a habit of forgetting her passwords for SaaS applications, and she gave me a list of seven SaaS apps that had sent password reset notices to her hacked email account -- in clear, unencrypted text!

Fortunately, none of the data used with these particular apps was extremely sensitive. But she had used her domain password for all of the applications. This meant we had to change her domain password and then log in to all the other applications -- about 15 altogether -- that were not synchronized with Active Directory or configured for single sign-on.

Needless to say, this was not a good day for this executive. But on a positive note, I did get a sponsor for my security awareness and training program.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Webmail gets hacked, corporate passwords exposed"https://www.voiceofgreyhat.com/2011/05/webmail-gets-hacked-corporate-passwords.html</a>