MasterCard has presented a new type of credit card that has a display and buttons.
   The new MasterCard, which has the same dimensions and functionality as a traditional one, has a small additional display and buttons: numeric 0 to 9, an OK button, a C button, plus one main button ON/OFF.
   The folks from Mastercard think it is the time, for online financial services users, to be able to instantly conceive new and unique passwords for different services that they access. The goal is, of course, the increase of the security of card transactions.
   On the other hand, it doubles the card security. If the card is stolen or lost, the criminals can not use it in any form of payment if they don't know, besides the PIN that the bank gave you, the code you entered personally on card's keyboard.
by byetech

Apple has agreed to buy fingerprint reader AuthenTec Inc. for approximately $356 million as the maker of iPhones and iPads looks to strengthen its digital security capabilities.
Apple's acquisition comes as consumers use their smartphones for more and more daily activities, including shopping.
"As cellphones become essentially credit cards, consumers will look to secure them in the event of theft or loss. AuthenTec's fingerprint sensors offer one way to secure handsets," said Raymond James analyst J. Steven Smigie.
It's not known what Apple's plans are. Rival devices running Google's Android system are starting to come with a wireless technology that can let phones make payments with the tap of a reader. Apple's patent filings hint at an interest in the technology, known as near-field communications, but the notoriously secretive company has given no clue when the technology might show up in iPhones. A new model is expected this fall.
Beyond protecting payments, a fingerprint system could keep unauthorized people from accessing email, contact lists and more. Current phones offer protection through passwords, which can be guessed or forgotten.
AuthenTec said Apple Inc. is paying $8 for each of its common shares, a 58 percent premium to their closing price on Thursday.
AuthenTec's stock jumped $3.27, or 65 percent, to $8.34 in Friday afternoon trading, above Apple's offer. That could suggest investors think there will be a higher bid for the company.
The deal was unanimously approved by AuthenTec's board. It still requires approval from a majority of the holders of the Melbourne, Fla., company's stock. AuthenTec has about 44.5 million outstanding shares, according to FactSet.
A higher offer for AuthenTec is possible. In a regulatory filing, AuthenTec said it's not allowed to actively seek out other offers, but it could hold talks with other parties before its stockholders approve Apple's buyout terms.
If AuthenTec does wind up accepting a superior offer, it would have to pay a breakup fee of approximately $11 million.
While Apple said earlier this week that its growth rate slowed in its latest quarter, massive sales of its iPhones and iPads in recent years have made it the world's most valuable company. It's the third-largest maker of cellphones, according to research firm Gartner, and dominates the market for tablet computers.
source(via) Associated Press

A new trojan virus for OS X was identified by the security firm Intergo. Crisis, a malware application, is more complex than other viruses, which increase the difficulty of analysis and control of the virus, say security experts.
The Crisis Trojan can be installed without any user interaction on the Mac OS X 10.6 Snow Leopard and OS X 10.7 Lion versions.
If the program is installed on an account with administrator rights on the Mac, Crisis will install more additional programs to be more difficult to detect it. Intego included in the VirusBarrier X6 the required tools to prevent infection.
The security company claims that the application includes self-protection measures similar to those of the viruses usually found on PCs with Windows.
(by byetech staff)

Union Savings Bank (USB) representatives noticed that some of the debit cards issued by the financial institution were used to commit fraud that leveraged prepaid cards. They determined that the account information utilized by the fraudsters was stolen as a result of the Global Payments incident.
According to security journalist Brian Krebs, USB notified Visa after realizing that the private school's cafe where most of the cards were used was actually a Global Payments customer.
Shortly after, the bank was contacted by Tony Higgins, a fraud investigator who worked for Safeway Inc, a grocery store chain in Nevada and Southern California.
The institution learned from Higgins that the crooks purchased Safeway prepaid cards from the stores. On the magnetic stripes of these cards they encrypted account information from USB.
To make their trail hard to follow, they used them to purchase other prepaid cards with which they bought electronics and expensive products.
The investigator told Doug Fuller, USB’s chief risk officer, that the fraudsters were committing their crimes mostly in Las Vegas, but also in nearby states. He believed that they were actually from Los Angeles and San Diego, but came to Vegas to make use of the payment cards.
Apparently, around 1,000 Union Savings Bank debit accounts were compromised as a result of the Global Payments breach, the losses suffered by the organization totaling up to $75,000 (57,000 EUR), plus another $10,000 (7,600 EUR) which it spent on reissuing cards.
Higgins told the risk officer that the Bank of Oklahoma and Fulton Bank were also on the list of victims.
While Global Payments representatives hold on to their side of the story, claiming that no more than 1.5 million accounts have been compromised, others believe that more than 7 million card owners may be exposed.
source (via) softpedia news

Symantec has released an announcement about the PCAnywhere disable for all users.
Company's announcement comes after the theft of the source code, which came into possession of hackers in India, associated with the Anonymous group .
Code can't be used to exploit vulnerabilities in newer versions than 2007.
Even though company officials have said there is no real threat to customers security, Symantec recommended to disable the product until they completely solve the problem.
Most exposed are PCAnywhere 12.0, 12.1. 12.5 users but also those of previous versions. Symantec has already released a hotfix that fix several significant vulnerabilities .
Company representatives explained that there is no direct way to exploit the PCAnywhere code, but hackers could use to create additional vulnerabilities.
( by byetech staff  )

Some of the customers of Romanian CEC Bank are being alerted by the financial institutions that they’re cards will be blocked and reissued along with their PINs after receiving numerous complaints about credit card details being leaked from the databases of an international company.
The company that suffered the data breach was not named, but according to Romania Insider, a number of 17,000 cards will be reissued to prevent potential fraudulent activities.
The institution suspects that the clients of other banks from Romania and additional countries may be affected as well, but no further details were provided.
“The bank has been informed that a number of cards issued by banks in Romania and abroad have been potentially compromised through an international database. CEC Bank has decided to block the cards and re-issue a new card and PIN number, at no cost, for a number of cards in its portfolio,” reads a statement on CEC Bank’s website.
“We apologize for the inconvenience, but considering the aforementioned facts, this action is purposed to protect the bank’s customers from the possibility of financial losses. This attack did not target CEC Bank’s cards alone and was not due to any bank vulnerability. Our clients’ money is safe.”
By the looks of it, it’s really hard to determine what company was targeted by the data breach that left all the consumers exposed. Since each week we come across tons of information leaked online by hackers from across the globe it’s hard to say who are the parties involved.
The measures taken by CEC are appropriate for such an incident and hopefully, the other banks and their customers are aware of the situation.
In these situations, it’s recommended for the individuals involved to closely monitor all their digital assets as it’s not uncommon for the data collected as a result of these operations to be utilized for other malicious purposes.
source softpedia.com

In a new study issued by Accuvant, Google Chrome was deemed to be the most secure browser, based on the technologies and measures it implements to ensure that rogue code does at little damage as possible.
Internet Explorer was found to be close and comparable to Google Chrome, while Firefox was found to be lacking in some aspects.
The study was requested and paid for by Google, but there is little doubt over its integrity. It's certainly nothing like Microsoft's 'feature checkmark' security 'test'.
It's hard to overstress the importance of browser security. With browsers and the web becoming more complex and more powerful, security technologies have to keep up.
The study assumed that attackers would find bugs which can be exploited, no software this complex is perfect.
Thus, it focused on what browsers did to mitigate the danger of a vulnerability, how they limited what attackers could do after they found an exploit.
The researchers analyzed the sandboxing technologies in the browsers, or the lack thereof on the case of Firefox, the security levels and technologies for extensions, add-ons and plugins, and Just-in-Time (JIT) hardening.
Most JavaScript engines in modern browsers use JIT compiling, which turns JavaScript into native, executable code. This code, however, doesn't adhere to the security measures imposed on code from native application, so browser makers have to deploy their own measures to ensure that memory space used by this code is harder to exploit.
The report is 120 pages long and, while fairly technical, is a good read for anyone wanting to know more about what security measures and technologies each of the three browsers employ. It also serves to add some perspective to the conclusion.
Overall though, the researchers found Google Chrome to be the most secure browser. Its sandboxing technology was the tightest, while IE's allowed some local files to be read. Firefox doesn't employ a sandbox.
When it comes to JIT hardening, Chrome and Internet Explorer have implemented some measures, though not always the same, while Firefox has none of the methods the researchers focused on.
When it comes to extension, add-on and plugin security, the three browsers are more closely ranked, with Chrome having a slight lead over IE which in turn has a slight lead over Firefox.
                                                           click on pictures to enlarge



source softpedia.com

click on picture to enlarge

Again we are presented with a situation that shows how even companies that should keep us protected are vulnerable to the attacks launched by cybercriminals. This time, NOD32’s website in Ukraine and Kaspersky’s Costa Rican site were defaced.
Kaspersky was hacked by Algerian hackers Over-X, indoushka and Saousha and according to Cyberwarnews, this is not the first time they fail to properly secure their site. The attackers don’t state their reasons for taking down the page, but it’s most likely one of the situations where they want to show how weak its security is.
At the time of writing, Kaspersky’s website (kaspersky.co.cr) is still down, proudly displaying the image placed by the hackers.
On the other hand, NOD32 in Ukraine (nod32.in.ua) acted quickly on restoring their services after being attacked by hackers known as KhantastiC haX0r and Shadow008.
“HellO NoD32. Where is Security ?! Are U Hacked ? Yesh ! U have been Hacked Once Again :D !!! Everyday Someone Get Hacked Today is your Day. Impossible only means it has not been done...” state the hackers on the defaced page.
The ones responsible for taking down the NOD32 site kept themselves busy over the past few days, making a lot of victims, mostly from India and Bangladesh.
The Zone-H mirrors of their hacks reveal that most of the sites were hosted on government domains, which seem to be the favorite targets of this duo.
A few months back we saw Panda’s website in Pakistan being injected with some arbitrary code, and two days ago we saw how Team Elite proved an attack on the Polish website of ArcaBit, the developers of ArcaVit antivirus.
You can probably imagine that for hackers it’s a great accomplishment to breach the websites of those who are actually in the security business and unfortunately, in some cases it takes more than one cybercriminal operation to get them to patch up all the holes.
source softpedia.com

Although some are reluctant to admitting that there is malware specifically written for Android devices, this does not change the fact that some security experts deal with such threats on a daily basis.
Considering this, BitDefender just launched the stable version of their antivirus for Android devices. The app relies on in-the-cloud scanning technology in order to reduce strain on battery and offer great detection rate.
BitDefender Mobile Security comes in two versions, paid and free. Web page scanning and Anti-Theft are the two features available only in the Premium edition. However, the feature set is quite rich, scanning each app immediately after installation and auditing permission requirements.
Thus, you will be aware of the apps that require access to the Internet or to sensitive data on your Android.
source softpedia.com

Recent inquiries revealed that the United Kingdom Ministry of Defence (MoD) is having difficulties taking care of their IT equipment, the number of device losses from May 2010 totaling somewhere close to 1000.
In a response to a TheyWorkForYou inquiry, Parliamentary Under Secretary of State Andrew Robathan revealed that the large number of losses was almost inevitable due to “size and complexity” of the MoD.
“The size and complexity of the MOD, more than 250,000 individuals operating all round the world, from permanent bases and in theatre and with frequent movement of kit between locations in support of operations, means it is almost inevitable that equipment will go missing,” Robathan said.
The figures show that 99 desktop computers, 188 laptops, 18 mobile phones, 10 BlackBerrys, 194 disks, 72 removable hard drives, 6 printers, 73 memory sticks and 150 backup tapes were lost in the past 18 months.
Robathan also compares the losses from 2008 and 2009, when 326, respectively 129, laptops went missing.
In a blog post on the official website of the MoD, representatives of the Ministry claim that 20 of the laptops were recovered and in cases where it’s possible, all the information stored on government devices is encrypted.
“Processes, instructions and technological aids are being continually reviewed, revised and implemented to mitigate human errors and further raise the awareness of every individual in the Department of their vital role in protecting MOD information and assets,” the post reads.
“The level of detail with which we record these incidents of loss and theft is indicative of the importance we place on this matter.”
It may be true that some losses are inevitable, but hopefully the decrease in the number of incidents is a true sign that their working hard to prevent these situations, as we’ve witnessed before the dangers involved when a state worker loses a device that stores sensitive data.
source softpedia.com

Twitter has acquired a start-up company that makes software to improve security and privacy for smartphones and other mobile devices.
With its acquisition of Whisper Systems, Twitter gains technology to bolster security of its fast-growing microblogging service and gets a pair of highly-respected experts in the field of online security.
Whisper Systems was co-founded last year by security experts Moxie Marlinspike and Stuart Anderson.
"The Whisper Systems team is joining Twitter starting today," Twitter said in an emailed statement on Monday. "As part of our fast-growing engineering team, they will be bringing their technology and security expertise to Twitter's products and services. We're happy to have Moxie and Stuart onboard."
Twitter did not disclose a price for the deal and declined to comment beyond its statement.
Twitter, which has more than 100 million active users, allows people to send short, 140-character, messages to groups of followers.
The service has become a popular communications tool for celebrities, politicians and businesses. It has also played a role in several geopolitical events, such as the past year's uprisings in the middle east, by allowing dissidents to organize and communicate.
But some privacy advocates have warned that certain governments also have used Twitter to help monitor dissidents
and activists.
Whisper Systems offers programs that scramble data, voice conversations and text messages on mobile devices that use the Android operating system, so that the information cannot be accessed by hackers.
Marlinspike is highly respected in the security community, having gained notoriety for discovering high-profile vulnerabilities in systems that encrypt data over the Internet and wifi networks.
(Reporting by Jim Finkle and Alexei Oreskovic; editing by Carol Bishopric)Reuters

The security solutions provider released Symantec Instant Messaging Security. cloud (IMS.cloud), a product designed to make sure companies that rely on instant messaging platforms to communicate will no longer have to worry about their communications not being secure.
The novel solution that supports Microsoft Lync is designed to block malicious URLs, deploys protection against data loss and scans messages and attachments in search for malware.

The best part about it is that no additional software or hardware is needed and it can be easily adapted into any work environment.

“Instant Messaging is becoming a popular tool for internal and external communications in organizations of every size. According to Symantec Intelligence, 1 in 11.3 links sent over IM link to malicious Web sites while our Symantec Instant Messaging survey revealed that fewer than half of the organizations surveyed have suitable controls for monitoring IM,” said Tom Powledge, vice president of Product Delivery, Symantec.cloud.

“The casual nature of IM paired with a tendency to de-prioritize IM security leaves organizations susceptible to compliance breaches, data loss and malware infection. IMS.cloud takes the risk out of IM so that companies can meet user demand for the latest technology while allowing a flexible and collaborative working environment anytime from anywhere.”

Since it scans everything that comes and goes through instant messaging communication channels, IMS.cloud will make sure companies are not exposed to any kind of threats.

Each file that's sent or received on IM platforms is checked against the companies policies to make sure that not only security regulations are obeyed but also legal ones.

Among the key features of the product, worth mentioning are the effective content control management system, automatic message logging features and the Skeptic Malware protection engine, one of Symantec's best technologies.

Finally, since it's all in the cloud, even companies with limited staff can benefit from a rapid deployment and easy maintenance.
source softpedia.com

Valve Corporation has become the latest game company to fall victim to a major hacking intrusion that has left gamers' personal information and potentially even credit card numbers exposed.
In a letter sent to users Thursday, Valve founder Gabe Newell said that, on Sunday, the company discovered that the community forums for its online gaming and distribution service — Steam — had been defaced. But Newell said that further investigation has now revealed that the intrusion "goes beyond the Steam forums" and into a Steam database filled with gamers' personal information.
The popular Steam service, which distributes and manages over 1,800 games, has more than 35 million users across 237 countries.
Though Newell did not say how many users may have been affected, he wrote:
This database contained information including user names, hashed and salted passwords, game purchases, email addresses, billing addresses and encrypted credit card information. We do not have evidence that encrypted credit card numbers or personally identifying information were taken by the intruders, or that the protection on credit card numbers or passwords was cracked. We are still investigating.
Newell told users that Valve — the company behind hit gaming franchises such as "Portal" and "Half-Life" — doesn't currently have any evidence of any credit card misuse, but he warned "you should watch your credit card activity and statements closely."
He went on to say that a few forum accounts have been compromised. Because of that, all forum users will be required to change their passwords.
Steam users first noticed something was awry on Sunday when promotional posts from a site called Fkn0wned.com, began appearing in the community forums.
They read: "Ever wanted to dominate the servers you play on with guaranteed results, but you were too afraid to cheat because of ban risks? Visit Fkn0wned.com. It's safe, secure and undetected. Along with hacks, we've also got some general discussion sections, hacking tutorials and tools, porn, free giveaways and much more."
But as word of the forum defacement spread, the Fkn0wned founder posted the following message on his site denying any responsibility:
I didn't authorize anyone to do what happened so Fkn0wned shouldn't be held responsible. If a member performs illegal actions in our name, there's not much we can do about that other than to ask that member to stop. If a rival site is deliberately trying to bring us down by placing the attention of Valve's legal department on us, there's not much we can do about that either. It's how this scene works and I'll have to accept that.
Valve has closed the Steam forums for the time being though Newell promised to reopen them "as soon as we can."
"I am truly sorry this happened," he added. "And I apologize for the inconvenience."
By Winda Benedetti MSNBC.com