Google has removed over 11 million .co.cc websites from its search engine results pages on the basis that most of them are far too "spammy".



The .co.cc space is not an officially authorised second-level domain like .co.uk or .com.au. Rather, it's offered independently by a Korean company (http://co.cc/) that just happens to own the domain name .co.cc.

Google classes the firm as a "freehost", and has exercised its right to block the whole domain "if we see a very large fraction of sites on a specific freehost are spammy or low-quality", according to Matt Cutts, head of Google's web spam team.

The company said in a recent blog post: "To help protect users we recently modified those [malware-scanning] systems to identify bulk subdomain services which are being abused. In some severe cases our systems may now flag the whole bulk domain."

According to a recent report (29-page PDF/2MB) from the Anti-Phishing Working Group, the .cc top-level domain hosted 4,963 phishing attacks in the second half of 2010, almost twice the number found under any other extension.

That was due to a large number of attacks originating from .co.cc addresses, the APWG said.

The .co.cc "registry" offers single sub-domains for free, and enables customers to bulk-register 15,000 addresses at a time for a mere $1,000, or about seven cents a name.

The company claims to have 11,383,736 registered domains and 5,731,278 user accounts. That would make it one of the largest domain extensions in the world, bigger than both .org and .uk by over two million domains.

The .cc top-level domain belongs to the Cocos (Keeling) Islands, a small Australian territory in the Indian Ocean. Regular .cc websites are unaffected by Google's changes. ®

On Windows 7, Vista, and Server 2008, Adobe Reader 10.1 installs ARMsvc.exe as part of the Updater. It is a Windows Service that runs in a System context. The new service enables silent and automatic updates on machines where a user has configured the application for automatic updates. (For automatic updates, choose Edit > Updater > Download And Install Updates Automatically or Preferences > Updater > Download And Install Updates Automatically.) Without this Service, the user confirms elevation through the User Account Control (UAC) dialog box during the update process.

Six out of ten users use vulnerable Adobe Reader versions



Avast Software, one of the biggest names in computer security have announced that six out of ten people are vulnerable to attacks through them having outdated versions of Adobe Reader.

What’s more worrisome is that hackers commonly use exploits in Adobe’s products which means this specific exploit is likely seen a high amount of usage.

Avast released a statement which said “an analysis of avast! antivirus users found that 60.2% of those with Adobe Reader were running a vulnerable version of the program and only 40% of users had the newest Adobe Reader X or were fullypatched. One out of every five users also had an unpatched version of Adobe Reader that was at least two generations old (8.x).”

The company later said “Adobe Reader is the most popular PDF reader application and subsequently is the biggest target for malware writers. Over 80% of avast! users run a version of Adobe Reader, with Foxit, the second most popular PDF reader, having a much smaller user share of 4.8%.”

Although the amount of Adobe Reader exploits has significantly dropped over the years, hackers are still targeting older versions because the usage of them collectively is extremely high. The 60% of unprotected users are being advised to download the latest version in order to defend themselves against any unsuspected attacks.

Adobe’s senior director of product security and privacy, Brad Arking was quoting as saying "we find that most consumers don’t bother updating a free app such as Adobe Reader as PDF files can be viewed in the older version. In many cases, users only update when provisioning a new machine," he said.

Hotmail introduces new security feature, 'My friend's account was hacked!'

One of the world leading email provides is stepping up their security for all their users. Since the beginning of email, spam has always been a problem that is very hard to combat.

As spammers continue to get smarter with their phishing emails, Hotmail is attempting to stay one step ahead. Hotmail is rolling out a new security feature that lets you help identify an email account as spam, called "My friend's been hacked!" Users may have already noticed this feature in Hotmail under the mark as dropdown.

The Windows Team Blog went in depth about how the feature works and how it helps keeps your friends email safe and secure. When a user receives a suspicious email from a friend, they mark the email as "My friend's been hacked!", which automatically puts all their emails into your junk folder.



The Hotmail team receives this complaint and combines it with information inside their spam detection engine and takes the necessary actions upon the account. In the case that an email actually has been hacked, Microsoft will lock down the account, preventing further spam from that account.

In order for your friends to re-active their account, they will have to follow and successfully complete the account recovery; make sure your account information is up to date and accurate.

The Hotmail team has also worked closely with Yahoo! and Gmail to also accept these reports and further investigate any suspicious activity on email accounts.

In addition to this new security feature, Microsoft is also preventing users from using common passwords like "password" and "123456". This will also include common phrases and words used by millions of people like "ilovecats". The feature won't require users to update their passwords if they use a common password, but going forward, this passwords will no longer be allowed.

At the Black Hat security conference in August, Miller plans to expose and provide a fix for a new breed of attack on Apple laptops that takes advantage of a little-studied weak point in their security: the chips that control their batteries.



Modern laptop batteries contain a microcontroller that monitors the power level of the unit, allowing the operating system and the charger to check on the battery’s charge and respond accordingly. That embedded chip means the lithium ion batteries can know when to stop charging even when the computer is powered off, and can regulate their own heat for safety purposes.

When Miller examined those batteries in several Macbooks, Macbook Pros and Macbook Airs, however, he found a disturbing vulnerability. The batteries’ chips are shipped with default passwords, such that anyone who discovers that password and learns to control the chips’ firmware can potentially hijack them to do anything the hacker wants. That includes permanently ruining batteries at will, and may enable nastier tricks like implanting them with hidden malware that infects the computer no matter how many times software is reinstalled or even potentially causing the batteries to heat up, catch fire or explode. “These batteries just aren’t designed with the idea that people will mess with them,” Miller says. “What I’m showing is that it’s possible to use them to do something really bad.”

Miller discovered the two passwords used to access and alter Apple batteries by pulling apart and analyzing a 2009 software update that Apple instituted to fix a problem with Macbook batteries. Using those keys, he was soon able to reverse engineer the chip’s firmware and cause it to give whatever readings he wanted to the operating system and charger, or even rewrite the firmware completely to do his bidding.

From there, zapping the battery such that it’s no longer recognized by the computer becomes trivial: In fact, Miller permanently “bricked” seven batteries just in the course of his tinkering. (They cost about $130 to replace.) More interesting from a criminal perspective, he suggests, might be installing persistent malware on the chip that infects the rest of the computer to steal data, control its functions, or cause it to crash. Few IT administrators would think to check a battery’s firmware for the source of that infection, and if undiscovered the chip could re-infect the computer again and again.

“You could put a whole hard drive in, reinstall the software, flash the BIOS, and every time it would reattack and screw you over. There would be no way to eradicate or detect it other than removing the battery.” says Miller.

That attack would require finding another vulnerability in the interface between the chip and the operating system. But Miller says that’s not much of a barrier. “Presumably Apple has never considered that as an attack vector, so it’s very possible it’s vulnerable.”

And the truly disturbing prospect of a hacker remotely blowing up a battery on command? Miller didn’t attempt that violent trick, but believes it might be possible. “I work out of my home, so I wasn’t super inclined to cause an explosion there,” he says.

In fact, the batteries he examined have other safeguards against explosions: fuses that contain an alloy that melts at high temperatures to break the circuit and prevent further charging. But Miller, who has worked for the National Security Agency and subsequently hacked everything from the iPhone to virtual worlds, believes it might still be possible. “You read stories about batteries in electronic devices that blow up without any interference,” he says. “If you have all this control, you can probably do it.”

Miller, currently a researcher with the consultancy Accuvant, isn’t the first to explore the danger of explosive batteries triggered by hackers. Barnaby Jack, a researcher for with antivirus giant McAfee, says he worked on the problem in 2009, but he says he ”benched the research when I didn’t succeed in causing any lithium ion fires. Charlie has taken it a lot further and surpassed where I was at the time.”

Miller says he’s received messages from several other researchers asking him not proceed with the battery work because it could be too dangerous. But Miller has worked to fix the problems he’s exposing. At Black Hat he plans to release a tool for Apple users called “Caulkgun” that changes their battery firmware’s passwords to a random string, preventing the default password attack he used. Miller also sent Apple and Texas Instruments his research to make them aware of the vulnerability. I contacted Apple for comment but haven’t yet heard back from the company.

Implementing Miller’s “Caulkgun” prevents any other hacker from using the vulnerabilities he’s found. But it would also prevent Apple from using the battery’s default passwords to implement their own upgrades and fixes. Those who fear the possibilities of a hijacked chunk of charged chemicals in their laps might want to consider the tradeoff.

“No one has ever thought of this as a security boundary,” says Miller. “It’s hard to know for sure everything someone could do with this.”

That attack would require finding another vulnerability in the interface between the chip and the operating system. But Miller says that’s not much of a barrier. “Presumably Apple has never considered that as an attack vector, so it’s very possible it’s vulnerable.”

Adobe is fessing up to fixing much, much more than the 13 documented vulnerabilities in the latest critical Flash Player update.

Following an accusation from Google security researcher Tavis Ormandy that the company buried the fact that it patched a whopping 400 Flash Player vulnerabilities, Adobe security chief Brad Arkin (right) admitted the patch “contains about 80 code changes” for fix flaws identified by Ormandy’s team.

Microsoft’s Digital Crimes Unit has shut down a botnet that was investigated for hosting the MacDefender scareware that preyed on Mac OS X users.

The botnet, known as Kelihos or “Waledac 2.0,” has been linked to spam messages, ID-theft attacks, pump-and-dump stock scams and websites promoting the sexual exploitation of children, according to Microsoft senior attorney Richard Domingues Boscovich.

The botnet contained about 41,000 computers worldwide and was capable of sending 3.8 billion spam e-mails per day.

In contrast to popular belief, this study found that zero-day vulnerabilities accounted for a very small percentage of actual infections. In fact, none of the top malware families detected through our tools like the Malicious Software Removal Tool and Microsoft Security Essentials, and others propagated through the use of a zero-day. And while some smaller families did take advantage of these types of vulnerabilities, less than 1 percent of all vulnerability attacks were against zero-day vulnerabilities – in other words, approximately 99% of attempted attacks impacted vulnerabilities for which an update was available.

Adobe has reported a new "critical vulnerability" for current and older versions of Adobe Reader and Acrobat for Windows, Mac OS X, and Unix operating systems. The attack has already been exploited by hackers in targeted attacks against the Adobe 9 reader on Windows, the company stated in its security advisory The hack appears to have already been used in an attack on US defense contractors and research facilities.

Discovered by Lockheed Martin's Computer Incident Response Team and MITRE, the vulnerability could allow an attacker to send a malicious Adobe document file that crashes Reader, and "potentiallty allow an attacker to take control of the affected system," according to the Adobe Product Security Incident Response Team's alert. In a blog post, Adobe's director of product security Brad Arkin said that Adobe is planning to release a fix for the Windows versions of Adobe Reader and Acrobat 9.4.6 "no later than the week of December 12." There is currently no workaround for Reader 9.x.

Arkin said that the risk to Mac OS X and Unix users of Reader is "significantly lower," and that the attack can be blocked on Windows with Reader X by opening documents in Adobe Reader X in "protected mode." Patches for those versions of Reader will be held until the next quarterly update of Reader, scheduled for January 10.

Arkin encouraged anyone still using Reader 9. "We put a tremendous amount of work into securing Adobe Reader and Acrobat X, and to date there has not been a single piece of malware identified that is effective against a version X install," he claimed. However, that would appear not to apply to Reader and Acrobat X users who open documents without using protected mode.

A new study by security vendor Accuvant Labs concludes that Google Chrome is more secure than rivals Firefox and Internet Explorer, largely because of Chrome's sandboxing and plug-in security.

The research was funded by Google, which might make any reasonable person suspicious of its conclusions. Accuvant insists that Google gave it "a clear directive to provide readers with an objective understanding of relative browser security" and that the conclusions in the paper "are those of Accuvant Labs, based on our independent data collection." Accuvant also made the supporting data available as a separate download so that it can be scrutinized by other researchers.

Accuvant focused only on Chrome, IE and Firefox, leaving out Safari and others for the sake of time. It also tested the browsers only on Windows 7, 32-bit edition. Despite concluding research in July, the paper was just released today. As a result, the report excludes newer versions of Chrome and Firefox, which have more rapid release cycles than Internet Explorer.

But the 102-page report otherwise seems fairly thorough, and Accuvant says it will update the report as the security of each browser evolves, and claims that it already provides a better look at browser security than metrics such as vulnerability report counts and URL blacklists. "We believe an analysis of anti-exploitation techniques is the most effective way to compare security between browser vendors," the report states. "This requires a greater depth of technical expertise than statistical analysis of CVEs, but it provides a more accurate window into the vulnerabilities of each browser."

A chart summarizing Accuvant's conclusions shows the vendor believes Google's sandboxing and plug-in security exceeds that of Internet Explorer, and that Google at least matches Firefox and IE in other types of security. In this chart, DEP refers to data execution prevention, GS is a compiler switch used to prevent buffer overflows, ASLR stands for Address Space Layout Randomization, and JIT stands for "just in time" compilation, which is used to improve runtime performance.



"The URL blacklisting services offered by all three browsers will stop fewer attacks than will go undetected," Accuvant states. "Both Google Chrome and Microsoft Internet Explorer implement state-of-the-art anti-exploitation technologies, but Mozilla Firefox lags behind without JIT hardening. While both Google Chrome and Microsoft Internet Explorer implement the same set of anti-exploitation technologies, Google Chrome’s plug-in security and sandboxing architectures are implemented in a more thorough and comprehensive manner. Therefore, we believe Google Chrome is the browser that is most secured against attack."

Microsoft might point to a report from NSS Labs, which has found that Internet Explorer far exceeds its rivals in blocking malware. However, some of NSS Labs' research has been funded by Microsoft.

The Accuvant report says Chrome's sandboxing "uses a medium integrity broker process that manages the UI, creates low integrity processes and further restricts capabilities by using a limited token for a more comprehensive sandbox than the standard Windows low integrity mechanism... The extensive use of sandboxing limits both the available attack surface and potential severity of exploitation."

Internet Explorer, by contrast, has processes that allow compromised tabs some ability to infect other tabs, Accuvant says. "In the event of a crash, the tab [in Internet Explorer] is automatically reloaded the first time, allowing malicious content multiple attempts to succeed, or have an unsuccessful exploit attempt go unnoticed," Accuvant claims. "A tab compromised by an exploit would have read access to the file system and any low integrity process, including other browser tabs. The compromised process would need a method of privilege escalation from low integrity to persist beyond the browser session."

With Firefox, Accuvant states, simply, that it has no sandboxing and "A compromised browser or plug-in process would not require privilege escalation to persist beyond the browser process."

Google has long touted the robustness of its sandboxing, although security researchers claimed to have subverted Chrome's sandbox earlier this year. Microsoft touts its own security and privacy features, as does Mozilla. The Register notes some anecdotal evidence supports the claim that Chrome is most secure, including the fact that "Chrome has emerged unscathed during the annual Pwn2Own hacker contest for three years in a row, something no other browser entered has done." Ultimately, the question of which browser is safest is still up for debate. What do you think?