Researcher: DDoS attacks on U.S. sites were from the UK

There was at least the main server. It controls eight command-and-control server of botnets. According to estimates by the researchers. there were 167,000 computers from 74 countries participated in the attacks. Researchers at the Vietnamese security company BKIS have the origin of the beginning of the month out DDoS attacks against Web sites in South Korea and the USA. According to you, the server, which has coordinated the attacks in Britain. FTC.gov was experiencing "technical issues" on Monday and Tuesday that prevented many people from reaching the site, spokesman Peter Kaplan said. Other sites, including FAA.gov, Treas.gov and DOT.gov also experienced outages. The DOT has been experiencing network incidents since this past weekend.

The researchers described, as a main server computer have received eight command-and-control server of botnets controlled, since the first weekend in July. The websites of government authorities and companies had paralyzed BKIS writes in a blog entry. They managed to regain control of two of the server to take over. The researchers estimate that 167,000 computers infected with malicious software from PCs in 74 countries participated in the attacks. According to the botnet expert Joe Stewart from security company Secure Works, the estimate of BKIS is very high. Originally from a botnet expert with about 50,000 infected computers is assumed. The attacks were from the American Independence Day on 4 July around dozens of websites of government agencies in the United States and South Korea addressed. They also often led to temporary outages. The targets included the websites of the U.S. Trade FTC authority, the Homeland Security Department and the Interior and the Ministry of Foreign Affairs.

Microsoft warns of zero-day vulnerability in Office Web Components

There is an error in a spreadsheet of ActiveX control from OWC 10 and 11. An attacker can be manipulated via a website infiltrate malicious code and execute it. This affects Office XP, 2003 and 2007 and ISA Server 2004 and 2006. Microsoft has warned a zero-day vulnerability in Office Web Components (OWC). Microsoft issued an advisory Monday, warning of a new vulnerability in Office Web Components being actively targeted by attackers. It consists in the Spreadsheet ActiveX control from OWC 10 a.m. to 11 p.m. and allows an attacker, through a rigged website and malicious code with the privileges of the logged on user.

The vulnerability affects Microsoft Office XP Service Pack 3, Microsoft Office 2003 Service Pack 3, Microsoft Office XP Web Components Service Pack 3, Microsoft Office Web Components 2003 Service Pack 3, Microsoft Office 2003 Web Components for the 2007 Microsoft Office system Service Pack 1, Microsoft Internet Security and Acceleration Server 2004 Standard and Enterprise Edition Service Pack 3, Microsoft Internet Security and Acceleration Server 2006, Internet Security and Acceleration Server 2006 Supportability Update, Microsoft Internet Security and Acceleration Server 2006 Service Pack 1, Microsoft Office Small Business Accounting 2006. According to Microsoft Office Web Components are only available as an option along with Office 2007 installed. Moreover, the vulnerability does not have Outlook or Outlook Express to exploit, as both applications, HTML e-mails are only opened in a restricted security zone. As a workaround, Microsoft recommends that the ActiveX control to disable it. The vulnerability is a small scale already exploited. A patch is in the works.

Oracle: expansion through middleware

Oracle 11g has in addition to its databases and business intelligence now Oracle has a more important pillars of corporate IT with the launch of Fusion Middleware. This will be his power position. The new enemy is quite clear IBM. Oracle provides with its product range "Fusion Middleware" as a market leader. This emphasized the two manager Alex Andrianopoulos Aisi and John at a customer event in Munich. How is the market leader really is ordered, will continue in the coming months, the numbers of researchers have found, but tend to just Americans, especially Larry Ellison, to appearances with pithy words and a lot of show.

Fact seems to be that Oracle has succeeded in large part from fragments of a powerful integration platform to build, which is now under the name "Oracle Fusion middleware" market. The 11g version is now presented, this integration being complete. Fusion Middleware was originally developed as a response to SAPs Netweaver platform on the market. Thus, the IT customers in the four main middleware products available - two more machine-like, two closer to the applications.

The first was IBM's Websphere and BEA Systems Weblogic, Netweaver, and the latter fusion. The Oracle product was comparatively puny, the database giant stood in the middleware under pressure to catch up. Through the acquisition of BEA Systems in January 2008, Oracle is able to become a major player in the middleware sector, you have now but two of four key offerings under the Oracle umbrella. Within six months after completion of the acquisition were all versions of Oracle BEA products in the market. With Oracle Fusion Middleware 11g is the integration of BEA and Oracle products was completed, it was in Munich. The competitor in this field is IBM. So, This will be interesting battle between two giants.

A security hole affects Internet Explorer 6 and 7 on Windows XP

A vulnerability in the ActiveX control of Windows video was used to trap hundreds of sites in China. While waiting to find a patch, Microsoft recommends to disable this component in Internet Explorer. McAfee reports on his blog that hundreds of Chinese sites are infected by a Trojan horse that exploits a security hole in Windows XP. It is a vulnerability that Microsoft is in Streaming Video, an ActiveX control that is part of DirectShow. Security experts say criminals have been attacking the vulnerability for nearly a week. Thousands of sites have been hacked to serve up malicious software that exploits the vulnerability. People are drawn to these sites by clicking a link in spam email.

The vulnerability is exploited via Internet Explorer 6 and 7 on Windows XP and Windows Server 2003, and may allow a hacker to take control of a PC remotely. Vista and Internet Explorer 8 would be spared. Microsoft Corp. has taken the rare step of warning about a serious computer security vulnerability it hasn't fixed yet. The vulnerability disclosed Monday affects Internet Explorer users whose computers run the Windows XP or Windows Server 2003 operating software. Microsoft released a security bulletin confirming the existence of the fault but does not mention the attacks revealed by McAfee and does not specify which version of Internet Explorer is concerned. Pending the publication of the patch, the U.S. publisher advises users working under Windows XP and Windows Server 2003 to disable the ActiveX control in Internet Explorer.

YouTube is now hosting videos upto 2 GB

To encourage sharing of better quality videos, including high definition (HD), YouTube now allows the online file of 2 GB, against 1 GB before. To enhance its HD (high definition), YouTube, owned by Google, has decided to increase the size of video files can be uploaded onto its platform. Videos can now reach the 2 GB, which is double what was allowed so far. However, if the size of videos increases, the other characteristic of the files remains unchanged: 10 minutes for no more than a video. It is therefore a better quality of content that is sought by Google.

Google also announced another of its service, Gmail, its message of increased capacity. It’s an interesting move as recently (September 2008) the upload limit was restricted at just 100MB and then bumped up to 1GB and now even more. The total number of attachments sent by Gmail from 20 MB to 25 MB Still the user to ensure that the email recipient has a mail accepting the receipt of messages of 25 Mo. The limit is typically 10 MB (20 MB for the versions of Yahoo and Hotmail).

P-Box: Microsoft and Prodware unite around a SaaS solution for SMEs

P-Box will be available in September, the P-Box is a coproduction of the two companies that will offer professionals a turnkey Cloud include services and software for a monthly subscription fee. Microsoft and Prodware will propose at the beginning of the offer seamless and simple to encourage SMEs to take the step of Cloud computing.

This is the P-Box, an Internet security package which includes a series of ERP software, CRM as well as Office and Exchange. The P-Box is available in monthly rental from 990 euros for 5 user accounts. Offer 4 target sectors in priority (industry, commerce, services and construction) with a setting for each specific. Cloud computing is a general term for anything that involves delivering hosted services over the Internet. These services are broadly divided into three categories: Infrastructure-as-a-Service (IaaS), Platform-as-a-Service (PaaS) and Software-as-a-Service (SaaS). A cloud can be private or public. A public cloud sells services to anyone on the Internet. Prodware, who will be responsible for the marketing of the P-Box to its lean and hosting services as well as a backup antivirus and e-fax. It also included in the price of services for installation, training, maintenance and updating of the P-Box. Microsoft and Prodware have hit some 2 000 companies and 15 000 users.

Microsoft tackles security scams pop-up

Many computers are facing the scams pop-ups issues. They have complained against several companies selling fake security software from PC. It is generally comes up with many fake alerts, messages and pop-ups. Their scam to convince their victims that their computer is compromised by showing on their screen a warning message. Who has ever seen on the screen shows a pop-up that prevents a serious problem in the Windows system software and offers a so-called miracle
to repair the fault, against a few tens of euros.

Microsoft have filed a complaint against several U.S. companies guilty of such fraudulent offers, and other criminals still anonymous. This pop-up uses a function called Windows Messenger (nothing to do with instant messaging from Microsoft), which is supposed to allow administrators to send messages to PCs connected to the same network. Under the pretext of having discovered a flaw, it proposes a complete verification of the system, then a software, capable of securing the
computer again.

There are many free fake antiviruses programs like Registry Cleaner XP Scan & Repair, Antivirus 2009, Malware Core, or WinDefenderXPDefender.com WinSpywareProtect. Of course, their actions are void. "This is a real scam consumers," said Rob McKenna, Attorney General of Washington State. "Users have to pretend to make a scan of their computer and forced to pay for software they do not need." Fake antiviruses programs pop-ups generates following warning messages :--
1. Your computer is infected by viruses attacks and scan your computer using this software.
2. Activate this security software now to sure that maximal protection is applied.
3. Critical System Error.
4. Your computer is infected.
5. Hijacked homepage to swp2009.com, spyprotect2009.com, sp-protect2009.com or obscure web page.
6. Flashing icons appear on your system tray (near of your system clock).

Alert messages could appear quite repeated, some IP addresses receiving more than 200 pop-up per day, explain the complaints. According to the American Computer Spyware Act, enacted in 2005, suspects are up 2 000 dollars in fines per offense, plus damages. In addition, individuals who feel aggrieved are invited to bring a complaint on their side, "said Microsoft.