According to AP, the private photographs of celebrity Paris Hilton and Facebook chief executive Mark Zuckerberg have been exposed by a Vancouver, Canada computer technician namely Byron Ng. Ng was reported that he has started to look for the Facebook security weaknesses since last week and surely he found his way to access to some Facebook private photos that were supposedly be protected. It was a serious blow to Facebook as they just launched two new security features which include a “Friends of Friends” privacy option last week. It seemed like for some unscrupulous hackers, the tricks they’re manipulating could helped them in divulge personal information of all the Facebook users. That is sad, and identified as a predictor that Facebook is still not at its best to protect the valuable users’ data.

Though Facebook spokeswoman Brandee Barker said Facebook was patched the bug after the security alert within an hour, this is neither the first time nor the last time a Facebook photo flaw can be found on the Web. A blog called laatedaa has published a post on the issue of Facebook private photos code in January, on that blog, an user can simply follow the instructions and enter the Web address, she is allowed to access to somebody’s Facebook private photo albums. (Update: A most latest comment showed that the code doesn’t work anymore)

Nonetheless, that such security flaw happen is alarming. For Facebook users, they didn’t have much choice in preventing the revelation of data.

via [AP]

Baidu, the China search engine giant has launched its new security home page. With a new sub-domain, i.e. an.baidu.com, Baidu has demonstrated their commitment that they concerned about the Internet security that China people faced. Currently, user who use Internet Explorer (IE) and operating system which is Windows 2000 or XP, when visit this page will be prompted to install an security add-on provided by a Chinese Internet security software called KingSoft. No doubt, the main purpose of developing this page is to provide the Chinese users an Internet security software without charge. Though this security offering is generous, but on the business side, will provided the needed confidence and enhance Baidu attractiveness to the China people in the midst of competing with Google China (in terms of providing a safe surfing environment).

Other than the add-on provided by KingSoft, this home page offered a variety of tools to the China users. Users can find some tools that help them clean the trojan, hard disk recovery, fix browser to the previous good state, patch the security hole, and etc. As showed on the landing page, an one-click button is provided to the China users when they want to scan their computers online, which they believed a 100 mark represents a totally virus free environment. Also, Baidu has prepared a spam and virus information page, trying to keep them update on the latest spam and virus trend.

Apparently, this Baidu offering is competes primarily with another firewall program released by Yahoo! China.

Today Israeli news provider Globes online reported that PayPal has acquired an Israeli startup called FraudSciences for $169 million. Fraud Sciences has the emerging technologies that help users in detecting online frauds. In a press release to the public, they also announced that key personnel from FraudSciences, including Yossi Barak, Chief Operating Officer and founders Shvat Shaked and Saar Wilf, will join PayPal’s technology and fraud management teams. In the meantime, Gadi Maier, FraudSciences’ President and CEO, will provide strategic and operational support to PayPal during the integration period.

FraudSciences was founded in 2001 but in fact was officially launched to the market in 2006, previously raised $7 million in Series A and $11 million in round B financing from BRM Capital, Redpoint Ventures and other US and Israeli investors.

Both leading anti-virus and Internet security companies Trend Micro and Symantec have warned their users not to simply open their emails, especially those sent by people that they don’t know without a cautious manner. Symantec has prepared a succinct list of email headings and URLs that their users “must” beware of. Meanwhile, Trend Micro has also warned users not to click a link with the URL http://newyearwithlove.com/.

Their messages seemed simple enough, we should celebrate new year by cautiously open any greeting email or new year Website.

Happy new year to you all.

Adobe now faces the challenges of providing the patch in solving the security problem in its most popular programs. The failure of reassuring its users’ interests first has put the users that used Windows XP platform under a big security threat. According to the security advisory posted by Adobe, Adobe has admitted that a critical vulnerability can be found in versions 8.1 and earlier of Adobe Reader and Acrobat. This security flaw was first came courtesy of a security expert, Petko Petkov in a blog entry last month. Petkov said, “Adobe Acrobat/Reader PDF documents can be used to compromise your Windows box. Completely!!! Invisibly and unwillingly!!! All it takes is to open a PDF document or stumble across a page which embeds one.” In his February blog post, he also mentioned, “PDF is very interesting file format. It allows the PDF consumer to do almost everything they can think of and this is the reason why I find it quite insecure.”

Meanwhile, Adobe categorized the bug as a critical issue and recommended its users to apply the suggested workaround as stated in the security advisory. However, Adobe’s workaround requires their Windows XP users a flair of editing the Windows registry.

How to prevent attacks on the Web application? As stated in Google’s online security blog, Google is in the middle of developing a black box fuzzing tool called Lemon, a combination of scanning and an automated fuzzing tool, particularly to deal with the rising concerns of cross-site scripting (XSS). XSS normally occurs when a Web application accepts scripting commands from the client when an user click links that contain embedded malicious scripting commands.

Nevertheless, Google’s Lemon will work more than just a typical fuzz testing tool, it enumerates a Web application’s URLs and corresponding input parameters, and then iteratively supplies fault strings designed to expose XSS and other vulnerabilities to each input, and analyzes the resulting responses and ultimately, gets the bugs out of the Web app.

The other day I came across a new personal login service provided by Ping Identity that called SignOn. As stated in their landing page, this service allowed users to gain access to two hundred and three (203) openID enabled Websites, at the time of my writing. One of the strong features that SignOn offered to its users is the addition of Information Cards for strong authentication, according to Ping Identity’s press release. OpenID is a hot topic now, but it seem people and the technology firms are more concerned on how to make openID more secure.

Apparently, SignOn is the newest player that offered this secured personal login service, released in the market just last week. Since this type of services is relatively new in the market, SignOn definitely need to put in more “pull” efforts in establishing their service provider relationship with the end users.

I just came across a story that talked about Opera browser is going to replace Flash, a popular product of Adobe. Though the management of Opera did not mentioned much of this move, but I believe this is a real attempt that Opera is putting the onus with it. Surf on the web you will come across some web pages stated that Opera browser is being utterly the safest browser nowadays. I do not want to elaborate on it because todays’ topic is not on this issue. Basically, I do believe Opera’s move is to really make sure that their users will not encounter any more problems with the Flash plug-in. A vulnerability has been reported in Macromedia Flash Player included in Opera two years ago, yet an article reported the Flash problem found on Mac this year, and again, there’s comes on the heel of a story, Opera web browser running Adobe Flash Player unspecified vulnerability. I think it’s enough for Opera. Enough is enough, now they need to do something, but there’s never too late.

Nevertheless, it’s a bit of strange feelings to visit a site that teach users on how to block Flash on Opera while I poke around on the web just now.