Microsoft adds RAW photo file support to Windows

Microsoft announced the release of a Camera Codec pack for Windows that offers support for the RAW file format from within Windows Explorer as well as Windows Live Photo Gallery 2011. The Codec Pack has support for more than 120 RAW file formats from brands such as Canon, Nikon, Sony, Olympus, Pentax, Leica, Minolta, Panasonic, and Espon. The Codec Pack will allow you to generate thumbnail images from RAW files, once it is installed.

Until now, Windows Explorer did not have native support for RAW images and could not generate thumbnail images.

"Dealing with raw images on Windows hasn't always been easy," stated Group Program Manager for Windows Live, Brad Weed. RAW files are simply digital negatives that allow for much more data than a JPG and offers greater control over what the final image will look like.

Photographers will no longer have to rely on a third-party software such as Adobe Bridge to preview RAW images. The Codec Pack is free and is available for 32bit and 64bit versions of Windows Vista and Windows 7.

Download Link: Microsoft Camera Codec Pack (16.0.0652.0621)

Windows 8: The death of malware? The death of anti-malware?

BetaNews: There is a lot of buzz about a recent set of tests by NSS Labs that show the Smartscreen reputation system in Internet Explorer 9 head and shoulders and most of the rest of the body above the competition in blocking malware on the web.

I think the results of the test are even more important than they seem, considering previous reports that Microsoft plans to make Smartscreen a base part of Windows 8. This would extend parts of the protection to any executable hitting the file system. This would be big news.

Smartscreen in IE9 has 2 components: A URL reputation system and a file reputation system. The URL reputation system is similar in concept to the Google Safe Browsing API, used by Chrome, Firefox and Safari, but vastly superior in results. It picked up 92 percent of malware-serving sites. Safe Browsing never reached 30 percent in the tests and generally settled much lower.

For the 8 percent of sites that Smartscreen doesn't block, there's backup protection. Smartscreen tracks downloaded files (presumably by some hash like SHA-1) and a reputation for them. If the file is known to be good, it goes through. If it's known to be bad, it's blocked. If the system doesn't recognize it, the file throws up a warning:

This warning could be a bit clearer at the cost of brevity, but I think it's worth it: "Microsoft has not yet encountered this file. If you know this file is new and unusual and know that it is safe, you may proceed. If it doesn't make sense that Microsoft has not yet seen this file, you may wish not to execute it in the interests of your own safety." I hope Microsoft submits such files to VirusTotal or some such service in order to share them with the rest of the AV community.

So back to Windows 8: At least some betas have included indications that this version of Windows will apply Smartscreen to any file, or at least any executable, that hits the file system. This would address one misplaced criticism in Smartscreen in IE9, that it only protects against the web vector. Of course, the web is how the vast majority of malware is distributed these days, but fix that route and attackers will move elsewhere, so Microsoft has to think ahead.

I've argued that Microsoft should open up Smartscreen to other apps the way Google opened up the Safe Browsing API; Firefox was using it long before there was a Google Chrome. But putting the system into Windows itself may make that less advantageous.

Another thing that Smartscreen doesn't do is protect against application vulnerabilities. If a site is not blocked and it exploits some browser vulnerability, Smartscreen doesn't block it. Of course if you're Microsoft you should patch the browser, and there are plenty of other defense-in-depth techniques, like ASLR and DEP, to limit the damage of vulnerabilities. I'd argue that Smartscreen plus timely patching is really good protection, even without an AV product.

We're always hearing about the coming obsolescence of antivirus software. Could this be it? A Win8 Smartscreen as I see it doesn't cover everything an anti-malware product should. For instance, if you're offline and copy a file in via a USB drive would you be at all protected? I don't know. It's getting there though.

AnonPlus, Anonymous's social network, is hacked

My Personal Opinion: I doubt if that site is really their official website or not

Sophos Labs: Within days of the hacktivist group Anonymous announcing it was setting up its own social network (after being unceremoniously booted off Google+), its plans have taken a somewhat humiliating turn.

AnonPlus, Anonymous's planned social network, has been defaced by rival hackers.

A group of hackers apparently based in Turkey replaced AnonPlus's main webpage with an image of a dog wearing a suit, mocking the more normal Anonymous logo, and messages in Turkish and English:

We Are TURKIYE We Are AKINCILAR
This logo suits you more..How dare you rise against to the World..Do you really think that you are Ottoman Empire?
We thought you before that you cannot challenge with the world and we teach you cannot be social
Now all of you go to your doghouse..

You would expect active members of the Anonymous collective to know a thing or two about elementary computer security, but clearly their site had vulnerabilities or someone was sloppy in their choice of password if rivals were able to break in and change the content.

I think the message we can take from this defacement is that not every computer enthusiast in Turkey is a fan of Anonymous.

In June, in an attack dubbed "Operation Turkey", Anonymous supporters brought down Turkish government websites in protest against controversial plans by the country's authorities to introduce internet filtering.

Turkish police responded a week later by detaining 32 people in connection with the internet attacks in locations up and down the country.

It's very easy to imagine that those involved in hacking and cybercrime all have the same objectives, and form a united front. However, the truth is that there's back-stabbing, disagreements, fall-outs and (as we appear to see in this case) sometimes these can result in hackers taking pot-shots at eachother.

One thing's clear. This is not a great advertisement for AnonPlus's future security, and anyone thinking of joining Anonymous social networking initatives in future might be wise to think twice.

Anonymous hacks NATO servers

Anonymous claims to have stolen around a gigabyte of classified NATO data

The H-Online Security wrote: In a post on Twitter, the Anonymous hacker group said that it has managed to steal a number of secret documents from one of NATO's servers. As proof, Anonymous published two PDF documents from 2007 and 2008 that are allegedly from NATO. The classification "NATO Restricted" suggests that the documents are intended only for circulation within the organisation – if they are genuine. The hacktivists say they copied a gigabyte of data in total, but added that it would be "irresponsible" to publish most of the material.

Another published document is from 2002 and is entitled "Security within the North Atlantic Treaty Organisation (NATO)"; it is apparently not classified. "Seems nobody ever read them," said Anonymous in its tweet. A simple SQL injection was apparently all it took to break into the server. Anonymous says that it will be putting more "interesting data" online over the next few days.

NATO has yet to confirm the authenticity of the documents; however its security experts immediately began looking into the case, as a NATO spokesperson told the German press agency dpa. "The publication of classified documents is condemnable as it potentially compromises the safety of NATO allies, our armed forces, and citizens," said the spokesperson.

Meanwhile, the hacktivists have reacted to the arrest of 21 suspected members of Anonymous in the US, the UK and the Netherlands. Along with their allies at LulzSec, they published a reply to a statement made by Steven Chabinsky, deputy assistant director of the FBI's Cyber Division. The two hacker groups write that "while we understand that you and your colleagues may find breaking into websites unacceptable, let us tell you what WE find unacceptable: Governments lying to their citizens and inducing fear and terror to keep them in control by dismantling their freedom piece by piece." The hacktivists say these governments and the corporations that work with them are their enemy, adding: "And we will continue to fight them, with all methods we have at our disposal."

Most of the suspects arrested on Tuesday are accused of having supported the Wikileaks whistle-blowing platform by conducting denial-of-service (DoS) attackson financial institutions including PayPal, MasterCard, and Visa.

Using data to protect people from malware

This is an article posted in Google Online Security Blog, it's about unusual traffics being sent from infected computers during search or web surfing, if you think this story applies to you too, try to clean your computers from malwares by following my manual here in my website: Malware Removal


(Cross-posted from the Official Google Blog)

The Internet brings remarkable benefits to society. Unfortunately, some people use it for harm and their own gain at the expense of others. We believe in the power of the web and information, and we work every day to detect potential abuse of our services and ward off attacks.

As we work to protect our users and their information, we sometimes discover unusual patterns of activity. Recently, we found some unusual search traffic while performing routine maintenance on one of our data centers. After collaborating with security engineers at several companies that were sending this modified traffic, we determined that the computers exhibiting this behavior were infected with a particular strain of malicious software, or “malware.” As a result of this discovery, today some people will see a prominent notification at the top of their Google web search results:

This particular malware causes infected computers to send traffic to Google through a small number of intermediary servers called “proxies.” We hope that by taking steps to notify users whose traffic is coming through these proxies, we can help them update their antivirus software and remove the infections.

We hope to use the knowledge we’ve gathered to assist as many people as possible. In case our notice doesn’t reach everyone directly, you can run a system scan on your computer yourself by following the steps in our Help Center article.