Wednesday, January 26, 2011

Google akan buka pejabat di Malaysia

Google Akan Buka Pejabat Di Malaysia

KUALA LUMPUR, 26 Jan (Bernama) -- Syarikat enjin carian, Google, akan meningkatkan pelaburan di Asia Tenggara tidak lama lagi untuk memberi perkhidmatan kepada para pengguna dan pengiklan bagi mengambil kesempatan daripada pertumbuhan luar biasa yang dijangka di kalangan pelbagai pengguna Internet.

Pengarah Urusan Asia Tenggara Google Julian Persaud berkata pelaburan itu akan termasuk membuka satu pejabat di Malaysia Rabu di mana bilangan pengguna Internet hari ini dicatatkan 17 juta.

Pembukaan pejabat Kuala Lumpur adalah sejajar dengan komitmen Google untuk menyediakan rakyat Malaysia dengan produk tempatan yang akan memudahkan kehidupan masing-masing.

Persaud juga menyatakan bahawa pertumbuhan tinggi dijangka dari pasaran wayarles berikutan perkembangan persekitaran online di Malaysia yang berkembang dengan pantas melalui perkembangan signifikan yang berlaku di dalam akses Internet jalur lebar dan aktiviti e-niaga.

"Kami gembira untuk menjalin operasi terbaharu kami di sini di mana kami boleh menarik bakat tempatan berkualiti tinggi bagi membantu pengguna kami mendapatkan maklumat yang mereka ingini dan membantu kejayaan perniagaan Malaysia," katanya kepada pemberita pada sidang media yang turut dihadiri Timbalan Menteri Perdagangan Antarabangsa dan Industri Datuk Mukhriz Mahathir di sini hari ini.

Google telah membuka pejabat di Singapura dan Korea Selatan pada 2007.

Tidak lama lagi, Persaud berkata pencari pekerjaan secara online di Malaysia akan berupaya membuat perayauan bagi melihat peluang pekerjaan dan kekosongan jawatan di dalam bidang jualan, pemasaran dan perhubungan awam melalui

Sambil menyambut baik pembukaan pejabat tempatan itu, Mukhriz berkata kehadiran tempatan Google adalah satu komitmen terhadap Malaysia dan membuktikan kesesuaiannya sebagai hab multimedia serantau.

"Kami berharap kemasukan Google akan menggalakkan lebih banyak perniagaan tempatan untuk menggunakan perkhidmatan secara online dan meraih pasaran antarabangsa," katanya.

Sementara itu, Pengurus Negara Malaysia Google Sajith Sivanandan berkata Malaysia adalah satu negara yang signifikan di segi ekonomi digitalnya dan penduduknya yang mahir perkara teknikal.

"Kami teruja mengenai rancangan melabur di Malaysia dan melalui penyelesaian carian dan paparan kami, kami berharap akan dapat membantu perniagaan kecil dan besar untuk berkembang. Kami juga berharap dapat menjangkau pasaran baharu dan menyumbang terhadap pertumbuhan ekonomi.

"Kami juga mempunyai sekumpulan pengguna tempatan yang khusus di Malaysia yang ingin kami kenali secara lebih rapat," kata Sivanandan yang sebelum ini mengetuai perniagaan pengiklanan online Google di Asia Tenggara.

Penembusan jalur lebar isi rumah di Malaysia kini dicatatkan 55.6 peratus, yang melepasi sasaran 50 peratus bagi tahun lepas.


Source & Credit :

Tuesday, January 18, 2011

Facebook tools to help data thieves

January 17, 2011
New feature that allows Facebook apps to collect user addresses and cell phone numbers could easily be used by scammers
Facebook tools help data thieves

Just when you thought the conflagration over Facebook privacy issues was winding down, Facebook has stoked the fire once again.

On Friday, the social networking company announced that it had modified its platform to make users' home addresses and phone numbers accessible to developers. Obviously, there are legitimate uses for this sort of access to user data, but the downside for users who are not careful -- very careful -- seem to far outweigh the benefits.

Security expert Graham Cluley took the company to task for even allowing the information to be put in the developers' domain. "The ability to access users' home addresses will also open up more opportunities for identity theft, combined with the other data that can already be extracted from Facebook users' profiles," Cluley, a security consultant at antivirus firm Sophos, wrote in a post on Sunday. "You have to ask yourself: Is Facebook putting the safety of its 500-plus million users as a top priority with this move?"

For workers who use Facebook as a business tool, rogue developers' access to their information could make pre-attack reconnaissance easier, as well as open employees up to more focused social engineering attacks.

In the attacks against Google and other large technology firms over a year ago, for example, it's likely that attackers chose targets by dredging data from social networks and corporate sites. The companies affected by those attacks had valuable intellectual property compromised by the attackers, who likely have connections to China.

Giving developers the ability to make previously private data accessible outside of the original context (most people only make their phone number and address available to friends) sets a dangerous precedent. Facebook is stating in unequivocal terms that users are responsible for their own privacy -- and the company seems unwilling to help them in any way.

The best action for users? In Facebook Privacy Settings, you can disallow app access to personal information. Or better yet -- as Cluley suggests -- you can simply delete any phone numbers or addresses from Facebook.

This article, "Facebook tools to help data thieves," was originally published at Get the first word on what the important tech news really means with the InfoWorld Tech Watch blog, and for the latest in business technology news, follow on Twitter.

Source and credit :

Facebook Shares a Little More of Your Dat

Apps built for Facebook can now access your phone number and home address.

Tom Simonite 01/17/2011

UPDATE 01/18/2011:

After the negative response Facebook have "temporarily" switched off the new feature, saying on their blog:

"Over the weekend, we got some useful feedback that we could make people more clearly aware of when they are granting access to this data. We agree, and we are making changes to help ensure you only share this information when you intend to do so."


"We are now making a user's address and mobile phone number accessible as part of the User Graph object."

That's how Facebook's blog for developers announced that from now on the apps you install to your Facebook profile will be able to access to your phone number and home address. It's a feature some predict will be misused by spammers. Editor of the site, Jackie Cohen, said:

"We really hope the social network devises a way to bar the rogues from using this set of code, and if that's not possible, then perhaps get rid of the entire thing before any damage could be done."

When you install an app that wants access to your phone number and address a prompt asks a user to verify they want this, but Cohen says most people will click "allow" without realising what they are agreeing to.

Graham Cluely, consultant at computer security firm Sophos, also posted about his concerns, spelling out one possible danger:

"You can imagine, for instance, that bad guys could set up a rogue app that collects mobile phone numbers and then uses that information for the purposes of SMS spamming or sells on the data to cold-calling companies."

He also said that sharing home addresses could aid identity theft, and suggested that Facebook vet app makers and decide which can be trusted with the new feature.

From Facebook's perspective, allowing apps to access phone numbers and addresses will make life easier for its users. For example, growing numbers of shopping sites like Amazon's are available as apps that allow you to shop from within Facebook. Being able to grab your phone number and home address could make the experience even more convenient.

For a long time Facebook has steadily encouraged its users to share more about themselves, for example with last month's profile page redesign. It's a trend that has been described on this site as edging Facebook towards becoming a driver license for the web, used to verify identity everywhere. However, sociology researcher Zeynep Tufekci at the University of Maryland yesterday tweeted some evidence that users are trying to move in the opposite direction. Her recent survey of 450 people found that four fifths had recently tightened the privacy controls on their account to make their information "less visible".

Coming soon: A new way to hack into your smartphone

By Robert McMillan

January 17, 2011 07:06 AM ET

IDG News Service - More than three years after the iPhone was first hacked, computer security experts think they've found a whole new way to break into mobile phones -- one that could become a big headache for Apple, or for smartphone makers using Google's Android software.

In a presentation set for next week's Black Hat conference in Washington D.C., University of Luxembourg research associate Ralf-Philipp Weinmann says he plans to demonstrate his new technique on an iPhone and an Android device, showing how they could be converted into clandestine spying systems. "I will demo how to use the auto-answer feature present in most phones to turn the telephone into a remote listening device," he said in an e-mail interview.

Weinmann says he can do this by breaking the phone's "baseband" processor, used to send and receive radio signals as the device communicates on its cellular network. He has found bugs in the way the firmware used in chips sold by Qualcomm and Infineon Technologies processes radio signals on the GSM (Global System for Mobile Communications) networks used by the majority of the world's wireless carriers.

This is a new area of research. Until recently, mobile phone attacks had focused on another part of the phone: the programs and operating systems that runs on the device's CPU. By tricking someone into visiting a malicious Web site, for example, hackers could take advantage of a Web browser bug on the phone and start messing around with the computer's memory.

With baseband hacking, security researchers are looking at a brand new way to get into this memory.

"[It's] like tipping over a rock that no one ever thought would be tipped over," said the Grugq -- a pseudonymous, but well-respected, wireless phone hacker, and one of a handful of people who have done research in this area. "There are a lot of bugs hidden there," he said, "It is just a matter of actively looking for them."

But hacking a smartphone with a baseband attack is very tricky, to say the least. The mobile phone's radio communicates with a cell phone tower. So in Weinmann's attack, he has to first set up a fake cell phone tower and then convince his target phone to connect to it. Only then can he deliver his malicious code. And even then, the malicious code he writes must run on the firmware that's used by obscure radio processors -- something that most hackers know nothing about.

"This is an extremely technical attack," said Don Bailey, a security consultant with Isec Partners. He says that while the work on baseband hacking is very exciting -- and ultimately a big deal for the mobile phone industry -- he doesn't expect any attacks that target the general public to emerge anytime soon.

But the research into this area is just starting to take off, fuelled by new open-source software called OpenBTS that allows virtually anyone to set up their own cellular network radio tower with about US$2,000 worth of computer hardware.

Five years ago device makers didn't have to worry about this type of hacking, because it used to cost tens of thousands of dollars to set up a cellular tower. But OpenBTS has changed all that. "Now it's a completely different game," Bailey said.

It's a risky game too. In the U.S., federal wiretapping laws make it illegal to intercept phone calls over the licensed frequencies used by mobile phones. In August, it took intense last-minute negotiations between lawyers from the Electronic Frontier Foundation and the U.S. Federal Communications Commission before security researcher Chris Paget could demonstrate a very simple tower spoofing technique at the Defcon hacking conference in Las Vegas.

Two months from now another hacker conference, Vancouver's CanSecWest, will invite hackers to break into mobile phones using a low power transmitter. If their baseband attacks work, they can win cash prices. Conference organizer Dragos Ruiu said that Canada's broadcast laws are "more lenient' for researchers who want to set up low-power towers for research purposes.

Still, it remains a touchy subject. "Last year we were worried about falling afoul of regulations," he said."Now we've figured out a nice safe way to do that so that we don't mess up anybody else's cell phones at the conference."

Ruiu expects some interesting results from the contest, called Pwn2Own. "It sounds like the radio parts of the phones are very shaky indeed and pretty vulnerable," he said.

Robert McMillan covers computer security and general technology breaking news for The IDG News Service. Follow Robert on Twitter at @bobmcmillan. Robert's e-mail address is

Source & credit :

Facebook backtracks on address and phone data sharing

Posted on 18 January 2011.
Bookmark and Share
It seems that enough people have objected to Facebook's announcement about the imminent change regarding permissions for for address and mobile number that the social network decided to put the plan on temporary hold.

Apparently, they acknowledged the fact that many people give permissions to applications without even looking at the details. It also seems like they learned a thing or to from the general outcry that welcomed their change of privacy settings last year.

"Over the weekend, we got some useful feedback that we could make people more clearly aware of when they are granting access to this data," wrote Douglas Purdy on Facebook's Developer Blog.

"We agree, and we are making changes to help ensure you only share this information when you intend to do so. We’ll be working to launch these updates as soon as possible, and will be temporarily disabling this feature until those changes are ready. We look forward to re-enabling this improved feature in the next few weeks."

Actually, I'm rather curious to see what they'll come up with.

Source and credit :

Microsoft releases Attack Surface Analyzer tool

Posted on 18 January 2011.
Bookmark and Share
Attack Surface Analyzer is the same tool used by Microsoft's internal product teams to catalogue changes made to the operating system by the installation of new software.

The tool takes snapshots of an organization's system and compares ("diffing") these to identify changes. The tool does not analyze a system based on signatures or known vulnerabilities; instead, it looks for classes of security weaknesses as applications are installed on the Windows operating system.

This allows:
  • Developers to view changes in the attack surface resulting from the introduction of their code on to the Windows platform
  • IT professionals to assess the aggregate Attack Surface change by the installation of an organization's line of business applications
  • IT security auditors evaluate the risk of a particular piece of software installed on the Windows platform during threat risk reviews
  • IT security incident responders to gain a better understanding of the state of a systems security during investigations (if a baseline scan was taken of the system during the deployment phase).
The tool supports Windows 7.

Collection of Attack Surface data: Windows 7, Windows Vista, Windows Server 2008 R1 or Windows Server 2008 R2.

Analysis of Attack Surface data and report generation: Windows 7 or Windows Server 2008 R2 with Microsoft .Net 3.5 SP1.

Source and credit :