The new release delivers the first in the industry “IP Centrex for VPS providers“. With this technology, Web Hosting companies can deliver IP PBX services to any size business, all within the Virtualized cPanel management system.

IP Centrex has traditionally been a system for carriers and SIP Trunk solution providers due to the complexity and telecom requirements for setup and delivery of services. “IP Centrex Services” has become a vital part of the evolution to move complex IT services out of the IT closet, to a “centralized” location in the Cloud. VPS hosting providers can now provide valuable services with IP Centrex, in a simple to manage and easy to understand package that runs right inside the Virtualized environment, not requiring any dedicated servers or disruption.

The cPanel Adapter is a totally open source project, managed, maintained, and developed by a community of VPS hosting providers around the globe. The project is hosted at the Google Code site and VPS Hosting companies are encouraged to join and contribute to advance the technology for their own requirements and customer demands.

Features for the IP Centrex system included in the 3.0 release include:

• Setup of phone extensions
• Creation and management of Queues i.e. “support department” or “sales team”
• Certified for SNOM IP Phones with HD Voice
• Encryption for secure calls
• IPv6 support
• Pronto! HTML5 Webmail with WebRTC support for HD Voice calls
• Secure Instant Messaging and Chat rooms
• Email and Calendar services with Encryption features including Certificate Authority
• Pronto! “Native” Mobile Clients available in the Apple App store and Android Store

You can read the original article, here.

This is according to the abstract of a briefing to be given at the upcoming Black Hat USA conference. The attack, dubbed “Mactans“, succeeded in compromising latest generation devices with the latest version of iOS. It led to a persistent infection with software of the attacker’s choice, invisible to the phone’s user thanks to built-in concealment techniques used to hide some of Apple’s own apps.

The researchers, from the Georgia Institute of Technology, say they built their malicious charger in minimal time with little budget, using a credit card-sized BeagleBoard-embedded computer. I’ve always been a little worried when I’ve seen those free charging stations at airports, shopping malls and other public places. OK, so sometimes you just have to get at some power, but the whole idea of plugging my phone into something I have so little reason to trust just seems a little dirty, not to mention unsafe. Now, assuming this is more than the usual pre-conference hype, those fears look more than justified.

Worse, the small scale of this particular device means you wouldn’t even need a big pedestal-sized charging station. While not quite small enough to disguise as a normal Apple USB power converter as it stands, there are still ample opportunities to trick people into trusting a reasonably compact charging device.

With a little more effort and investment, it should be trivial to build a trojanized charger that is almost identical to standard kit. Then we’d really be in trouble. Imagine an eBay shop selling super cheap USB plugs, which could happily take over your phone and make it call premium-rate numbers or harvest passwords from your email or even bank accounts. Not such a bargain all of a sudden. It might be a good time to buy up all the USB chargers you’re going to need – I suspect prices for proven trustworthy hardware might well be going up fairly shortly.

You can read the original article, here.

As it is, Whitten explains, Facebook gives users the option of linking their mobile numbers with their accounts. Users then can receive updates via SMS and can also login using their phone number rather than their email address. Whitten found that when sending the letter F to Facebook’s SMS shortcode – which is 32665 in the UK – Facebook returned an 8-character verification code. After submitting the code into the activation box and fiddling with the profile_id form element, Facebook sent Whitten back a _user value that was different from the profile_id that Whitten modified.

Whitten says that trying the exploit might have led to having to reauthorize after submitting the request, but he could do that with his own password instead of trying to guess at his target’s password.

After that point, Facebook was sending an SMS confirmation. From there, Whitten said, an intruder could initiate a password reset request on his targeted user’s account and get the code back, again via SMS. After a reset code is sent via SMS, the account is hijacked, Whitten wrote: We enter this code into the form, choose a new password, and we’re done. The account is ours.

Facebook closed the security hole by no longer accepting the profile_id parameter from users. This could have been a valuable flaw were it to fall into the hands of attackers who might have used it to steal personal data or send out spam. As it is, one commenter on Whitten’s post who obviously didn’t understand the “it’s now fixed” part of the story made the bug’s value clear with his or her eagerness to figure out how to exploit it: ›khalil0777 • a day ago
someone explain me how to exploit it i am realyy need it i wait your helps friends :/
:/ oh well, ›khalil0777, looks like you’re too late for that party.
I’d say better luck next time, but perhaps instead I’ll save my good wishes for Mr. Whitten.
May he enjoy his $20,000.
It was well-earned, and it’s a bargain for Facebook even were the reward to be doubled, considering the grief that could have been caused by such an easy exploit.

Click here to see the original article.

The new line up consists of four rack-mount appliance models with larger internal disk capacities, faster processors, increased memory, and integrated solid state drives (SSDs) to shorten backup time and accelerate data recovery. The bundled WD Arkeia v10.1 software delivers new support for “seed and feed” technology to support hybrid cloud backups. This allows companies to move backups offsite via network replication rather than shipment of tapes.

The new fourth-generation appliances offer:

•    Increased Backup and Recovery Speed: New features include integrated LTO5 tape drives, processor upgrades to a maximum of 2 hex-core Intel Xeon, integrated SSDs on select models, and memory up to 96 GB to allow for increased data backup and recovery speeds of both files and disk images. WD Arkeia’s patented Progressive Deduplication™ technology accelerates backups by compressing data at source computers before transfer over local area networks (LANs) or wide area networks (WANs).
•    Higher Storage Capacity: Storage capacity doubles from the third generation, with raw capacity now ranging up to 48 TB, configured in RAID-6.
•    Improved Ease-of-Use: Version 10.1 of WD Arkeia software, delivered with the new generation, includes an on-boarding wizard to streamline the appliance setup process.
•    Storage Reliability: All new WD Arkeia appliances feature WD enterprise-class WD RE™ hard drives for maximum data integrity.
•    Simplified Tape-free, Offsite Storage: Version 10.1 of WD Arkeia software extends support for hybrid cloud backup capabilities to the full line of WD Arkeia appliances. “Seed and feed” capabilities allow administrators to supplement network replication of backup sets offsite by using USB-connected hard drives to transfer initial and large backup sets and also to size WAN bandwidth for the replication of nightly incremental backups.  

WD Arkeia fourth generation network backup appliances – models RA4300, RA4300T, RA5300, RA6300 – will be available in July 2013 through select DMR’s and WD-authorized value-added resellers (VARs) in the US, Canada, and Europe.  Manufacturer’s Suggested Retail Price, including hardware and software, begins at $9,990 USD.  WD Arkeia network backup appliances are covered by one year of unlimited access to technical support, one year of software updates, and a one-year limited hardware warranty.

Sophos received top marks in the latest report from AV-Comparatives, a leading international testing lab. The report, titled “Impact of Anti-Virus Software on System Performance,” evaluated twenty one of the world’s leading security products on a PC running under Windows 7.

The testing lab prepared a total of 545 infection scenarios, and Sophos’ antivirus offering tied for the highest score among the products reviewed. It also received an “Advanced +” award, based on the lab’s assessment of the overall results.

“We value the work of independent testing labs like AV-Comparatives, as they help vendors like Sophos to strengthen our offerings, while providing consumers and businesses great insight so that they can make better informed decisions,” said Mark Harris, vice president, engineering, Sophos. “This latest recognition validates the great work of our team, which is committed to developing complete security solutions to combat advanced threats.”

In related testing news, Virus Bulletin, another leading independent lab awarded Sophos with a VBSpam award for its comparative anti-spam testing. This marks the 20th time that Sophos has received this honor for its Sophos Email Appliance. Additionally, Sophos recently received a VB100 award for Sophos Endpoint Security and Control as part of Virus Bulletin’s comparative review on Windows XP Professional SP3.

Click here to see the original article.

There’s definitely an update coming next Tuesday, 18 June 2013, and you might as well get ready for it now if you haven’t already. The details of what will be fixed aren’t a matter of public record yet, so we can’t spell them out for you in detail. Nevertheless, Oracle has published a very brief pre-announcement to remind us of the importance of this month’s fixes. The good news is that lots of security vulnerabilities have been repaired – 40 in total, of which all but three are RCEs, or remote code execution holes.

That’s where untrusted content sent over the network might be able to trick Java into performing operations that really ought to be limited to already-installed, trusted code. In short, an RCE means that you could get infected by malware simply by looking around online, without explicitly downloading, authorising or even noticing the malware being installed.

There are two handy ways to reduce this RCE risk:

·    Apply Oracle’s patches as soon as practicable. You can turn on fully-automatic updating if you like.
·    Turn off Java in your browser, so that web-based Java applets can’t run at all.

Click here to see the original article.

The research evaluated thousands of website URLs of organizations that utilized the GlobalSign SSL Configuration Checker; many of these organizations were looking to assess the strength and quality of their SSL configurations. Statistics revealed that in the first quarter of 2013 over 6,000 sites used the tool to evaluate the effectiveness of their SSL, and 269 of those sites used the remediation guidance provided by GlobalSign to improve and, in some cases, strengthen the security of their sites within a matter of minutes.

Upon visiting GlobalSign’s SSL Configuration Checker, powered by Qualys SSL Labs, organizations enter their website addresses and instantly receive a letter grade for their configuration. The grading system has three steps. First, the site’s SSL certificate is examined to confirm that it is trusted and valid. If a server fails this step it is automatically given a zero. Next, the server configuration is tested in three categories:

1) protocol support,
2) key exchange support and
3) cipher support.

Finally, a score between 0 and 100 is assigned to the site. The grading scale is as follows:

• score ≥ 80 A
• 65 ≤ score ≤ 79 B
• 50 ≤ score ≤ 64 C
• 35 ≤ score ≤ 49 D
• 20 ≤ score ≤ 34 E
• score

The research revealed that 50 percent of 269 websites that used the GlobalSign SSL Configuration Checker strengthened the effectiveness of their SSL configuration grades in 30 minutes or less. Fifteen percent improved from a B, C, D or F to an A grade in less than two hours.
Notable statistics for the 269 improved websites:

• 172 organizations improved their grade to an A overall – 63%
• 13 organizations improved their F grade to an A, B, or C – 42%
• 95 organizations improved their B grade to an A – 35%

“The improvement in website security is certainly encouraging for us to see, but this is the absolute tip of a very big, fast-moving and dangerous iceberg,” said Ryan Hurst, chief technology officer of GlobalSign. “Administrators can use the SSL Configuration Checker to greatly improve and remediate the security of poorly configured sites, but it is the awareness of this free and easy tool that we are trying to drive. Both small and large organizations with websites must adopt best practices, but first they have to identify the strengths and weaknesses of their sites’ SSL configuration.”
Alexa 100 Sites Evaluated:

In addition to the findings derived from inbound SSL Configuration Checker use, GlobalSign evaluated the SSL effectiveness of the Alexa Top 100 websites. The research revealed the following:

• Over half (51%) of the websites received an A.
• Twenty-five percent received a B and 5 percent scored a C.

These grades are proof that while just over half of the world’s top sites, and the enterprises behind them, are providing effective security, there is ample room for improvement.

Overall SSL Configuration Checker Evaluation results of the Alexa Top 100:

Click here to see the original article.

a bogus message supposedly sent from Facebook Security.

According to Hoax-Slayer, the scam claims that Facebook is rolling out a new security feature to protect Page owners.

This supposed new security feature is dubbed the “Fan Page Verification Program”.

It does a nice job of flattering suck-up to entice victims into coughing up their Facebook login details, telling targets that they’ve had ever so many stolen Pages lately, and they simply can’t think of what to do about it except just, well, throw up their hands and Delete them all – yes, Delete those bad, bad Pages, with a capital “D”.

All the stolen Pages, that is, except yours, which, gosh, is so popular with its “High Quality Content”.

The message tells victims that they have to click a link and choose a 10-digit security code to complete the process.

Those who don’t comply will see their Page suspended permanently if the process isn’t completed by May 30, 2013, they go on to say.

Here’s an example of this scammy letter that Hoax Slayer posted on Friday: 

Dear Facebook User,

You are receiving this message to notify you about the new security feature from Facebook called “Fan Page Verification Program”.

After many Fan Pages have been stolen lately leaving us no choice but Deleting them forever, we had to come up with an original solution about the Fan Page’s Security.

Luckily, your Fan Page, has a lot of likes and provides High Quality Content, which qualify it for this program.
To complete this process you must choose a 10-digit number (it can be any number) and that number will be assigned as your Security code”. This code will be the new passphrase for changing anything important for your Fan Page, like the Admin roles or other important settings.

Please be aware that this process it’s open only until 30.05.2013 and it’s mandatory to complete it. If you don’t, your Fan Page will be suspended permanently since it is not considered safe for the wide audience.
Please visit the link below to complete the process:

[Malicius Link]

Facebook Security

Anybody who falls for it and clicks on the link will be whisked away to a spot where they’re told to submit Facebook login details and the so-called 10-digit “Transferring Code”.

Click here to see the original article.

information security to the status of the most crucial factor that should be taken into account in the adoption of new technologies in the IT environment. The conference aims to present IT professionals with the landscape of new threats and how those threats will be addressed effectively through the implementation of specific policies and the use of modern technology.

Click here to register for the Infocom Security 2013 event
Click here to navigate to Infocom Security 2013 Official Website

Στο διάγραμμα που δημοσιοποιήθηκε από ανεξάρτητη εταιρεία ερευνών, και περιλαμβάνει τους Δείκτες Υπόσχεσης και Εκπλήρωσης, μπορείτε να δείτε και να συγκρίνετε την αποτελεσματικότητα ορισμένων από τις σπουδαιότερες εταιρείες της βιομηχανίας των υπολογιστών στο marketing αλλά και στην εκτέλεση.

Ένας κατασκευαστής, που βρίσκεται στο πάνω δεξί τεταρτημόριο του διαγράμματος, έχει βαθμολογηθεί με υψηλή βαθμολογία τόσο στο τομέα της υπόσχεσης όσο και στο τομέα της εκπλήρωσης αυτής της υπόσχεσης. Με βάση τα ίδια κριτήρια, μία εταιρεία στο κάτω αριστερό τεταρτημόριο, δεν τα καταφέρνει ούτε στο επίπεδο της υπόσχεσης, ούτε στο επίπεδο εκτέλεσης.

O “Δείκτης Εταιρικής Υπόσχεσης” (Vendor Promise Index) σχεδιάστηκε κατά τέτοιο τρόπο ώστε να μετράει την αποτελεσματικότητα του marketing. Χρησιμοποιεί τέσσερα από τα δεκατέσσερα σημεία αξιολόγησης πελατών (Θέση ανταγωνιστικότητας, Τεχνολογική Καινοτομία, το Στρατηγικό Όραμα του management της εταιρείας καθώς και η Μάρκα/ Φήμη) που σχετίζονται με ιδέες και concepts που μεταφέρονται σε πιθανούς πελάτες σε παγκόσμιο επίπεδο πριν το πραγματικό προϊόν ή κάποια υπηρεσία παραδοθεί προς χρήση.

Ο “Δείκτης Εταιρικής Ικανοποίησης” (Vendor Fulfillment Index) σχεδιάστηκε ως μέτρο για την εκτελεστική αποτελεσματικότητα. Χρησιμοποιούνται και σε αυτή τη περίπτωση τέσσερα από τα δεκατέσσερα κριτήρια  βαθμολόγησης πελατών  (Απόδοση/ Τιμή, Ποιότητα προϊόντος, Παράδοση σύμφωνα με την Υπόσχεση και Ποιότητα τεχνικής υποστήριξης) τα οποία σχετίζονται με το φυσικό προϊόν και την υπηρεσία που έχει παραδοθεί και την εμπειρία που είχε ο πελάτης από τη χρήση του συγκεκριμένου προϊόντος ή της υπηρεσίας.

Το μέγεθος του κύκλου που βλέπετε στο διάγραμμα επίσης δείχνει τη σχετικότητα μεταξύ των βαθμολογιών που έλαβε κάποια εταιρεία. Οι γραμμές που τέμνονται δείχνουν το μέσο όρο βαθμολογίας που έλαβε κάθε εταιρεία, συμπεριλαμβανομένων και εταιρειών που δεν βρίσκονται στο διάγραμμα. Όπως μπορείτε να δείτε, η Sophos έχει αποσπάσει εξαιρετική βαθμολογία, τόσο στο τομέα του marketing, όσο και στο τομέα του να κάνει πραγματικότητα όλα όσα υπόσχεται για τους πελάτες της.

The authentication system, based on a new material for the home button and a metal sensor ring around it, has been the subject of numerous rumours and leaked photos and specs already. Speculation about Apple’s interest in fingerprints goes back at least as far as 2009, resurfaces each time a new version of the iPhone is launched, and has grown steadily ever since Apple’s pricey acquisiton of fingerprint tech firm AuthenTec last summer. Today’s confirmation at the iPhone 5s/5c launch ceremony makes it all official at last. According to Apple’s promotional material, the sensor:
“uses advanced capacative touch to take, in essence, a high-resolution image of your fingerprint from the sub-epidermal layers of your skin. It then intelligently analyses this information with a remarkable degree of detail and precision“.

As well as unlocking the phone, the sensor will be able to approve purchases at the Apple store. Fingerprint authentication has been a common sight in laptops for some time, with major vendors including Dell, Lenovo and Toshiba pushing their own built-in variations, usually available as an option alongside more traditional login methods. There are also a range of other implementations available, including many smartphone apps and external readers supported by the Windows Biometric Framework and some leading password managers.

Fingerprints thus probably rank a little above facial recognition as the most widely-deployed biometric authentication technique at the moment. In the past, however, they have proven rather unreliable, plagued with security worries, although suspected flaws are not always proven. Nevertheless, many fingerprint scanners seem to be open to spoofing. Fingerprints are not secret: we leave copies of them wherever we go, even if we’re trying hard not to, as cop show afficionados will be well aware. Once someone devious has got hold of a copy, purely visual sensors can be fooled by photographs, while more sophisticated techniques which measure textures, temperatures and even pulses are still open to cheating using flesh-like materials, or even gelatin snacks. Just how hard it will be to defeat Apple’s recognition system remains to be seen, but as crypto guru Bruce Schneier has pointed out, there’s a big danger in using fingerprints to access online services: the temptation to store the fingerprint info in a central database. Unlike passwords, of course, if your fingerprint data is lifted from a hacked database, you can’t simply change it, short of getting mediaeval on your hands with acid, sandpaper or some other hardened-gangster technique.

So, as expected, Apple has opted to keep all information local to the iPhone – indeed, it is apparently kept in a “secure enclave” on the new A7 chip and can only be accessed by the print sensor itself. Expect this storage area and the connections to it to become the subject of frenzied investigations by hackers of all persuasions. Of course, Apple is not alone in looking into fingerprints, with arch-rivals Samsung also rumoured to be making moves in that direction. (Samsung was a major customer of AuthenTec before it was acquired.) In the long term, how similar their approaches are may be a significant issue for all of us, whatever our smartphone affiliation and whether or not we worry much about privacy, and not just thanks to the inevitable legal rumpus. There are two basic approaches to security: either the way things work is kept proprietary and secret, as far as possible, or it’s made open for general consumption, and more importantly for verification. A cross-vertical group, the FIDO Alliance, was set up earlier this year to develop open specifications for biometric authentication standards, with members including Google, PayPal, hardware makers like Lenovo and LG, and a raft of biometrics and authentication specialists. Beleaguered phonemaker BlackBerry is the latest big-name inductee. The alliance’s aim, to create a universal approach to implementing biometrics in combination with existing passwords and two-factor dongles, is a noble goal. Sadly, given Apple’s history of playing well with others, it’s pretty likely that, as with their connector cables and DRM systems, their fingerprint setup will remain aloof from any attempts to build a truly universal consensus.

Even if a two-culture system prevails, widespread deployment in mass-market handhelds may well be a gamechanger for the adoption of biometric authentication. Touch ID and its inevitable followers could be a major part of all our futures.

You can read the original article, here.

Our poll offered readers the chance to vote for one of the six most popular web browsers – Chrome, Firefox, Internet Explorer, Opera, Safari and Chromium – and asked which you trusted the most. Mozilla’s Firefox, the linear descendant of both Netscape Navigator and the original ‘graphical web browser’ the NCSA Mosaic, was a runaway winner. Firefox accrued almost double the number of votes of its nearest rival, Google Chrome, and more than six times the votes awarded to perennial rival and fellow ‘browser wars’ veteran Internet Explorer.

The results are even more emphatic when you consider how many people actually use each browser. Below is a table that compares the number of votes each browser received in the poll against the number of unique article pageviews from each of those browsers over the same period.

Results are ranked in order of conversion rate – the rate at which page views by a given browser correlate with votes for that browser (Chrome and Chromium identify themselves in the same way and we can’t separate their unique page views so their results are combined in this table).

Top of the table is Opera which was the only browser that scored more votes for trustworthiness than it had users, although it did so with much smaller totals than its competitors. You could probably sum up the entire history of the Opera browser with the phrase “small but loyal following” and despite the regard in which its users hold it Opera seems destined to remain the perennial bridesmaid of the browser world. The poor showing of Internet Explorer is notable but perhaps not surprising given that it is often imposed on users as a matter of corporate policy. What stands out at me is the difference between the Mozilla and Google products. Both browsers are well established and well known open source projects, they both run on Windows, Mac and Linux and unlike Explorer or Safari neither come bundled with an operating system.

Perhaps Chrome users are more cynical or more realistic about where they place their trust. Or perhaps people who choose Chrome are also people who don’t vote in internet polls. We don’t know but I suspect, as the comments on our poll seem to suggest, that the reason for Chrome’s poor showing is that Google’s claim to Do No Evil is simply no longer convincing. The untrustworthiness of Google is a consistent theme across the most highly rated comments on the poll:

    “frankly I trust Google the least, as they have too many data points for comparison.

    I don’t trust Google as far as I could throw ’em. As a company, it’s entirely uninterested in my security or privacy, especially if it can make money by selling my personal information.

    Trusting any software completely is a bit foolish, but anyone who actively trusts Chrome is a good subject for psychological study.”

You get the idea. Of course this is only an online poll and and not a scientific experiment so my conclusions should be taken with a liberal pinch of salt.

You can read the original article, here.