As many as five million Web sites hosted by Network Solutions have been serving up malware, probably for several months, a security expert said today.

“This is one of the biggest infections for drive-by download attacks that I’ve seen,” said Wayne Huang, co-founder and CTO of Santa Clara, Calif.-based Armorize Technologies, a Web application security company.

Network Solutions disputed Huang’s estimate of between 500,000 and 5 million infected sites, but was unable to provide its own count. Huang said his firm’s researchers initially tracked the infection to a widget installed by Network Solutions on its GrowSmartBusiness.com site, then later discovered that the same widget was installed by default on all “parked” domains hosted by the Herndon, Va. hosting giant.

Full Story: Network World

The department urged people receiving a suspicious looking email to visit the HMRC web site to check whether it is a scam, and said that people should not “click on web sites or links contained in suspicious emails, or open attachments”.

The scale and sophistication of the scams means that even savvy internet users could be fooled, and highlights once again the lengths hackers will go to obtain information, according to Alan Bentley, senior vice president of international sales at security firm Lumension.

Full Story: v3.co.uk

BEIJING, CHINA – Although cyber attacks have been frequently reported across the mainland, China is not home to a vast web of malicious hackers, as many attacks here originate from countries overseas, according to analysts.

“It is very complicated to locate an original attack”, said a participant at the 9th Xcon conference, an annual gathering of senior cyber security analysts in Beijing.

Internet security threats are on the rise and public awareness of hacking has increased.

In 2009, for example, 75 percent of global companies experienced severe cyber attacks totaling individual losses of at least $2 million, according to Symantec’s 2010 report.

Complicating matters for the Chinese government, there have been fervent claims by websites and search engines worldwide – from Google to Optus to the official website of the Republic of Korea – that they have been victimized by Chinese attackers.

Full Story: Asia One

One visit to a booby-trapped website could direct attackers to a person’s home, a security expert has shown.

The attack, thought up by hacker Samy Kamkar, exploits shortcomings in many routers to find out a key identification number.

It uses this number and widely available net tools to find out where a router is located.

Demonstrating the attack, Mr Kamkar located one router to within nine metres of its real world position.

‘Creepy’ attack

Many people go online via a router and typically only the computer directly connected to the device can interrogate it for ID information.

However, Mr Kamkar found a way to booby-trap a webpage via a browser so the request for the ID information looks like it is coming from the PC on which that page is being viewed.

He then coupled the ID information, known as a MAC address, with a geo-location feature of the Firefox web browser. This interrogates a Google database created when its cars were carrying out surveys for its Street View service.

Full Story: BBC News

Apple released an update to its Safari web browser Wednesday.

Safari 5.0.1 is available from Apple as a free download for Windows and for Mac OS X (Leopard or better). Mac users can also find it in Software Update.

This is an incremental upgrade, but it comes with one big new feature: Safari now has a real platform for third-party extensions, a feature that Firefox and Chrome have had for some time.

Safari 5 arrived in early June, and in addition to dozens of other enhancements (including the much-discussed Reader feature) it included a new architecture for creating lightweight browser extensions that enhance and personalize web pages and web services. Wednesday’s update now lets you install and run those extensions. Apple has also launched a new Extensions Gallery where you can browse the available extensions and download them.

Full Story: Wired

If you run a website and you care about getting your site listed in relevant search results, then you may want to check out the brand new Bing Webmaster Tools.

When Microsoft first launched Bing, they started inviting feedback from web site administrators and SEO specialists about what they thought of Bing’s initial Webmaster Tools. Microsoft reports that users consistently asked for more transparency regarding how Bing is indexing sites, more control over a site’s content in the Bing index itself, and to have access to more information and analytics that they could use to optimize their sites.

With this feedback in mind, Microsoft started working on a new version of the Webmaster Tools (written completely from scratch) that would accommodate the features the Web administrators had asked for. The new version of the Webmaster Tools breaks down into three areas: crawl, index, and traffic.

New controls allow you to customize how your site is crawled and indexed, submit specific URLs to be explicitly indexed or blocked in the search results, and view detailed information about how Bing has indexed your site (down to an individual page level of granularity). If you’re really interested in the long term analytics data (on crawling, indexing, and site traffic) that is collected by Bing, six months of the data is viewable in Silverlight driven rich charts.

Full Story: Download Squad

Now two researchers hope to revive Google hacking in that original sense, and take it one step further. Rob Ragan and Francis Brown, two researchers at security consulting firm Stach & Liu, plan to debut a new set of tools at the Black Hat conference next week aimed at converting Google and Bing into a sort of automated early warning system for Web hacks around the globe.

Full Story: Forbes.com

The number of Israelis whose personal information was stolen by Turkish Internet hackers has risen to at least 100,000, Haaretz newspaper reported Sunday.

Erez Wolf, an Israeli blogger who operates We-CMS website, reported Friday that tens of thousands of e-mail addresses, passwords and personal details of Israeli web surfers are in the hands of Turkish hackers.

In a Turkish hackers online forum, Wolf found a document containing the e-mail addresses and passwords of more than 30,000 Israeli web users. On Sunday, Haaretz said TheMarker.com website has learned another file circulating on the internet contains the e-mail addresses of an additional 70,000 Israeli web users.

Full Story: Toronto Sun

I was exploring some cool, funny and interesting pictures on the web, when I stumbled on this “500 worst password” image on Flickr. After reading the list of passwords It made me think because although this is hilarious it is also a serious matter. Some  internet users today usually use some of the passwords that are listed on the image. Using unsafe passwords will make your account vulnerable for any attacks. I posted an article a year ago on how you can make a good password.

Full Story: PC Tech Notes

To economists, the long lines were a real-life example of the market requirement that payment be made one way or another — in money or in time. (In this country, the long lines would be for an Apple gadget, which is neither cheap nor scarce. But explaining that mystery is for another time.)

Paying with time rather than money seems just as common on the Web. I jump through a number of hoops nearly every day to find my favorite television shows online, having cut my cable and TiVo DVR service to save about $110 a month. So to avoid paying about $3.60 a day, I instead spend 5 to 10 minutes searching for shows on Hulu.com or Clicker.com.

Full Story: NY Times

According to Daum Communications, the country’s leading Internet software provider, the use of the mobile Web rises during the lunch hours and surges in the evening from 7 p.m. when workers usually leave their office. The portion of internet users going online using their cell phone reached 28.5 percent of the total web traffic between 7 p.m. and 12 a.m. The usage rate of the mobile Web reaches its peak at 9 p.m.

Koreans increasingly access the Web via handsets, spurred by the launch of Apple’s iPhone and a slew of other smartphones. The country’s mobile carriers are also scurrying to increase the number of free Wi-Fi zones and to introduce competitive data plans in an effort to boost wireless Internet usage.

Full Story: AsiaOne

Chi and his colleagues have set up a series of websites and blogs questioning government policy in the past year, only to see them attacked and blocked.

Observers blame the communist state, which they say has adopted a more aggressive stance towards politically sensitive Internet sites. “It seems that the government is definitely starting to follow the China model,” said a foreign diplomat who asked for anonymity.

Full Story: The Inquirer

The web sites of more than a whopping 200 Australian organisations were hijacked and vandalised in a spate of hacks last week.

In the largest single attack, a hacker gained administrative access to the Direct Admin server management system used by a hosting provider, who Computerworld Australia will not name, and suspended 159 accounts rendering their web sites inaccessible to the public.

The suspension notification page was then defaced with the hackers’ moniker and religious propaganda. The hack was launched through a flaw created after an automatic patch of the admin system failed to complete.

Full Story: Computer World (Australia)