Any issued cards are now unusable with databases set to be destroyed within days

The much criticised ID cards scheme is finally dead and buried after the government revealed on Friday that any cards issued can no longer be used to prove identity or travel within Europe.

A brief statement on the Home Office web site explained that the final nail in the coffin would come "within days" when the National Identity Register, the database designed to hold the card details, will be destroyed.

"Laying ID cards to rest demonstrates the government’s commitment to scale back the power of the state and restore civil liberties," said home office minister Damian Green.

"It is about the people having trust in the government to know when it is necessary and appropriate for the state to hold and use personal data, and it is about the government placing their trust in the common-sense and responsible attitude of the people."

However, despite the administration’s insistence that the scheme was an essential tool in the war on terror, it was much criticised by business and privacy groups, with then ICO Richard Thomas raising significant data protection concerns.

These were heightened when the massive HMRC data breach led to a spate of revelations about poor data handling practices among public sector bodies.

Author: Phil Muncaster

Tomorrow April 1, is D-Day for Conficker, as whatever nasty payload it’s packing is currently set to activate. What happens come midnight is a mystery: Will it turn the millions of infected computers into spam-sending zombie robots? Or will it start capturing everything you type — passwords, credit card numbers, etc. — and send that information back to its masters?

No one knows, but we’ll probably find out soon.

Or not. As Slate notes, Conficker is scheduled to go “live” on April 1, but whoever’s controlling it could choose not to wreak havoc but instead do absolutely nothing, waiting for a time when there’s less heat. They can do this because the way Conficker is designed is extremely clever: Rather than containing a list of specific, static instructions, Conficker reaches out to the web to receive updated marching orders via a huge list of websites it creates. Conficker.C — the latest bad boy — will start checking 50,000 different semi-randomly-generated sites a day looking for instructions, so there’s no way to shut down all of them. If just one of those sites goes live with legitimate instructions, Conficker keeps on trucking.

Conficker’s a nasty little worm that takes serious efforts to bypass your security defenses, but you aren’t without some tools in your arsenal to protect yourself.

Your first step should be the tools you already have: Windows Update, to make sure your computer is fully patched, and your current antivirus software, to make sure anything that slips through the cracks is caught.

But if Conficker’s already on your machine, it may bypass certain subsystems and updating Windows and your antivirus at this point may not work. If you are worried about anything being amiss — try booting into Safe Mode, which Conficker prevents, to check — you should run a specialized tool to get rid of Conficker.

Microsoft offers a web-based scanner (note that some users have reported it crashed their machines; I had no trouble with it), so you might try one of these downloadable options instead: Symantec’s Conficker (aka Downadup) tool, Trend Micro’s Cleanup Engine, or Malwarebytes. Conficker may prevent your machine from accessing any of these websites, so you may have to download these tools from a known non-infected computer if you need them. Follow the instructions given on each site to run them successfully. (Also note: None of these tools should harm your computer if you don’t have Conficker.)

As a final safety note, all users — whether they’re worried about an infection or know for sure they’re clean — are also wise to make a full data backup today.

What won’t work? Turning your PC off tonight and back on on April 2 will not protect you from the worm (sorry to the dozens of people who wrote me asking if this would do the trick). Changing the date on your PC will likely have no helpful effect, either. And yes, Macs are immune this time out.

Via Yahoo

Here are a news about trojan from Greasemonkey – a Firefox addon. It is identified by BitDefender.

BitDefender has identified this new bit of holiday cheer as Trojan.PWS.ChromeInject.A” (the ChromeInject suffix refers to the Chrome component of Firefox). The trojan installs itself into Firefox’s add-on directory, registers itself as Greasemonkey, and begins searching your hard drive for passwords, login details, your World of WarCraft account information, and your library card number.

Please note, this trojan is not actually the Greasemonkey add-on, and only identifies itself as such. Mozilla has confirmed that the official Greasemonkey release contained within Mozilla’s own extension repository (and available here) is malware-free. If you’re currently using Greasemonkey or are interested in doing so, there’s no reason to avoid the legitimate add-on at this time, so long as you download it from Mozilla’s page or an equally trusted source.

Source

Highly recommended: Update your antivirus because once installed, the trojan is capable of identifying over 100 web sites. When an infected user visits a site the trojan recognizes, the parasite comes to life and records the login/password details being transmitted. Presumably it then goes back to sleep, quietly keeping an eye on further system activity.

Malware writers have been forced to create new types of viruses and exploits more regularly as businesses and individuals improve security practices, the experts said.

Sophos chief technology officer Paul Ducklin said about 25 percent of unique malware has been created in the last six months of its 20 year history.

"About 85 to 90 percent of malware families have a fix created for them almost immediately," Ducklin said.

"Malware writers aren’t getting the same bang for buck as they used to because businesses and consumers have become much more diligent with security over the last five years.

"The number of infectious e-mail attachments getting through are down from about one in 40 [about five years ago] to one in 1000."

He said the decline in infections are due to better gateway filters, more relevant corporate policies and user education, and dilution from a rise in legitimate e-mail traffic.

While the security industry is on top of conventional spam and phishing attacks, more effort needs to be put into preventing and eliminating so-called drive-by-downloads, according to Ducklin.

The attacks allow hackers to redirect mass amounts of traffic by inserting malicious iframes into legitimate Web sites. The hacks are usually invisible to Web site visitors and do not often draw attention from security personnel because they only require a single line of code to be manipulated.

He said it is essential that the exploit is patched because hackers search for compromised sites for follow-up attacks.

F-Secure Asia Pacific vise president Jari Heinonen said it logs about 25,000 malware samples each day, the highest on record.

"The total number of viruses and Trojans will pass the one million mark by the end of 2008 if this trend continues," Heinonen said.

"While there are more viruses than ever before, people report seeing less of them [because] malware authors are changing their tactics.

"Drive-by downloads are the preferred way of spreading malware [because] they happen automatically by visiting a Web site, unless users have a fully patched operating system, browser and plug-ins."

Heinonen said malware will increasing target the kernel sector through rootkits such as Mebroot, which attacks the bootstrap sector.

A resurgent Mebroot was detected last month, some 15 years after the DOS-based malware was created.

By Darren Pauli, Computerworld Australia | Via PcWorld

This application is designed to assess the strength of password strings. The instantaneous visual feedback provides the user a means to improve the strength of their passwords, with a hard focus on breaking the typical bad habits of faulty password formulation. Since no official weighting system exists, we created our own formulas to assess the overall strength of a given password. Please note, that this application does not utilize the typical "days-to-crack" approach for strength determination. We have found that particular system to be severely lacking and unreliable for real-world scenarios. This application is neither perfect nor foolproof, and should only be utilized as a loose guide in determining methods for improving the password creation process.

Website | http://www.passwordmeter.com

Web site: http://www.ibypass.net

www.bugmenot.com

2. Google Cache

3. Be the Bot

http://www.avivadirectory.com/bethebot/

post by makeuseof.com