Yahoo adjusts data retention time

In an attempt to bolster trust with its users, Yahoo has revamped its global data retention policy, promising to anonymise user log data within 90 days, half the period stipulated by the EU. The company added that the new policy will apply to page views, page clicks, ad views and ad clicks as well as search log data, but also said that there would be exceptions when forced to keep the information for fraud, security or legal reasons. Recently Microsoft announced that it would fall in line with EU regulation and reduce the retention time of search information to just six months, while Google still holds on to the data for nine months. According to Yahoo, the move follows a comprehensive review of its data practices across the globe working with privacy and data governance teams to examine the data needs for global products and services.

The company reckons the new limit will still allow it to provide the same level of service to users and advertisers while maintaining the ability to fight fraud, secure systems, and meet legal obligations. “This policy represents Yahoo’s assessment of the minimum amount of time we need to retain data in order to respond to the needs of our business while deepening our trusted relationship with users,” added Toth. However, there are a few provisos added to this new policy. In the case of potential fraud and system security issues, Yahoo will retain system specific data in identifiable form for no more than six months, and the search engine admits it may have to retain some data for longer periods to meet other legal obligations.

Source: Vnunet

Microsoft releases emergency fix for IE7

Microsoft is planning to release an out-of-band patch for Internet Explorer on Wednesday to address a critical security vulnerability that is being actively exploited.The company on Saturday warned that 1 in 500 Internet Explorer users worldwide may have been exposed to malware hosted at both legitimate Web sites and porn sites that exploit an unpatched vulnerability. Microsoft confirmed finding exploit code on a search engine in Taiwan and on a Web site in Hong Kong that serves adult entertainment content.”Based on our stats, since the vulnerability has gone public, roughly 0.2% of users worldwide may have been exposed to websites containing exploits of this latest vulnerability,” Microsoft Security Response Center researchers Ziv Mador and Tareq Saade said in a blog post. “That percentage may seem low, however it still means that a significant number of users have been affected. The trend for now is going upwards: We saw an increase of over 50% in the number of reports today compared to yesterday.”

Microsoft’s estimate works out to as many as 1.4 million potential victims, assuming there are a billion active Internet users (estimates range from 800 million to 1.5 billion), about 70% of whom are using Internet Explorer. The number of potential victims would drop to 940,000 if only Internet Explorer 7 users (47% browser market share) were affected. And those numbers represent only potential victims: Not all those exposed would be necessarily become infected. Since last Tuesday, Microsoft has updated its advisory four times. It expanded the list of potentially affected versions of Internet Explorer to include not only IE 7, but also IE 5.01 SP4, IE 6, IE 6 SP1, and IE 8 Beta 2. It also added several workaround options that involve disabling certain features.

Source: InternetWeek

Opera 10 Alpha 1 now available

Opera has long been the pioneer of the browser world; many of the features that we take for granted in Firefox, IE and Safari actually began life in Opera. The browser also tends to have the best web standards support around, and the latest alpha preview of Opera 10 is no exception. Although the new Opera 10 is an alpha preview, and not recommended for anything more than testing, its noteworthy for being the first release to grab a perfect score on the ACID 3 browser stress test. The ACID tests are designed to push a browser’s limits when it comes to rendering web pages. The idea is that if browsers can render the ACID test pages, then they should be able to handle just about anything on the web.

Although the ACID 3 test has been around for some time, Opera 10 is the first release to pass it. Apple’s Safari browser, which was the first to pass the ACID 2 test, also passes ACID 3, but only using the developer nightly builds. Of course cutting edge web standards support isn’t the only thing coming in Opera 10. The first alpha also packs in revamped and much faster rendering engine, on-the-fly spell checking for text fields, support for HTML messages in Opera Mail, and an auto-update feature to force browser updates. We don’t recommend rushing out and downloading Opera 10 in its current alpha state, but the preview release is good news for Opera fans. So far Opera has not announced a time line for the final release of Opera 10.

Source: Wired

Facebook infected with Koobface virus-PPI

Attention new viewers: those 5000 “friends” you have on Facebook? They might not actually be your friends. In fact, some of them might be scammers trying to infect your computer with a new virus dubbed “Koobface”. Koobface, which already made the rounds on MySpace, is now worming its way through Facebook. The Koobface virus uses Facebook’s private messaging system to infect computers via a shared video. Unsuspecting users will see a video link (shared by an infected friend) with the message, “You look just awesome in this new movie.” Click the link will lead you to an outside site where you’re told that you need to download a Flash update, which is actually a virus file. Once the virus is installed, it will try to grab sensitive data off your PC, like credit card numbers.

In a way this a very old virus; it operates much like mass-mailing worms that used to infest Usenet and e-mail lists. But it’s proving an effective tactic on social networks where private messages from friends seem more trustworthy than traditional e-mail, which even the most neophyte web users have come to distrust. With its some 120 million users, Facebook is not only a potentially lucrative target, but it’s well into the mainstream, which means more gullible, less internet-savvy users for virus creators to prey on. The virus watchdog blog for McAfee labs reports that Facebook is aware of the Koobface attack and is already working to remove the spammed links from its system. But with dozens of Koobface variants known to exist, McAfee warns that “the situation is likely to get worse before it gets better.” Should your PC be infected the Koobface worm, the Facebook security blog suggests resetting your password and running updated anti-virus software to purge the worm from your system.

Source: Wired

Botnets revived, spam back to prior level

Spam levels could take an upwards spike after researchers detected a malicious network of computers designed to push out junk mail and malware was brought back to life Tuesday. The Srizbi botnet, comprising more than half a million PCs, was deemed responsible for approximately 40 to 50 percent of the world’s spam. Up until recently, security experts believe that Srizbi was completely defunct after botnet was knocked offline two weeks ago as part of a collaborative effort within the security community. Now that Szribi is partially revived, it is anticipated to spew out malicious content at alarming rates, experts say.

According to MessageLabs, now part of Symantec, the spike in spam levels was only at 37 percent of what they were before Internet Service Provider McColo was disconnected from upstream provider Hurricane Electric, who disassociated with the provider because of its connection to some of the world’s largest malicious botnets. McColo’s shut down came shortly after the release of a scathing report by a group of notable security researchers and vendors lambasting McColo for hosting numerous Web sites known to cater to child pornography and malware. Spam levels experienced a sharp drop — anywhere from 60 to 80 percent– in the weeks following McColo’s takedown. However experts say that spam levels are steadily returning to “normal” levels, rising to two thirds of what they were before the McColo shut down as the spammer reconnected with other providers.

Source: CRN