Social networking has traveled a long way to reach the present stage but nobody could have ever thought that it will come along with a clever & unfriendly tag of social engineering.

Myspace, orkut & facebook are the sites who initially brought up the idea of social networking into limelight,which later on grew & is still, growing continuously with the increasing participation of more & more new agencies who are trying to build their web presence through this solid & revolutionary media of global communication.

But the pity is that such sites are becoming regular victims of Black-hat coders & hackers who unfortunately, are sometimes more clever than the big brains working behind internet security agencies.

Since 2006, the internet industry has seen a rapid increase in the number of viruses & their efficiency levels. More hacking attempts involving Trojans,worms,viruses have been made & some of them literally spoiled the face of social networks by playing with information security & user’s confidentiality.

Computer security experts like Kaspersky, Norton are constantly warning of rampant virus attacks that is hitting Facebook and MySpace. Orkut is the new entrant in the list of victims of hacking. Generally the drive towards these attacks is getting financial gain & tons of user database like emails,userids & passwords which can be exploited to fit a hacker’s needs.

According to a recent study, Google’s Orkut social networking site has seen a steep rise in the number of virus attacks due to cross-side scripting (XSS) & after it enabled flash & HTML to be embedded in the users’s scrapbooks.

Some javascripts too run popular among some naive orkut enthusiasts,which pretend to be the ultimate user friendly stuff.The hackers provoke the users to run the script(which is generally a cross-side script) in their address bar & once it is executed,the virus linked with the script penetrates automatically into the client’s hard drive,makes its copies & spreads automatically in the scrapbook of other victims present in their friendlist & the same procedure keeps repeating.

Cases of similar kind & even more harsh (like phishing attempts) were also reported in other social networking websites like facebook & myspace.

The social networking giant myspace had to loose a big chunk of its users because of a small piece of javacsript which had infected more than 1 million MySpace users in the year 2005. The script was later named as Samy Worm. This impacted loss of users. Who could not believe if Myspace ever get rid of that worm! What could be a bigger setback than this for myspace??!!

Security is the most important requirement on these sites, people behind these websites are on their toes to keep everything right and fix all their vulnerabilities. Someone Somewhere finds and exploits their system, this is going to be ongoing task for them.

FBI have disclosed on Wednesday that an ongoing cybercrime initiative, called Operation Bot Roast, has identified more than a million PCs infected with bot software and that has resulted into charges against three people for violations of the Computer Fraud and Abuse Act.

The U.S. Department of Justice, along with its partners at the Computer Emergency Response Team (CERT) Coordination Center at Carnegie Mellon University and the Botnet Task Force, aim to disrupt the operations of bot masters, or bot herders, that compromise their victims machines to use for sending spam or attacking other computers. As per the report at securityfocus.

These cases under Operation Bot Roast. The FBI’s Chicago office charged James C. Brewer of Arlington, Texas, on Wednesday with allegedly operating a bot net that infected Chicago-area hospitals.

Agents in Detroit investigated and charged Jason M. Downey of Covington, Kentucky, with allegedly using bot-infected machines to level a denial-of-service attack against specific targets. The FBI’s Seattle office charged Robert A. Soloway with using a botnet to spam tens of millions of unsolicited e-mail messages.

The FBI referred citizens that may be concerned about their computer’s security to the Internet Crime Complaint Center.

One of the Apple’s new patent involves the detection of wireless interference on a handheld device. According to the application, accessories can effect wireless signal of a device, particularly if the accessories are placed near the antenna or are of the unapproved aftermarket variety.

Actually this patent makes no direct reference to the iPhone and may not have been incorporated into the product shipping in late June, the patent is specifically meant to address concerns regarding cellphones with media abilities as well as more generic wireless mobile devices, ensuring that Apple can use the patent both for the iPhone as well as other hardware types in the near future as reported on Electronista.

This interference isn’t a good thing if you want a strong signal (or any signal in some cases) while using an accessory, so Apple with this patent is implying that your accessory might be harmful to the signal of the main device.

The warning would occur by way of a detector chip that is attached to the connector, which would be able to recognize types of accessories.

It would let you know with either a message or some type of audio tone that your accessories might cause problems. Despite of the fact if a particular accessory isn’t on the list, your handheld could still let you know that it might be harmful to your signal.

Cisco Systems may take over another video surveillance vendor BroadWare. BroadWare develops and distributes video surveillance systems that run over standard IP networks for government organisations and private companies. The camera networks can be accessed and managed over the web.

BroadWare represents Cisco’s second purchase of a video surveillance vendor in as many years. Last year the company purchased SyPixx which made software for viewing analogue surveillance video over IP.

Such purchases by cisco are in a direction to create combined packages, that will allow it to offer security products for analogue and digital surveillance systems.

Two unknown hackers have announced a plan last week to make April a month of daily MySpace vulnerability disclosure. They use the online names as “Mondo Armando” and “Müstaschio” have announced a plan to release daily flaws in MySpace’s online social networking software on their Web site, while poking fun at the whole Month of Bugs phenomenon. Calling the effort MOMBY for “Month of MySpace Bugs, Yuss,” the two hackers stated that the effort is less motivated by security concerns and more designed to head off thoughts of any future Month of Bugs projects.As reported on securityfocus.com If it ends up being just as lame as the Month of Apple Bugs, then we haven’t really missed the mark,” wrote “Mondo Armando” on the site. “If it’s funnier, then great. If it kills this Month of Whatever fad, then hurray for everyone, it’s over.
The effort, if indeed it happens, will be the fifth Month of Bugs in the last year. In July, security researcher HD Moore started the trend with a Month of Browser Bugs, in November came the Month of Kernel Bugs, followed by the Month of Apple Bugs in January and the Month of PHP Bugs in March.

This update is for the commanly used media software comes a week after a security researcher took Apple to task for its handling of security flaws. Last month reported by secuirty focus, two researchers also targeted Apple with a month dedicated to disclosing bugs in the company’s products on a daily basis. The Month of Apple Bugs reported a number of QuickTime issues.

Apple has released an update on last Monday for QuickTime that patches eight flaws in the Windows version of the program, including seven flaws that also affect QuickTime for the Mac OS X. The security vulnerabilities existed on the program that handles a variety of different media formats, including movie files, third-generation partnership project (3GPP) files, QuickTime image files (QTIF), and Picture (PICT) files. Exploiting any of the eight flaws could allow an attacker to run code on the target’s PC or Mac, the company stated in the advisory. Media files have increasingly become a vector for attacks.

Five of the flaws were found by researchers at McAfee’s antivirus labs. Three issues appear to have been independently reported by two or more researchers. The update will be downloaded and installed through the Mac OS X’s Software Update, if the preferences have been set to allow automatic updating. For Windows users, the latest version of QuickTime can be downloaded from Apple’s Web site.

MySpace has announced on Wednesday that they are developing a parent notification tool and age verification software. The software, codenamed Zephyr, will be a desktop application.

The current MySpace age verification software online does not allow children under the age of 14 to gain access to register for an account, it is unknown on how it works
There have been a number of reported cases of minors who have been violated, removed from their underage MySpace accounts, and MySpace along with parent company News Corp intend to stamp out the chances of minors gaining access to the site and so they will improve this facet so that minors are not harmed from their service.

The copy protection seems to be ruined on the latest Blu-Ray and HD DVD technology has been broken, according to a code writer’s post at the Doom9 video enthusiast forums.

Someone on this forum has claimed to have written software, named BackupHDDVD, that bypasses the Advanced Access Content System (AACS) protection found on the new storage formats and allows users to copy data from the otherwise restricted discs to a PC.

Maybe this news is still in its rough form and maybe it is just limited to a handful of HD DVD titles, the program appears to confirm early fears that AACS is too similar to CSS, the encryption scheme used by standard DVDs and famously bypassed by Jon Lech Johansen in 2002.

If validated, this could force a radical revision of copy protection on future discs.

Just after a month that the Windows Vista operating system shipped to businesses, Microsoft has confirmed that a flaw in the software appears to allow attackers to mount a privilege escalation attack.

This flaw is labelled a double-free vulnerability caused by the way the Windows operating system handles error messages to be displayed. The vulnerability in the Client Server Run-Time Subsystem affects Windows 2000 SP4, Windows Server 2003 SP1, Windows XP SP1, Windows XP SP2 and Windows Vista, according to Microsoft.

Windows Vista marks the culmination of several security initiatives begun at Microsoft after the Code Red and Nimda worms–and, later, the Slammer worm–poked holes in the software giant’s security reputation.

Vista locks down older code and critical components, focuses on reducing the privilege of noncritical code, and adds more security management features to help users make the right decisions regarding system protection.

Vista, the first major Windows upgrade since Windows XP launched in 2001, was made available Nov. 30 to businesses that buy Windows licenses in bulk. Consumers generally won’t be able to get Vista until Jan. 30.

In trying to improve security, Microsoft redesigned its flagship operating system to reduce users’ exposure to destructive programs from the Internet. But most security researchers believe a complex product like Vista can never be error-free, so it was a matter of time for someone discovered a security vulnerability.

Skype has revealed that it will be including an innovative and optional lie detector feature to its popular internet telephony service.

It is termed ‘KishKish’, this software attempts to figure out whether the caller is telling a Lie by analysing the audio stream and checking for voice stress levels.

Lying causes a  ‘fight or flight’ response in humans, which makes mouth muscles tense up, which alters the pitch and tone of the voice.

“This is a really neat application, and the kind of thing we want to see more of,” said Paul Amery, director of Skype’s developer programme.

“Lie Detector is the latest in a variety of products in our premium Extras for Skype which greatly enhance the Skype communication experience.”

The software was developed by Israeli software house BATM, and is already in use by the US military.The software is available from Skype as a premium add on. No price or release date have been announced.