Share on Facebook

But even after all these years, the way we find, navigate and save content on the Web works pretty much like it always did. Here’s a page with text. Some of the words are hyperlinked, so when you click on them, you open another page. If you want to save something, there’s a wide variety of tools that help you do so, but most people use the bookmarking feature built into their browsers, or social bookmarking sites.

But now there’s a conspicuously innovative new option. A service called Pearltrees from a small company in Paris gives you a new way to organize your stuff online. Instead of bookmarks organized with long lists, Pearltrees puts your links into a dynamic, sharable web of connections.

The service is functionally similar in some ways to social bookmarking sites, but its core function is “curation,” which Wikipedia defines as the “selection, preservation, maintenance, and collection and archiving of digital assets.”

Described by one blogger as a social bookmarking tool based on “Six Degrees of Kevin Bacon,” Pearltrees looks a bit like Google’s “Wonder Wheel,” but it isn’t used the same way.

The Pearltrees interface is appealing and intuitive to use. Round objects called “Pearls” form the basic unit of content.

Let’s say you’re following the World Cup soccer tournament. When you find World Cup-related articles you like, Web sites you enjoy, Twitter feeds from fans attending the event or Wikipedia pages of your favorite players, you can save these links in Pearltrees. Each link is represented as a “Pearl.” Put related Pearls together and you might create a container circle, called a “Pearltree,” and name it “World Cup.” When you click on it, you see your collected Pearls, which fly out and organize themselves into a halo of content around the organizing Pearltree.

Maybe you follow several sports. In that case, you might create a Pearltree called “Sports,” then inside that Pearltrees called “Soccer,” “Basketball,” “Bowling” and so on. You could then go ahead and drop your “World Cup” Pearltree into the “Soccer” Pearltree.

Sports could be just one of your many interests. You might also have Pearltrees for “Politics,” “Work” and “Music” — whatever your interests are.

This structure is a lot like nested folders — the kind you might have on your PC. It can be as complex and deep or as simple and shallow as you like. It’s up to you.

Once you’ve got this going, you can simply drag any Pearl and drop it on any Pearltree. You can move things around however you like. New connections are formed automatically and instantly. You can get rid of Pearls by dropping them into the trash can.

As you collect hundreds or thousands of Pearls, you begin to see the value of Pearltrees’ navigation. You can navigate through all of those pieces of content through a set of connections you created yourself. Drill down, or expand out with intuitive ease.

Collecting and organizing links is the basic functionality. But Pearltrees does a lot more.

For example, you can go Pearl-diving to find other people’s Pearls through searches. When you do that, your search results appear in the form of other people’s content Pearltrees, which come flying in from all sides of the screen. The hits aren’t chosen at random. It’s a popularity contest. The “most connected” Pearls are most likely to be offered up.

It’s easy to find people who are doing an amazing job of curating the kind of content you’re searching for. By dragging and dropping whichever Pearls you like into a “Dropzone” (which is a tray to hold Pearls so you can drag them later into your own Pearltrees) you can collect experts or superfans or enthusiasts who share your interests — along with the great content they’ve collected. Later, when they update their Pearltrees, yours will be updated as well.

In essence, Pearltrees turns you into a “meta-curator” — a curator of curators, along with their curated content.

Pearltrees doesn’t have Facebook-like “friending” or Twitter-like “following” features. But you can, if you like, create one or more “people” Pearltrees, and drop interesting people or people you know into it.

Pearltrees also has a “Twitter Sync” function, which creates a Pearltree surrounded by Pearls representing Web pages or online content you’ve tweeted.

Embedding Pearltrees is super easy. Note that you don’t have to embed the whole thing — you can choose any branch, and that will be represented as a stand-alone Pearltree wherever you embed it. Just right-click on the Pearltree of your choice, and choose “embed this Pearltree.” You can pick the size of the container box your Pearltree will live in, or you can customize the size. Then you just copy the code and drop it into the blog post, Web page or wherever you’re embedding it. That Pearltree will function just as a Pearltree does on the main site, but it will work directly in the page you put it in. Here’s an example on the Huffington Post site.

Although the Pearltrees user interface feels like the future, the service stands firmly in the Web 2.0 world. The value of the site is ultimately derived from the actions of users.

If you’re a casual Web surfer looking for general content, Google, Bing Yahoo or Wikipedia are probably your best options for finding content. If you care mostly about what your friends think, then Facebook or Twitter or any number of the new social content-sharing tools might satisfy you. But for deep, savvy content, Pearltrees might be the best resource out there. It offers an easy way to find a large number of people who are very passionate about a variety of subjects and who have collected the kind of online content that true aficionados are seeking.

What’s Next?

Pearltrees is currently in beta and is scheduled to “ship” later this year.

The company has a whole lot planned for both before and after the launch. In the meantime, the service is open to the public and free of charge.

A new “prefetch” feature is expected to roll out next month. This will invisibly load content on peripheral Pearls so that when you click on one, the content will appear instantly.

The current version is written in Flash, so you can’t use it on an iPad. However, an HTML5 version is planned for sometime in the near future. A Facebook app should be available in a few months.

Pearltrees is planning some new features that make a lot of sense. For example, you’ll soon be able to add simple text messages and protect Pearls with a “private zone” tool. These features will enable you to use Pearltrees for mind-mapping, note-taking or creating decision trees.

After the first version exits the beta cycle, Pearltrees plans to start working on an open API, which potentially means integration with just about everything, including RSS readers, Evernote — you name it.

Will Pearltrees become a popular new way to discover, organize and share content? Who knows? But even in beta, it’s already a powerful resource that also happens to be really fun to use.

Share on Facebook

The worry with this vulnerability is that the help links in the Help Center can be hijacked to run executables on the victim’s computer. The details of the vulnerability and possible attack are as follows:

In Windows XP and Windows Server 2003, clicking on an hcp:// link launches helpctr.exe via a registered protocol handler; this is normally a safe way to launch help content thanks to an allow list that Help and Support Center checks before navigating to a given help page. A Google security researcher discovered, however, that a help page with a cross-site scripting vulnerability can be paired with a mechanism to abuse the allow-list functionality to access that page with an exploit querystring. Thus, clicking on a malicious hcp:// link leverages the XSS vulnerability to circumvent helpctr.exe’s safety controls and ultimately run an arbitrary executable on the machine.

Microsoft says that they are monitoring the problem and is so far unaware of any attacks in the wild. They may prepare a patch for the next Patch Tuesday or it could come earlier. Microsoft has outlined some mitigating factors which are also in the Security Advisory.

• The first is that if the attack is web-based the attacker would host a web page to exploit the vulnerability or host advertisements on another website. Victims can’t be required to visit the pages and the hacker would try to get people to visit with social engineering tactics like emails.
• The vulnerability can’t be manipulated directly from an email, the user would have to click a link.
• A hacker that successfully executed the attack could gain the same user rights as the user logged in. If users aren’t logged in as an admin the damage could be lessened.

Microsoft has one workaround where the registry is edited to unregister the HCP protocol. They detail two methods of doing this in the Security Advisory but they warn that after editing the registry it will obviously break all help links that use HCP.

This vulnerability was discovered by Google who alerted Microsoft to the problem on June 5 and then turned around and kindly disclosed it to the public on June 9. Microsoft was none too happy with Google about that and said:

Public disclosure of the details of this vulnerability and how to exploit it, without giving us time to resolve the issue for our potentially affected customers, makes broad attacks more likely and puts customers at risk

Share on Facebook

Three of the vulnerabilities are marked “Critical” and seven are marked “Important”. Critical vulnerabilities mean that they could be exploited to allow remote code execution allowing the hacker control of the computer. The operating systems included in this update are: Windows 2000, Windows XP (32-bit and 64-bit), Windows Server 2003 (32-bit and 64-bit), Windows Vista (32-bit and 64-bit), Windows Server 2008 (32-bit and 64-bit), Windows 7 (32-bit and 64-bit), and Windows Server 2008 R2. In terms of the Microsoft Office suites, all supported versions are affected on both Windows and Mac OS X.

The exact contents of the bulletins is:
– Bulletin 1: Critical (Remote Code Execution), Windows
– Bulletin 2: Critical (Remote Code Execution), Windows
– Bulletin 3: Critical (Remote Code Execution), Windows, Internet Explorer
– Bulletin 4: Important (Elevation of Privilege), Windows
– Bulletin 5: Important (Remote Code Execution), Office
– Bulletin 6: Important (Elevation of Privilege), Windows
– Bulletin 7: Important (Remote Code Execution), Office
– Bulletin 8: Important (Elevation of Privilege), Office, Microsoft Server Software
– Bulletin 9: Important (Remote Code Execution), Windows
– Bulletin 10: Important (Tampering), Windows

The updates will also include a fix for the April Sharepoint vulnerability and the Februrary IE flaw. There will also be a few non-critical updates released. Keep in mind that since this is preliminary info it is subject to change as MS has been known to rush patches or pull them unexpectedly.

Share on Facebook

The affected versions are Adobe Flash Player 10.0.45.2, 9.0.262, and earlier 10.0.x and 9.0.x versions for Windows, Macintosh, Linux and Solaris. Adobe Reader and Acrobat 9.3.2 and earlier 9.x versions for Windows, Macintosh and UNIX. The versions that avoided being affected are Flash Player 10.1 release candidate, link available in the Adobe security advisory, and Acrobat/Reader version 8.x.

The attack isn’t widespread in the wild yet, Adobe has only received two reports of online attacks. Of course the attack is new and may just be starting to ramp up. Adobe will update the advisory when a schedule has been determined for creating a fix.

Until the fix is ready, they tell Flash users that they should use the 10.1 release candidate to avoid attack where Acrobat and Reader 9.x users can downgrade to version 8 or deleting, renaming, or removing access to the authplay.dll file that ships with Adobe Reader and Acrobat 9.x mitigates the threat for those products, but users will experience a non-exploitable crash or error message when opening a PDF file that contains SWF content. The authplay.dll that ships with Adobe Reader and Acrobat 9.x for Windows is typically located at C:\Program Files\Adobe\Reader 9.0\Reader\authplay.dll for Adobe Reader or C:\Program Files\Adobe\Acrobat 9.0\Acrobat\authplay.dll for Acrobat.

Share on Facebook

Facebook has been having so many security problems lately, the latest one is a bug discovered on Wednesday by a college student. The bug would allow a hacker access to accounts with the power to delete friends and more. Even though this is a serious bug, as of Saturday it was still unpatched.

The college student, Steven Abbagnaro, wrote up proof-of-concept code of an attack that would get all of a users’s publicly available data from their Facebook page and then delete their friends one by one. However, the attack can’t be started until the user clicks on a rigged link while logged into Facebook.

Abbagnaro won’t release the code until a patch is applied but competent hackers could figure it out on their own. The code is based on a previously discovered vulnerability in Facebook that doesn’t check code from user’s browsers properly to make sure they are authorized to make changes on Facebook. Another possible attack that has arisen out of this bug is the ability of hackers to make users “like” things.

This attack and the others that have been cropping up lately stresses the need to educate users about social engineering techniques and to be suspicious of links from people they don’t know or links from friends that seem uncharacteristic.

Share on Facebook

“Sexiest Video Ever” Malware on Facebook

A new malware attack has been circulating Facebook lately which puts a link on the user’s newsfeed claiming to be the “sexiest video ever”. When clicked the program tries to access the user’s info and if they allow that it will prompt them to install a new version of a FLV video player and starts downloading an .exe.

The file it actually downloads is Hotbar Adware which puts a toolbar in the browser and displays ads based on browsing habits. The Facebook application will also post messages on friend’s walls with the same video link and “sexiest video ever” message.

If the user doesn’t allow the application to access their info they are safe. If a user has gotten the malware the Daily Mail reports that Graham Cluely from security software developer Sophos said: “If you were one of them [that got attacked], you should scan your computer with an up-to-date anti-virus, change your passwords, review your Facebook application settings, and learn not to be so quick as to fall for a simple social engineering trick like this in future.”

PC Repair can remove any virus or malware attack from your computer, laptop or netbook and be back in full working order with you within 24 hours

Call 01202 517256 for our prompt service

Share on Facebook

Simply click below to go through to Dell and apply the voucher code at the end for your discount.

5% off all Studio, Inspiron & XPS with Intel on orders over £749:

Click Here to go to Dell Website

Special Code: L0F0VGDWF4JXL0

Share on Facebook

Today we came across such a sample arriving at one of our spamtraps through a car-related forum. The message looks like this:

Subject: Warning!

DO NOT REPLY TO THIS EMAIL!
***************************

Dear [Redacted forum user name],

You have received a new private message at [Redacted] Forum from [Redacted], entitled “Warning!”.

To read the original version, respond to, or delete this message, you must log in here:

http://[Redacted]

This is the message that was sent:
***************
Dear, [Redacted forum user names]

There are viruses’ activities from your computer! Highly recommend you to scan your computer for malicious and potentially unwanted software. If you do not follow this, I will have to make a complaint to your Internet Service Provider with attached log file (your IP address, etc.). If you want to find a report about your computer’s security and solve every problem with it, please click here: http://www.virus-total.[TLD removed]/detected/[Redacted] This is an online service that you can use for free spyware removal. Use it to scan your computer to help protect, clean, and keep your computer running at its best. Use the free scan to check for and remove viruses, spyware, and other potentially malicious software and to find vulnerabilities or shortcomings in your Internet security.

Thank you. Yours truly, [Redacted].
***************

That’s right – the malware authors registered a domain called virus-total.TLD. (The suffix is purposely removed here so that the curious won’t get themselves in trouble). This is in contrast to the legitimate site which is at virustotal.com with no dashes in the name.

The link in the forum message would bring an unsuspecting user to a page which says:

“We detected viruses activity from your computer. If that is really so, we highly recommend you to install our security tool and keep your computer running at its best.. Please, wait for a moment. You’ll be redirected to perform scanning…”

This page will then redirect to page /scanning/ at the same website which generates the following popup:

The above popup would follow by the loading of a fake scanning page inside the browser:

One of the interesting parts of this fake page is that the “Windows Security Alert” pop-up is actually a time-delayed object inside the page. Even though the box looks like a window box from Windows XP, it is not moveable at all.

When the fake scanning completes, another pop-up will be generated asking the user to download a file called security_tool_setup.exe. Needless to say, this file is malicious and is yet another one of the Fake Antiviruses. Fortunately, this executable has already been proactively detected as Mal/FakeVirPk-A.

The moral of the story is even though there are helpful people out there trying to warn others about malware, this technique is also abused by malware authors for their own gain. So, no matter if a link comes from a friend, family, or a close acquaintance, one has to be careful what link you access

Share on Facebook

Share on Facebook