Google's Gmail service suffers from security flaws that make it trivial for attackers to create authentic-looking spoof pages that steal users' login credentials, a security expert has demonstrated. Google Calendar and other sensitive Google services are susceptible to similar tampering.

A proof-of-concept (PoC) attack, published by Adrian Pastor of the GNUCitizen ethical hacking collective, exploits a weakness in the google.com domain that allows him to inject third-party content into Google pages. The result is this page, which allowed him (at time of writing, anyway) to display a fraudulent Gmail login page that displayed mail.google.com in the browser's address bar.

Link: The Register

Opera Software, which is battling hard for market share with Google's Chrome, is promising users a faster surfing experience, an improved email client, and better browser-synchronisation capabilities, with the latest version of its browser launched this week. bThe Norwegian developer says that Opera 9.6 contains an expanded Opera Link. This means that users can more easily use their personal browsing identities on any computer. Essentially, it synchronizes a user's browser history, bookmarks and personal bar.

Opera has also tweaked its built-in email client, Opera Mail, with a feature designed for users stuck with a slow broadband connection. The email client's "low-bandwidth mode" allows users to retrieve mails faster when bandwidth is limited. Opera Mail also contains a new feature that will help users swamped with email overload, as the email client now has two new ways to prioritize emails, so that users can easily (with a single click apparently), track important threads, and ignore less important ones.

View: The full story @ PCWorld

WiFi is no longer secure enough to protect wireless data.

Global Secure Systems has said that a Russian's firm's use of the latest NVidia graphics cards to accelerate WiFi ‘password recovery' times by up to an astonishing 10,000 per cent proves that WiFi's WPA and WPA2 encryption systems are no longer enough to protect wireless data.

David Hobson, managing director of GSS, claimed that companies can no longer view standards-based WiFi transmission as sufficiently secure against eavesdropping to be used with impunity. He also said that the use of VPNs is arguably now mandatory for companies wanting to comply with the Data Protection Act.

He said: “This breakthrough in brute force decryption of WiFi signals by Elcomsoft confirms our observations that firms can no longer rely on standards-based security to protect their data. As a result, we now advise clients using WiFi in their offices to move on up to a VPN encryption system as well.

Mozilla, the company behind the Firefox browser, has released technology that helps websites detect the physical location of computers.

The system will allow users, for instance, to find local restaurants when they travel to a new town.

The Geode project is an experimental add-on ahead of a full blown launch of geolocation technology in version 3.1 of Firefox.

Users will have control over how much location information they give.

It uses technology from a firm called Skyhook which works out a computer's location from nearby wireless networks.

Its so-called Loki system can determine location within seconds with an accuracy of about 10 to 20 metres.

Perfect secrecy has come a step closer with the launch of the world's first computer network protected by unbreakable quantum encryption at a scientific conference in Vienna.

The network connects six locations across Vienna and in the nearby town of St Poelten, using 200 km of standard commercial fibre optic cables.

Quantum cryptography is completely different from the kinds of security schemes used on computer networks today.

These are typically based on complex mathematical procedures which are extremely hard for outsiders to crack, but not impossible given sufficient computing resources or time.

But quantum systems use the laws of quantum theory, which have been shown to be inherently unbreakable.

View: BBC News

Acer recently introduced the Aspire X1200 small form factor system, one of their latest desktop additions to the ever expanding Aspire line. Acer describes the X1200 as a stylish, space saving and low-cost option for an average business computer or home theater PC.

Currently shipping in three different packages - the first which we'll be taking a look at today - consists of an AMD Athlon X2 4850e processor operating at 2.5GHz, 4GB of RAM, a 320GB hard drive, Nvidia GeForce 8200 graphics, a DVD burner and Windows Vista Home Premium 64-bit for about $470.

Measuring only 10.6 x 4.0 x 14.4 inches, Acer has managed to pack a lot of computer into a very small package, which includes a 14-in-1 card reader, eSATA and HDMI ports and full 5.1-channel audio support.

View: Acer Aspire X1200 SFF system review @ TechSpot

Nvidia Corp. recently released an improved version of its high-end graphics processing unit (GPU) in an attempt to offer a product that would be indisputably better compared to an offer from the arch-rival ATI, graphics product group of Advanced Micro Devices. While the new core does have advantages over the previous one, many leading-edge manufacturers of graphics cards have decided to stick with the old one for a while.

The world’s most influential supplier of discrete graphics chips recently released an improved version of its GeForce GTX 260 graphics card that features 216 stream processing units, a substantial increase compared to the GeForce GTX 260 with 192 stream processors available earlier. The attempt was made in order to stop invasion of ATI Radeon 4870 graphics cards into the higher-end market. Nvidia has even maintained the price of the model 260 at the same level as less powerful model 260: $299 a card. But the attempt was not successful, it seems: many of the largest suppliers of Nvidia GeForce-based graphics cards, including, but not limited to, Asustek Computer, Gainward, MicroStar International as well as Leadtek Research, still do not sell graphics cards powered by the so-called GeForce GTX 260-216.

View: The full story @ Xbit Labs

A US judge has ruled that a lawsuit against Apple and AT&T can go ahead, despite Apple's request to have the suit dismissed. The $1.2m suit alleges that Apple and AT&T knowingly sabotaged unlocked iPhone handsets with the release of the iPhone 1.1.1 software update. The suit claims that the companies violated US trade and copyright laws which had allowed users to alter their phones. The plaintiffs are suing both companies for violating federal antitrust laws.

View: The full story @ vnunet

Microsoft sure doesn't seem too worried about clickjacking. Should it be? Should you be? With all the recent buzz about clickjacking, a blog post is long overdue. So this afternoon I contacted Microsoft's PR agency with the simplest softball question—and some opportunity to promote Internet Explorer 8 security. My, but did I get an unexpected response.

My question: "Is there anything new in IE 8 that helps thwart or even prevents clickjacking? If so, can you put me on the phone with somebody to discuss the topic?" Instead, I got a general statement attributed to Bill Sisk, Microsoft's security response communications manager: "Microsoft is investigating new public claims of a possible vulnerability in Internet browsers and is in dialogue with the researcher. We're currently unaware of any attacks trying to use the claimed vulnerability or of customer impact."

View: The full story @ MS-Watch

Intel's lawyers are evaluating whether a new manufacturing business spun out of AMD could end a long-standing cross-licensing agreement between the firms. On Tuesday, AMD announced plans to spin off its manufacturing operations into a separate company tentatively called The Foundry. The restructuring lets struggling AMD rid itself of the financial burden of running fabrication plants and provides a hefty influx of cash from its partner in the deal, Advanced Technology Investment Co. (ATIC).

Now, rival Intel is throwing a flag on the play. "We certainly have to evaluate it," said Intel spokesman Chuck Mulloy. "It certainly could be a change in the competitive landscape." Mulloy explained that Intel and AMD have licensed each other's patents since 1976. Among other things, the latest pact signed in 2001 calls for AMD to pay royalties to Intel for the use of its x86 architecture.

View: The full story @ InfoWorld

Asustek Computer is planning to launch touch panel Eee PCs in the first quarter of 2009, which the company expects will help drive sales further, according to Samson Hu, general manager of Eee PC business at Asustek. The company has not yet decided details of the models which will be updated but will reach a decision based on market demand. The company expects to showcase the products during CES 2009, Hu noted.

View: The full story @ DigiTimes

Aimed at businesses that need to retain and store e-mail, Google has added 10 more years to its e-mail archiving service, Google Message Discover. "Regulations and guidelines like the Federal Rules of Civil Procedure put pressure on IT organizations to ensure that e-mail is properly retained and can be reliably located and preserved in the event of legal discovery," Google said in a company blog. "Coupled with the growing importance of e-mail as a store of intellectual property, e-mail archiving has become both legally necessary and critical to the operation of your business."

According to a Google whitepaper, the Federal Rules of Civil Procedure applies "to virtually all organizations, in all industries, including private, public and non-profit organizations. In short, if an organization can have a civil lawsuit filed against it, then the FRCP should figure prominently in that organization's data management strategy."

View: The full story @ CRN

A popular free security tool for the Firefox browser has been upgraded to block one of the most dangerous and troubling security problems facing the Web today. NoScript is a small application that integrates into Firefox. It blocks scripts in programming languages such as javascript and Java from executing on untrusted Web pages. The scripts could be used to launch an attack on a PC.

The latest release of NoScript, version 1.8.2.1, will stop so-called "clickjacking," where a person browsing the Web clicks on a malicious, invisible link without realizing it, said Giorgio Maone, an Italian security researcher who wrote and maintains the program. Clickjacking has been known for several years but is drawing attention again after two security researchers, Robert Hansen and Jeremiah Grossman, warned last month of new scenarios that could compromise a person's privacy or even worse, steal money from a bank account.

Download: NoScript 1.8.2.1
View: The full story @ PCWorld

Adobe Systems warned users Tuesday that hackers could use recently-reported "clickjacking" attack tactics to secretly turn on a computer's microphone and Web camera. Flash on all platforms is susceptible to clickjacking attacks, Adobe said in an advisory posted Tuesday. By duping users into visiting a malicious Web site, hackers could hijack seemingly-innocent clicks that, in reality, would be used to grant the site access to the computer's Webcam and microphone without the user's knowledge.

"This potential 'Clickjacking' browser issue affects Adobe Flash Player 's microphone and camera access dialog," acknowledged David Lenoe, the company's security program manager, in a post to Adobe's security blog . Although a patch is not ready -- Lenoe said one would be issued by the end of October -- Adobe's advisory listed steps users can take immediately to block Webcam and microphone hijacking. Adobe recommended that users access Flash's Settings Manager using a browser to select the "Always deny" option.

View: The full story @ InfoWorld

Let the holiday season smart phone wars begin. Research In Motion introduced Oct. 8 its BlackBerry Storm—with its new tactile touch-screen—that will be exclusively available on Verizon Wireless in the United States in a matter of weeks. Both RIM and Verizon Wireless are expecting the Storm to seriously challenge Apple's 3G iPhone as the hottest electronic device under this year's Christmas tree.

With a look similar to Apple's iPhone, the Storm comes with a 3.2-inch screen, preloaded with Facebook, Microsoft Word and PowerPoint. The device features built-in GPS, a 3.2-megapixel camera, video recording capability, a media player and a removable battery. Additional applications will be available through a BlackBerry app store. The device is expected to sell for approximately the same price as an iPhone.

View: The full story @ eWeek