This week Cisco released a new iPhone app called Cisco SIO To Go [iTunes link]. The application is primarily focused on delivering security and threat information via a number of freely available online feeds including Cyber Risk Report, Cisco Threat Outbreaks, Cisco Security Blog, and even some of Cisco's Twitter feeds. This information is available on the app's Security Alerts page.

All of this could be done in your favorite feed reader, so it's a little disappointing that this is the focus of Cisco SIO To Go. The application also features a Lookup page, which allows you to look up a domain name to look up its Email or Web Reputation score. This screen has some interesting-looking red, yellow, and green flashing lights with interesting labels like "Virus outbreak in progress", but unfortunately they don't seem to actually mean or do anything. Maybe they relate to the domain lookup, but if they do it certainly isn't clear how. None of the domains I searched seemed to be color-coded in any way.

While it's hard to complain about a free app, at the same time Cisco is in a unique position to offer some unique functionality like maybe push notifications when virus outbreaks or serious security vulnerabilities are discovered. There's nothing inherently wrong with Cisco SIO To Go, but there's also not much right with it. Cisco could do better if they wanted to.

[via InSecurity Complex]

Cisco releases free (but mostly useless) security information app for iPhone originally appeared on Download Squad on Mon, 23 Nov 2009 14:00:00 EST. Please see our terms for use of feeds.

Type: ssh root@(iPhone IP address)
When prompted for the password type: alpine
Now you're connected the phone...
type: passwd
It should then prompt your for a new password -- type one that you'll remember. There's no easy way to reset it if you forget it.

iPhone Rickroll exploit gets nasty, can now steal personal data originally appeared on Download Squad on Wed, 11 Nov 2009 14:00:00 EST. Please see our terms for use of feeds.

I don't often need to send ultra-secure messages to people. There's just not all that much highly-sensitive information I need to communicate. If I did, though, Norbt would be a slick way to do it.

Norbt (not to be confused with Eddie Murphy's epic film character) uses client side, browser-based cryptography to secure your transmissions. Your recipient must correctly answer the secret question. Once they do, your note is decrypted and displayed for their eyes only.

You also need to provide a password when creating your Norbt - just in case you need to go back and change some of the details.

Even if you don't have a practical reason to use a service like Norbt, it's still a fun way for you and your pals to feel like you're part of some elite spy network.

This post will self destruct in ten seconds.

Send stealthy, encrypted missives via the web with Norbt originally appeared on Download Squad on Wed, 11 Nov 2009 12:00:00 EST. Please see our terms for use of feeds.

OS X 10.6.2 offers tons of fixes, breaks Atom support again originally appeared on Download Squad on Tue, 10 Nov 2009 20:30:00 EST. Please see our terms for use of feeds.

Hundreds of Facebook groups hacked and hijacked - to prove a point? originally appeared on Download Squad on Tue, 10 Nov 2009 18:00:00 EST. Please see our terms for use of feeds.

Continue reading Panda CEO and CTO talk Cloud Antivirus 1.0 as download link goes live

Panda CEO and CTO talk Cloud Antivirus 1.0 as download link goes live originally appeared on Download Squad on Tue, 10 Nov 2009 08:30:00 EST. Please see our terms for use of feeds.

Leading up to its release, there was a lot of concern regarding Windows 7's default User Account Control (UAC) settings. Namely: it doesn't actually provide any damn security. Alas.

Windows 7 security defeated by 8 out of 10 malware applications originally appeared on Download Squad on Mon, 09 Nov 2009 17:00:00 EST. Please see our terms for use of feeds.

Jailbroken iPhones in Australia getting Rickrolled by a worm originally appeared on Download Squad on Sun, 08 Nov 2009 14:00:00 EST. Please see our terms for use of feeds.

Google hates passwords, wants you to sign up for sites without them originally appeared on Download Squad on Wed, 04 Nov 2009 11:00:00 EST. Please see our terms for use of feeds.

Forget malware infections, hackers want to ransom your files and devices originally appeared on Download Squad on Tue, 03 Nov 2009 17:00:00 EST. Please see our terms for use of feeds.

"The final confirmation of IOBit's theft occurred when we added fake definitions to our database for a fake rogue application we called Rogue.AVCleanSweepPro. This "malware" does not actually exist: we made it up. We even manufactured fake files to match the fake definitions. Within two weeks IOBit was detecting these fake files under almost exactly these fake names."

"We have never used the database of any other companies. And hope Malwarebytes stop spreading malicious rumors for hyping itself[...]A legal letter will be released later, which will prove that there is no problem with Intellectual Property Rights.

For the sake of avoiding dispute and possible problems, we have deleted all disputed items in our database temporarily, and have updated IObit Security 360's database."

Malwarebytes definition database stolen, misused by IOBit originally appeared on Download Squad on Tue, 03 Nov 2009 16:30:00 EST. Please see our terms for use of feeds.

WordPress has become a victim of its own popularity. The blogging-based content management system powers a huge amount of websites, and has become a target for hackers. Site hacks have been around for a long time, but recently they seem to have evolved.

In the past hackers would gain control of a site just to prove that could, then typically post a quasi-incoherent message on the site to prove their hacking prowess and illiteracy. Now hackers have become more advanced, and hacking has become financially motivated. Hacks include embedding links (some hidden, some not) for the purposes of gaming search engines, and instead of crowing about their conquest, hackers are now trying to hide and cover their tracks as much as possible.

This means that site owners are losing their confidence that their sites have not been compromised. With recent highly publicized exploits that allowed hackers to take control of out-of-date WordPress installations, it became even more important to make sure your site is clean.

If you're running a WordPress site on your own server, one step you can take to make sure that it is clean is to install and run the WordPress Exploit Scanner plugin. Beware, the exploit scanner is very thorough, and it will likely report a lot (and I mean a LOT) of false positives. It essentially reports any hiding behavior, which some of the plugins on your site might be doing for very normal reasons.

Even with the false-positives, the WordPress Exploit Scanner is a useful tool in any blogger's toolbox.

WordPress Exploit Scanner helps you keep your install clean originally appeared on Download Squad on Mon, 02 Nov 2009 09:00:00 EST. Please see our terms for use of feeds.

Microsoft Security Essentials rated best free antivirus for Windows originally appeared on Download Squad on Sat, 31 Oct 2009 09:00:00 EST. Please see our terms for use of feeds.

hi. this you on here? http://blogger.djh****.com

Phishing for the fail whale -- watch out, Twitterers! originally appeared on Download Squad on Wed, 28 Oct 2009 20:45:00 EST. Please see our terms for use of feeds.

Fake Facebook password-reset emails are a botnet attack originally appeared on Download Squad on Wed, 28 Oct 2009 20:00:00 EST. Please see our terms for use of feeds.

Dasient, the web security firm founded by ex-Google staffers that launched in June of this year, have published a blog post which shows just how dangerous a place the web is becoming.

If you do any computer service - either as a job or a favor to friends and family - you've no doubt seen the end result of these attacks. Fake antivirus applications continue to be the biggest source of business at my day job. That's all thanks to a web that has been slow to adapt to the presence of these threats.

According to the data Dasient has gathered to date, they estimate the number of compromised web sites to be about 640,000. Netcraft puts the total number of sites on the Internet at around 240 million - so compromised sites only amount to .26% of the whole. Still, those 640,000 sites are serving as many many as 5.8 million infected pages says Dasient, up sharply from the 3 million pages earlier this year reported by Microsoft.

Continue reading Web-based malware attacks growing at an astonishing rate

Web-based malware attacks growing at an astonishing rate originally appeared on Download Squad on Wed, 28 Oct 2009 12:00:00 EST. Please see our terms for use of feeds.

When our list of six free antivirus apps for Windows 7 went live over the weekend, Panda's Cloud AV made the list. While it boasted the best detection rates of any of the available options, it's still in beta testing - so I can't really recommend it for use by the average user just yet.

Panda's plugging away though, and a full release could well be just around the corner. Beta 3 has just been made available for download and it fixes a number of bugs and performance issues. The latest release also boasts improved scanning performance (the biggest knock against previous versions) and lower resource utilization.

In addition to updating the app itself, Panda is also hard at work on a new web site. Sign up for a CloudAV account, and you'll have access to forums as well as "other free services which [Panda is] still building." I'll be talking with Panda Security CEO Juan Santana and Senior Research Advisor Pedro Bustamante next week to learn more about their plans.

An account is now required to use the app, but as Pedro informed one leery commenter "It's just a unique identifier that is tied to the Tech Support Forums to be able to provide better support. You can use a throw-away mailbox to activate it[...]"

Panda Cloud Antivirus beta 3 is available for download now at Cloudantivirus.com. If you're using it - or tried it out and switched - share your thoughts in the comments!

Panda Cloud AV beta 3 boasts faster scans, inches closer to RTM originally appeared on Download Squad on Tue, 27 Oct 2009 10:00:00 EST. Please see our terms for use of feeds.

I've had plenty of good things to say about Microsoft Security Essentials to this point. On my own systems, it's been a good, lightweight layer of protection.

However, the folks over at H-Online have noted a bit of a problem. There are what H-Online refers to as "certain circumstances" under which Security Essentials seems to be forgetting to 1) update definitions and 2) notify users that their definitions may be as out of date as yet another Kanye West interruption joke.

By default, MSE only checks for updates once per day - when it's working, of course. Fortunately, making it check more often is a fairly simple task.

If you're comfortable editing your registry, read on after the break. If not, it might be best to wait for Microsoft to release a fix.

Continue reading How to make Microsoft Security Essentials check for updates more often

How to make Microsoft Security Essentials check for updates more often originally appeared on Download Squad on Mon, 26 Oct 2009 14:00:00 EST. Please see our terms for use of feeds.

Continue reading Six free antivirus programs made for your Windows 7 system

Six free antivirus programs made for your Windows 7 system originally appeared on Download Squad on Sat, 24 Oct 2009 14:00:00 EST. Please see our terms for use of feeds.

Sandboxie on sale for half price until midnight ET originally appeared on Download Squad on Tue, 20 Oct 2009 16:00:00 EST. Please see our terms for use of feeds.