Swann Communications, a security company, has introduced the MovieStick, an ultra small camera and recorder that weighs under an ounce. All you need is to insert a 2GB microSD card and the device will record footage and still images up to 2.5 hours. It has a built-in Lithium-ion rechargeable battery and 4-pin USB port for transferring files and charging the battery.  Swann Communications claims that the device is slightly larger than a pack of gum.

The Swann MovieStick will be available sometime soon for $120

Popularity: 100% [?]

Another serious vulnerability has been found in Google’s Chrome web browser which allows an attacker to load a fake website while making it appear as legitimate website to the victims.

A Chinese security researcher named Liu Die Yu of the TopsecTianRongXin research lab in Beijing has disclosed a URL spoofing vulnerability found in Chrome web browser. Liu Die Yu also released a proof of concept that demonstrates how a legitimate URL can be forced into the address bar even if Chrome is not loading the actual URL.

This news comes after Google released a patch for their Chrome’s carpet bombing vulnerability.

Popularity: 10% [?]

Jason Ostrom, a telecommunication security expert has unveiled UCSniff, a tool that demonstrates how easy it is to intercept Voice over Internet Protocol (VoIP) calls.

UCSniff is a next-generation VoIP-sniffer software tool that allows penetration testers to assess the security of VoIP calls over a network. A computer running UCSniff can be connected to the Ethernet port of the network you want to probe, A VLAN hopper automatically checks the network under probe until it accesses the part that carries VoIP calls. The UCSniff then injects spoofed Address Resolution Protocol (ARP) packets into the network allowing all VoIP traffic to be routed to the computer running UCSniff.

UCSniff creator Jason Ostrom said, “It’s silently intercepting all the traffic and forwarding it to the phone, so a regular phone user would not be able to tell the difference.

“They think they’re talking directly to the other phone when in fact the tool is actually intercepting all the traffic.”

UCSniff can catch bi-directional conversations and record them in a single audio file. It automatically records calls that use the G.711 and G.722 codecs. However, UCSniff cannot be used to probe a remote network, you need to be directly wired to the network to conduct a probe. UCSniff will be available for download in the coming weeks from Sipera Systems for free.

UCSniff is definitely a tool that every security and VoIP owner should have.

Popularity: 4% [?]

As part of Mozilla’s ongoing stability and security update process, Firefox 3.0.3  for Windows, Mac, and Linux has been released. This version repairs a problem experienced by some users with the Password Manager feature in Firefox 3.0.2

What’s new in Firefox 3.0.3:

• Fixed the problem on saved passwords’ retrieval and saving new passwords.
• Fixed several security issues.
• Fixed several stability issues.
• Fixed the hang and crash problems when using screen readers.
• Fixed Mac-specific issues.

Download Firefox 3.0.3

Popularity: 3% [?]

Debian has released an OpenSSH security updates intended for computers powered by the Debian Linux Operating System. The current OpenSSH version found in Debian has a Denial of Service vulnerability. It was discovered that the Debian version of OpenSSH server’s  signal handler implementing the login timeout uses functions which are not async-signal-safe that leads to denial of service vulnerability. An affected system suffers from tremendous amount of zombie sshd processes.

If your Debian system is running the old version of OpenSSH server, using root account and running the following commands will solve the problem:
# apt-get update
# apt-get upgrade

Popularity: 4% [?]

As we all know, Google Chrome has been launched last Tuesday and I am one of those who downloaded and installed the software after the launch.  After reviewing the EULA which states that users apparently grant Google the rights to anything they publish and create while using Chrome, I must admit that I had to think twice and decided to set aside the new browser and stick with Firefox.  However, today’s news states that Google has updated the controversial end user license agreement of Chrome.

As an IT personnel, I am still a bit hesitant to use Chrome again, not unless the the reported security flaws of the software have been addressed by Google. Since Chrome is based on the WebKit rendering engine, there are numerous reports that it has inherited  a potentially serious security flaw from the old version of the WebKit. Chrome has also been found to be vulnerable to the “Safari Carpet Bombing Flaw”, which means a malicious code can be executed on the victim’s computer. I hope that Google will have an immediate patch on the reported security flaws so that people, especially in the IT industry will use their new Internet browser.

Popularity: 4% [?]