codegen writes "The Ontario Court of Appeal has just ruled that the police can search your cellphone if you are arrested without a warrant if it is not password protected. But the ruling also stated that if it is password protected, then the police need a warrant. Previous to this case there was no decision on if the police could search your phone without a warrant in Canada."
Lasrick writes "David Axe at Wired's Danger Room explains: 'For the first time, America's top-of-the-line F-22 fighters and Britain's own cutting-edge Typhoon jets have come together for intensive, long-term training in high-tech warfare. If only the planes could talk to each other on equal terms. The F-22 and the twin-engine, delta-wing Typhoon — Europe’s latest warplane — are stuck with partially incompatible secure communications systems. For all their sophisticated engines, radars and weapons, the American and British pilots are reduced to one-way communication, from the Brits to the Yanks. That is, unless they want to talk via old-fashioned radio, which can be intercepted and triangulated and could betray the planes’ locations. That would undermine the whole purpose of the F-22s radar-evading stealth design, and could pose a major problem if the Raptor and the Typhoon ever have to go to war together.'"
netbuzz writes "Educause members and 7,000 university websites are being forced to change account passwords after a security breach involving the organization's .edu domain server. However, some initially hesitated to comply because the Educause notification email bore tell-tale markings of a phishing attempt. 'Given what is known about phishing and user behavior, this was bad form,' says Gene Spafford, a Purdue University computer science professor and security expert. 'For an education-oriented organization to do this is particularly troubling.'"
Lasrick writes "The Bulletin has an interesting article about the likelihood of terrorists obtaining nuclear material. 'Since 1993, the International Atomic Energy Agency (IAEA) has logged roughly 2,000 cases of illicit or unauthorized trafficking of nuclear and radioactive material. Thirty illicit radioactive trafficking incidents were reported in the former Soviet region alone from 2009 to 2011. As Obama said in December, "Make no mistake, if [terrorists] get [nuclear material], they will use it."'"
NeverVotedBush writes in with the latest installment of the Dreamliner: Boeing 787 saga. "A probe into the overheating of a lithium ion battery in an All Nippon Airways Boeing 787 that made an emergency landing found it was improperly wired, Japan's Transport Ministry said Wednesday. The Transport Safety Board said in a report that the battery for the aircraft's auxiliary power unit was incorrectly connected to the main battery that overheated, although a protective valve would have prevented power from the auxiliary unit from causing damage. Flickering of the plane's tail and wing lights after it landed and the fact the main battery was switched off led the investigators to conclude there was an abnormal current traveling from the auxiliary power unit due to miswiring."
coondoggie writes "Communications and effective system control are still big challenges unmanned aircraft developers are facing if they want unfettered access to U.S. airspace. Those were just a couple of the conclusions described in a recent Government Accountability Office report on the status of unmanned aircraft (PDF) and the national airspace. The bottom line for now seems to be that while research and development efforts are under way to mitigate obstacles to safe and routine integration of unmanned aircraft into the national airspace, these efforts cannot be completed and validated without safety, reliability, and performance standards, which have not yet been developed because of data limitations." The FAA and others seem mostly concerned about the drones hitting things if their GPS and ground communications are both disrupted.
KermMartian writes "The TI-84 Plus C Silver Edition isn't the first color-screen graphing calculator, or even TI's first color calculator, but it's a refresh of a 17-year-old line that many have mocked as antiquated and overpriced. From an advanced review model, the math features look familiar, solid, and augmented with some new goodies, while programming looks about on par with its siblings. The requisite teardown uncovers the new battery, Flash, ASIC/CPU, and LCD used in the device. Although there are some qualms about its speed and very gentle hardware upgrades beyond the screen, it looks to be an indication that TI will continue this inveterate line for years to come." Lots of screenshots and pictures of the innards too.
Trailrunner7 writes "A vulnerability exists in some components of BlackBerry mobile devices that could grant attackers access to instances of the company's Enterprise Server (BES), according to BlackBerry, which issued an alert and released a patch for the vulnerability last week via its Knowledge Base support site. BES, the software implicated by the vulnerability, helps companies deploy BlackBerry devices. The high severity advisory involves the way the phone views Tagged Image File Format (TIFF) files, specifically the way the phone's Mobile Data System Connection Service and Messaging Agent processes and renders the images. An attacker could rig a TIFF image with malware and get a user to either view the image via a specially crafted website or send it to the user via email or instant message. The last two exploit vectors could make it so the user wouldn't have to click the link or image, or view the email or instant message, for the attack to prove successful. Once executed, an attacker could access and execute code on Blackberry's Enterprise Server."
FreeMichael61 writes "In the latest episode of Spy vs. Spy, China rejects accusations it's hacking U.S. companies to steal IP or bring down the grid. But there's no doubt the grid can be hacked, CIO Journal's Steve Rosenbush and Rachael King report. Industrial control networks are supposed to be protected from the Internet by an air gap that, it turns out, is largely theoretical. Internal security is often lax, laptops and other devices are frequently moved between corporate networks and control networks, and some SCADA systems are still directly connected to the internet. What security standards actually exist are out of date and don't cover enough, and corporations often use questionable supply chains because they are cheaper."
New submitter genericmk writes "NPR is running an interesting story about the unfortunate status of the aging programmers in the IT industry. Older IT workers are opposing the H-1B visa overhaul. Large corporations want more visa, they claim, because of a shortage of IT talent. However, these companies are actively avoiding older, more experienced workers, and are bringing in large volumes of foreign staff. The younger, foreign workers are often easier to control, and they demand lower wages; indentured servitude is replacing higher cost labor."
snydeq writes "Apple was recently attacked by hackers who infected the Macintosh computers of some employees, the company said on Tuesday in an unprecedented disclosure that described the widest known cyber attacks against Apple-made computers to date, Reuters reports. 'The same software, which infected Macs by exploiting a flaw in a version of Oracle Corp's Java software used as a plug-in on Web browsers, was used to launch attacks against Facebook, which the social network disclosed on Friday. ... A person briefed on the investigation into the attacks said that hundreds of companies, including defense contractors, had been infected with the same malicious software, or malware. The attacks mark the highest-profile cyber attacks to date on businesses running Mac computers.'"
netbuzz writes "Fed up with phishers using Google Forms to commandeer campus email accounts as spam engines, Oxford University recently blocked access to Google Docs for two-and-a-half hours in what it called an 'extreme action' designed to get the attention of both its users and Google. 'Seeing multiple such incidents the other afternoon tipped things over the edge,' Oxford explains in a blog post. 'We considered these to be exceptional circumstances and felt that the impact on legitimate University business by temporarily suspending access to Google Docs was outweighed by the risks to University business by not taking such action.' The move generated widespread complaints from those affected, as well as criticism from outside network professionals."
Vigile writes "NVIDIA's new GeForce GTX TITAN graphics card is being announced today and is utilizing the GK110 GPU first announced in May of 2012 for HPC and supercomputing markets. The GPU touts computing horsepower at 4.5 TFLOPS provided by the 2,688 single precision cores, 896 double precision cores, a 384-bit memory bus and 6GB of on-board memory doubling the included frame buffer that AMD's Radeon HD 7970 uses. With a make up of 7.1 billion transistors and a 551 mm^2 die size, GK110 is very close to the reticle limit for current lithography technology! The GTX TITAN introduces a new GPU Boost revision based on real-time temperature monitoring and support for monitor refresh rate overclocking that will entice gamers and with a $999 price tag, the card could be one of the best GPGPU options on the market." HotHardware says the card "will easily be the most powerful single-GPU powered graphics card available when it ships, with relatively quiet operation and lower power consumption than the previous generation GeForce GTX 690 dual-GPU card."
judgecorp writes "The Chinese government has been accused of backing the APT1 hacking group, which appears to be part of the Chinese People's Liberation Army (PLA), according to the security firm which worked with the New York Times when it fell victim to an attack. The firm, Mandiant, says that APT1 is government sponsored, and seems to operate from the same location as PLA Unit 61398." Unsurprisingly, this claim is denied by Chinese officials. You can read the report itself online (PDF), or skim the highlights.
diegocg writes "Linux kernel 3.8 has been released. This release includes support in Ext4 for embedding very small files in the inode, which greatly improves the performance for these files and saves some disk space. There is also a new Btrfs feature that allows for quick disk replacement, a new filesystem F2FS optimized for SSDs; support for filesystem mount, UTS, IPC, PID, and network namespaces for unprivileged users; accounting of kernel memory in the memory resource controller; journal checksums in XFS; an improved NUMA policy redesign; and, of course, the removal of support for 386 processors. Many small features and new drivers and fixes are also available. Here's the full list of changes."
With the Linux 3.8 merge over, the Intel Linux graphics developers are looking toward 3.9. From a weblog entry by one of them: "Let's first look at bit at the drm core changes: The headline item this time around is the reworked kernel modeset locking. Finally the kernel doesn't stall for a few frames while probing outputs in the background! ... For general robustness of our GEM implementation we've clarified the various gpu reset state transitions. This should prevent applications from crashing while a gpu reset is going on due to the kernel leaking that transitory state to userspace. Ville Syrjälä also started to fix up our handling of pageflips across gpu hangs so that compositors no longer get stuck after a reset. Unfortunately not all of his patches made it into 3.9. Somewhat related is Mika Kuoppala's work to fix bugs across the seqnqo wrap-around. And to make sure that those bugs won't pop up again he also added some testing infrastructure. " The thing I am most looking forward to is the gen4 relocation regression finally being fixed. No more GPU hangs when under heavy I/O load (the bane of my existence for a while now). The bug report is a good read if you think hunting for a tricky bug is fun.
DavidGilbert99 writes "Facebook admitted last weekend that it was hacked but assured everyone that no data was compromised. However following some investigation by security firm F-Secure, it seems this could be just the tip of the iceberg and that thousands of mobile app developers without the dedicated security team Facebook has in place could already be compromised. The vector for the attack was a mobile developer's website, and the malware used likely targeted Apple's Mac OS X rather than Windows."
hypnosec writes "Kevin Mitnick, who was one of the most wanted computer hacker in the US at one time, is now heading a security consultancy firm – Mitnick Security Consulting, and is entrusted with the task of securing Sunday's presidential elections in Ecuador. Mitnick tweeted, '18 years ago I was busted for hacking. I do the same thing today but with full authorization. How cool is that?' His company will focus on protecting the Net Lock computer system tasked with tabulating Ecuador's elections."
An anonymous reader writes "Netcraft confirms a recent increase in the number of malicious proxy auto-config (PAC) scripts being used to sneakily route webmail and online banking traffic through rogue proxy servers. The scripts are designed to only proxy traffic destined for certain websites, while all other traffic is allowed to go direct. If the proxy can force the user to keep using HTTP instead of HTTPS, the fraudsters running these attacks can steal usernames, passwords, session cookies and other sensitive information from online banking sessions."
badger.foo writes "You thought you had successfully avoided the tiresome password guessing bots groping at your SSH service by moving the service to a non-standard port? It seems security by obscurity has lost the game once more. We're now seeing ssh bruteforce attempts hitting other ports too, Peter Hansteen writes in his latest column." For others keeping track, have you seen many such attempts?
Trailrunner7 writes "Laptops belonging to several Facebook employees were compromised recently and infected with malware that the company said was installed through the use of a Java zero-day exploit that bypassed the software's sandbox. Facebook claims that no user data was affected by the attack and says that it has been working with law enforcement to investigate the attack, which also affected other unnamed companies. Facebook officials did not identify the specific kind of malware that the attackers installed on the compromised laptops, but said that the employee's machines were infected when they visited a mobile developer Web site that was hosting the Java exploit. When the employees visited the site, the exploit attacked a zero-day vulnerability in Java that was able to bypass the software's sandbox and enable the attackers to install malware. The company said it reported the vulnerability to Oracle, which then patched the Java bug on Feb. 1."
An anonymous reader writes "Dutch Member of Parliament (MP) Henk Krol was fined 750 (US$1,000) by the district court of Oost-Brabant on Friday for breaking and entering the system of the Dutch medical laboratory Diagnostics for You. Krol said he entered the system as an ethical hacker to show that it was easy to access and download confidential medical information. Krol, leader of the Dutch 50plus party, accessed the systems of the laboratory with a login and password he had obtained from a patient of the clinic, who in turn had overheard the information at the laboratory from a psychiatrist that worked there ... In April last year, Krol used the login information to enter the company's Web server and subsequently viewed and downloaded medical files of several patients. He did this to prove how easy it was to get access to the systems, according to the ruling (PDF in Dutch).'"
g01d4 writes "According to the LA Times, 'California's computer problems, which have already cost taxpayers hundreds of millions of dollars, have mounted as state officials cut short work on a $208-million DMV technology overhaul that is only half done. The state has spent $135 million total on the overhaul so far. The state's contractor, HP Enterprise Services, has received nearly $50 million of the money spent on the project. Botello said the company will not receive the remaining $26 million in its contract. ... Last week, the controller's office fired the contractor responsible for a $371-million upgrade to the state's payroll system, citing a trial run filled with mishaps. More than $254 million has already been spent.' It's hard not to feel like the Tokyo man in the street watching the latest round of Godzilla the state vs. Rodan the big contractor."
Hugh Pickens writes writes "The Guardian reports that Frank Lecerf was driving his Renault Laguna in Northern France when the car's speed jammed at 60mph. Then each time he tried to brake, the car accelerated, eventually reaching 125mph and sticking there. While uncontrollably speeding through the fast lane as other cars swerved out of his way, he managed to call emergency services who immediately dispatched a platoon of police cars. Realizing Lecerf had no choice but to keep racing along until his fuel ran out, they escorted him at high speed across almost 125 miles of French motorway, past Calais and Dunkirk, and over the Belgian border. After about an hour, Lecerf's tank spluttered empty and he managed to swerve into a ditch in Alveringem in Belgium, about 125 miles from his home. 'My life flashed before me,' says Lecerf. 'I just wanted it to stop.' His lawyer says Lecerf will file a legal complaint over 'endangerment of a person's life.'"
Celarent Darii writes "Slashdot readers have undoubtedly heard of Google Docs and the many other online word processing solutions that run in the browser. However, as a long-time user of TeX and LaTeX, these solutions are not my favorite way of doing things. Wouldn't it be nice to TeX something in your browser? Well, look no further, there is now an online collaborative LaTeX editor with integrated rapid preview. Some fantastic features: quasi-instant preview, automatic versioning of source, easy collaboration and you can even upload files and pictures. Download your project later when you get home. Are you a TeX guru with some masterpieces? Might I suggest uploading them? For the beginner: you can start here."
Noryungi writes "Researchers at the University of Erlangen demonstrate how to recover an Android phone's confidential content, with the help of a freezer and FROST, a specially-crafted Android ROM. Quite an interesting set of pictures, starting with wrapping your Android phone in a freezer bag."
Yvonne Lee, Community Manager at Dice.com writes, "Not using standard job titles, not tying your work to real business results and not using the right keywords can mean never getting called for an interview, even if you have the right skills to do the job. I once heard advice to use the exact wording found in the ad when placing your keywords. I think you're even more unlikely to get a job if you do some of the things on this list."
holy_calamity writes "MIT Technology Review reports that efforts by U.S. government agencies and defense contractors to develop malware to attack enemies is driving a black market in zero-day vulnerabilities. Experts warn that could make the internet less secure for everyone, since malicious code is typically left behind on targeted systems and often shows up on untargeted ones, providing opportunities for reverse engineering. '"On the one hand the government is freaking out about cyber-security, and on the other the U.S. is participating in a global market in vulnerabilities and pushing up the prices," says Soghoian, who says he has spoken with people involved in the trade and that prices range from the thousands to the hundreds of thousands. Even civilian law-enforcement agencies pay for zero-days, Soghoian says, in order to sneak spy software onto suspects’ computers or mobile phones.'"
An anonymous reader writes "Last night before the State of the Union speech, President Obama signed an executive order for improving cybersecurity of critical infrastructure (PDF). The highlights of the order are: 'information sharing programs' for the government to provide threat reports to industry; an overarching cybersecurity framework developed by NIST to figure out best practices for securing critical infrastructure; and reviews of existing regulations to make sure they're effective. The ACLU supports the Order, as does the EFF. '"A lot of what this shows is that the president can do a lot without cybersecurity legislation," said Mark Jaycox, policy analyst and legislative assistant for the Electronic Frontier Foundation, who points out that the executive order satisfies the need for information sharing without the privacy problems that existed under legislative proposals where loopholes would have allowed companies to dump large amounts of data on the government in an effort to obtain legal immunities. Without those immunities, companies will by nature be more circumspect about what they provide the government, thus limiting what they hand over, Jaycox said.'"
dstates writes with news from NASA about the state of available water in the Middle East. From the NASA article: "'GRACE data show an alarming rate of decrease in total water storage in the Tigris and Euphrates river basins, which currently have the second fastest rate of groundwater storage loss on Earth, after India,' said Jay Famiglietti, principal investigator of the study and a hydrologist and professor at UC Irvine. 'The rate was especially striking after the 2007 drought. Meanwhile, demand for freshwater continues to rise, and the region does not coordinate its water management because of different interpretations of international laws.'" dstates adds: "Water is a huge global security issue. To understand the middle east, you need to understand that the Golan Heights provides a significant amount of the water used in Israel. Focusing on conflicts and politics means that huge volumes of valuable water are being wasted in the Middle East, and this will only exacerbate future conflicts. Water is a serious issue between India and China. And then there is Africa. U.S. food exports are in effect exporting irrigation water drawn from the Ogallala aquifer. Fracking trades water for energy, and lack of water limits fracking in many parts of th world. Think about it."
jfruh writes "Here's an old computer science joke: What's the difference between hardware and software? If you use hardware long enough, it breaks. If you use software long enough, it works. The truth behind that is the reason that so much decades-old COBOL code is out there still driving crucial applications at banks and other huge companies. Many attempts to replace COBOL applications flopped in the 1980s and '90s, and we're stuck with them for the foreseeable future — but the Baby Boomers who wrote all that code are now retiring en masse."
isoloisti writes "An article by some Microsofties in the latest issue of Computing Now magazine claims we have got passwords all wrong. When money is stolen, consumers are reimbursed for stolen funds and it is money mules, not banks or retail customers, who end up with the loss. Stealing passwords is easy, but getting money out is very hard. Passwords are not the bottleneck in cyber-crime and replacing them with something stronger won't reduce losses. The article concludes that banks have no interest in shifting liability to consumers, and that the switch to financially-motivated cyber-crime is good news, not bad. Article is online at computer.org site (hard-to-read multipage format) or as PDF from Microsoft Research."
coondoggie writes "The US Department of Energy today said it would spend $20 million on the development of advanced cybersecurity tools to help protect the nation's vulnerable energy supply. The DOE technologies developed under this program should be interoperable, scalable, cost-effective advanced tools that do not impede critical energy delivery functions, that are innovative and can easily be commercialized or made available through open source for no cost."
Nerval's Lobster writes "Gavin Newsom, former mayor of San Francisco and current lieutenant governor of California, argues in his new book Citizenville that citizens need to take the lead in solving society's problems, sidestepping government bureaucracy with a variety of technological tools. It's more efficient for those engineers and concerned citizens to take open government data and use it to build apps that serve a civic function—such as Google Earth, or a map that displays crime statistics—than for government to try and provide these tools itself. But Newsom doesn't limit his attacks on government bureaucracy to politicians; he also reserves some fire for the IT departments, which he views as an outdated relic. 'The traditional IT department, which set up and maintained complex, centralized services—networks, servers, computers, e-mail, printers—may be on its way out,' he writes. 'As we move toward the cloud and technology gets easier to use, we'll have less need for full-time teams of people to maintain our stuff.' Despite his advocacy of the cloud and collaboration, he's also ambivalent about Wikileaks. 'It has made government and diplomacy much more challenging and ultimately less honest,' he writes at one point, 'as people fear that their private communications might become public.' Nonetheless, he thinks WikiLeaks and its ilk are ultimately here to stay: 'It is happening, and it's going to keep happening, and it's going to intensify.' In the end, he feels the benefits of collaboration and openness outweigh the drawbacks." Keep reading for the rest of Nick's review.
CowboyRobot writes "The January edition of Science, Technology & Human Values published an article titled Technological Change and Professional Control in the Professoriate, which details interviews with 42 faculty members at three research-intensive universities. The research concludes that faculty have little interest in the latest IT solutions. 'I went to [a course management software workshop] and came away with the idea that the greatest thing you could do with that is put your syllabus on the Web and that's an awful lot of technology to hand the students a piece of paper at the start of the semester and say keep track of it,' said one. 'What are the gains for students by bringing IT into the class? There isn't any. You could teach all of chemistry with a whiteboard. I really don't think you need IT or anything beyond a pencil and a paper,' said another."
danielkennedy74 links to an instructive story captured on video introduced with these words: "Sneaking in near press/employee access points without going thru them, zigzagging through corridors, and once carrying a box so someone opens a door for them, two jokers from Savannah State University social engineer their way into Super Bowl XLVII for the most part simply by looking like they belong." USA Today has a slightly longer article.
First time accepted submitter Bitsy Boffin writes "Xtra, the largest ISP in New Zealand, which outsources email provision to Yahoo, has in the last two days been subject to a widespread email compromise, causing potentially thousands of accounts to send spam messages to every address in their webmail address books. Discussion at Geekzone centers around this potentially being a continuation of the Yahoo XSS exploit. While Telecom NZ, the owners of Xtra internet service provider indicate that the problem was "resolved", reports of spam from its members continue unabated. Telecom NZ are advising those affected to change their passwords."
An anonymous reader writes "If you're a hacker or a security researcher, this is a reminder that you don't have to take on Google's or Mozilla's software to get paid for finding a bug. In its first week, the Mega vulnerability reward program has already confirmed and fixed seven bugs, showing that Dotcom really does put his money where his mouth is. Although Mega hasn't shared how much money it paid out in the first week, how many bug submissions were made, or even who found which bugs, the company did briefly detail the discovered security holes. It also confirmed that the program is here to stay and urged those participating to find more severe bugs."
Bomarc writes "Twice now I've been advised to 'flash the BIOS to the latest,' once by a (major) hard drive controller maker (RAID); once by an OEM (who listed the update as 'critical,' and has removed older versions of the BIOS). Both times, the update has bricked an expensive piece of equipment. Both times, the response after the failed flash was 'It's not our problem, it's out of warranty.' Given that they recommended / advised that the unit be upgraded, shouldn't they shoulder the responsibility of BIOS upgrade failure? Also, if their design had sockets rather than soldering on parts, one could R/R the faulty part (BIOS chip), rather than going to eBay and praying. Am I the only one that has experienced this type of problem? Have you been advised to upgrade a BIOS (firmware); and the upgrade bricked the part or system? If so, what did you do? Should I name the companies?"
An anonymous reader writes "Slate provides the first-person account of a CEO who received an e-mail with several business documents attached threatening to distribute them to competitors and business partners unless the CEO paid $150,000. 'Experts I consulted told me that the hacking probably came from government monitors who wanted extra cash,' writes the CEO, who successfully ended the extortion with an e-mail from the law firm from the bank of his financial partner, refusing payment and adding that the authorities had been notified. According to the article, IT providers routinely receive phone calls from their service providers if they detect any downtime on the monitors of network traffic installed by the Chinese government, similar to the alerts provided to telecom providers about VoIP fraud on their IP-PBX switches. 'Hundreds of millions of Chinese operate on the Internet without any real sense of privacy, fully aware that a massive eavesdropping apparatus tracks their every communication and move...' writes the CEO. 'With China's world and ours intersecting online, I expect we'll eventually wonder how we could have been so naive to have assumed that privacy was normal- or that breaches of it were news.'"
First time accepted submitter YurB writes "Matthew Garrett, a Linux kernel developer who was investigating the recent Linux-on-Samsung-in-UEFI-mode problem, has bricked a Samsung laptop using a test userspace program in Windows. The most fascinating part of the story is on what is actually causing the firmware boot failure: 'Unfortunately, it turns out that some Samsung laptops will fail to boot if too much of the [UEFI] variable storage space is used. We don't know what "too much" is yet, but writing a bunch of variables from Windows is enough to trigger it. I put some sample code here — it writes out 36 variables each containing a kilobyte of random data. I ran this as an administrator under Windows and then rebooted the system. It never came back.'"
An anonymous reader writes "We have started seeing an increase in iPhone issues related to battery life and overheating. All of them seem to be related to users upgrading their devices to iOS 6.1. Furthermore, Vodafone UK today began sending out text messages to iPhone 4S owners on its network, warning them not to upgrade to iOS 6.1 due to issues with 3G performance. The text reads, 'If you've not already downloaded iOS 6.1 for your iPhone 4s, please hold off for the next version while Apple fixes 3G performance issues. Thanks.'"
Billly Gates writes "Microsoft is advising users to stick with other browsers until Tuesday, when 57 patches for Internet Explorer 6, 7, 8, 9, and even 10 are scheduled. There is no word if this patch is to protect IE from the 50+ Java exploits that were patched last week or the new Adobe Flash vulnerabilities. Microsoft has more information here. In semi-related news, IE 10 is almost done for Windows 7 and has a IE10 blocker available for corporations. No word on whether IE 10 will be included as part of the 57 updates."
tsamsoniw writes "In the wake of the most recent zero-day attacks exploiting Flash Player, Adobe claims that it's worked hard to make Player secure — and that most SWF exploits stem from users opening infected Office docs attached to emails. The company has a solution, though: A forthcoming version of Flash Player will detect when it's being launched from Office and will present users with a dialog box with vague warnings of a potential threat."
tsu doh nimh writes "Bit9, a company that provides software and network security services to the U.S. government and at least 30 Fortune 100 firms, has suffered a compromise that cuts to the core of its business: helping clients distinguish known 'safe' files from computer viruses and other malicious software. A leading provider of 'application whitelisting' services, Bit9's security technology turns the traditional approach to fighting malware on its head. Antivirus software, for example, seeks to identify and quarantine files that are known bad or strongly suspected of being malicious. In contrast, Bit9 specializes in helping companies develop custom lists of software that they want to allow employees to run, and to treat all other applications as potentially unknown and dangerous. But in a blog post today, the company disclosed that attackers broke into its network and managed to steal the digital keys that Bit9 uses to distinguish good from bad applications. The attackers then sent signed malware to at least three of Bit9's customers, although Bit9 isn't saying which customers were affected or to what extent. The kicker? The firm said it failed to detect the intrusion in part because the servers used to store its keys were not running Bit9's own software."
New submitter rHBa sends this article about another high-profile email account breach: "The apparent hack of several e-mail accounts has exposed personal photos and sensitive correspondence from members of the Bush family, including both former U.S. presidents. The posted photos and e-mails contain a watermark with the hacker's online alias, 'Guccifer.' ... Included in the hacked material is a confidential October 2012 list of home addresses, cell phone numbers, and e-mails for dozens of Bush family members, including both former presidents, their siblings, and their children. ... Correspondence obtained by the hacker indicates that at least six separate e-mail accounts have been compromised, including the AOL account of Dorothy Bush Koch, daughter of George H.W. Bush and sister of George W. Bush. Other breached accounts belong to Willard Heminway, 79, an old friend of the 41st president who lives in Greenwich, Connecticut; CBS sportscaster Jim Nantz, a longtime Bush family friend; former first lady Barbara Bush’s brother; and George H.W. Bush’s sister-in-law. "
Orome1 writes "Adobe has pushed out an emergency Flash update that solves two critical vulnerabilities (CVE-2013-0633 and CVE-2013-0634) that are being actively exploited to target Windows and OS X users, and is urging users to implement it as soon as possible. According to a security bulletin released on Thursday, the OS X exploit targets Flash Player in Firefox or Safari via malicious Flash content hosted on websites, while Windows users are targeted with Microsoft Word documents delivered as an email attachments which contain malicious Flash content. Adobe has also announced its intention of adding new protections against malicious Flash content embedded in Microsoft Office documents to its next feature release of Flash Player."
johnsnails writes "Some of the biggest news sites in the world disappeared yesterday when Facebook took over the internet with a redirection bug. Visitors to sites such as The Washington Post, BuzzFeed, the Gawker network, NBC News and News.com.au were immediately transferred to a Facebook error page upon loading their intended site. It was fixed quickly, and Facebook provided this statement: 'For a short period of time, there was a bug that redirected people logging in with Facebook from third party sites to Facebook.com. The issue was quickly resolved, and Login with Facebook is now working as usual.'"