ZDNet reports of a security flaw in Skype's updater process that "can allow an attacker to gain system-level privileges to a vulnerable computer." If the bug is exploited, it "can escalate a local unprivileged user to the full 'system' level rights -- granting them access to every corner of the operating system." What's worse is that Microsoft, which owns Skype, won't fix the flaw because it would require the updater to go through "a large code revision." Instead, Microsoft is putting all its resources on building an altogether new client. From the report: Security researcher Stefan Kanthak found that the Skype update installer could be exploited with a DLL hijacking technique, which allows an attacker to trick an application into drawing malicious code instead of the correct library. An attacker can download a malicious DLL into a user-accessible temporary folder and rename it to an existing DLL that can be modified by an unprivileged user, like UXTheme.dll. The bug works because the malicious DLL is found first when the app searches for the DLL it needs. Once installed, Skype uses its own built-in updater to keep the software up to date. When that updater runs, it uses another executable file to run the update, which is vulnerable to the hijacking. The attack reads on the clunky side, but Kanthak told ZDNet in an email that the attack could be easily weaponized. He explained, providing two command line examples, how a script or malware could remotely transfer a malicious DLL into that temporary folder.

A new study by IBM Security surveying 4,000 adults from a few different regions of the world found that consumers are now ranking security over convenience. For the first time ever, business users and consumers are now preferring security over convenience. From a report: TechRepublic spoke with executive security advisor at IBM Security Limor Kessem to discuss this new trend. "We always talk about the ease of use, and not impacting user experience, etc, but it turns out that when it comes to their financial accounts...people actually would go the extra mile and will use extra security," Kessem said. Whether it's using two factor authentication, an SMS message on top of their password, or any other additional step for extra protection, people still want to use it. Some 74% of respondents said that they would use extra security when it comes to those accounts, she said.

Huan Truong, a software developer, writes in a blog post: There is always an unlikely app that consistently works on all of my devices, regardless of their OS and how old they are: Google Maps. Google Maps still works today on Android 1.0, the earliest version available (Maps actually still works with some of the beta versions before that). I believe Maps was only a prototype app in Android 1.0. If I recall correctly, Google didn't have any official real device to run Android 1.0. That was back all the way in 2007. But then, you say, Android is Google's OS for Pete's sake. How about iOS? Google Maps for iOS, version 1.0, released late 2012, still works just fine. That was the first version of Google Maps ever released as a standalone app after Apple ditched Google's map solution on iOS. But wait... there is more. There is native iOS Maps on iOS 6, which was released in early 2012, and it still works. But that's only 6 years ago. Let's go hardcore. How about Google Maps on Java phones (the dumb bricks that run Java "midlets" or whatever the ancient Greeks call it)? It works too. [...] The Palm OS didn't even have screenshot functionality. But lo and behold, Google Maps worked.

A trivial problem reveals the limits of technology. Fascinating story from The New Yorker: Unsurprisingly, the engineers who specialize in paper jams see them differently. Engineers tend to work in narrow subspecialties, but solving a jam requires knowledge of physics, chemistry, mechanical engineering, computer programming, and interface design. "It's the ultimate challenge," Ruiz said.

"I wouldn't characterize it as annoying," Vicki Warner, who leads a team of printer engineers at Xerox, said of discovering a new kind of paper jam. "I would characterize it as almost exciting." When she graduated from the Rochester Institute of Technology, in 2006, her friends took jobs in trendy fields, such as automotive design. During her interview at Xerox, however, another engineer showed her the inside of a printing press. All Xerox printers look basically the same: a million-dollar printing press is like an office copier, but twenty-four feet long and eight feet high. Warner watched as the heavy, pale-gray double doors swung open to reveal a steampunk wonderland of gears, wheels, conveyor belts, and circuit boards. As in an office copier, green plastic handles offer access to the "paper path" -- the winding route, from "feeder" to "stacker," along which sheets of paper are shocked and soaked, curled and decurled, vacuumed and superheated. "Printers are essentially paper torture chambers," Warner said, smiling behind her glasses. "I thought, This is the coolest thing I've ever seen."