- More technical details on Facebook’s leakage of user info, Freedom to Tinker
- Facebook app breach gets the attention of Congress, Ars Technica
- Facebook moves to encrypt user IDs, ReadWriteWeb
- New Adobe Reader with security sandbox due next month, Slashdot
- Root privileges through flaw in GNU C loader, The H
- Business models of cyber criminals, Slashdot
- Java surpasses Adobe’s products as most actively exploited, The Register
- Microsoft removes Zeus botnet from over 1/4 of a million machines, Zero Day
- Evercookie harder to combat in mobile browsers, Slashdot
- Mozilla patches nine Firefox flaws, The Register
- Thunderbird also receives security update, The H
- Hackers subvert Firefox security warnings to serve malware, The Register
- Security holes in Apache web server, Zero Day
- Chrome update plugs high risk security holes, Zero Day
- Apple patches older Java security flaw, Zero Day
- Gaping security hole in Apple’s FaceTime beta, Engadget via Hacker News
- Adobe Shockwave exploity, The Register
- Pidgin update closes DoS hole, The H
- Twelve year finds Firefox flaw, earns bounty, Zero Day
Tag: Microsoft
feeds | grep links > Rig for Recording the Police, Feds Seek to Block XBox Hacker’s Testimony, and More
Feeling under the weather so just a few interesting links offered without comment.
feeds | grep links > Ozzie Leaves Microsoft, Developer Snafu as Neutrality Argument, and More
- Ray Ozzie leaves Microsoft
Cory at BoingBoing links to Dan Gillmor’s scoop at Salon. I think it is safe to reason that the all to brief FLOSS accommodation period at the Redmond giant is over. First Ramji leaves, and then the horrible OpenOffice.org attack video of the other day. Ah, well, as many have said, Ozzie is now free and likely to go on to do something more consistent with his past innovations. - T-Mobile cites developer mistake as defense against network neutrality
The Register has details of the incident that caused a twelve fold spike in traffic and the inevitable “I told you so” rhetoric from the carrier. The details mentioned in the article indicate that this isn’t even a bandwidth issue but a poor understanding of how programming approaches that work fine on the wired internet can cause unexpected problems for wireless. Seems to me like a technical solution is needed, that this isn’t anything to do with neutral or discriminatory networks. - Profile of the MIT Media Lab, BCC via Hacker News
- CAPTCHA breaking trail to proceed, despite problematic use of Computer Fraud and Abuse Act, Wired
Quick Security Alerts for the Week Ending 10/17/2010
- VoIP attacks in Australia lead to huge bills for victims, Slashdot
- Malware forces Firefox to save passwords, The Register
- HTML5 draws concerns over risks to privacy, Slashdot
- Using location tracking to help fight identity theft, ReadWriteWeb
- Another study revealing poor password practices, Slashdot
- Microsoft patches a record 49 security vulnerabilities, Krebs on Security
- Facebook rolls out security changes, ReadWriteWeb
- Java update closes 29 security holes, Krebs on Security
- Vulnerabilities in Xpdf affect several open source products, The H
- Microsoft looks to courts for botnet takedowns, Slashdot
- Home WiFi network security failings exposed, Slashdot
- New site aims to be iTunes for exploit info, code, Slashdot
- Google rolls out phishing URL alerts for admins, The Register
feeds | grep links > IBM-Oracle Java Pact, Interactive HTTP Tool, Future of the Cell Processor, and More
- IBM and Oracle agree to Java pact , New York Times Bits Blog
- Telnet like tool for HTTP
Via Nat’s Four Short Links at O’Reilly Radar. He remarks it looks like a useful teaching tool, which it no doubt is. I think it actually has more utility than just pedagogy. A lot of application development consists of plumbing together HTTP based services and having something a little more friendly than telnet and wget to explore and test is very useful for that end too. - Is passing query string data in referral URLs a privacy violation?, Techdirt
- IBM’s plans for the Cell processor, Slashdot
- Microsoft patents GPU-accelerated video encoding, Slashdot
feeds | grep links > In Praise of CLIs, ISPs Resisting Mass Copyright Demand Campaign, Recycling Rare Earth Metals, and More
- Vodo sets up currency to encourage promotion , Techdirt
- Criticism of GUIs over CLIs for sys admin tasks
Slashdot links to a post by Paul Venezia at Infoworld that not surprisingly matches my own views quite well. I am not a sysadmin but have to deal with enough systems as a programmer to appreciate both his points about reproducibility and conservation of effort. I would throw in that notion that scripting command line interfaces also makes testing and unexpected tasks easier than graphical user interfaces. - RedHat settles patent case, Slashdot
- BT seeks a moratorium on internet piracy cases, Slashdot
- UK ISPs band together to fight IP lookup requests, Ars Technica
- UK government to release works under open license, Techdirt
- Japanese mining company starts recycling rare earth metals from electronics
Slashdot has the details which are not as laudable as we might like. Dowa, the mining company in question, is responding to a Chinese trade embargo not to concerns over sustainable manufacturing. However if they develop cost effective, even profitable, means of recycling these metals that are highly toxic and in every increasing demand, that would be a pretty significant silver lining as others might follow for reasons besides trade pressure. - ABC unofficially partners with StatusNet, ReadWriteWeb
- IE drops below 50% market share worldwide, ReadWriteWeb
Quick Security Alerts for the Week Ending 10/3/2010
- Google warning Gmail users on spying from China, Slashdot
- Twitter hit by another worm, The Register
- Potentially crippling vulnerability identified in Zeus botnet, The Register
- More on Stuxnet infections at Iranian nuclear facilities, Ars Technica
- Stuxnet can re-infect PCs even after disinfection, The Register
- New clues about the origin of Stuxnet, Zero Day
- Attack on LinkedIn using fake contact requests, Slashdot
- Microsoft ships emergency patch for ASP.NET vulnerability, Zero Day
- Spamhaus debuts whitelist service, The Register
- Largest simulated cyber attack to date, Slashdot
- Critical security patches in PDF Reader, Zero Day
- Pirate Bay user database exploited by spammers, TorrentFreak
- Exploits propagated via social media increase, Slashdot
feeds | grep links > Chrome Loses Pirvacy Feature, Google Introduces Image Format, Microsoft Sues Motorola over Android, and More
- Google Chrome apparently removing privacy feature
Lauren Weinstein describes his experience just trying to exercise the sort of oversight and control over cookies that he had become used to. Despite this unexplained change in the latest release of Chrome, I suspect incompetence rather than malicious intent. Maybe he can dig through the Chromium sources for an explanation, assuming they are up to date and that commit histories are available as is the case with Mozilla’s sources. - Canonical adds streaming music to Ubuntu One, Ars Technica
- Google opens source to new, more compact image format
Cade Metz at The Register is one of many with details of WebP, pronounced weppy, which is based on the VP-8 video codec. I understand the search giant’s motivation, this move fits well with their recent emphasize on speeding up the web. I only have one thought, in three letter form: P-N-G. The challenge of popularizing a new media format, especially in an entrenched space such as images, cannot be overstated. - Blackberry’s encryption cracked, backups now at risk, Slashdot
- Microsoft sues Motorola, citing Android patent infringement, Ars Technica
Quick Security Alerts for the Week Ending 9/26/2010
- Stuxnet worm infected industrial control systems, Slashdot
- Stuxnet work may have targeted Iranian reactor, Slashdot
- Another story speculating about Stuxnet’s Iranian targets, Yahoo, HT Charles
- More on the sophistication of the Stuxnet worm, Schneier on Security
- Microsoft confirms ASP.NET vulnerability, Zero Day
- Microsoft provides temporary fix for APS.NET flaw, The Register
- Exploit of latest privilege escalation flaw in Linux kernel, Slashdot
- More details on recent Linux kernel flaws, The H
- Google App adopts optional two-factor authentication, ReadWriteWeb
- Security fix for critical Adobe Flash flaw, Krebs on Security
- Apple plugs info leak in OS X, Zero Day
- Fake iPhone jail-breaking tool packed with malware, Zero Day
- Twitter hit by security flaw, ReadWriteWeb
- More on highly visible Twitter security flaw, ReadWriteWeb
- Australian student responsible for Twitter exploit, Slashdot
- Hole closed in bzip2 compression tool, The H
- Are desktop firewalls overkill?, Slashdot
- New defense against DDoS attacks, Technology Review
- Security lessons learned from Diaspora launch, Slashdot
Quick Security Alerts for the Week Ending 9/19/2010
- Trojan extorts users over porn surfing habits, Schneier on Security
- Self proclaimed author of email worm claims it was written as a propaganda tool, The Register
- Pirate Bay’s ad servers targeted and exploited by hackers, Torrentfreak
- Updated to exploited ad server, The H
- Adobe exploit bears fingerprints of hack on Google, The Register
- Unofficial fix for Adobe flaw bring respite, The Register
- Microsoft anti-exploit tool kit can help mitigate PDF zero day attacks, Zero Day
- More malware found in Google Code, Zero Day
- Adobe warns of attacks on Flash flaw, Krebs on Security
- Vulnerabilities in US-CERT network, Schneier on Security
- Chinese cyber-crooks offer DDoS for hire, The Register
- Stuxnet worm more sophisticated than thought, Krebs on Security
- Google closes ten holes in Chrome 6, The H
- Diehard Linux kernel bug resurfaces, The Register
- Apple QuickTime flaw puts Windows users at risk, Zero Day
- Security a concern as HTML5 advances, Slashdot