You're pertty savvy when it comes to internet privacy, right? You have cookies turned off by default, and you run NoScript, AdAware, and FlashBlock. You think you're taking reasonable measures to protect your privacy, but you might as well not bother. Zombie cookies are here, and they're nearly impossible to get rid of. It's every advertiser's fantasy turned into reality.
A security flaw is curently being exploited on Twitter, AKA The Confetti Of The Internet. Reportedly it's just blocking access to accessing user's Twitter home pages and also auto-retweeting the exploit code whenever you move your mouse over parts of the page. However, there have also been reports (not surprisingly) of the exploit being used to forward Twitter users to hard-core porn sites and/or infectious malware sites.
Currently there are thousands and thousands of "infected" Twitter accounts, most notably the account of Sarah Brown, wife of the former British Prime Minister.
Sophos security researchers are warning that it may also lead to endless cascades of spam pop-ups, which compared to malware infections seems like the least of your worries. Sophos recommends that you stay off of Twitter for the immediate future to help prevent/slow the spread of this exploit (and also to protect your computer). We, on the other hand, recommend that you stay off of Twitter indefinitely to help prevent/slow the spread of this exploit (and also to make the world a better place).
This is a "versatile" exploit that works on every OS- Mac and Linux users are affected just like Windows users.
Things are heating up in the appliance world. Oracle's CEO Larry Ellison took the lead at the keynote of Oracle OpenWorld to announce the launch of 'Exalogic Elastic Compute Cloud' (EECC), which is a slick new box that contains both a full server and storage hardware.
A serious data-stealing vulnerability in IE8 has come to light, but it's not new- it's been quietly stealing data (possibly yours) since at least December 2009 (and perhaps much longer than that, too. Now, get ready to put on your "shocked face", because it turns out that Microsoft has known about it for at least that long and done…nothing.
Ruben Santamarta, a Spanish security researcher from Wintercore, published an article detailing a new vulnerability he's uncovered in Apple's QuickTime software. The beauty of this flaw is two-fold: it can bypass both ASLR and DEP in XP, Windows 7, and Vista so as to give an attacker complete control of a PC, and the bug seems to be the result of a small bit of code that was accidentally left in older versions of QuickTime. According to Santamarta, this isn't purposely malicious code, "..but a horrible trick a developer implemented during the development cycle."
Oracle recently filed suit against Google claiming some not-too-well defined claims of misuse of the Java patents or usage (the exact nature of the suit still hasn't been made completely clear). But wiser heads than mine have been looking into it, like the savvy folks at Groklaw, and the initial take is that this just isn't going to fly.
Facebook announced that it will shortly launche a "Location Based Stalking Tool", err, I mean, "Product". This service will let everyone spy on your current location. In other words your stalkers will know where you are, and your local burglars and bad guys will know where you aren't. What could possibly go wrong?
Sometimes you have to wonder if key people at large companies just are asleep at the switch, or if anyone is even at the switch. Or if there's even a switch to begin with. Word comes from Net-Security.org that Network Solutions, one of the largest registrars in the world, has been serving up heapin' helpings of malware from a compromised widget on many of their parked pages.
Facebook users by and large have the inherent gullibility of a 2-year old. They'll fall for anything, which makes them the proverbial low-hanging fruit of the internet. The latest shiny thing they can be tricked into clicking on is the "Dislike Button", which of course is just another way to trick them into displaying their infinite (and idiotic) propensity for trusting anyone, anywhere, at anytime.
Oracle has filed a patent infringement lawsuit against Google and the bone of contention is Google's use of Java in the Android smartphone. In theory Java is free to use without royalties, so the tech community is abuzz wondering specifically what this is all about. Has Google run afoul of the patent grant that governs use of Java?