When Google launched Extensions for Chrome in December, they had around 300 of them ready to go in their gallery. A day later, that number was already up to 500. By now, there are a few thousand available, and that number just got multiple by several times as Google has announced that the latest official version of Chrome, version 4, now natively supports Greasemoneky user scripts.
Full Article (TechCrunch - techcrunch.com)
Easily the most-viewed post at krebsonsecurity.com so far has been the entry on a cleverly disguised ATM skimmer found attached to a Citibank ATM in California in late December. Last week, I had a chance to chat with Rick Doten, chief scientist at Lockheed Martin’s Center for Cyber Security Innovation. Doten has built an impressive slide deck on ATM fraud attacks, and pictured below are some of the more interesting images he uses in his presentations.
Full Article (Krebs on Security - krebsonsecurity.com)
Those with no technical knowledge generally believe that they are anonymous when simply browsing the Web. Those who know more might recognize that IP addresses can be used to do some rough targeting, while browser cookies can be used to track someone across sessions and across IP addresses. But what if your browser itself—even with cookies off and IP addresses out of the picture—was leaving a digital fingerprint at every site you visit?
Full Article (Ars Technica - arstechnica.com)
As the practice of high-frequency trading continues to become more widespread, concerns are growing that erroneous trades carried out by “algos gone wild”—a sort of digitally amplified version of the “fat finger” phenomenon—could cause a market crash at Internet speed, a meltdown that no one could stop. Two recent market glitches could provide a preview of what’s to come.
Full Article (Ars Technica - arstechnica.com)
A school district in Riverside County has pulled the Merriam-Webster’s 10th edition dictionary from school shelves because it includes the term “oral sex.” The Menifee Union School District took the action last week after a parent complained about the dictionary.
Full Article (Los Angeles Times - latimes.com)
Google made headlines when it went public with the fact that Chinese hackers had penetrated some of its services, such as Gmail, in a politically motivated attempt at intelligence gathering. The news here isn’t that Chinese hackers engage in these activities or that their attempts are technically sophisticated — we knew that already — it’s that the U.S. government inadvertently aided the hackers.
Full Article (CNN - cnn.com)
Following the report earlier this week that the FBI regularly broke the ECPA law, in obtaining information from telcos without going through the proper process (and, in some cases using just a post it note!), some interesting details from the full report have come to light. The two key ones? First, “the Obama administration issued a secret rule almost two weeks ago saying it was legal for the FBI to have skirted federal privacy protections.” And, second, the original idea to use these bogus “exigent letters” didn’t come from the FBI, but from an AT&T employee. We noted in the original report that no one seemed to be placing any blame on the telcos for allowing this, and why they’re clearly abusing the law, in giving out such info without the proper rules being followed, seems like a big question:
Full Article (Techdirt - techdirt.com)
New update available! Click here to download now! From virus signature updates that identify competing products as a trojan, to operating system updates that break core functionality, there has been no shortage of quality control failures in updates released by vendors. Many of these updates are delivered to the user’s computer via automatic update mechanisms. That means these problematic updates are delivered to millions of computers quietly and efficiently, typically without user interaction. It’s always welcome to see security bugs fixed or better rules released in the products we use. But when the price of that fix is at best an annoyance and at worst a complete system failure, we’re not so sure it’s worth it. At the very least, users should be aware of the various types of failures and the frequency with which they occur. While mistakes happen to everyone, we’ll leave it as an exercise to the reader to notice any trends from repeat offenders.
A government audit (PDF) has pinpointed more than 3,800 vulnerabilities — 763 of which are high-risk — in the Federal Aviation Administration’s Web-based air traffic control system applications, including some that could potentially put air travel at risk.
The NoScript Firefox extension faced a major backlash last week when users discovered that it was surreptitiously disrupting the operation of AdBlock Plus. The developers behind the two extensions turned the browser into a battleground as their conflict escalated. Mozilla has responded by proposing a new policy that sets boundaries for appropriate extension behavior.
Microsoft’s (MSFT) supposed plan for Windows 7 on cheap netbooks is a cut-down version called “Windows 7 Starter.” The forced limitation, according to reports, is that it will only let you run three or fewer apps at a time; if you want to run more, you’ll have to pay up for a full version of Windows 7.
I am here before the subcommittee today to provide testimony on 21st Century security threats. I
hope this testimony is of value despite its brevity. My analytical method is to provide
frameworks for decision makers to help them make sense of rapidly changing environments.
These frameworks are intended to provoke high quality thinking — agreement or disagreement
with their specifics works equally well to achieve this.
