Category Archives: News

Current events and developments happening with the Internet.

Critical New Microsoft Security Flaws Revealed

There’s a certain rich irony in the recent hack of the notorious Hacking Team. Though they self-righteously claim to be selling solutions to law enforcement, Hacking Team is an evil group of professional hackers and malware vendors. They got pwned themselves recently, possibly by disgruntled employees. It’s paid off nicely in revealing some of their slimy methods and sleazy clients (including dictators and the DEA), as well as a number of zero-day exploits they were selling on the black market. One of these involved, of all things, fonts. Yes, even innocent-seeming type on the page can now be a weapon. If the victim opens a specially-crafted webpage or document with embedded OpenType fonts, this vulnerability would allow an attacker to elevate their user privileges, allowing them to run remote code and completely take over the unwitting victim’s machine. Leveraging the Adobe Type Manager‘s abilities to handle type, the bad guys could then install malware, view and delete or manipulate data, or create new accounts with full user privileges. This led to the discovery of a similar flaw affecting all Windows machines that is even more critical. It also uses the Adobe Type Manager and OpenType fonts, but this is not as constrained as the previous flaw. It’s so worrisome Microsoft issued an emergency patch. However, Microsoft seems rather blase about it: “The majority of customers have automatic updating enabled and will not need to take any action because the update … Continue reading

Posted in News, Security, Warnings | Tagged , , , , , | Leave a comment

The Worst Hack Ever Just Got Worse

This month’s issue of the Portal is all about the giant hack of the Office of Personnel Management’s files. Anyone who has applied for a government security clearance since 2000 – or is a close relative or friend of someone who did – should definitely read the article. But everybody else should be very concerned as well, for the implications are universally dire. It was called “the worst hack of all time” early on and the more we know, the more accurate that assessment seems to be. In terms of numbers, it’s big and growing – from over four million people affected to now more than twenty-two million. But even more important than the amount is the kind of information stolen: not just everything needed to steal identities, but the most intimate and sordid details of a person’s life gained from security interviews. Even a million fingerprints have been taken. Frighteningly, one question that may never be answered is whether or not the hackers changed or deleted any information. In any case, our entire intelligence service has been compromised. The government’s failure to act swiftly is not helping. The director finally resigned recently, but the authorities still seem to be floundering around as if paralyzed in shock. They’ve belatedly upgraded website security measures and offered free credit monitoring to affected employees. Given the kind of exposure involved, this all seems woefully inadequate, and indeed, is causing fear and anger among … Continue reading

Posted in News, Security, Warnings | Tagged , , | Leave a comment

Shhh! Google Might Be Listening…

Anyone who harbors suspicions of what the search engine giant might be up was given good reason to be even more alarmed recently. Google has been accused of eavesdropping on users of its Chromium browsers. Some people noticed that the browser would download modules from Google as part of its automatic updating process. And that among the new features was one that turned on the computer’s microphone by default and automatically transmitted what it heard back to Google’s cloud for analysis. Further cause for concern was that Chromium, their sibling to their Chrome browser platform, is an open-source project, but the speech recognition feature was part of a “black box” module. These are closed-off sections of proprietary code that are impossible for developers or researchers to examine, which totally subverts the idea of “open-source”. The Voice Search feature is intended for users to look up stuff by sound alone; activated by simply saying, “OK, Google,” aloud. (It’s also available for the Chrome browser.) While the company maintains that the search function will not work until that magic phrase is uttered, critics rightfully pointed out that it would still have to be listening and analyzing everything it picked up just in order to know when to do so. Google also claims that the controls of the aural search function that indicate the microphone is on and “Audio capture allowed” merely indicate the presence of a working mike, not activating it. But … Continue reading

Posted in News, Security, Warnings | Tagged , , , , | Leave a comment