Merry Christmas, Happy New Year, and Happy Holidays

Merry Christmas, Happy New Year, and Happy Holidays to Everyone! And here’s hoping 2012 will bring you much joy and blessings throughout the New year!


Busted: BitTorrent Pirates at Sony, Universal and Fox

With increasing lobbying efforts from the entertainment industry against BitTorrent sites and users, we wondered whether these companies hold themselves to the same standards they demand of others. After some initial skimming we’ve discovered BitTorrent pirates at nearly every major entertainment industry company in the US, including Sony Pictures Entertainment, Fox Entertainment and NBC Universal. Busted.

Busted: BitTorrent Pirates at Sony, Universal and Fox | TorrentFreak

Vulnerability Turns MS Excel Into Open Door for Hackers

The vulnerability is in Microsoft Office Excel 2003 Service Pack 2, along with Microsoft Office Excel Viewer 2003, Microsoft Office Excel 2002, Microsoft Office Excel 2000 and Microsoft Excel 2004 for Mac, Microsoft said. If successfully exploited on a vulnerable computer, it could enable remote code execution, the company added.

Microsoft is now investigating public reports and the extent of the vulnerability’s impact on customers. Once that’s done, it may provide a security update through its monthly release process or as an out-of-cycle release, it said.

“While the attack appears to be targeted, and not widespread, we are monitoring the issue and are working with our MSRA (Microsoft Security Response Alliance) partners to help protect customers,” wrote Microsoft’s Security Response Center on the group’s blog. “We will update the advisory and this blog as new information becomes available.”

Linux News: Security: Vulnerability Turns MS Excel Into Open Door for Hackers

Teenager hacks Polish tram system

A 14 year-old schoolboy hacked into a Polish tram system and used a remote control to change the direction of a number of vehicles.

Transport employees in Lodz immediately suspected outside interference when a driver who was trying to turn right found his tram veering to the left.

The tram’s back wagon was derailed and hit a passing tram. Another derailment injured 12 passengers.

Teenager hacks Polish tram system – Personal Computer World

Anatomy of a hack attack

With the help of security experts, we reconstruct a typical hack attack on two large organisations and walk through the steps that the head of IT should follow in such a case.

Monday, 9am
Blackjack, a hacker working from an internet cafe in London, is about to launch an attack on a major government agency. His aim is to cause maximum disruption and embarrassment. And, according to security experts, his job is going to be worryingly easy.

“Most organisations have dozens of vulnerabilities they haven’t patched, or aren’t even aware of,” said Toralv Dirro, a security strategist with McAfee. “Even if a penetration-testing service says you’re not vulnerable, that only means they haven’t found a vulnerability, not that one doesn’t exist.”

Anatomy of a hack attack – ZDNet UK

Sears puts customers’ buying histories on the Web

Sears Holdings Corp. has come under fire from privacy advocates for making the purchase history of its customers publicly available on its Web site.

Manage My Home is a community portal where Sears shoppers can download product manuals, find product tips and get home renovation ideas.

The Web site has a feature called “Find your products” that lets users look up past purchases. Ostensibly, this is designed to help customers keep track of items they’ve bought from the retailer, but the site also lets them look up the purchase histories of other people.

“Sears offers no security whatsoever to prevent a Manage My Home user from retrieving another person’s purchase history by entering that person’s name, phone number and address,” wrote Ben Edelman, an assistant professor at Harvard Business School, in a blog posting.

Sears puts customers’ buying histories on the Web

WordPress Hacked: Anyone Can View Future/Draft Posts

There is a bug in WordPress right now that is rather critical for anyone who uploads posts without immediately publishing. Simply by manipulating the URL any visitor can view all future, draft, or pending posts. Our site was vulnerable to this issue, but we patched it quickly because it could be used to retrieve the CyberNotes posts that we write ahead of time.

WordPress Hacked: Anyone Can View Future/Draft Posts

Introducing Weave

Introducing Weave

We’re now launching a new project within Mozilla Labs to formally explore this integration. This project will be known as Weave and it will focus on finding ways to enhance the Firefox user experience, increase user control over personal information, and provide new opportunities for developers to build innovative online experiences.

Just like Mozilla enables massive innovation by making Firefox open on many levels, we will aim to do the same with Weave by developing an open extensible framework for services integration.

Mozilla Labs » Blog Archive » Introducing Weave

HP confirms gaping backdoor on 82 laptop models

Computer maker Hewlett Packard has fessed up to a gaping security hole on more than 80 laptop models, warning that the backdoor could users at risk of drive-by code execution attacks.

An advisory from HP lists 82 laptop models as vulnerable to the ActiveX vulnerability found on the HP Info Center software. The issue is rated “critical” and HP laptop owners should be aware that public exploit code that provides a roadmap for exploiting the hole is circulating around the Internet.

A successful exploit simply requires that the laptop owner is lured to a malicious Web site while using Microsoft’s Internet Explorer. The risks include remote code execution, remote system registry read/write access and remote shell command execution.

It affects laptops running Windows 2000, Windows XP and Windows Vista.

HP confirms gaping backdoor on 82 laptop models | Ryan Naraine’s Zero Day |

Are The Days of Duplicate Content Numbered

Canadian software author and webmaster, Dewald Pretorius, today released two new software products that are focused on solving the duplicate content ( worries of many webmasters across the globe. “I initially wrote the software out of a personal need and frustration with duplicate content problems, and as an afterthought realized what a big market there is for it,” said Dewald Pretorius.

The software addresses the problem at the source, the website where the original content is published, by enabling the webmaster to vary the content of the same web page with every single page view.

Are The Days of Duplicate Content Numbered with Newly Released Software? – Scadart Software