Our first edition of WIG for September is filled with news link coverage on topics such as Firefox 16 Beta introduces new command line feature for developers, Google to restore passwords lost using Chrome iOS app, new password stealing malware is targeting Linux & Mac OS X users, and more.

Special Note: The title refers to the latest security update of Java just released this past Thursday. Please refer to our article on disabling Java here.

Skull and crosshair targeting scope clipart courtesy of Clker.com.

Weekly News Links

Image courtesy of Ars Technica.

• Firefox 15 arrives, supports compressed textures for impressive 3D gaming
  The update brings a number of noteworthy enhancements, including new built-in development tools and enhanced support for cutting-edge Web standards that enable sophisticated gaming experiences. Under the hood, Firefox 15 introduces a new optimization that can radically reduce the browser’s memory footprint for users who rely on many add-ons.
• Mozilla previews “command line” in Firefox 16 Beta
  Web developers will be able to drive Firefox from the command line thanks to one of the new features that has appeared in Firefox 16, which has just arrived in the Firefox Beta channel. The Developer Toolbar sits at the bottom of the browser’s window and provides quick, keyboard-driven access to many of the developer features in Firefox. Post has a video of the new feature in action.
• Mockups of the Upcoming Firefox for Windows 8
  While Firefox for Windows 8 is not quite ready, Mozilla has a pretty good idea of how the “modern” UI version of the browser is going to look like. And it’s going to look a lot like the Android version. Post has images of the mock-up design.
• Thunderbird 15 activates instant messaging
  Following the arrival of Firefox 15, the Mozilla Project has released version 15 of its open source Thunderbird email client, which includes security improvements, some new features, instant messaging support and an updated user interface.
• Ubuntu One Added to Thunderbird 15 Filelink
  The Ubuntu community should know that Ubuntu One is now one of the online storage providers for Mozilla Thunderbird 15.0′s Filelink feature (a feature previously added to Mozilla Thunderbird 14).
• Google Chrome Wrench Icon to be Replaced
  Google Chrome’s familiar ‘Wrench’ icon is to be replaced by a new icon. The ‘Wrench’ icon is used to denote the settings menu and has been present in every release of Chrome since 2008. If you’re on the bleeding edge of Chrome development (i.e. the dev channels) then you’ll already know this; the new icon has been in place for a few weeks.
• 10 New Apps Heading to ChromeOS
  10 new applications are to ship in future versions of Chrome OS by default. Google hopes that adding the apps will make Chrome OS easier to use ‘out of the box’.
• GNOME-flavoured Ubuntu Spin Coming October 18th
  It’s official: a pure GNOME edition of Ubuntu is to be released later this year. ‘Gnomebuntu’, to be based on Ubuntu 12.10, will be released on October 18th – the same day that Ubuntu, Kubuntu and Xubuntu all release their latest versions.
• GNOME 3.6 beta arrives with redesigned message tray
  After a delay of almost a week, the GNOME project has announced the release of GNOME 3.5.90 – this constitutes the first beta for GNOME 3.6, scheduled to arrive at the end of September.
• The truth about Goobuntu: Google’s in-house desktop Ubuntu Linux
  For the first time, Google reveals some details about its desktop of choice: Ubuntu.
• HP launches first version of Open WebOS in beta
  HP delivers the open-source version of WebOS in beta, with the hope of putting previous criticisms to rest.
• ‘GIMP Magazine’ Launches Sept 5th
  The first issue of ‘GIMP Magazine’ is set to drop on September 5th. The free magazine, which aims to publish four issues a year, features works from various creatives in the GIMP and free-software communities.
• Google begins reminding users of friends’ birthdays
  Following Facebook’s lead, the Web giant will note when someone in a user’s Google+ circle marks another year on the planet — on Google.com
• Google Map Maker users can now share their maps via Google+
  Those of you who build and tweak your own maps via Google’s Map Maker can now share them with your circles on Google+. Your Google+ contacts can view and comment on the maps you create through the Google tool.
• Google+ starts to deliver for businesses
  The social network is making its way slowly but surely into the Google Apps enterprise portfolio, kicking off with a trio of features.
• Several Zune Music Features Are Getting the Axe, as Xbox Music Looms
  With Xbox the premiere “entertainment” brand at Microsoft, services that used to carry the Zune brand are being discontinued. Microsoft announced to its remaining Zune Pass users that some features were going to be disabled this past Friday, in preparation for the Xbox Music launch, later this year.
• Google to restore passwords eaten by Chrome iOS app
  A bug involving the Incognito anonymous-browsing feature was wiping out users’ saved passwords as well as some other data. But Google says it’s got the issue in its sights.
• Facebook ad targeting to use e-mails, phone numbers
  A new tool for advertisers lets them target ads to customers who have already used their services.
• Why offering free apps may be more profitable than charging users
  John Manoogian, co-founder and CTO at 140 Proof, makes an interesting observation about making money in the App Economy: free apps may deliver more returns than the micro-paid apps.
• Internet addiction fueled by gene mutation, scientists say
  A variation in one gene, CHRNA4, is more prevalent among those who are addicted to being online than those who are not — and is in fact significantly more common in women, say researchers.

Security News

Skull and crosshair targeting scope clipart courtesy of Clker.com.

• New vulnerabilities found in latest Java update
  Only hours after Oracle released its latest Java 7 update to address active exploits, security researchers found yet another vulnerability that can be exploited to run arbitrary code on systems that have the runtime installed.
• Linux users targeted by password-stealing ‘Wirenet’ Trojan
  Malware writers are interested in Linux after all. Russian security firm Dr Web has reported finding a shadowy Trojan that sets out to steal passwords on the open source platform as well as OS X.
• FinFisher trojan for iOS and Android sighted
  Mobile variants of the commercial FinSpy trojan are currently in circulation. Researchers from the University of Toronto’s Citizen Lab report that they have sighted mobile variants of FinSpy for Android, BlackBerry, iOS, Symbian and Windows Mobile devices.
• Loozfon Android malware targets Japanese female users
  Security researchers from Symantec have detected a new Android trojan currently circulating in the wild, attempting to socially engineer Japanese female users into downloading and executing the application on their mobile device.
• BlackBerry users targeted with malware-serving email campaign
  Security researchers from Websense have intercepted a currently spamvertised malicious campaign, attempting to trick BlackBerry users into downloading and executing the malicious .zip archive.
• Five 0days: HP in the security dock
  In compliance with its policies, the Zero Day Initiative (ZDI) has now released five security holes that HP has had more than six months to fix. All of the zero-day holes affect products in HP’s enterprise and networking divisions.
• Attack targeting critical Java bug added to hack-by-numbers exploit ki
  Online attackers have wasted no time seizing on a critical vulnerability in Oracle’s Java software framework that makes it possible to install malware on computers running Windows, Mac OS X, or Linux.
• Cybercriminals impersonate popular security vendors, serve malware
  Security researchers from Websense have intercepted a currently circulating spam campaign, impersonating popular antivirus vendors in an attempt to trick end and corporate users into downloading and executing the malicious attachment.
• Saudi Oil firm says 30,000 computers hit by virus
  Saudi Arabia’s oil company, Saudi Aramco, says its main internal network is back up after a virus affected 30,000 work stations in mid-August, but the source of the attack remains unclear.
• Virus knocks out computers at Qatari gas firm RasGas
  Less than two weeks after 30,000 computers at a Saudi oil company fell prey to a virus, a Qatari gas firm’s Web site and corporate network are also down because of a virus.
• Feds: Power grid vulnerable to ‘fast-moving cybersecurity threats’
  FERC says it “does not have jurisdiction” over companies issuing digital signatures used for power grid authentication, and says existing law “is not adequate” to guard against cyberattack.
• A who’s who of Mideast-targeted malware
  What do Stuxnet, Duqu, Gauss, Mahdi, Flame, Wiper, and Shamoon have in common?
• The perfect crime: Is Wiper malware connected to Stuxnet, Duqu?
  Mysterious malware that reportedly attacked Iran’s oil ministry in April shared a file-naming convention almost identical to those used by the state-sponsored Stuxnet and Duqu operations, an indication it may have been related, security researchers said.
• Oracle reportedly knew of critical Java bugs under attack for 4 months
  Oracle engineers were briefed on critical vulnerabilities in the Java software framework more than four months before the flaws were exploited in malware attacks that take complete control of end-user computers, according to a published report.
• How I cracked my neighbor’s WiFi password without breaking a sweat
  Last week’s (Ars Technica) feature explaining why passwords are under assault like never before touched a nerve with many Ars readers, and with good reason. After all, passwords are the keys that secure Web-based bank accounts, sensitive e-mail services, and virtually every other facet of our online life. Lose control of the wrong password and it may only be a matter of time until the rest of our digital assets fall, too.
• How to Prevent Cross-Site Scripting (XSS) Attacks
  Input sanitization is key to defending against XSS attacks. Is your company’s website secured?
• Stuffing Javascript into DNS names
  From the blog post: Today seemed like a fun day to write about a really cool vector for cross-site scripting I found. In my testing, this attack is pretty specific and, in some ways, useless, but I strongly suspect that, with resources I don’t have access to, this can trigger stored cross-site scripting in some pretty nasty places.
• Authentication questions alone no longer safe
  The answers to questions meant to verify one’s identity can now be found online using search engines or social networks, which means this measure should be augmented with other authentication tools.
• Insider threats evolving, still main risk
  Rogue employees are collaborating with third parties to commit cybercrimes, with their key focus shifting from financial thefts to corporate espionage.
• Big Brother on a budget: How Internet surveillance got so cheap
  Deep packet inspection, petabyte-scale analytics create a “CCTV for networks.”

Random TinyHacker Links

• Microsoft has changed the license terms in Windows 8 – What’s the impact?
  A good read if you are planning to purchase Windows 8 any time soon.
• Nokia Lumia 800 – Is it Worth Buying?
  A review based on two months of using this phone on a daily basis.

How-To Geek Weekly Article Recap

• Java is Insecure and Awful, It’s Time to Disable It, and Here’s How
• What Are the Windows A: and B: Drives Used For?
• HTG Explains: Why Do Hard Drives Show the Wrong Capacity in Windows?
• HTG Explains: What is DNS?
• The Best Articles for Using and Customizing Windows 8
• How To Switch Webmail Providers Without Losing All Your Email
• 6 Tips and Tricks for Microsoft’s New Outlook.com
• Desktop Fun: Doorways Wallpaper Collection Series 1
• How to Combine All Your Email Addresses into One Outlook.com Inbox
• Ask the Readers: How Do You Remote Desktop Access Distant Computers?

Geeky Goodness from the ETC Side

• Your Shiny New Printer is Ready to Go [Humorous Image]
• 5 Design Tricks Facebook Uses To Affect Your Privacy Decisions
• Classic UFO Identification Chart from March 1967 [Retro Image]
• Office Wars – The Computer Strikes Back [Animated GIF]
• The World as Seen by an ‘Object-Oriented’ Programmer [Comic]
• Zombie Day at the Mall [Wallpaper]
• How Do Guns Work In Space? [Video]
• Play Updated Retro Arcade Games for Free Courtesy of Microsoft
• DIY Door Lock Grants Access via RFID
• Does Bad Weather Affect Cloud Computing? [Humor]

One Year Ago on How-To Geek

• The How-To Geek Guide to Hackintoshing – Part 1: The Basics
• The How-To Geek Guide to Hackintoshing – Part 2: The Installation
• The How-To Geek Guide to Hackintoshing – Part 3: Upgrading to Lion and Dual-Booting
• Hardware Upgrade: How To Install A New Hard Drive, Pt 1
• Hardware Upgrade: How To Install A New Hard Drive, Pt 2, Troubleshooting

How-To Geek Comics Weekly Roundup

• The ‘Where are Waldo’s Assets’ Tax Website
• Not Sure if He is Multi-Tasking Or…
• Time to Get His own Place
• Little Big Horn and Custer
• An Inefficient Bug-Zapper
• No Immediate Gratification
• Authentic Geeks versus Geek Posers

How-To Geek Weekly Trivia Roundup

• Marvel Successfully Argued In Court That The X-Men Were Mutants In Order To What?
• Who Is The Person Behind The Generic Silhouette in Microsoft Outlook’s Contacts?
• Which Planet Has Only Orbited The Sun Once Since It Was Discovered?
• The Humble Second Derives Its Name From What Source?
• What Subtle Message Do Mars Rover Curiosity’s Wheels Leave Behind?
• What Was the First Commercial Product to Use a Barcode?
• The Microsoft Xbox Was Originally Slated To Be Called What?