SEARCH

How-To Geek

Week in Geek: Opera will Switch to the Webkit Browser Engine This Year

Our latest edition of WIG is filled with news link coverage on topics such as 2012 set a new record for reported data breaches, Minecraft: Pi Edition is available for free on Raspberry Pi, Oracle is due to release a new Java patch this week, and more.

Weekly News Links

Security News

Broken glass image effect via PhotoFunia.

  • Zero-day attack exploits latest version of Adobe Reader
    A previously undocumented flaw in the latest version of Adobe Systems’ ubiquitous Reader application is being exploited in online hacks that allow attackers to surreptitiously install malware on end-user computers, a security firm said. You can read the official Adobe bulletin here.
  • Oracle to re-release Java SE patch with extra helping of fixes
    Oracle didn’t have time to fix all the Java bugs when it released its out of band patch earlier this month, so now there’s a redux on the way.
  • iOS 6.1 brings back bug that gives anyone access to your contacts, photos
    An old vulnerability in the iPhone’s lock screen and Emergency Call feature appears to have resurfaced for a third time in iOS 6.1. With the right sequence of button clicking, it’s possible to get to an iPhone user’s voicemails, contacts, and photos—even if the iPhone is locked and password protected.
  • Frosty attack on Android encryption
    Two researchers at the University of Erlangen in Germany have demonstrated a way of accessing an encrypted Android smartphone using a freezer. To access the cryptographic key stored in the phone’s memory, they placed the phone in the freezer compartment for an hour, with the result that the memory content remained – almost literally – frozen.
  • Google Play Store’s “privacy problem” is taxing
    Google’s Play Store is giving out email addresses, post codes and full names to the seller of an Android application whenever an app is purchased, according to an Australian developer’s report. Calling it a “massive, massive privacy issue”, Dan Nolan says “Google. Fix it. Immediately”.
  • JavaScript expert: WebKit, get your bug-ridden house in order
    Dave Methvin, a leader of the influential jQuery programming tool, says WebKit is plagued with old bugs. He’s not optimistic Opera will help improve the browser situation.
  • Yahoo! Pushing Java Version Released in 2008
    At a time when Apple, Mozilla and other tech giants are taking steps to prevent users from browsing the Web with outdated versions of Java, Yahoo! is pushing many of its users in the other direction: The free tool that it offers users to help build Web sites installs a dangerously insecure version of Java that is more than four years old.
  • Facebook computers compromised by zero-day Java exploit
    Facebook officials said they recently discovered that computers belonging to several of its engineers had been hacked using a zero-day Java attack that installed a collection of previously unseen malware.
  • Google Engineers Reported More than Half of Patch Tuesday Bugs
    Microsoft rolled out this month’s Patch Tuesday updates this past week, trying to fix a total of 57 vulnerabilities discovered in several products such as Windows, Office, and Internet Explorer. It’s very interesting to note that more than half of these bugs have been reported by Google engineers, including important bugs in the Windows operating system.
  • Linux trailed Windows in patching zero-days in 2012, report says
    Zero-day flaws in the Linux kernel patched last year took on average more than two years to fix, twice as long as it took to fix those affecting current Windows OS, a report by security researchers has found.
  • Crooks Net Millions in Coordinated ATM Heists
    Organized cyber criminals stole almost $11 million in two highly coordinated ATM heists in the final days of 2012, KrebsOnSecurity has learned. The events prompted Visa to warn U.S. payment card issuers to be on high-alert for additional ATM cash-out fraud schemes in the New Year.
  • Anatomy of a vulnerability – cURL web download toolkit holed by authentication bug
    You may not have heard of cURL, but you’ve probably used software that uses it. It’s an open-source programming toolkit that helps you deal with writing client-side code that deals with URLs. – The Naked Security blog looks at a recent vulnerability that was introduced into cURL.
  • When is a file not a file?
    Sometimes it is easy to examine a file and to tell what it is. Many files carry a tell-tale format marker in their header bytes. Such markers are quaintly known as “magic numbers”. Other file formats have no official magic, but are still recognisable. But what of encrypted files? How can you tell if a file is encrypted?
  • 2012 Sets New Record for Reported Data Breaches
    Risk Based Security’s 2012 Data Breach QuickView report shows that 2012 broke the previous all-time record for the number of reported data loss incidents. With 2,644 incidents recorded through mid-January 2013, 2012 more than doubled the previous highest year on record (2011).
  • Android security suffers the slings and arrows of outrageous fortune
    Android’s overwhelming popularity may be its undoing. Malware against Android exceeds threats against Windows. The threats are bigger and more is at stake than ever before.
  • Hardware-based security more effective against new threats
    Securing hardware components would prove more effective in today’s security environment, given that many online threats are delivered via software or network vulnerabilities.
  • 6 threats facing BYOD
    While there are numerous benefits to BYOD, there are also risks. It’s no wonder that in security circles BYOD is referred to as “Bring Your Own Danger,” or “Bring Your Own Disaster.”
  • Lost+Found: Angry ATMs, atmospheric entropy and virtual ShmooCon
    Too small for news, but too good to lose, Lost+Found is a compilation of the other stories that have been on The H’s radar this week. In this edition: Angry Birds where they shouldn’t be, the search for a new hashing scheme, atmospheric noise, the ShmooCon live stream, and more jailbreak details.

TinyHacker Links

How-To Geek Weekly Article Recap

Geeky Goodness from the ETC Side

How-To Geek Weekly Trivia Roundup

One Year Ago on How-To Geek

Akemi Iwaya (Asian Angel) is our very own Firefox Fangirl who enjoys working with multiple browsers and loves 'old school' role-playing games. Visit her on Twitter and .

  • Published 02/17/13

Get Free Articles in Your Inbox!

Join 134,000 newsletter readers

Email:

Go check your email!