SEARCH

How-To Geek

Week in Geek: Facebook Joins Google in Push for WebP Image Format, Asks Firefox to Build in Support

Our latest edition of WIG is filled with news link coverage on topics such as Google Earth for Android gets Street View, Canonical plans to have dogfood-capable phones by the end of May, UEFI will make its way into mobile and non-PC markets, and more.

Weekly News Links

Security News

Fractured glass photo effect courtesy of PhotoFunia.

  • Zero-Day Exploit Published for IE8
    Security experts are warning that a newly discovered vulnerability in Internet Explorer 8 is being actively exploited to break into Microsoft Windows systems. Complicating matters further, computer code that can be used to reliably exploit the flaw is now publicly available online. Download the EMET Tool here. Learn more about the EMET Tool here.
  • A Stopgap Fix for the IE8 Zero-Day Flaw
    Microsoft has released an stopgap solution to help Internet Explorer 8 users blunt the threat from attacks against a zero-day flaw in the browser that is actively being exploited in the wild. This is a second solution from Microsoft for dealing with the Internet Explorer 8 vulnerability.
  • Web server backdoor also booby traps lighttpd and NGINX
    The criminals behind Linux/Cdorked.A web server backdoor are targeting the lighttpd and NGINX web servers. This is in addition to the already discovered compromised Apache HTTPD servers, according to a blog post by the anti-virus specialists at ESET.
  • Adobe acknowledges critical hole in ColdFusion
    Adobe says it has identified a critical vulnerability, which is reportedly already being exploited in the wild, in ColdFusion 10, 9.0.2, 9.0.1, 9.0 and earlier versions on Windows, Mac, and UNIX systems.
  • Hackers gain access to all .edu domains
    The hacker collective “Hack the Planet” (HTP) has claimed responsibility for an attack on MIT (Massachusetts Institute of Technology) computer systems in late January, in which it claims to have briefly taken control of the university’s domain, redirected email traffic, and obtained administrator access to all .edu domains.
  • Child pornography trojan becomes more aggressive
    Anti-Botnet Advisory Centre, a German anti-botnet advisory service, reports that a new variant of the BKA trojan attempts to blackmail the owners of infected computers with four pornographic pictures of children.
  • Three SCADA Vulnerabilities Disclosed
    Recently, RiskBased Security’s Chief Research Officer, Carsten Eiram published three vulnerability reports. All cover vulnerabilities in high-profile SCADA products from two major vendors: Rockwell Automation and Schneider Electric.
  • Homeland Security Warns Of Expanding Medical Device Attacks
    A bulletin published by the Department of Homeland Security has warned that the increasing use of wireless networking technology to enable medical devices expands the ways that those devices could be hacked.
  • Snapchat images that have “disappeared forever” stay right on your phone…
    US-based computer forensics geek Richard Hickman grabbed a forensic image of a phone running Snapchat, found a directory called received_image_snaps and looked in it. Both unviewed and expired images were still there.
  • Lost+Found: failed extortionists, Google hack and OAuth security
    Too small for news, but too good to lose, Lost+Found is a compilation of the other stories that have been on The H’s radar over the last seven days: Cain & Abel on Windows 8, Google hacked, failed extortionists, untangling the web, OAuth security issues, and vulnerabilities in NetApp and SAP ERP.
  • How hackers allegedly stole “unlimited” amounts of cash from banks in just hours
    Federal authorities have accused eight men of participating in 21st-Century Bank heists that netted a whopping $45 million by hacking into payment systems and eliminating withdrawal limits placed on prepaid debit cards.
  • China bot operators target Apple’s App Store rankings
    Increasing competition among bot operators touting the ability to “promote” an app up Apple’s free download list results in Apple “locking down” the chart last Friday.
  • Nordstrom tracking customer movement via smartphones’ WiFi sniffing
    Tara Darrow, a company spokeswoman, told CBS DFW that sensors in the stores are collecting information from customers’ smartphones as those phones automatically scan for WiFi service. Darrow said that the sensors monitor which departments you visit and for how long, but the sensors don’t actually follow your phone from department to department, and they don’t identify personal information tied to a phone’s owner.
  • UEFI to make its way into mobile and non-PC markets
    UEFI — the BIOS replacement that bought the Secure Boot technology to Windows 8 PCs — is set to appear in a wide range of devices, from smartphones to servers.
  • W3C proceeds with Web video encryption despite opposition
    The Web standards group is going ahead with its Encrypted Media Extensions technology despite some opposition, arguing it’s a step in the right direction.
  • Apple’s two-step ID verification expands to more countries
    More than a dozen new countries now have access to a stringent security measure designed to keep Apple IDs safe.
  • Could ‘honeywords’ help stop high-profile password breaches?
    Using decoy passwords alongside genuine hashed passwords could help IT admins to identify when attackers gain access to protected systems.
  • Why Intel’s “How Strong is Your Password?” site can’t be trusted
    A new website published by chipmaker Intel asks readers “How Strong is Your Password?” and provides a form for estimating the strength of specific passcodes. It’s too bad the question isn’t “How Strong is your Password-grading site,” because the answer, unfortunately, is “not very.”
  • FBI says it doesn’t need a warrant to snoop on private email, social network messages
    An FBI guidance manual says the law enforcement agency is able to access U.S. residents’ email, Facebook and Twitter messages, and private documents, without breaching the Fourth Amendment.
  • Use These Secret NSA Google Search Tips to Become Your Own Spy Agency
    There’s so much data available on the internet that even government cyberspies need a little help now and then to sift through it all. So to assist them, the National Security Agency produced a book to help its spies uncover intelligence hiding on the web.

TinyHacker Links

How-To Geek Weekly Article Recap

Geeky Goodness from the ETC Side

Daily App Downloads

How-To Geek Weekly Trivia Roundup

One Year Ago on How-To Geek

How-To Geek Comics Weekly Roundup

Akemi Iwaya (Asian Angel) is our very own Firefox Fangirl who enjoys working with multiple browsers and loves 'old school' role-playing games. Visit her on Twitter and .

  • Published 05/12/13

Get Free Articles in Your Inbox!

Join 134,000 newsletter readers

Email:

Go check your email!