This week we learned how to avoid being tracked on the internet using a tracking protection list in IE9, extract .RAR files on Windows 7 and Mac OS X, learned what a full frame camera is and if you need one, learned the ins and outs of OpenSSH on a Linux PC, enjoyed the latest set of Geek Deals, and more.

Photo by ToreLo.

Weekly News Links

Photo courtesy of F-Secure.

• Mac trojan poses as PDF to open botnet backdoor
  Malware continues to be a minimal threat to most Mac users, but that doesn’t mean attackers aren’t constantly trying to come up with new ways to steal information or turn users’ machines into botnet drones. The latter appears to be the case with a new Mac trojan posing as a PDF file, discovered by security researchers at F-Secure.
• OS X Lion passwords can be changed by any local user
  In OS X, user passwords are encrypted and then are stored in files called “shadow files” which are placed in secure locations on the drive. Recent discoveries have shown that in OS X Lion this security structure is not intact, and any user on the system can modify the passwords of other local accounts quite easily.
• Adobe publishes emergency patch to fix critical Flash vulnerabilities
  As previously announced, Adobe has published an unscheduled emergency patch for Flash Player to address a number of critical security issues. The Flash Player updates, version 10.3.183.10 for desktop operating systems and 10.3.186.7 for Android, are the company’s response to a recently discovered universal cross-site scripting (XSS) hole.
• Security duo finds another pair of vulnerabilities in Android
  Remember the duo who released an Angry Birds spoof application last fall in effort to highlight some of Android’s vulnerabilities? If so, perhaps you also recall hearing that Google had to implement the remote kill feature in Android about the same time. Well, those guys are back and, judging by their latest finding, things still don’t look to be all that secure.
• Malware for everyone – Aldi Bot at a discount price
  In a blog posting, anti-virus vendor G Data is reporting that a functional botnet builder, dubbed the Aldi Bot, is available on underground forums for just €10. The company says that the Aldi Bot Builder appears to be based on the ZeuS source code.
• Lousy code opens up Bluetooth hands-free kits, smartphones to hackers
  That Bluetooth car kit you got at the big box store on sale may be opening your phone up to hacking. Research by Codenomicon, a Finnish data security company, found that each of a sample of ten new Bluetooth hands-free kits tested this year have “critical issues” with their security implementations.
• Researchers to detail hole in Web encryption
  A pair of researchers plan to detail an attack called BEAST that they say undermines a very widely used technology for securing browser communications. Juliano Rizzo and Thai Duong say the vulnerability compromises TLS (Transport Layer Security) 1.0, the encryption mechanism that secures Web sites accessed using HTTPS (Secure Hypertext Transfer Protocol).
• User privacy concerns emerge over supercookies
  The difficulty in removing supercookies and their ability to track a user’s browsing history and preferences have raised privacy issues, according to security experts, who add that supercookies are not severe security risks and have no legal implications for now.
• Microsoft hands Rustock botnet case over to FBI
  Microsoft is hoping that federal agents will bring to justice one of the world’s most notorious spammers, known to the company only as Cosma2k. According to Microsoft, Cosma2k is the handle of the alleged ringleader of the Rustock botnet, which earlier this year was the purveyor of more e-mail spam than any other network in the world, sending as many as 30 billion messages a day at its peak.
• Microsoft to stop Linux, older Windows, from running on Windows 8 PCs
  It doesn’t take much reading between the lines to see that Microsoft is going to try to keep Linux, older versions of Windows, and other operating systems off Windows 8 PCs.
• Mozilla proposes not-so-rapid-release Firefox
  Mozilla, faced with business users’ stiff resistance to its new rapid update schedule for Firefox, has proposed a slower-moving version of the browser. Under the proposal, Mozilla would issue a new Extended Support Release (ESR) version of Firefox every 30 weeks.
• DigiNotar files for bankruptcy
  Dutch certificate authority DigiNotar is closing up shop following a recent hacking attack that caused it to issue a series of phony online security certificates.
• Google ‘rigs’ search results, rivals tell senators
  Moments after Google Executive Chairman Eric Schmidt told senators “we get it” in regard to regulatory scrutiny, the search giant’s rivals refuted the point. “Google doesn’t get it,” said Thomas O. Barnett, a lawyer for Expedia, which fought Google’s acquisition of flight data provider ITA Software. “Google won’t even admit reality.”
• Apple, Dropbox join Electronic Privacy Act fight
  Apple and Dropbox have joined the Digital Due Process coalition, according to an announcement this past Friday from the Electronic Frontier Foundation, one of the sponsors of the group.
• Errant character to blame for Twitter ‘hack’
  In the sometimes slippery world of the Web, it can pay to cross your “t”s and dot your “i”s.

Random TinyHacker Links

• ZoneAlarm security products in 2012 – are they good?
  ZoneAlarm has not published major updates to their security products since 2010. This review tries to evaluate if, in two years, they made good progress or not. To find out more about the quality of their 2012 products, check out this review.
• Bitdefender Total Security 2012 Giveaway
  Do you want to get a chance at winning a 1-year license of Bitdefender’s latest and greatest product? Check out this giveaway. Today (September 25th) is the last day for the contest, so hurry on over for the details!
• Geeky Lunch Bag Art
  Check out this awesome art on lunch bags.

Super User Questions

See the great answers to these questions from this week’s ‘Most Popular Thread’ at Super User.

• Can’t install Windows 8 Developer Preview
• How to stop an unstoppable windows 7 service?
• Breaking XP into its fastest form
• All my browsers suddenly don’t support JavaScript files anymore
• I need a good split-screen WYSIWYG editor

How-To Geek Weekly Article Recap

Heat up your weekend reading with our hottest HTG Main articles of the week.

• How to Dual-Boot Windows 7 and Windows 8 On the Same PC
• How to Automatically Cool Your Entertainment Center When It Gets too Hot
• How to Disable Startup Programs in Windows
• Hardware Upgrade: How To Install A New Hard Drive, Pt 2, Troubleshooting
• How To Monitor and Log Your Bandwidth Usage with Tomato

Geeky Goodness from the ETC Side

Put the fun back into your weekend with our most popular ETC posts of the week.

• The 56 Different Types of Geek [Humorous Chart]
• The Ultimate Website Security Question Fail [Image]
• Internet Speed by Country [Infographic]
• The Windows Journey – Full Circle Back to Where it Began [Image]
• What Does It Feel Like to Fly Over Planet Earth? [Video]
• EarthLight [Wallpaper]
• Win a Free Pair of Sennheiser Headphones ($238) or a Soluto T-Shirt!
• Safari Tekno Screen [Wallpaper]
• The Autumn Field [Wallpaper]
• The Revenge of the Caps Lock Key [Image]

One Year Ago on How-To Geek

Enjoy reading through these great articles from one year ago.

Photo by ginnerobot.

• How to Avoid Computer Eye Strain and Keep Your Eyes Healthy
• Create Cool 8-Bit Style Pixel Art from Ordinary Images
• How to Save Time by Automating Tedious Tasks with AutoHotkey
• Here’s Five Alternatives to iTunes 10 for Easily Managing Your iPod
• How to Delete a Windows Live Writer Blog Theme and Use the Default View Instead

How-To Geek Comics Weekly Roundup

• Pig Latin is not a Form of Encryption
• Video Gaming as a Form of Exercise
• Getting Beyond Level One in a Relationship
• Reading Recommendation Apps with an Attitude
• Beeping for Backups