Week in Geek: Steam Users at Risk from Potential New Security Vulnerability

Note: This article is part of our archive and is likely out of date.
(Links may not work, downloads have not been recently tested for safety)

By Akemi Iwaya on October 21st, 2012

Our latest edition of WIG is filled with news link coverage on topics such as 10 things to do after installing Ubuntu 12.10, the FTC’s offer of a $50,000 cash bounty for technology to help eliminate robocalls, the new malware variant spreading across Skype, and more.

Weekly News Links

  • Firefox Marketplace launched on Android
    Mozilla has launched a preview version of its integrated Firefox Marketplace in Firefox for Android. The feature is now available in the Aurora development version of Firefox for Android and includes a number of what Mozilla calls “showcase apps” that users can install and test.
  • Microsoft commits to a new preview test build of IE10 for Windows 7 in November
    Internet Explorer 10 for Windows 7 is still alive, Microsoft officials confirmed. And another test build is coming in November.
  • 10 Things To Do After Installing Ubuntu 12.10
    After the thrill of downloading it, and the jagged nerves from installing it, you may be wondering what to do next with your freshly installed copy of Ubuntu. That question is especially true if you’re new to Ubuntu or haven’t used it for a while. So, to help get you settled, OMG! Ubuntu! has listed their top 10 post-install must-dos…
  • Shuttleworth: Secret development of 13.04’s “Tada” features
    In the wake of the release of Ubuntu 12.10, Mark Shuttleworth has announced a new style of development for Ubuntu 13.04, the next major version of the Linux distribution. Referring to “a few items with high ‘tada!’ value that would be great candidates for folk who want to work on something that will get attention when unveiled,” Shuttleworth said that there will be a new process where the new features will not be talked about “until we think they are ready to celebrate”.
  • Ubuntu Tweak Stops Development, Claims No Longer Free
    Popular Ubuntu configuration utility Ubuntu Tweak has officially ended support for its long-running project. Ubuntu Tweak has been a mainstay application on newbie machines since the days of Dapper Drake, and between then and now has gain a lot of respect within the community regardless of being merely a front-end for already trivial tasks.
  • Google offers low-budget ARM-based Chromebook
    The browser-based laptop, weighing 2.5 pounds with an 11.6-inch screen, is “the best computer that’s ever been designed” for a price of $249, Google says.
  • Even Microsoft’s closest allies are nervous about Windows 8
    Intel says PC makers are being cautious about building Windows 8 machines, which means this holiday season may not be so merry for Microsoft.
  • Mouse input temporarily freezing after updating OS X
    Tackling third-party launch agents and daemons may help odd system pauses after an OS update.
  • Apple updates Java for older Mac OS X – kills browser plugin
    Following Oracle’s CPU patch day, in which a large number of Java vulnerabilities were fixed, Apple has released an update for Java 6 on Mac OS X 10.6.8, 10.7 and 10.8. The timely update brings Apple’s Java 6 in line with Oracle’s Java 6 Update 37 but also removes the Apple-provided Java applet plugin from all web browsers.
  • iOS, Android apps are porking up, research firm says
    According to a new study, the average size of iOS and Android apps is on the rise, something to consider when buying a smartphone.
  • Mozilla adds sweetener to JavaScript
    A Mozilla project, Sweet.js, is setting out to sweeten JavaScript development by giving users hygienic macros to work with. Hygienic macros are macros that will not expand into anything that will interfere with the other code in a program, for example, by not capturing variables.
  • Pigs fly: AOL’s new e-mail client makes inboxes a happy place
    With Alto, the much-maligned AOL is attempting to give users an entirely new way of organizing their e-mail. It has the potential to make people’s inboxes much more useful.
  • Yahoo to shutter South Korea business at the end of the year
    The company says that the move is part of its “efforts to streamline operations.”
  • Facebook said to let some companies see pages you like
    The social network allows select marketers to look at their fans’ other interests to help plan advertising efforts, Adweek reports.
  • EU regulators tell Google to amend privacy policy
    But European Union officials stop short of calling for massive changes to the new policy.
  • Google threatens to omit French media from search
    If a proposed French law passes that would require search engines to pay for news articles, the Web giant says it would simply stop linking to the country’s media sites.
  • FTC said to be ‘strongly considering’ paid listings probe
    The federal agency is mulling whether to review how search engines are complying with 2002 guidelines regarding how paid listings in search results are disclosed to consumers, an industry group says.
  • Kill the bots: FTC puts a bounty on the heads of robo-telemarketers
    The race against robots is on: the Federal Trade Commission is offering $50,000 cash to anyone that can come up with a way to eliminate the insidious telemarketing robocall, it announced this past Thursday. While it may take a sizable workload, a good kill-switch for the spammy pre-recorded messages could put an end to the annoying overtures on the phone to enter a new sweepstakes, qualify for a new credit card, or get a new energy provider.
  • AT&T Starts Six-Strikes Anti-Piracy Plan Next Month, Will Block Websites
    A set of leaked internal AT&T training documents obtained by TorrentFreak reveal that the Internet provider will start sending out anti-piracy warning notices to its subscribers on November 28. Customers whose accounts are repeatedly flagged for alleged copyright infringements will have their access to frequently visited websites blocked, until they complete an online copyright course. It’s expected that most other participating ISPs will start their versions of the anti-piracy plan on the same date.
  • Man hires woman to slap him every time he’s on Facebook
    Maneesh Sethi goes on Craigslist to find a woman who will hit him and therefore make him more productive. Includes video of the two of them working together (with slap).

Security News

  • Steam vulnerability can lead to remote insertion of malicious code
    Millions of Steam users are potentially vulnerable to a newly disclosed attack method that exploits a hole in the way Steam commands interact with certain games, Web browsers, e-mail clients, and other software.
  • Localized Darkbot malware variant spreading across Skype
    Security researchers from Avast have intercepted a currently spreading Darkbot malware campaign, that’s affecting millions of Skype users.
  • Microsoft and Secunia warn of FFMpeg vulnerabilities
    Microsoft has provided details of several critical vulnerabilities in older versions of FFmpeg’s open source video codec tools and libraries; these could allow an attacker to execute arbitrary code on a system by getting users to open a specially crafted media file.
  • Newly IDed ‘MiniFlame’ malware targets individuals for attack
    A new malware variant related to the state-sponsored Flame and Gauss cyber-espionage tools can work on its own or team up with its brethren to conduct targeted surveillance, say researchers at Kaspersky Lab.
  • Verizon draws fire for monitoring app usage, browsing habits
    “We’re able to view just everything that they do,” Verizon Wireless exec has boasted. Privacy groups say initiative — including linking databases showing whether customers own pets — may violate wiretap law.
  • Microsoft Names “Congratulations, you’ve won!” the Most Spread Online Scam
    It’s no secret that Microsoft is one of the companies most often mentioned in online scams, as hackers across the Internet try to use the Redmond-based firm’s reputation to trick users into various malicious activities.
  • Encryption found insufficient in many Android apps
    Researchers have discovered catastrophic conditions when analysing Android applications that use encryption: more than 1,000 of the 13,500 most popular Android apps showed signs of a flawed and insecure implementation of the SSL/TLS encryption protocol.
  • Hospitals’ computer hardware also suffers from infection
    Drug-resistant bacteria aren’t the only pernicious bugs that hospitals need to worry about. MIT’s Technology Review reports that hospitals’ computerized equipment—such as patient monitoring systems, MRI scanners, and nuclear medicine systems—is dangerously vulnerable to malware, and many systems are in fact heavily infected with viruses.
  • Hacked terminals capable of causing pacemaker deaths
    Security holes enable attackers to switch off pacemakers, rewrite firmware from 30 feet away.
  • Dutch proposal to search and destroy foreign computers
    On 15 October, the Dutch ministry of Justice and Security proposed powers for the police to break into computers, install spyware, search computers and destroy data. These powers would extend to computers located outside the Netherlands. Dutch digital rights movement Bits of Freedom warns for the unacceptable risks to cybersecurity and calls on other countries to strongly oppose the proposal.
  • Internet architects mull changes to fight SSL-busting CRIME attack
    Engineers who help oversee Internet standards are proposing changes to long-standing website practices in order to guard against a new attack that exposes user login credentials even when they are transmitted through encrypted channels.
  • Zero-day attacks are meaner, more rampant than we ever though
    Computer attacks that target undisclosed vulnerabilities are more common and last longer than many security researchers previously thought. The finding comes from a new study that tracked the number and duration of so-called zero-day exploits over three years. (Study finds average zero-day attack lasts 312 days. Some last two years-plus.)
  • The Scrap Value of a Hacked PC, Revisited
    From Brian: A few years back, when I was a reporter at The Washington Post, I put together a chart listing the various ways that miscreants can monetize hacked PCs. The project was designed to explain simply and visually to the sort of computer user who can’t begin to fathom why miscreants would want to hack into his PC. I recently updated the graphic to include some of the increasingly prevalent malicious uses for hacked PCs, including hostage attacks — such as ransomware — and reputation hijacking on social networking forums. This post is well worth sharing with people you know.
  • Some Computer Manufacturers May Disable Windows 8’s Windows Defender – ESET
    While Windows 8 comes with the refreshed version of Windows Defender, the one that provides full anti-malware protection, some new PC buyers won’t get to use it, says Aryeh Goretsky, researcher at antivirus software firm ESET. The reason is as simple as it could be: computer manufacturers usually install a trial of a third-party security software on every sold PC and whenever a consumer purchases the full product, they also get a commission for the sale.
  • Kaspersky Labs builds new OS to combat Stuxnet, major exploits
    Ending the rumor mill, Kaspersky Labs has confirmed plans to create a new operating system to combat major industrial exploits.
  • Google building malware scanner for Google Play: report
    Search giant Google is to integrate a malware scanner in its online Android application store in a bid to stave off an impending malware ‘pandemic’ on the mobile platform.
  • Facebook pushing malware security even harder
    The social network wants its users to trust the Internet, not fear it. So it’s adding new antivirus partners and mobile offerings to the free downloads in its online marketplace.
  • Facebook moves to keep phone numbers for two-factor protection private
    Facebook engineers have modified a controversial feature to prevent it from exposing the phone numbers users must provide to receive an additional level of security against account takeovers. (Numbers used for additional security are no longer in a new reverse lookup database.)
  • How to improve your Android security
    The risks to Android phones and tablets from malware — or software written with ‘malicious intent’ — are rising rapidly. These threats are multiplying faster than gremlins in a swimming pool, so how do you protect your device from evildoers’ dirty deeds?
  • Ars asks: Is using Java on a desktop worth the security risks?
    Java has been in the news a lot lately, and not for good reasons. Critical security flaws have allowed hackers to take complete control of PCs, and in-the-wild attacks exposed a problem Oracle went months without fixing.

TinyHacker Links

How-To Geek Weekly Article Recap

Geeky Goodness from the ETC Side

One Year Ago on How-To Geek

How-To Geek Comics Weekly Roundup

How-To Geek Weekly Trivia Roundup

Akemi Iwaya is a devoted Mozilla Firefox user who enjoys working with multiple browsers and occasionally dabbling with Linux. She also loves reading fantasy and sci-fi stories as well as playing "old school" role-playing games. You can visit her on Twitter and .

  • Published 10/21/12
More Articles You Might Like

Enter Your Email Here to Get Access for Free:

Go check your email!