Week in Geek: Java Still Unsafe, New Security Holes Quickly Found after Latest Update

By Akemi Iwaya on January 20th, 2013

This week’s edition of WIG is filled with news link coverage on topics such as Microsoft Security Essentials has failed a second AV certification test, Google has added a new speech API to Chrome 25 beta, a new version of Shylock malware is affecting Skype users, and more.

Weekly News Links

Image courtesy of The Mozilla Blog.

  • Mozilla confirms single Firefox build for Windows 8
    Mozilla still plans to release a version of its Firefox browser that will run in both the Metro and desktop environments of Windows 8, as well as supporting older Windows versions.
  • The work on Australis for Linux has started
    Weeks ago the Firefox developers announced the start of development on Australis for Windows and the soon to be future work on its Linux flavor (development completion estimated to be in the first quarter of 2013). It seems that the work on Australis for Linux has already started, as stated by Mozilla’s Mike Conley in a recent tweet.
  • Firefox 18 Reorganizes Bookmarks After Android Sync
    Some users are experiencing trouble with the order of the bookmarks under Firefox 18, after running the synchronization job from Firefox for Android.
  • Google touts speech in new Chrome beta, releases API for devs
    Chrome 25 was released this past Monday, and comes with a new Web Speech API providing developers the tools to build speech-to-text features into their own web apps. The new API provides scope for using voice in gaming, or as Google suggests in a demo, the ability to dictate a document directly to a browser, which can then be transferred to an email application.
  • Microsoft inches closer to delivering Internet Explorer 10 for Windows 7
    Microsoft is continuing to privately test the last preview build of Internet Explorer 10 for Windows 7 before releasing it to the Web.
  • Opera Ice: New browser for Android and iPhone coming February uses WebKit (video)
    Opera Software, the company behind the popular browser of the same name, will launch a new smartphone and tablet browser called Opera Ice in February. It is an attempt to stay relevant and take the fight to Google and Apple in the mobile browser stakes.
  • Microsoft’s Windows 8 upgrade promotion really is ending on January 31
    Existing Windows licensees have until January 31 to get Windows 8 Pro for $39.99. After that, upgrade prices are on the rise.
  • Acronis Confirms Windows 8 Bug, Promises Patch
    A few days ago it was revealed that Windows 8’s very own anti-rootkit feature called Secure Boot blocked Acronis True Image 2013 from starting its recovery system. Acronis has confirmed the bug and promised to issue a fix sometime in February.
  • Microsoft Office 2013 Preview Expiration Date Extended
    Customers using the trial version of Office 2013 should feel very happy after reading this news. The Office 2013 Preview expiration date has been extended by a few more months.
  • Fedora 18 released with a brand new installer
    The Fedora Project has released version 18 of its Linux distribution, code-named “Spherical Cow”. The long-awaited and much delayed release introduces a completely reworked installer. The distribution is available with GNOME 3.6 as the default and optional KDE 4.9, Xfce 4.10, Cinnamon 1.6 and MATE 1.4 desktops. The blog post also has a screenshot tour slideshow available for viewing.
  • Steam for Linux Receives Another Update, Big Picture Mode Gets Fixed
    Steam for Linux, the digital distribution platform developed by Valve, has just received an important update and gets a little closer to a stable release.
  • Xbox LIVE region migration is now available
    From the blog post: I am happy to share the news that we can now offer Xbox LIVE Account Region Migration. If you have moved to a different Xbox LIVE region, you can now move your account and take your gamerscore, unlocked achievements, any Microsoft Points already in your account and any remaining time on your Gold membership.
  • Skype Tool Gets Firefox and Chrome Support – Download
    The popular Skype Click to Call app has received a new update that brings several major improvements, including support for two top browsers, namely Firefox and Chrome.
  • How to Restore Deleted Windows Live Messenger Contacts
    Plenty of users are complaining that their contact lists are removed once they move from Windows Live Messenger to Skype, so after weeks of investigations, Microsoft has finally released a workaround.
  • Hotmail Users Lose Emails After Moving to Outlook.com
    Microsoft continues to encourage users to move from Hotmail to Outlook.com, the company’s revamped email service, but users are complaining that all their emails are completely gone once the transition is completed.
  • Microsoft Releases Temporary Fix for Missing Outlook.com Emails Bug
    A bug in Outlook.com removed all emails belonging to hundreds of Hotmail users who attempted to migrate to Microsoft’s new email service in the last couple of months, so the company has finally decided to investigate the issue.
  • Touchscreen proliferation could open desktop to Android
    The takeaway for PCs from CES 2013 is that touchscreens are coming and they’re coming fast to computers running Microsoft Windows. That’s good news for Windows 8, which is optimized for touch; but it could be good news for Google, too, because it makes it easier for the Search Goliath to move its Android mobile operating system into Microsoft’s golden territory: the computer desktop.
  • Judge: News agencies shouldn’t have used Twitter photos
    A judge rules that the AFP news agency and The Washington Post infringed on the copyrights of a photographer by publishing images that he’d posted to Twitter.
  • Microsoft Names 9-Year-Old as Certified Technology Specialist
    A 9-year-old Indian boy has officially become the youngest Microsoft Certified Technology Specialist in the world, breaking a record previously held by 12-year-old Dubai-based Babar Iqbal.
  • If you lose your cellphone, don’t blame Wayne Dobson
    Wayne Dobson doesn’t have your cellphone. Even if it looks like he might. In the past two years the 59-year-old retiree has been pestered by people showing up at all hours of the day and night at his house, demanding their phones. They’ve yelled, shown him evidence, called the police – sworn that their phone is in his house. But he’s no thief.

Security News

Special Note: You can view our article on how to disable and/or unistall Java on your computer here.

  • Critical Java vulnerabilities confirmed in latest versio
    “Complete Java security sandbox bypass” found in emergency fix released this past Sunday. – Security researchers have confirmed that the latest version of Oracle’s Java software framework is vulnerable to Web hacks that allow attackers to install malware on end users’ computers.
  • New Java Exploit Fetches $5,000 Per Buyer
    Less than 24 hours after Oracle patched a dangerous security hole in its Java software that was being used to seize control over Windows PCs, miscreants in the Underweb were already selling an exploit for a different and apparently still-unpatched zero-day vulnerability in Java, KrebsOnSecurity has learned.
  • New Shylock Malware Infecting Skype Users
    Security vendors around the world are now warning that a new version of the Shylock malware is aimed at Skype users as Microsoft is struggling to move Windows Live Messenger to the VoIP platform.
  • Silent installs of add-ons still possible in Firefox
    A security researcher has demonstrated how it is still possible to silently install extensions, or as Mozilla calls them add-ons, for the open source Firefox web browser. In a blog post, Julian Sobrier of ZScaler detailed the process, which makes use of the fact that Firefox uses an Sqlite3 database to maintain information about which add-ons are installed and, of those, which ones have been approved by the user.
  • Microsoft releases emergency update to patch Internet Explorer bug
    Microsoft has released an emergency update to patch a security vulnerability in Internet Explorer that is being exploited in attacks aimed at government contractors and other targeted organizations.
  • Bitdefender tops AV-TEST, Microsoft Security Essentials bottom feeds
    Who offers the best antivirus protection? It’s not an easy question to answer, but independent testing labs AV-TEST and AV-Comparatives have just released their latest results and reports, and they make very interesting reading.
  • Microsoft fights back on antivirus certification fail, claims malware tests aren’t realistic
    Microsoft’s Security Essentials anti-malware package has again failed to gain approval from German testing firm AV-Test, but Redmond says the malware samples used to assess the software don’t reflect real-world conditions.
  • ICS-CERT reports virus infections at US power utilities
    In its current ICS-CERT Monitor, the US Computer Emergency Response Team (US-CERT) reports that two power utilities in the US suffered virus infections in the last quarter of 2012. In both cases, industrial control systems were infected via USB flash drives. The malware caused a power generation plant to be shut down for several weeks.
  • Massive espionage malware targeting governments undetected for 5 years
    “Red October” command-and-control setup more sophisticated than that of Flame. – Researchers have uncovered an ongoing, large-scale computer espionage network that’s targeting hundreds of diplomatic, governmental, and scientific organizations in at least 39 countries, including the Russian Federation, Iran, and the United States.
  • Why Red October malware is the Swiss Army knife of espionage
    With more than 1,000 separate components, attack seals the age of super malware. – The Red October malware that infected hundreds of computer networks in diplomatic, governmental, and scientific research organizations around the world was one of the most advanced espionage platforms ever discovered, researchers with antivirus provider Kaspersky Lab have concluded.
  • Red October espionage platform unplugged hours after its discovery
    Command servers and domains that targeted governments around the world go dark. – Key parts of the infrastructure supporting an espionage campaign that targeted governments around the world reportedly have been shut down in the days since the five-year operation was exposed.
  • Password life expectancy down to seconds
    The time an end-user spends devising a password this year will be longer than the life expectancy of that password, according to Deloitte Canada.
  • Report: AutoRun malware infections continue topping the charts
    Despite Microsoft’s response to the rise of AutoRun malware infections in February, 2011, according to ESET’s recently released telemetry data for 2012, the infection vector tops their chart for a second year in a row.
  • Lost+Found: Moxie on the beach, hacker flair, Volatility and NTLM
    Too small for news, but too good to lose, Lost+Found is a compilation of the other stories that have been been on The H’s radar this week. In this edition: an SSL guru in search of new challenges, hacker flair for all, guidelines for advisory authors, a Volatility contest and a very liberal URL shortener.
  • Microsoft Still Not Sure What to Do About Windows RT Jailbreak
    The Windows RT jailbreak community is growing bigger, while Microsoft is still investigating the hack and tries to make the right decision.
  • Mozilla develops Minion security testing framework
    The Mozilla Foundation is developing an open source security framework called Minion and plans to release a beta version in the first quarter of 2013. Minion will allow developers to subject their web applications to a security check. The framework will target applications with well-established pen testing tools such as OWASP’s Zed Attack Proxy (ZAP), Skipfish and NMAP. Further testing tools are planned to be incorporated into the framework as plugins.
  • Google’s password proposal: One ring to rule them all
    In a forthcoming paper, Google engineers float the idea of supplementing passwords with hardware you wear. Or carry. Or slip onto a finger.
  • Why does crapware still exist? Follow the Silicon Valley money trail
    If you followed security experts’ advice and manually updated Java this past week to fix a critical vulnerability, you might have gotten more than you asked for. Oracle probably makes tens of millions of dollars a year from crapware, and big venture capitalists see it as a growth business.
  • On Facebook, users can no longer hide from search result
    All profiles must contribute to the greater good of socially-fueled search. – In the wake of its “graph search” announcement, Facebook removed the ability for users to opt out of appearing in search results on the site, as noted by Quartz. Because graph search relies on the content of profiles to fuel its results, the move will allow more comprehensive returns on searches but may violate the privacy of users who previously relied on that feature.
  • These People Are Now Sharing Horrible Things About Themselves Thanks to Facebook Search
    FB’s glistening new search engine makes finding interesting things about yourself, your past, and all of your friends excitingly easy. It also makes it a cinch to find strangers who are openly racist, sexist, and generally embarrassing. This is fun! Note: Images in the post contain text and/or content that may be considered inappropriate.

TinyHacker Links

How-To Geek Weekly Article Recap

Geeky Goodness from the ETC Side

One Year Ago on How-To Geek

How-To Geek Comics Weekly Roundup

How-To Geek Weekly Trivia Roundup

Akemi Iwaya is a devoted Mozilla Firefox user who enjoys working with multiple browsers and occasionally dabbling with Linux. She also loves reading fantasy and sci-fi stories as well as playing "old school" role-playing games. You can visit her on Twitter and .

  • Published 01/20/13
More Articles You Might Like

Enter Your Email Here to Get Access for Free:

Go check your email!