Week in Geek: Firefox OS Developer Preview Phones to Become Available in February

By Akemi Iwaya on January 27th, 2013

Our last edition of WIG for January is filled with news link coverage on topics such as Ubuntu is considering a move to a rolling release cycle, some users have started experiencing update problems with Microsoft Security Essentials, Google has indexed more than 86,000 HP ‘public’ printers, and more.

Firefox OS phone images courtesy of Mozilla Hacks Blog.

Weekly News Links

Firefox OS phone images courtesy of Mozilla Hacks Blog.

Security News

Image courtesy of Ed Bott – ZDNet.

  • A close look at how Oracle installs deceptive software with Java updates
    Oracle’s Java plugin for browsers is a notoriously insecure product. Over the past 18 months, the company has released 11 updates, six of them containing critical security fixes. With each update, Java actively tries to install unwanted software. Here’s what it does, and why it has to stop.
  • Update problems for Microsoft’s free anti-virus
    This past Saturday (19th), Microsoft Security Essentials (MSE), Microsoft’s free anti-virus software package, stopped automatically updating its malware signatures on some systems. Users are also reporting that clicking on the “Update” button on the program window likewise fails to deliver the anticipated results. Blog post explains how to fix the problem.
  • Microsoft Blocks Even More Skype Malware
    Even though Shylock is believed to be one of the main threats for Skype users, it appears that many more forms of malware are actually targeting those who installed Microsoft’s VoIP application.
  • Trojans conceal themselves using instant messaging protocols
    Trend Micro has discovered new trojans which camouflage their communication by imitating common instant messaging protocols such as Windows Live Messenger or Yahoo Messenger. The security company has dubbed the trojans “Fakem RATs” (a RAT being a remote access trojan).
  • Beware of fake Java updates
    Following recent security vulnerabilities in Java, malware developers are taking a new approach to exploit the Java platform by issuing false updates that pose as legitimate updates for the runtime.
  • Phishing attack attempts to steal Google passwords via Red Cross website
    From the blog post: Always be careful about the links that you click on in unsolicited emails – are they really taking you where you think they’re taking you to? That’s an important lesson for all computer users to learn, and it’s brought home by this email we intercepted overnight:
  • Just-patched Java, IE bugs used to snare human rights sites
    The website belonging to non-governmental organization Reporters Without Borders is the latest to be hit by attacks that use the recently patched Java and Internet Explorer vulnerabilities to surreptitiously hijack computers of visitors, security researchers said.
  • Italian-language page at MSN redirects to Cool Exploit Kit, serves ransomware
    Last week, security researchers from AVG’s Web Threat Research Group detected a malicious JavaScript on an Italian-language page at MSN that was dropping ransomware on the affected hosts. How trusted are high profile “trusted” Web sites?
  • Fake Plants vs Zombies and other Android games infiltrate Google Play store, make money for fraudsters
    Is Google doing a good enough job of policing apps in the official Android app store? It seems not, judging by the number of bogus apps that continue to be made available for public download from Google Play, exploiting the name and reputation of legitimate games in an attempt to make money for fraudsters.
  • GitHub Search shuts down after users’ private keys exposed
    Social coding site’s search function closes without explanation, after online users pointed out upgrade earlier this week revealed private files and encryption keys.
  • ICS-CERT warns of SCADA password cracker
    ICS-CERT, the US body responsible for the security of industrial control systems, has warned of a tool that can be used to crack passwords for programmable logic controllers (PLCs).
  • Backdoors Found in Barracuda Networks Gear
    A variety of the latest firewall, spam filter and VPN appliances sold by Campbell, Calif. based Barracuda Networks Inc. contain undocumented backdoor accounts, the company disclosed this past Thursday. Worse still, while the backdoor accounts are apparently set up so that they would only be accessible from Internet addresses assigned to Barracuda, they are in fact accessible to potentially hundreds of other companies and network owners.
  • Whoops: Google indexes more than 86,000 HP ‘public’ printers
    The search engine turns up tens of thousands of publicly available printers connected directly to the Internet. Hackers, however, could launch never-ending printing attacks.
  • Google: User-data requests have increased by 70 percent since 2009
    Google’s latest Transparency Report reveals that user-data requests from government agencies worldwide have increased significantly in the last four years.
  • Grammar badness makes cracking harder the long password
    Password crackers get an English lesson. – When it comes to long phrases used to defeat recent advances in password cracking, bigger isn’t necessarily better, particularly when the phrases adhere to grammatical rules.

TinyHacker Links

How-To Geek Weekly Article Recap

Geeky Goodness from the ETC Side

One Year Ago on How-To Geek

How-To Geek Weekly Trivia Roundup

Akemi Iwaya is a devoted Mozilla Firefox user who enjoys working with multiple browsers and occasionally dabbling with Linux. She also loves reading fantasy and sci-fi stories as well as playing "old school" role-playing games. You can visit her on Twitter and .

  • Published 01/27/13
More Articles You Might Like

Enter Your Email Here to Get Access for Free:

Go check your email!