Week in Geek: Evernote is Latest Company to Suffer Security Breach

By Akemi Iwaya on March 3rd, 2013

Our first edition of WIG for March is filled with news link coverage on topics such as some new Macs are unable to reinstall Mountain Lion, Facebook is giving advertisers more opportunities to target users, Pandora has capped free mobile listening at 40 hours a month, and more.

Weekly News Links

Security News

  • Evernote resets user passwords after being hit by “coordinated” hack
    Evernote is requiring each of its 50 million users to reset their login credentials after the site’s security team detected a security breach that exposed password data and other personal information. You can read the official Evernote announcement here.
  • New Java 0-Day Attack Echoes Bit9 Breach
    Once again, attackers are leveraging a previously unknown critical security hole in Java to break into targeted computers. Interestingly, the malware and networks used in this latest attack match those found in the recently disclosed breach at security firm Bit9.
  • Adobe issues emergency patch for zero-day Flash vulnerabilities
    The company says two vulnerabilities are being actively exploited and recommends that Windows and Mac OS X users of the browser plug-in update their systems immediately.
  • Apple blacklists older versions of Flash plugin due to security risk
    Just as it did with some versions of Java, Apple has now blocked older versions of Adobe’s Flash plugin to protect Mac users from security risks. In a new support document posted to its website on Friday, Apple explained that it has already updated its plugin blocking tool built into Safari—users don’t need to lift a finger.
  • Flaw in HTML5 Allows Gigabytes of Data to be Downloaded
    Hacker Feross Aboukhadijeh has exposed an exploit that allows using the LocalStorage API to download gigabytes of data on to a user’s computer with no warning. This vulnerability affects Chrome, Safari, Opera and Internet Explorer. Firefox is unaffected by this exploit.
  • Linux rootkits abuse SSH service
    Security specialists at the Internet Storm Center have reported on a very special backdoor which is currently being found on compromised Linux servers where the attackers have manipulated a library in the SSH service. Apparently, mainly RPM-based systems are affected, but how the attackers get into the server is not yet known.
  • Cyber-attackers turn NVIDIA tool into an accomplice
    Virus experts at Sophos made a surprising discovery in their analysis of a targeted cyber attack. A specially crafted RTF document was taking advantage of a vulnerability in Word to execute a tool from NVIDIA’s graphics card drivers on the victims’ computers. The executable file, called nv.exe, is digitally signed – and is, in fact, the original file with no changes.
  • Dropbox users getting spammed, might be from earlier hack
    The file-sharing site’s user forum is filling up with complaints of e-mail spam, which the company believes could be related to last year’s data leak.
  • Google’s two-factor authentication bypassed
    Google has fixed a vulnerability which could in theory have enabled attackers to compromise Google accounts protected by two-factor authentication. However, the company did take seven months to do so.
  • Second iPhone passcode hack vulnerability discovered
    Researchers are having a fun time with iOS 6.1 passcode locks this month, with Vulnerability Lab having discovered a second version of a vulnerability that lets a hacker slip past a lock screen to access a user’s contact list, voicemails and more.
  • Foreign hackers steal more than a terabyte of data per day in ongoing cyberwar
    Security experts predict attacks will get worse before they get better. – Two decades after computer security began generating billions by selling expertise and software designed to protect unwanted network intrusions, experts say those networks are more vulnerable than ever.
  • Bizarre old-school spyware attacks governments, sports Mark of the Beast
    Unidentified attackers have infected government agencies and organizations in 23 countries with highly advanced malware that uses low-level code to stay hidden and Twitter and Google to ensure it always has a way to receive updates.
  • Revealed: Stuxnet “beta’s” devious alternate attack on Iran nuke progra
    Researchers have uncovered a never-before-seen version of Stuxnet. The discovery sheds new light on the evolution of the powerful cyberweapon that made history when it successfully sabotaged an Iranian uranium-enrichment facility in 2009.
  • Hackers turn China security report into Trojans
    Hackers create malicious versions of a report released by Mandiant which linked cyberattacks to the Chinese army, but the IT security vendor says its system is not breached.
  • Lost+Found: Skype, XSS, and a Java exploit examined
    Too small for news, but too good to lose, Lost+Found is a compilation of the other stories that have been on The H’s radar this week. Topics: Skype as a hacker’s accomplice, measures to combat XSS, Keccak for C++, an analysis of a Java attack, a new security distribution, and the RSA Conference.
  • How much data can police swipe from suspects’ phones without a warrant? (Hint: A lot)
    A clearer picture has emerged as to just how much data is swiped by U.S. law enforcement when a cell phone is plugged in and its data is downloaded with forensic tools.
  • Firefox 22 to block third-party cookies
    A patch submitted for inclusion in Firefox 22 by Jonathan Mayer means that this version of the browser will block third-party cookies by default without requiring the user to set a custom history policy and then forbid the accepting of those cookies.
  • Apple said to nix apps using ‘cookie tracking’
    In what might be a push for its own Advertising Identifier technology, the software giant is said to be rejecting apps that use “cookie tracking” from its App Store.
  • How Ubuntu Turned Search in the Dash into a PR Crisis
    Sometimes, how you handle a feature’s criticisms is as important as its specs. While Ubuntu’s upcoming phone and tablet dominate the headlines, an existing controversy is threatening to flare up again as the 13.04 release nears. The display of Amazon search results in the dash, which first became an issue in the 12.10 release, is erupting again as Ubuntu plans to extend the feature to dozens of other websites.
  • Facebook gives advertisers more opportunities to target users
    The social network is opening up its custom ad tool to third-party ad managers, which means more companies can use Facebook to reach already existing customers.

TinyHacker Links

How-To Geek Weekly Article Recap

Geeky Goodness from the ETC Side

How-To Geek Weekly Trivia Roundup

One Year Ago on How-To Geek

Akemi Iwaya is a devoted Mozilla Firefox user who enjoys working with multiple browsers and occasionally dabbling with Linux. She also loves reading fantasy and sci-fi stories as well as playing "old school" role-playing games. You can visit her on Twitter and .

  • Published 03/3/13
More Articles You Might Like

Enter Your Email Here to Get Access for Free:

Go check your email!