There’s a zero-day exploit in the wild that’s being used to execute malicious code on the computers of people using Tor and possibly other users of the Firefox browser, officials of the anonymity service confirmed Tuesday. Word of the previously unknown Firefox vulnerability first surfaced in this post on the official Tor website.
Online criminals-at least some of them wielding the notorious Mirai malware that transforms Internet-of-things devices into powerful denial-of-service cannons-have begun exploiting a critical flaw that may be present in millions of home routers. Routers provided to German and Irish ISP customers for Deutsche Telekom and Eircom respectively have already been identified as being vulnerable, according to recently published reports from researchers tracking the attacks.
There’s a new method for rooting Android devices that’s believed to work reliably on every version of the mobile operating system and a wide array of hardware. Individuals can use it to bypass limitations imposed by manufacturers or carriers, but it could also be snuck into apps for malicious purposes.
A local Texas judge is tossing a $1 million lawsuit brought by a Dallas pet-sitting business that sued the owners of a pet fish for giving the company a 1-star Yelp review that complained that “Gordy” was overfed. Among other allegations, Prestigious Pets claimed (PDF) that a Plano couple violated its non-disparagement clause and defamed it on Yelp in last year’s review.
Patent troll VirnetX, fresh on the heels of a $626 million FaceTime and iMessages patent victory over Apple, now wants a federal judge to permanently turn off those popular features. VirnetX on Wednesday also asked the judge presiding over the litigation to increase the damages the East Texas jury awarded in February by another $190 million or more.
SAN FRANCISCO-Following a two-week trial, a jury has found that Google’s Android operating system does not infringe Oracle-owned copyrights because its re-implementation of 37 Java APIs is protected by “fair use.” The verdict was reached after three days of deliberation. The verdict in Google’s favor ends the trial, which began earlier this month.
A large number of websites are vulnerable to a simple attack that allows hackers to execute malicious code hidden inside booby-trapped images. The vulnerability resides in ImageMagick, a widely used image-processing library that’s supported by PHP, Ruby, NodeJS, Python, and about a dozen other languages.
A surprisingly large number of developers are posting their Slack login credentials to GitHub and other public websites, a practice that in many cases allows anyone to surreptitiously eavesdrop on their conversations and download proprietary data exchanged over the chat service.
The public will soon be free to sing the world’s most famous song. Music publisher Warner/Chappell will no longer be allowed to collect licensing royalties on those who sing “Happy Birthday” in public and will pay back $14 million to those who have paid for licensing in the past, according to court settlement papers filed late Monday night.
The Third Amendment to the United States Constitution is just 32 words: “No soldier shall, in time of peace be quartered in any house, without the consent of the owner, nor in time of war, but in a manner to be prescribed by law.”
It turns out your home security camera may see more of your home than you thought it did. In a teardown of the Nest Cam, a team at ABI Research found that even when “off,” the camera draws nearly the same amount of power as when it’s fully powered on, meaning it’s functional and running even when the indicator light claims otherwise.
Turing Pharmaceuticals, the company that last month raised the price of the decades-old drug Daraprim from $13.50 a pill to $750, now has a competitor. Imprimis Pharmaceuticals, Inc., a specialty pharmaceutical company based in San Diego, announced today that it has made an alternative to Daraprim that costs about a buck a pill-or $99 for a 100-pill supply.
SHA1, one of the Internet’s most crucial cryptographic algorithms, is so weak to a newly refined attack that it may be broken by real-world hackers in the next three months, an international team of researchers warned Thursday. SHA1 has long been considered theoretically broken, and all major browsers had already planned to stop accepting SHA1-based signatures starting in January 2017.
A patent troll that sued several small companies offering “cybersex” products has backed away from its largest target, the crowdfunding platform Kickstarter. TZU Technologies filed six lawsuits in June, mostly against manufacturers of computing-enabled sex toys.
Are you a PHP wizard with mad front-end development skills? We should talk.
A website in Russia has been caught exploiting a serious zero-day vulnerability in Mozilla’s Firefox browser, prompting the open-source developer to deliver an emergency update that fixes the flaw. The bug in a built-in PDF reader allowed attackers to steal sensitive files stored on the hard drives of computers that used the vulnerable Firefox version.
Hackers are exploiting a serious zero-day vulnerability in the latest version of Apple’s OS X so they can perform drive-by attacks that install malware without requiring victims to enter system passwords, researchers said. Released proof-of-concept exploit code could make existing Mac attacks meaner.
This week WordPress released the latest edition of its recurring transparency report, revealing 43 percent of the Digital Millennium Copyright Act (DMCA) takedown requests it received have been rejected in the first six months of 2015. It’s the lowest six-month period shown in the report, though it only dates back to 2014.
During testimony today in a grueling two-hour hearing before the House Oversight and Government Reform Committee, Office of Personnel Management (OPM) Director Katherine Archuleta claimed that she had recognized huge problems with the agency’s computer security when she assumed her post 18 months ago.
In new statement sent to Ars, FBI says local cops can talk about stingrays. The sheriff in San Bernardino County-east of Los Angeles County-has deployed a stingray hundreds of times without a warrant, and under questionable judicial authority.
Google Code is to join the long list of Google projects that have been consigned to the dustbin of history. The open source project hosting service will no longer be accepting new project submissions as of today, will no longer be accepting updates to existing projects from August 24, and will be closed entirely on January 25, 2016.
The Federal Communications Commission today voted to enforce net neutrality rules that prevent Internet providers-including cellular carriers-from blocking or throttling traffic or giving priority to Web services in exchange for payment. Not the end of the world: What Tom Wheeler’s proposal will and won’t do.
Imagine that you are a major global seller of laptop computers and that you were just caught preloading those machines with ultra-invasive adware that hijacks even fully encrypted Web sessions by using a self-signed root HTTPS certificate from a company called Superfish. How do you explain why you did it?