bennyboy64 writes "An IT security company has discovered a serious exploit in Apache's HTTP web server, which could allow a remote attacker to gain complete control of a database. ZDNet reports the vulnerability exists in Apache's core mod_isapi module. By exploiting the module, an attacker could remotely gain system privileges that would compromise data security. Users of Apache 2.2.14 and earlier are advised to upgrade to Apache 2.2.15, which fixes the exploit." Note: according to the advisory, this exploit is exclusive to Windows.

An anonymous reader notes a long piece up at BusinessInsider.com accusing Facebook founder Mark Zuckerberg of hacking into the email accounts of rivals and journalists. The CEO of the world's most successful social networking website was accused of at least two breaches of privacy. In a two-year investigation detailing the founding of Facebook, Nicholas Carlson, a senior editor at Silicon Alley Insider, uncovered what he claimed was evidence of the hackings in 2004. "New information uncovered by Silicon Alley Insider suggests that some of the complaints [in a court case ongong since 2007] against Mark Zuckerberg are valid. It also suggests that, on at least one occasion in 2004, Mark used private login data taken from Facebook's servers to break into Facebook members' private email accounts and read their emails — at best, a gross misuse of private information. Lastly, it suggests that Mark hacked into the competing company's systems and changed some user information with the aim of making the site less useful. ... Over the past two years, we have interviewed more than a dozen sources familiar with aspects of this story — including people involved in the founding year of the company. We have also reviewed what we believe to be some relevant IMs and emails from the period. Much of this information has never before been made public. None of it has been confirmed or authenticated by Mark or the company." The single-page view doesn't have its own URL; click on "View as one page" near the bottom.

mliu writes "In what is sure to be a blow to the already beleaguered stand-alone GPS market, Nokia, the global leader in smartphone market share, has released a fully offline-enabled free GPS navigation and mapping application for its Symbian smartphones. Furthermore, the application also includes Lonely Planet and Michelin guides. Unfortunately, the N900, which is beloved by geeks for its Maemo Linux-based operating system, has not seen any of the navigation love so far. With Google's release of Google Navigation for Android smartphones, and now Nokia doing one better and releasing an offline-enabled navigation application, hopefully this is the start of a trend where this becomes an expected component of any smartphone."

i_want_you_to_throw_ writes "During a presentation at Linux.conf.au 2010 in Wellington, LWN.net founder and kernel contributor Jonathan Corbet offered an analysis of the code contributed to the Linux kernel between December 24 2008 and January 10 2010. The Linux world makes much of its community roots, but when it comes to developing the kernel of the operating system, it's less a case of 'volunteers ahoy!' and more a case of 'where's my pay?'" It's not clear from the article why anyone should perceive a contradiction between having high ideals and getting paid to do something you enjoy.

An anonymous reader writes that "[Monday] evening, on systems with Norton Internet Protection running, users began to see a popup warning about an executable named PIFTS.exe trying to access the internet. The file was shown to be located in a non-existent folder inside the Symantec LiveUpdate folder. There were several posts about this to the Norton customer forums asking for help or information on this mysterious program. The initial thread received several thousand views and several pages of replies in a few short hours before being deleted. Several subsequent posts to the Norton forum were deleted much more quickly. These actions — whether actively covering up, or simply not well thought through — have spurred people to begin crafting conspiracy theories about the purposes of this PIFTS program. I for one am blocking the program until more information becomes available." The current top link on Google for "PIFTS.exe" links to one of these deleted questions on Norton's support boards, which sounds innocent enough: "I searched this forum but did not see PIFTS.exe. Any idea what this is?"

lou ibmix XI submitted an email written by Bill Gates a few years ago and turned over to the feds as part of the government's antitrust case. Great quotes like 'Someone decided to trash the one part of Windows that was usable?' and 'The lack of attention to usability represented by these experiences blows my mind.' We like to think of him as an abstract, but I think this is interesting stuff. Also, this might seem familiar. Oops.

nitro writes "A fairly in-depth technical report by the security researchers at TippingPoint was released on how to reverse engineer the proprietary protocol for controlling a USB missile-launching toy system. They develop an iPhone application to control the device. 'The hardware is coupled with a simple GUI controller written in Delphi (MissileLauncher.exe) and a USB Human Interface Device (HID) interface written in C++ (USBHID.dll). The toys lost their allure within minutes of harassing my team with a barrage of soft missile shots. That same night I thought I would be able to extend the fun factor by coding up a programmatic interface to the launchers in Python. ... One interesting thing is that we have a lot more granular control of the turret movement now than we did with the original GUI. I wrote two simple loops to count the number of possible horizontal and vertical ticks and the results were 947 horizontal and 91 vertical versus 54 and 10 from the original GUI respectively. Granular control allows you to slowly and quietly reposition the turret for stealthy attacks.'"