Trailrunner7 writes "In a sudden about-face, Sun has rushed out a Java update to fix a drive-by download vulnerability that exposed Windows users to in-the-wild malware attacks. The patch comes less than a week after Sun told a Google researcher it did not consider the issue serious enough to warrant an out-of-cycle patch and less than a day after researchers spotted live exploits on a booby-trapped Web site. The flaw, which was also discovered independently by Ruben Santamarta, occurs because the Java-Plugin Browser is running 'javaws.exe' without validating command-line parameters. Despite the absence of documentation, a researcher was about to figure out that Sun removed the code to run javaws.exe from the Java plugin. The about-face by Sun is another sign that some big vendors still struggle to understand the importance of working closely with white hat researchers to understand the implications of certain vulnerabilities. In this case, Google's Tavis Ormandy was forced to use the full-disclosure weapon to force the vendor into a proper response."

MrSmith0011000100110 writes "The lovely people over at AndroidCentral have broken the announcement that Android 2.1 is finally coming to the Motorola Droid, with actual proof on Verizon's Droid support page (PDF). I don't know about my Droid brethren, but I'm pretty excited to see the new series of Android ROMs for the Droid phone that are based on a stock Android 2.1. As most of us know, the existing 2.1 ROMs can be buggy as hell and either running vanilla 2.1 or a custom ROM; but this phone is still a tinkerer's best friend."

New York State's Attorney General, Andrew Cuomo, has subpoenaed a number of online retailers, including GameStop, Barnes & Noble, Ticketmaster and Staples, over the way they pass information to marketing firms while processing transactions. MSNBC explains the scenario thus: "You're on the site of a well-known retailer and you make a purchase. As soon as you complete the transaction a pop-up window appears. It offers a discount on your next purchase. Click on the ad and you are automatically redirected to another company's site where you are signed up for a buying club, travel club or credit card protection service. The yearly cost is usually $100 to $145. Here's where things really get smarmy. Even though you did not give that second company any account information, they will bill the credit or debit card number you used to make the original purchase. You didn't have to provide your account number because the 'trusted' retailer gave it to them for a cut of the action." While there is no law preventing this sort of behavior, Cuomo hopes the investigation will pressure these companies to change their ways, or at least inform customers when their information might be shared.

Al writes "Researchers at Microsoft and the University of California, San Diego have developed a network adapter that lets a computer enter sleep mode without disrupting the network connection. The adapter, dubbed Somniloquy (meaning to talk in one's sleep), consists of a gumstix running embedded Linux, 64MB of RAM and a 2G SD memory card, connected via USB. The adapter keeps the network connection going and the researchers have also developed a simplified IM client and bittorrent client that carry out more complicated tasks autonomously, only waking the computer if, for example, an actualy IM is received or a download is completed."

He'll probably ask where to find Mankrik's wife at dinner.