Pigskin-Referee writes: Britain's data regulator has reopened its investigation into Google's Street View, saying Tuesday that an inquiry by authorities in the United States raised new doubts about the disputed program.
Steve Eckersley, enforcement chief of the British Information Commissioner's Office, said Google Inc. had questions to answer about Street View, an attention-grabbing project which sent camera-toting vehicles across the globe to create three-dimensional maps of the world's highways and byways.
But the cars weren't just taking pictures: They were scooping up passwords, Web addresses, emails, and other sensitive data transmitted over unsecured wireless networks.
There was outrage on both sides of the Atlantic when the data-slurping was exposed in early 2010, and the Information Commissioner's Office was one of several European agencies which investigated Street View in the aftermath of the scandal. But in November of that year, the ICO gave Google a mere slap on the wrist, saying that while Google had violated British data protection laws it would escape any fines so long as it pledged not to do it again.
At the time, Google insisted that the breach was an accident.
"We did not want this data, have never used any of it on our products and services, and have sought to delete it as quickly as possible," the company claimed back then.
Evidence made public earlier this year by the Federal Communications Commission has since punctured Google's "oops-I-took-your-data" defense.
Pigskin-Referee writes: Apple has shipped new versions of its Safari browser to fix numerous security holes that expose Windows users to malicious hacker attacks.
The Safari 5.1 and Safari 5.0.6 addresses gaping security holes in Safari and WebKit, the open-source browser rendering engine. These updates are available for Safari users running Windows XP SP2, Windows Vista and Windows 7.
According to Apple’s advisory, some of these vulnerabilities could lead to drive-by download attacks, full system compromise, denial-of-service conditions of cross-site scripting attacks.
Pigskin-Referee writes: British intelligence has hacked into an al-Qaeda online magazine and replaced bomb-making instructions with a recipe for cupcakes.
The cyber-warfare operation was launched by MI6 and GCHQ in an attempt to disrupt efforts by al-Qaeda in the Arabian Peninsular to recruit “lone-wolf” terrorists with a new English-language magazine, the Daily Telegraph understands.
When followers tried to download the 67-page colour magazine, instead of instructions about how to “Make a bomb in the Kitchen of your Mom” by “The AQ Chef” they were greeted with garbled computer code.
The code, which had been inserted into the original magazine by the British intelligence hackers, was actually a web page of recipes for “The Best Cupcakes in America” published by the Ellen DeGeneres chat show.
Written by Dulcy Israel and produced by Main Street Cupcakes in Hudson, Ohio, it said “the little cupcake is big again” adding: “Self-contained and satisfying, it summons memories of childhood even as it's updated for today’s sweet-toothed hipsters.”
It included a recipe for the Mojito Cupcake – “made of white rum cake and draped in vanilla buttercream”- and the Rocky Road Cupcake – “warning: sugar rush ahead!”
Pigskin-Referee writes: Microsoft has expanded its vulnerability disclosure policy to include not only those in its own products, but also flaws in third party software that runs on Microsoft operating systems. These will follow the same practices as the advisories issued for Microsoft's products, and it makes sense, because many users look to Microsoft to ensure that their computers are secure, even when the problem lies with a third party program. The company will coordinate with the third party vendor.
Pigskin-Referee writes: Malware has been found in the wild that masquerades as harmless Linux/Unix-like software for routers, but is in fact an IRC backdoor.
The malware, which poses as a.elf file, has infected machines in Latin America, security company Trend Micro said in a blog post on Thursday. Trend Micro has called the exploit ELF_TSUNAMI.R., and says it can also compromise D-Link DWL-900AP+ access points.
An infected machine connects to a botnet on internet relay chat (IRC) servers, Trend Micro said. The exploit may perform brute-force attacks on router username password pairs. At the time of writing, Trend Micro was analysing how the malware spreads, and whether machines in geographical territories outside of Latin America have been compromised.
D-Link said in January 2010 that a vulnerability in three of its routers could let hackers reconfigure administrative settings.
Symantec said in 2008 that it had discovered malware in the wild that subverted routers in attempted banking fraud.