Trailrunner7 writes "A Spanish security researcher has discovered a new vulnerability in Apple's QuickTime software that can be used to bypass both ASLR and DEP on current versions of Windows and give an attacker control of a remote PC. The flaw apparently results from a parameter from an older version of QuickTime that was left in the code by mistake. It was discovered by Ruben Santamarta of Wintercore, who said the vulnerability can be exploited remotely via a malicious Web site. On a machine running Internet Explorer on Windows 7, Vista or XP with QuickTime 7.x or 6.x installed, the problem can be exploited by using a heap-spraying technique. In his explanation of the details of the vulnerability and the exploit for it, Santamarta said he believes the parameter at the heart of the problem simply was not cleared out of older versions of the QuickTime code. 'The QuickTime plugin is widely installed and exploitable through IE; ASLR and DEP are not effective in this case and we will likely see this in the wild,' said HD Moore, founder of the Metasploit Project."

GovTechGuy writes "Four House Democrats wrote to the Federal Communications Commission, urging them to write strict net neutrality rules and reject the framework put forward by Google and Verizon. The lawmakers, including Rep. Anna Eshoo, who represents the district containing Google HQ, said the Google-Verizon proposal increases the pressure on the FCC to come up with actual net neutrality rules, and characterize the deal as harmful to consumers and beneficial for the corporations. In particular, the letter took issue with two pieces of the Verizon-Google proposal: exemptions for managed services and wireless services from strict net-neutrality rules."

An anonymous reader writes "It seems the lawyers and the marketing people at The Discovery Channel don't talk to each other much. The marketing people behind the show 'The Deadliest Catch' have been supporting a fan community called DeadliestCatchTV.com for a while now. They've regularly sent the site info, free clips, previews and information about the show. On top of that, they link to it from the official site, including it in a list of 'fan sites' as a part of the 'Discovery Network,' and even will frame the site with the show's own dashboard for those who click through. Discovery's lawyers, on the other hand, have threatened to sue the site out of existence and have demanded that the owner hand over the domain name — which he is going to do, because he doesn't have the money to fight this. While there may be a trademark issue (which could be easily resolved with a free license), the lawyers are also making the ridiculous argument that posting the videos Discovery sent him to post are copyright infringement. They're also claiming that embedding the official Discovery Channel YouTube videos (which have embedding turned on) is copyright infringement. This is exactly how you turn lots of fans into people who hate your entire channel."

An anonymous reader writes "PIXAR Animator Angus MacLane has created an incredible series of LEGO 'CubeDudes' modeled after beloved characters from sci-fi movies and comic books. From Star Wars heroes R2D2 and C-3PO to Toy Story's Buzz Lightyear and Jessie, the pixellated creations bear a remarkable likeness to their forebears. MacLane says, 'When I had a moment here and there I chip away at a few at a time. I'll have the body of one Dude and a head of another that I will be working on at the same time. It takes me about 10-15 minutes to make one CubeDude and I average about two a day.' The hardest part is the color palette — LEGO doesn't make purple bricks, so villains like Lex Luthor, The Joker, and Grimace are a challenge."

richi writes "If you use Safari, your browser may be leaking your private information to any website you visit. Jeremiah Grossman, the CTO of WhiteHat Security, has discovered some Very Bad News. I have some analysis and other reactions over at my Computerworld blog. The potential for spam and phishing is huge. A determined attacker might even be able to steal previously-entered customer data." In short, autofill for Web forms is enabled by default in Safari 4 / 5 (and remotely exploitable), and the data that this feature has access to includes the user's local address book — even if the information has never been entered into a Web form.

quickOnTheUptake writes in to update the story of foul play in Apple's App Store, which we talked over on Sunday. The Next Web, which broke the story, now provides evidence of rampant App Farms used for theft in the store. Here is a summary of the problems TNW has seen, which includes large-scale break-ins of the App Store accounts of users worldwide. Apple has responded to the initial reports, has disabled the account of the initially fingered rogue developer, and has called on those whose accounts were misused to change their password and credit card. Both TNW and Engadget, at least, believe the problems go far deeper than Apple is admitting.

langelgjm writes "In the lead up to next week's Anti-Counterfeiting Trade Agreement (ACTA) negotiations in Lucerne, a conference that drew over 90 academics and experts from six continents has released a statement issuing a harsh condemnation of both the substance and process of the agreement. Held last week at American University's Washington College of Law, the attendees say, 'We find that the terms of the publicly released draft of ACTA threaten numerous public interests, including every concern specifically disclaimed by negotiators.' The 'urgent communique' covers more than the usual ACTA topics of interest on Slashdot: in addition to the agreement's effect on the Internet, it also considers the effects on access to medicines, international trade, and developing countries. Meanwhile, Public Knowledge has an action alert where you can send a note to the White House expressing your opposition to ACTA."

Th'Inquisitor was one of several readers to point out coverage of Apple's stealth security fix, included along with the recent Snow Leopard 10.6.4 update. Graham Cluley of Sophos first noticed the update to protect Mac computers from a Trojan, and the fact that Apple didn't mention it in the release notes. The malware opens a back door to a Mac that can allow attackers to gain control of the machine and snoop about on it or turn it into a zombie. "You have to wonder," writes Cluley, "whether their keeping quiet about an anti-malware security update like this was for marketing reasons." While he certainly has a point that Apple benefits by its users' belief that the platform is secure, you also have to wonder whether any such publicity from a security company has a marketing subtext, as well.

snydeq writes "US regulators are planning to investigate whether Apple is shutting out third parties such as Google and Microsoft in advertising on the iPhone and iPad under revised terms to its iAd mobile ad platform. Apple's revised developer terms prohibit ad analytics collection unless it is provided to an independent ad service provider whose primary business is serving mobile ads. If enforced, the proposed terms would prohibit developers from using Google's AdMob service on the iPhone, according to AdMob founder Omar Hamoui. Developers using AdMob to deliver ads on cross-platform mobile apps would have to go through an alternative service for the version of the app running on an Apple platform, according to the terms. It's an impractical solution that some are calling restrictive."

Thomas Hawk writes "Victoria Kolakowski, a current sitting law judge at the California PUC, is running for Alameda Superior Court judge in California. As part of her campaign she is robodialing people in California with a pre-recorded message. The only problem is that in Califorina robodials are actually illegal unless first introduced by a non-recorded natural person who gains consent to play the call. Ironically, the agency set up to protect our privacy and enforce this law, the California PUC, is the very agency where Kolakowski works today. Kolakowski originally apologized for the calls but then later deleted messages on her Facebook account from people objecting to her use of these calls. Now Kolakowski is trying to argue that because 'technically' she is routing her calls through Colorado from outside the state that her robodials are actually legal."

lilbridge writes "For over 1,500 years the Chinese have been using sticky rice as an ingredient in mortar, which has resulted in super strong buildings, many of which are still standing after hundreds of years. Scientists have been studying the sticky rice and lime mortar to unlock the secrets of its strength, and have just determined the secret ingredient that makes the mortar more stable and stronger. The scientists have also concluded that this mixture is the most appropriate for restoration of ancient and historic buildings, which means it is probably also appropriate for new construction as well."

For a while now Apple has said it doesn't want "widget-like" apps in the store; but where is the boundary of that fuzzy statement? The developers of My Frame, of which three versions had already been approved for the iPhone/iPad, found out that they had already crossed it when Apple informed them their app would be pulled. My Frame had options to overlay data on whatever photo was displaying: a Twitter stream, weather, etc. When one of the developers wrote to Steve Jobs on a whim to ask what unwritten rule their app had violated, Jobs wrote back: "We are not allowing apps that create their own desktops. Sorry." "I see now why people are so angry at the 'murky' nature of the App Store, and I'm starting to agree with them. My Frame was approved by Apple 3 times (once for each version we released), and ... now, at version 1.2 they decide it's to be removed? How can a company be prepared to invest into a platform that can change at any time, cutting you off and kicking you out, with no course of action but to whine on some no-name blog[?] There is no alternative platform, despite what others may say about Android, it's immature and their app store(s) are a wild west nightmare. It really is Apple's way or the highway...." A few blogs have picked up the story.

itwbennett writes "After a networking error first reported on Wednesday last week caused computers in Chile and the US to come under the control of a system that censors the Internet in China, the 'root DNS server associated with the networking problems has been disconnected from the Internet,' writes Robert McMillan. The server's operator, Netnod, has 'withdrawn route announcements' made by the server, according to company CEO Kurt Lindqvist."