jfruhlinger writes "LulzSec might not be as famous as Anonymous — they're really best known for hacking sites they like, to prove a point about security — but they may have just raised their profile significantly, posting what appears to be data taken from an internally facing server at the US Senate. However, the fun-loving group might find that the Senate reacts a lot more harshly to intrusions than, say, PBS did." The group also recently grabbed data from Bethesda Softworks.

An anonymous reader writes "Passwords and email addresses of almost 26,000 members of adult website Pron.com have been released on the internet by the notorious hacking group LulzSec. To add to the victims' humiliation, LulzSec called on its followers to try the email/password combinations against Facebook, and tell friends and family of the users that they were subscribers to a pornographic website. In addition LulzSec released passwords belonging to the administrators of dozens of other adult websites, and highlighted military and government email addresses that had signed up for the xxx-rated services."

newscloud writes "A twitter-savvy, gluten-free pizza shop nabbed missing Wired magazine writer Evan Ratliff in New Orleans early on Tuesday to win the $5,000 Vanish contest. Ratliff was ensnared in part by repeated non-TOR visits to our Facebook application, launched to support the contest's tracker community, and his secret travel journal on Twitter. 'The Vanish Team application became part of the game — essentially a trap for Evan — one he stumbled into each day knowingly and willingly. This is something that we would never do with our Facebook technology if Evan hadn't asked us to pursue him - but it's a useful reminder of "relative" anonymity on the Web.'"

Zerimar points out a significant flaw in Apache that can lead to a fairly trivial DoS attack is in the wild. Apache 1.x, 2.x, dhttpd, GoAhead WebServer, and Squid are confirmed vulnerable, while IIS6.0, IIS7.0, and lighttpd are confirmed not vulnerable. As of this writing, Apache Foundation does not have a patch available. From Rsnake's introduction to the attack tool: "In considering the ramifications of a slow denial of service attack against particular services, rather than flooding networks, a concept emerged that would allow a single machine to take down another machine's web server with minimal bandwidth and side effects on unrelated services and ports. The ideal situation for many denial of service attacks is where all other services remain intact but the webserver itself is completely inaccessible. Slowloris was born from this concept, and is therefore relatively very stealthy compared to most flooding tools."

ko9 writes that Microsoft has re-launched its "'Get the facts' campaign, in an attempt to promote Internet Explorer 8. It contains a chart that compares IE8 to Firefox and Chrome. Needless to say, IE8 comes out as the clear winner, with MS suggesting it is the only browser to provide features like 'privacy,' 'security,' 'reliability.' It even claims to have Firefox beat in 'customizability.'"

Arno Igne writes to tell us that the number of underage participants in "high-tech" crimes has risen steeply in recent history. Reporting children as young as 11 swapping credit card details and asking for hacks, many are largely unskilled and thus more likely to get caught and arrested. "Communities and forums spring up where people start to swap malicious programs, knowledge and sometimes stolen data. Some also look for exploits and virus code that can be run against the social networking sites popular with many young people. Some then try to peddle or use the details or accounts they net in this way. Mr Boyd said he spent a lot of time tracking down the creators of many of the nuisance programs written to exploit users of social networking sites and the culprit was often a teenager."

A number of readers have noted Google's open sourcing of their internal data interchange format, called Protocol Buffers (here's the code and the doc). Google elevator statement for Protocol Buffers is "a language-neutral, platform-neutral, extensible way of serializing structured data for use in communications protocols, data storage, and more." It's the way data is formatted to move around inside of Google. Betanews spotlights some of Protocol Buffers' contrasts with XML and IDL, with which it is most comparable. Google's blogger claims, "And, yes, it is very fast — at least an order of magnitude faster than XML."

Leibel writes "The Australian ABC News is reporting that a 15-year-old Australian liver transplant patient has defied modern medicine by taking on her donor's immune system. Demi-Lee Brennan had a liver transplant. Nine months later, doctors at Sydney's Westmead Children's Hospital were amazed to find the teenager's blood group had changed to the donor's blood type. They were even more surprised when they found the girl's immune system had almost totally been replaced by that of the donor, meaning she no longer had to take anti-rejection drugs. 'Dr. Michael Stormon says his team is now trying to identify how the phenomenon happened and whether it can be replicated. "That's probably easier said than done... I think it's a long shot," he said. "I think it's a unique system of events whereby this happened. "We postulate there's a number of different issues - the type of liver failure that she had, some of the drugs that we use early on to suppress the immune system and also that she suffered an infection with a virus called CMV, or cytomegalovirus, which can also suppress the immune system."'"

FST777 writes "The British Mail on Sunday published its latest DVD giveaway on the EcoDisc, a thin and bendable DVD format that is supposed to be more environmentally-friendly than regular DVDs. Despite the clear warning against using them in Apple slot drives, some Mac users decided to give it a go. The result? A brisk trade for repair shops in the UK. 'The EcoDisc's manufacturer, ODS, insists the disc won't break drives. "We've produced over ten million of these discs — we've had less than a dozen phone calls," says managing director, Ray Wheeler. "There are ways to get the discs out." Wheeler says the problem stems from Apple's slot-loading drives. "It uses an ejection system that doesn't get approval from the DVD Forum." He claims the EcoDisc should work in other types of slot-loading drive, although admits that it hasn't been tested in the PlayStation 3.'"

A reader writes "Aviv Raff, an Israeli researcher known for his work in hunting browser bugs, has revealed a Firefox spoofing vulnerability which could allow identity thieves to dupe users into giving up their password. According to Mr. Raff Firefox fails to sanitize single quotes and spaces in the 'Realm' value of an authentication header. Raff was quoted as saying 'This makes it possible for an attacker to create a specially crafted Realm value which will look as if the authentication dialog came from a trusted site.' This vulnerability was shown to be in the latest Firefox, version 2.0.0.11 and until Mozilla fixes this vulnerability Mr. Raff recommends in his blog 'not to provide username and password to Web sites which show this dialog.'"

An anonymous reader writes "PC Magazine reviews the $200 Linux desktop wonder sold by Wal-Mart. This desktop sold out quickly and has been cited as proof that consumers are tired of the Windows tax and ready for Linux. Not so according to PC Magazine, which gave the gPC a 1.5 star rating." Previous discussions we've had about system reviews were realistic but not quite so harsh; is this just nitpicking or is the 'shiny' starting to wear off of the cheap Linux PC concept?

teknopurge writes "Apparently Hushmail has been providing information to law enforcement behind the backs of their clients. Billed as secure email because of their use of PGP, Hushmail has been turning over private keys of users to the authorities on request. 'DEA agents received three CDs which contained decrypted emails for the targets of the investigation that had been decrypted as part of a mutual legal assistance treaty between the United States and Canada. The news will be embarrassing to the company, which has made much of its ability to ensure that emails are not read by the authorities, including the FBI's Carnivore email monitoring software.'"