Eeesh. There’s a new Flash zero-day out there — please make sure you’re all patched up! “Hacking Team specializes in surveillance software which it resells to various governments around the world, and in particular to some oppressive regimes, a major issue that has activists outraged. The data stolen from the firm contains several gigabytes worth of exploits, malware and other very sensitive information. Among them, a new Flash Player zero day affecting Flash Player up to version 18.104.22.168 was found and is making headlines.”
Amazon is being taken to court over its search results. “Just like how Google has faced criticisms for the way it displays its search results, it seems that this is an issue that Amazon has run into as well, so much so that they’re being taken to court over the way the company displays its search results for products. The company taking Amazon to court is MTM, a watchmaker known for their ‘Military’ watches.” I had wondered about that, like sometimes when you search for certain authors, you’ll get book results that are not that author at all, aren’t anywhere close to the author’s name, etc.
A Japanese court has ordered Google to remove search results relating to a man’s arrest. “…the Saitama District Court has ordered the company to scrub the records of a man’s arrest from three years ago. The man in question was arrested for molesting a girl under 18 and was subsequently fined 500,000 yen.”
Sneaky black hat SEO: Using PDF documents to keyword stuff. “Always refining its search algorithms, Google is constantly on the lookout for new methods that attackers and unscrupulous search engine optimization (SEO) practitioners use to manipulate its system to gain higher search rankings. The practice of ‘cloaking’ to fool Google’s page indexer has been known for a while. It’s a method of serving the Googlebot with content stuffed with keywords to mislead it into thinking a site is relevant to trending search terms.” Apparently with Google focusing so much on HTML-type pages, bad guys are now looking at exploiting PDFs.
The Washington Post has begun encrypting part of their Web site. “The Washington Post will begin encrypting parts of its Web site Tuesday, making it more difficult for hackers, government agencies and others to track the reading habits of people who visit the site. The added security will immediately apply to The Post’s homepage as well as stories on the site’s national security page and the technology policy blog The Switch. The encryption will roll out to the rest of the site over the coming months.”
Blogging site Medium wants you to be able to log in without a password. “Instead, users will be able to enter in an email address, then click a link sent to them in order to sign in to the site. Previously, the company allowed its users to sign in using their Twitter or Facebook credentials, but it received feedback from many who said they wanted an option to use Medium without having to authenticate with their social networking credentials. Or, in some cases, users said they didn’t have a Facebook or Twitter account, and didn’t want to create one just to use Medium.”
Do you use NoScript to keep Firefox secure? If you do, you need to update it immediately – it has a serious security vulnerability. “The attack works because NoScript has a limited whitelist of trusted domains, allowing the host browser to load commonly-used tools from certain content delivery networks like googleapis.com. This feature tries to preserve websites’ functionality while simultaneously blocking any potentially malicious code.”
The Supreme Court has refused to hear Oracle v. Google. “The Supreme Court has declined to hear Oracle v. Google, sending the long-running case back to a lower court where Google will have to argue that it made fair use of Oracle’s copyrighted APIs. This has been a closely watched case, as the final decision could have a major impact on software development; a ruling in favor of Oracle, the Electronic Frontier Foundation says, could give certain tech firms ‘unprecedented and dangerous power’ over developers by making it substantially more difficult for upstarts to create new software. That’ll be the case unless fair use laws turn out to protect the use of APIs.
Make sure you have your Flash patched up, there are some exploit kits floating around. “French researcher Kafeine said on Sunday that a sample he encountered was dropping two instances of Cryptowall ransomware against a Windows 7 computer running Internet Explorer 11. Cryptowall is a strain of ransomware that encrypts files on a victim’s computer and demands a ransom, generally paid in Bitcoin.”
The BBC has published a list of stories removed from Google’s search results because of the “right to be forgotten”. It’ll be updated regularly. “The stories in the list stretch from news items about a woman who was found guilty of spiking drinks with rohypnol and a dispute about a lost dog, to a page where BBC readers discussed their male anatomy under their real names. [Neil] McIntosh was careful to note in his blog that the BBC does not know, or publish details about who requested the story be removed on Google.”
Adobe has released a patch for a zero-day security flaw. “In an advisory issued Tuesday morning, Adobe said the latest version of Flash — v. 22.214.171.124 on Windows and Mac OS X — fixes a critical flaw (CVE-2015-3113) that is being actively exploited in ‘limited, targeted attacks.’ The company said systems running Internet Explorer for Windows 7 and below, as well as Firefox on Windows XP, are known targets of these exploits.”
Four senators have introduced the Just Google It Act in a bid to get rid of the NTIS. “The NTIS, which was established in 1950, compiles federal reports and sells copies of these documents to other agencies and the public upon request. The original purpose of the NTIS – to increase government transparency and make documents available to federal agencies and the public – has been largely displaced by the Internet. A 2014 GAO study found that three-quarters of the documents added to the NTIS collection over the last two decades were available elsewhere, of which 95 percent could be found for free online through a search on Google or another search engine.”