SECURITY BITS: Meaner POODLE bug that bypasses TLS crypto bites 10 percent of websites

Some of the world’s leading websites—including those owned or operated by Bank of America, VMware, the US Department of Veteran’s Affairs, and business consultancy Accenture—are vulnerable to simple attacks that bypass the transport layer security encryption designed to thwart eavesdroppers and spoofers. The attacks are a variation on the so-called POODLE exploits disclosed two months ago .

Read more: Meaner Poodle Exploits

TECH BITS: Hackers promise “Christmas present” Sony Pictures won’t like.

This weekend, the “Guardians of Peace”—the cyber-attackers who brought Sony Pictures Entertainment’s network down in November and have since shared over a terabyte of the company’s internal data—made two more dumps of SPE data to file sharing sites and torrents. The second of the two, on Sunday, was the e-mail box of Sony Pictures Releasing International President Steven O’Dell. And the hackers promised a “Christmas present” soon of even more data if the company does not relent and meet their unspecified demands.

Read more: Hackers Christmas Present for Sony

TECH BITS: Firefox on you iPhone (if you have one of those that is).

It appears that iPhone and iPad owners could be getting a new browser on their devices soon, with Mozilla’s VP for its popular web browser Firefox, Jonathan Nightingale, stating that the company is keen to get Firefox on iOS.

Although Firefox is one of the world’s most popular web browsers, it currently isn’t available on Apple devices. Mozilla, the company behind the open source browser, has said in the past that Firefox would not be coming to iOS.

This was apparently due to Apple not allowing Mozilla to use its own web engine on iOS. Instead Mozilla would have to use Apple’s own JavaScript and rendering engines, like other third party browsers such as Chrome have done.

Read more:  Mozilla on your iPhone

PRIVACY BITS: Wireless carrier isn’t only cheating their end customers but are also over charging the government to spy on you!

Cricket Communications, a low-cost brand of AT&T as of March 2014, has agreed to pay over $2.1 million to settle allegations that the company “overcharged federal law enforcement agencies for the costs of carrying out court-ordered wiretaps and pen registers,” federal authorities announced on Monday.

Read more:

http://arstechnica.com/tech-policy/2014/12/cricket-to-pay-feds-2-1m-after-allegations-it-charged-too-much-for-wiretaps/#p3

TECH BITS: “Stupid Patent of the Month,” brought to you by Penn State.

Three months ago, the Electronic Frontier Foundation inaugurated a monthly tradition in which they wrote about a “Stupid Patent of the Month.” The first patent they publicized was basically a description of a doctor’s “computer-secretary.” Since then, they’ve highlighted a vague software patent owned by a serial litigant, a patent on filming a yoga class, and a patent with a formula for curing cancer (a combination of “sesame seeds, green beans, coffee, meat, evening primrose seeds,” among other things.)

Read more:

Stupid Patent of the Month….

SECURITY BITS: Complex piece of malware with James Bond Level espionage capabilities: Meet Regin.

A highly complex piece of malware with James Bond-level espionage capabilities has been spying on governments, infrastructure operators, businesses and individuals since 2008, according to security company Symantec.

Detailed in a company blog post, the back-door type Trojan, called “Regin”, can be highly customised through the use of modules depending on its intended target and has allegedly been used as a tool for mass surveillance.

Regin has been found to infect its victims in multiple ways, from luring them to spoofed versions of well-known websites and installing itself to exploiting applications.

The malware has claimed a number of victims as part of two waves, with a first version targeting organisations between 2008 and 2011 before being withdrawn. It re-emerged in 2013 to target companies, government entities and research institutions, with almost half of all infections targeting private individuals, small businesses and telecoms companies.

Read more:

Complex piece of malware…..

 

SECURITY BITS: Security bug in WordPress renders site visitors the potential victims.

It never ends. This time it’s WordPress’ turn. A four year old security bug in comments on WordPress could be used to launch a wide variety of malicious script-based attacks on site visitors’ browsers. Very bad indeed. This does not affect the latest version of WordPress (v4) but most sites still run on v3 which makes more than 80% of WordPress sites vulnerable. But their visitors are the ones that are vulnerable. Read more here:

http://arstechnica.com/security/2014/11/four-year-old-comment-security-bug-affects-86-percent-of-wordpress-sites/#p3

PRIVACY BITS: Pew study finds huge concern about personal data privacy.

It looks like Americans have given up on their privacy, but are still deeply concerned. A full 91 per cent in a nationally representative survey of 607 adults said they agree or strongly agree that consumers have lost control over how personal information is collected and used by companies. That breaks down to almost half (45 per cent) strongly agreeing with the statement and 46 per cent agreeing. Just 6 per cent disagreed, and only 1 per cent strongly disagreed.

Read more:

Pew study finds huge concern about personal data privacy

 

 

WEB BITS: Mozilla has a new browser on the way. For developers.

Currently being referred to as something “unique but familiar”, Mozilla has a new browser on the way. Based on Firefox, the new web browser has been designed specifically with developers in mind. In a post of the Mozilla Blog, the company explains that the up-coming browser will include built in tools such as WebIDE and the Firefox Tools Adapter.

The browser is due to launch on 10 November:

http://betanews.com/2014/11/03/mozilla-to-launch-a-new-firefox-based-browser-just-for-developers/