Researchers Find Another Big Fat Adobe Flash Vulnerability; All Versions Affected

Researchers Find Another Big Fat Adobe Flash Vulnerability; All Versions Affected

Adobe Flash is doing a great job this week of keeping up its track record as one of the buggiest, least secure, most vulnerable pieces of software ever to hit the web. On the heels of a recent update, researchers have found a massive exploit in Flash that affects every single version of the software, on every single platform. So yes, if your computer has Flash, that means you, too.

[More]

(Rachel)

FBI, TSA Issue Warning To Airlines Over Possible Flight Hackings

A week after a government report identified security weaknesses within the airline industry including the possibility that newer airplanes with interconnected WiFi systems could be hacked, the Federal Bureau of Investigation and Transportation Security Administration issued an alert warning airlines to be vigilant about monitoring for such threats. [More]

Byron Chin

Lenovo Laptops Come Pre-Installed With Giant Security Hole

It’s not uncommon for a new PC to come with some pre-installed crap on it you don’t want. From proprietary hard drive management tools to antivirus trials, software bundling is sadly common. But the junk shipping on new Lenovo laptops goes one troublesome step further: the bloatware present on several models is not only annoying, but dangerous, with a vulnerability that could let someone easily access users’ private, nominally secure data.

[More]

Are You Sure You Want To Add That Facebook App?

Are You Sure You Want To Add That Facebook App?

Gregory writes in to point out that Facebook does a lousy job of monitoring the development of its third-party Platform applications—and in fact many of them are written so badly that they can be easily hacked. The examples he cites, which are listed in the winter issue of the hacker magazine 2600, are all fairly mild stunts like spoofing user IDs, changing the moods of another user, and re-routing gifts, “but this information could be used to mount large scale social engineering attacks if automated and coupled with other information.” To illustrate how easy it is to change another user’s settings, he pointed us to a YouTube example of how to change another users “mood” via the Mood app.