Adobe Patches Shockwave Player
Adobe has issued a security update for its Shockwave Player to address critical security issues in the popular media player.
Vulnerabilities
Researchers Warn of Prison Hacks, Opening Cell Doors
Remote hackers springing inmates from their jail cells — it sounds like a plot lifted from an old episode of “24” or “Prison Break.” But authorities are concerned by new research that claims such an attack is feasible.
Researchers Warn of Prison Hacks, Opening Cell Doors
In news that seems like it could be lifted from an old 24 or Prison Break plotline, authorities are concerned by new research that claims hackers could remotely open the cell doors of federal prisons.In addition to staging a jailbreak, hackers could sabotage a prison’s intercom system and closed-circuit television system to cause further nightmares for federal authorities.
Just a few hours after it became public the security researcher Charlie Miller had inserted a proof-of-concept app into the Apple App Store to demonstrate a serious vulnerability in iOS, Apple informed Miller that it was removing him from its developer program.
Apple will fix an iPad 2 security flaw with the upcoming 5.0.1 build of its iOS operating system, it’s been reported. The fix should solve a problem publicized last month with the device’s locking feature that could’ve let someone access the iPad by bypassing its Smart Cover.
by Dan GeerEditor’s Note: As the CISO of In-Q-Tel, the CIA-backed strategic investment firm focused on developing technologies for the intelligence community, Dan Geer gets paid to help find the answers to big questions about computer security, national security, privacy and technology. Headlines proliferate about sophisticated cyber attacks, the looming specter of cyber warfare and ongoing espionage by nations like China and Russia. That means Dan’s job gets more important with each passing day. So what’s on Dan Geer’s mind these days? We asked him what questions he was mulling and, as usual, the answers we got back were both eye-opening and provocative. Here, in Monday morning ‘shot of espresso’ format (and with as little editing as possible) is our three minute speed date with Dan’s brain.
Microsoft has released a workaround for the Windows kernel zero-day vulnerability exploited by the Duqu malware, and said that it is working on a permanent patch, but didn’t specify a timeline for its release. The vulnerability is a serious one that can lead to remote code execution on vulnerable machines.
In its most blunt statement to date, the U.S. government accused both China and Russia of conducting far flung cyber espionage campaigns against U.S. and other Western firms in an effort to promote domestic interests.
Microsoft plans on shipping four bulletins, of which only one is rated critical, in the November edition of Patch Tuesday. But it looks doubtful that the company will issue a fix for the vulnerability discovered this week being used by the Duqu installer.
Apple has informed developers that, as of March 2012, any app submitted to the Mac App Store will have to include a sandbox. The move is an intriguing one from Apple, which has kept a low profile on security and typically handles Mac security on its own.
