Calling Foul on the Political Football That is Do Not Track

It looks like it’s time for a do-over for DNT. The oft-maligned specification has become—like many other standards efforts before it—a political football. Parties with interests on both sides of the issue have their own agendas, cannot agree on semantics and ignore, in this case, what should be the heart of the issue for users—a clear personal choice about browsing privacy.

Trouble for Borderlands 2 Players

Some XBOX Live users have violated the online gaming platform’s code of conduct by using a malicious application that allowed them to permanently kill off the characters of other players in the popular ‘Borderlands 2’ video game.

EFF Raises Questions on Privacy Leaks in Ubuntu

The EFF is warning users of Ubuntu’s latest release that the open-source operating system sends their search queries to third parties, including Amazon, by default, and that some of their search results may be viewable by other users on the same network. The privacy leaks are present in Ubuntu 12.10 and the group says that Canonical, which runs the Ubuntu project, should disable the inclusion of online search results by default and make it clearer to users what is being done with their search queries and IP addresses. 

The non-profit Cloud Security Alliance today released guidelines for the nascent Security as a Service (SecaaS) specialization within the broader realm of cloud computing. The goal, the group says, is to help companies and consumers gain a better handle on how best to evaluate, build and deploy off-premise Security Information and Event Management systems as they grow in popularity.

The FBI says it is now making a push to not just stop cybercrime but to identify the attackers behind the phishing, credit card fraud and other campaigns that cost consumers and enterprises billions of dollars each year. The bureau is the lead agency charged with addressing cybercrime in the U.S. and has a large division dedicated to the problem, but it mostly has been concerned with stopping ongoing attacks rather than tracking down the criminals themselves. That appears to be changing.

ANAHEIM, CALIF.–The sharing of information on threats and attacks between government agencies and companies in the private sector has been tried numerous times and in many different ways over the last decade, with varying degrees of success. The need for information flowing in both directions likely is more pressing than ever right now, with high-level attacks targeting critical infrastructure systems and utilities every day, but much of that data in the government realm remains classified and few enterprises are eager to reveal details, either. As the attacks continue, officials say there may be a need for a new mechanism to get the information flowing.

Mozilla is delivering security updates fast and furious this month, the latest coming late last week when a new version of Firefox repaired three vulnerabilities related to the Location object. The Location object is supported by all major browsers and contains information about the URL being requested.The vulnerabilities were closed in Firefox 16.0.2, Firefox ESR 10.0.10, Thunderbird 16.0.2, Thunderbird ESR 10.0.10 and SeaMonkey 2.13.2.

An alert from the Department of Homeland Security late last week urges private- and public-sector industrial control system (ICS) owners to be proactive in auditing the security, particularly, authentication controls of their systems. The alert is in response to a growing concern over the number of exploit tools available online targeting ICS and SCADA systems responsible for running critical infrastructure, as well as an evolving interest from hacktivists who are using specialized search engines to find control systems reachable online.

State officials are warning South Carolina taxpayers that 3.6 million Social Security numbers and other personal data was exposed in a recent attack on Department of Revenue servers.Anyone who filed a state return since 1998 are asked to call (866) 578-5422 or visit The state is providing a year of credit monitoring and identity theft protection to anyone impacted by the breach.

Older versions of Broadcom firmware found in a number of mobile devices from major vendors including the Apple iPhone, iPad, Samsung Galaxy S and HTC Droid Incredible are vulnerable to a denial of service attack.Researchers Andres Blanco and Matias Eissler of Core Security Technologies reported the vulnerability in August, and this week published details on proof-of-concept exploit code.

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.