A previously unknown and currently unpatched security hole in the latest version of the Java software framework is under attack online, according to security researchers and bloggers.
Attack code that exploits vulnerability in Java’s browser plugin has been added to the Blackhole, Cool, Nuclear Pack, and Redkit exploit kits, according to the Malware Don’t Need Coffee blog, prompting its author to say that the bug is being “massively exploited in the wild.” Miscreants use these products to turn compromised websites into platforms for silently installing keyloggers and other types of malicious software on the computers of unsuspecting visitors. KrebsOnSecurity reporter Brian Krebs said the curators of both Blackhole and Nuclear Pack have taken to the underweb to boast of the addition to their wares. It’s not yet clear how many websites have been outfitted with the exploits.
According to researchers at Alienvault Labs, the exploits work against fully patched installations of Java. Attack files are highly obfuscated and are most likely succeeding by bypassing security checks built in to the program. KrebsOnSecurity said the malware authors say the exploits work against all versions of Java 7.
Update: Analysis from antivirus provider Kaspersky Lab indicates the exploits are already deployed on a variety of websites.
“There appears to be multiple ad networks redirecting to Blackhole sites, amplifying the mass exploitation problem,” Kaspersky Lab expert Kurt Baumgartner wrote. “We have seen ads from legitimate sites, especially in the UK, Brazil, and Russia, redirecting to domains hosting the current Blackhole implementation delivering the Java 0day. These sites include weather sites, news sites, and of course, adult sites.”
People who don’t use Java much should once again consider unplugging Java from their browser, while those who don’t use it at all may want to uninstall it altogether.
IBM hit a snag when it was trying to train its Watson supercomputer to understand Internet slang.
Eric Brown, a research scientist with IBM says the key to get a computer to pass the Turing test will be to make sure it can understand the subtlety of slang. In an interview with Fortune magazine Brown said he tried to teach Watson the Urban Dictionary which included Internet abbreviations.
The problem was that Watson couldn’t distinguish between polite language and swearing. Apparently it picked up some bad habits from reading Wikipedia and started using terms like “bullshit” in an answer to a researcher’s query.
Brown developed a filter to keep Watson from swearing but had to scrape the Urban Dictionary from the computer’s memory.
A federal judge in San Francisco has indignantly rejected an attempt by the Obama administration to use secret evidence to derail a former Stanford student’s challenge to her apparent inclusion on the government’s no-fly list.
The government must halt its “persistent and stubborn refusal” to follow the applicable laws, said U.S. District Judge William Alsup.
Germany’s Roman Catholic bishops on Wednesday canceled a study into the sexual abuse of minors by priests, prompting the investigator to accuse them of trying to censor what was to be a major report on the scandals.
General Stanley McChrystal cautioned about the use of drones in a recent interview with Reuters. While he applauded what they allowed him to do with his special forces troops, he told the news agency that the people of Afghanistan just hated drones.
Here’s what he said in full. It’s not the first time that he’s sounded such warnings, but it’s still remarkable coming from the man who ran the American war (aka counterinsurgency) in the country.
"What scares me about drone strikes is how they are perceived around the world," he said in an interview. "The resentment created by American use of unmanned strikes … is much greater than the average American appreciates. They are hated on a visceral level, even by people who’ve never seen one or seen the effects of one."
McChrystal said the use of drones exacerbates a "perception of American arrogance that says, ‘Well we can fly where we want, we can shoot where we want, because we can.’"
Regardless of what’s appreciated by the American *public* (which has limited influence on its own military, IMO), one can only hope that the American military is regularly evaluating whether the direct impact of drone strikes still outweighs the long-term indirect damage.
An Argentine navy ship was given a triumphant homecoming three months after it had been seized in Ghana on behalf of a hedge fund suing over defaulted government bonds.
The ARA Libertad, a tall sailing ship used as a training vessel, was detained in the West African nation on October 2 due to a court order obtained by NML Capital Ltd as it fights to get full repayment for the bonds in the courts.
Argentina’s government, which calls funds like NML “vultures”, asked a UN maritime court to intervene and the Hamburg-based tribunal ordered the ship’s release last month.
In order to avoid the risk of having the presidential plane seized by holdout creditors, Fernandez has hired a private aircraft for a four-nation tour of Asia and the Middle East at a cost of $880,000, the government said this week.
Will that be cash or charge?
And 38 cubic meters of concrete later (just close of 50 cubic yards for you non-metric folks) I poured my first foundation.
Not for myself, but for a friend who happens to be contractor in Curacao, helping him out while he’s away…
The board of the American International Group has declined to join a lawsuit against the federal government over its $182 billion taxpayer-financed bailout, the company said on Wednesday.
And thus fizzles a much overhyped non-news story.
A man says Vernal police disrupted an intimate moment of mourning with his deceased wife of 58 years when they searched his house for her prescription medication without a warrant within minutes of her death.
Barbara Alice Mahaffey died of colon cancer in her bedroom last May. Ben D. Mahaffey, 80, said he was distraught and trying to make sure his wife’s body would be taken to the funeral home with dignity, when he says officers insisted he help them look for the drugs.
“I was holding her hand saying goodbye when all the intrusion happened,” he told the Deseret News.
Barbara Mahaffey died at 12:35 a.m. with Mahaffey, a Navy medic in the Korean War, and his friend, an EMT, at her side. In addition to police, a mortician and a hospice worker arrived at the home about 12:45 a.m., Mahaffey said. He said he doesn’t know how police came to be there.
“I was indignant to think you can’t even have a private moment. All these people were there and they’re not concerned about her or me. They’re concerned about the damn drugs. Isn’t that something?” Mahaffey said.
I wouldn’t be surprised if the cops were looking for the Oxycontin for themselves.
Last august, my father died, and at time there was morphine in the house to keep the pain away. Some of his prescription medication was probably on opioid lists as well. And nobody gave a shit about that. Everybody involved cared about my father and the people around him.