Blog

Canonical has released Ubuntu 13.04 Raring Ringtail, most likely the last release of Ubuntu that will primarily cater for laptop and desktop users. For Ubuntu 13.04, Canonical focused on tightening up the core of the OS and polishing the Unity interface in preparation for Ubuntu’s smartphone and tablet debut, which is slated to occur in October with the release of version 13.10. There’s also the usual slew of package updates, a new Linux kernel, and a couple of new features, too....

Cross-posted from PCMag SecurityWatch: Last week independent antivirus lab AV-Comparatives released the results of an on-demand antivirus detection test. The fact that Microsoft came in near the bottom wasn’t big news; the fact that Symantec scored even lower was surprising indeed. In a blog post released today, Symantec decried the entire practice of performing on-demand malware scanning tests, calling it “misleading.” In the early years of antivirus testing, every test was an on-demand scanning test....

Microsoft is making another attempt to close the privilege elevation hole in the NTFS filesystem’s kernel driver for Windows 7 and Server 2008, including R2. The new patch, 2840149, supersedes security update 2823324, which Microsoft released on its April Patch Tuesday. However, shortly after releasing it, the software giant had to recall the first update because it caused problems with various third-party programs; it crippled computers and triggered error messages....

A new security report points the finger at China as the main source of malicious computer attacks — and puts the United States in second. In a report due to be released today by Akamai Technologies, the security firm says that the Asian country is accountable for 41 percent of all global computer-attack traffic. As reported by Bloomberg, the latest statistic suggests that cyberattacks from China have risen over three times from last year....

Adam Gowdiak, who has made a name for himself by finding flaws in Java, has reported a new vulnerability. Security issue 61, according to Gowdiak’s tally, affects current versions of Java SE 7, including the very latest release version 1.7.0_21-b11. The hole is once again present in the Reflection API and allows attackers to completely bypass the language’s sandbox to access the underlying system. Gowdiak has not published any further details about the vulnerability in order to give Oracle time to patch the problem....

Code could be injected through (fake) custom locations Facebook has closed various cross-site scripting (XSS) holes that were discovered by security firm Break Security and which have now been described in greater detail. Break Security’s CEO, Nir Goldshlager, explains that the social network was vulnerable to attacks through its Chat feature as well as its “Check in” and Messenger for Windows components. In the Chat window, for example, attackers were able to share links that weren’t adequately checked by Facebook....

A former LulzSec hacker has been jailed for a year for ransacking Sony Pictures Entertainment’s computer systems. Cody Kretsinger, 25, from Decatur, Illinois – better known to his fellow LulzSec cohorts as “Recursion” – was also ordered to carry out 1,000 hours of community service, and a year of home detention, following his release from prison. He was sentenced by a Los Angeles court on Thursday, Reuters reports. Kretsinger had pleaded guilty to a single count of conspiracy and unauthorized impairment of a protected computer (i....

ISC Handler Rob V pointed out a blog post from Oracle’s Mark Reinhold stating that Oracle has “mounted an intense effort to address those issues in a series of critical-patch update releases” and that they’ve also upgraded their “development processes to increase the level of scrutiny applied to new code, so that new code doesn’t introduce new vulnerabilities.” Framing statements state that Oracle: is committed to continue fixing security issues at an accelerated pace will enhance the Java security model will introduce new security features recoginizes that more engineer hours are required than can be freed up by dropping features from Java 8 or otherwise reducing the scope of the release at this stage As such, the likely release of Java 8 will be in the first quarter of 2014 (had been intended for September 2013)....

PCMag: My social media accounts and email inbox are full of links to stories about the horrific incident in Boston earlier this week. I am reading about the victims, the bystanders and first responders that rushed to help, and looking for updates on the investigation. It turns out I should be careful about what links I click on, as cyber-criminals have already started exploiting the tragedy for their own nefarious purposes, security experts told SecurityWatch....

Microsoft’s Patch Tuesday on 9 April will be an important spring cleaning day; the company plans to implement nine security bulletins. One of the bulletins deals with vulnerabilities in Windows Defender for Windows 8 and RT; the hole is rated as important and can be exploited to achieve elevated privileges. The headline bulletins will be the two critical security holes, one of which affects all versions of Windows and Windows Server, and another critical vulnerability which can be found in all versions of Internet Explorer....