Report

On Twitter a new security flaw gets currently exploited. Hackers found a way to inject malicious JavaScript code into tweets with the onMouseOver event. This can lead to pop-ups appearing, redirecting to websites, re-tweeting spam, or even worse things like cookie stealing (compromising the user accounts). The problem is that Twitter doesn’t properly filter out some tags in tweets. Users should be very cautious when seeing colored text blocks (background and text colors are the same, called “rainbow tweets”) – these are currently mostly used to exploit the security vulnerability. Hopefully, Twitter closes the security hole soon! Until then, using the NoScript web browser extension or disabling JavaScript on Twitter helps against the attack. Also, using twitter applications which rely upon the Twitter API aren’t affected. ...

Resident Evil. Man, those films are terrible. Frankly, I’m happy to end the writeup right there, but if I did you’d miss out on all the fun. Resident Evil Afterlife is now in cinemas (unfortunately) and scammers are all too happy to cash in. watchresidentevil4(dot)com is our port of call today: Try to watch the film, and you’re prompted to install ClickPotato (from Pinball Corp). There’s also four other items preticked, which is nice of them. Installing that lot gives you a prompt to “see premium content”. ...

A worm collectively dubbed by the security industry as the “Here you have worm” has been making its way onto corporate networks over the past 24 hours. The worm arrives via e-mail using the subject line “Here you have” or “Just For you“ along with an executable disguised as a PDF file. It first appeared last month sending spam e-mails from [email protected]. The worm creates the following files: (Note: See the full report in our sandbox -> http://x.maldb.com/?p=44309#more-44309) ...

If you’re as big as Google, there’s no such thing as a small product launch. So when Google introduced voice calls into its webmail service Gmail, essentially launching a Skype competitor, it was bound to be a popular feature. How popular, exactly? Well, according to a tweet from Google, the users seem to love it, as more than one million calls were placed in the first 24 hours since the feature went live. ...

The Phoenix New Times has reported that the CEO of LifeLock ID theft protection service of Tempe, Ariz., has had his identity used by rip-off artists 13 times since 2007. CEO Todd Davis advertised his social security number publically to assure customers that his service could protect their identity. The service cost $10-15 per month. In March we blogged the story when the U.S. Federal Trade Commission and LifeLock reached a settlement in which the company would pay $12 million – $11 million of which would be refunded to consumers – for fraud. ...

Thirty-two days ago, I purchased Apple’s iPad, after proclaiming that I wouldn’t. A gadget like this one should be tested if repeatedly blogged about. I would have used a for-reviews loaner, but I’m on the same fraked list as Gizmodo. I bought my own. A month-or-so usage later, I agree with Tumblr and Instapaper developer Marco Arment, who asked about iPad yesterday: “What’s it for, really? Logically, it doesn’t make a lot of sense for most computer owners…most people will have trouble justifying the $500 entry price.” ...

A variety of sources are reporting that blog hosting sites with WordPress-created sites and php-based management systems such as Zen Care eCommerce are being infected with malicious scripts. Websites hosted by ISP DreamHost, GoDaddy, Bluehost and Media Temple have been found with the malcode, according to H-Online.com. The malicious scripts download malcode and block Google’s Safe Browsing API from alerting users. Story here: “Large-scale attack on WordPress” The Sucuri Security blog has offered clean-up instructions for those with infected pages here. ...

With competition in the Web browser field having transitioned from cold to boiling in less than a year’s time, Mozilla suddenly finds itself playing catch-up against not only Apple and Google, but Microsoft as well. In March, the organization realized it needed to completely make over Firefox 4 if it wanted to remain feature competitive against a fast-rising Google Chrome. In a live presentation yesterday, Mozilla Firefox director Mike Beltzner admitted that his group’s March roadmap, which involved an interim release of Firefox 3.7, had too many steps. Now the group has decided to straighten out its path by grafting version 3.7’s main additions onto a point release Firefox 3.6.4, and shifting gears to focus on version 4.0. ...

With Clearwire and Sprint pushing for mobile WiMAX coverage in 80 U.S. markets by the end of 2010, and promising three new WiMAX-powered smartphones in the near future, it’s easy to lose sight of the wireless technology as a solution for rural residential broadband. Today, Kansas Broadband Internet (KBI) announced it is moving ahead with the construction of its own WiMAX network with PureWave as the exclusive hardware provider. The finished network will cover 18 counties, and more than 12,000 square miles. With only 33 residents per square mile, Kansas is one of the United States’ ten least densely populated states. ...

Information has leaked that Facebook is set to roll out location-based features for users and brands as soon as this month. According to Advertising Age, users could see location options any day now. These features include the ability to check in at various locations, including retail spots and restaurants. We’re unclear as to whether users will be able to add or customize their own locations, but we are fairly positive that this move will put Foursquare, Brightkite, Gowalla and other location-based services in an uncomfortable position. ...