Vulnerability
Oracle and Apple ship critical Java updates - get yours today!
The security-beleaguered Java ecosystem usually gets updates just once every four months, in February, June and October.
But this year, Oracle has adapted that schedule a number of times, and this is one of them...
Researcher rewarded over $30,000 for nailing three Chrome OS security flaws
The high-risk bugs must have been poisonous indeed, given that researcher Ralf-Philipp Weinmann is looking at a $31,336 thank-you.
FAA and security researchers at odds over airplane hack security
The avionics bigwigs FAA and EASA have said "bunk!" to a researcher's claims that his new Android app could potentially hack planes.
OK, says fellow plane hacker "Renderman," if that's true, there's no harm in giving public access to your test labs, now is there?
Monday review - the hot 21 stories of the week
In case you missed anything, here's everything we wrote in the past seven days.
Planes can be hacked remotely with Android app, researcher claims
A security research has cooked up an exploit framework and Android app that can be used, at least theoretically, to hack a plane, including changing its destination or even crashing the aircraft.
Microsoft tells all Windows 7 users to uninstall security patch, after some PCs fail to restart
Microsoft has advised all users of Windows 7 who installed a security update to uninstall it, after some customers found their computers would not restart or applications would not load.
When is a password not a password? When Excel sees "VelvetSweatshop" [VIDEO]
Malware researcher Paul Baccas reveals how an Excel spreadsheet using the password "VelvetSweatshop" could be designed to put your computer at risk.
Anatomy of an exploit - Linksys router remote password change hole
A security researcher from California has published a how-to guide detailing a number of exploits against various Linksys routers.
Paul Ducklin looks at the ominous sounding "EA2700 Password Change Insufficient Authentication and CSRF Vulnerability"...
Adobe updates are no laughing matter, but at least XKCD makes them funny
Check out this funny security-related cartoon from those amusing folks at XKCD.
(If you're not busy installing Adobe updates)
Microsoft fixes 9 flaws, Adobe 3 in April's Tuesday update
As expected Microsoft released seven important and two critical fixes for Windows, Internet Explorer and other Microsoft products. Adobe followed suite releasing fixes for ColdFusion, Flash and Shockwave. Patch now!
LulzSec hackers plead guilty, admit attacks on CIA, SOCA, Sony and others
Southwark Crown Court in London has heard that three members of the LulzSec hacking gang have chosen to plead guilty to charges that they launched distributed denial of service (DDoS) attacks against a series of organisations including the CIA and the UK's Serious Organised Crime Agency.
Windows XP death watch: 365 days remaining
On April 8th, 2014, Microsoft will terminate Extended Support for Windows XP.
That means no more security updates. Be prepared and upgrade now.
Monday review - the hot 17 stories of the week
Catch up with everything we've written in the last seven days - it's weekly roundup time.
Microsoft to issue 9 security updates on Tuesday, critical for all IE versions, reboot required
Microsoft has issued its usual advance notification for the coming week's Patch Tuesday.
If you use Windows you're probably affected, and you'll probably need to reboot all your PCs and most of your servers...
Firefox 20 arrives - new version, some security improvements, no known vices
Firefox 20.0 was released today.
The buglist page enumerates 3054 official changes, with eleven patched vulnerabilities, three at "Critical" level.
Paul Ducklin takes a quick look...
Monday review - the hot 13 stories of the week
Catch up with everything we've written in the last seven days with this handy weekly roundup
Many Amazon S3 cloud storage users are exposing sensitive company secrets, claims report
A security researcher tested a slew of (probably inappropriately misconfigured) storage buckets and found about one in six were open to the public, exposing content we think companies would probably have preferred remain private.
Lisa Vaas explores what has happened.
Interview with Writer/Director of "Code 2600" and BSides Austin organizers [PODCAST]
Chet inteviews the writer and director of hacker film "Code 2600" and Austin BSides organizers/consultants Michael Gough and Ian Robertson. We also introduce the new Kickstarter Hackers in Uganda.
Anatomy of a "feature" - should JavaScript be allowed to change a web link *after* you click on it?
A young web coding enthusiast from Manchester, UK, recently published a thought-provoking hackette intended to highlight the risks of relying only on "look before you click."
Paul Ducklin wants to know what you think of it...
Apple password reset website - gaping hole found, fixed
Apple has had a good-bad-good-bad week of it in the computer security environment.
Its announcement of two-step verification for some users was quickly followed by a report of a password recovery exploit for everyone else...
![Have your say - LulzSec: helpful, harmless or hideous? [VOTE NOW]](http://sophosnews.files.wordpress.com/2013/05/lulzsec-poll-thumb.jpg?w=75&h=75&crop=1)
![Password security infomerical leaves Ellen DeGeneres in disbelief.. and it will you too [VIDEO]](http://sophosnews.files.wordpress.com/2013/04/ellen-thumb.jpg?w=75&h=75&crop=1)
![Can multiple moving cursors really hide your password from spyware and peepers? [VIDEO]](http://sophosnews.files.wordpress.com/2013/03/cursors-thumb.jpg?w=75&h=75&crop=1)
![Hacked TV channels broadcast zombie apocalypse emergency alert [VIDEO]](http://sophosnews.files.wordpress.com/2013/02/zombie-thumb.jpg?w=75&h=75&crop=1)
