Phys.Org Mobile: latest science and technology news. Chrome 21 fixes 15 security holes. Only one of the security fixes is for a critical hole: a crash in tab handling vulnerability in Linux, related Google in its security advisory.
Six fall into the high-risk category, and the rest are low to medium-risk bugs. The high-risk bugs include integer overflows in PDF viewer, out-of-bounds writes in PDF viewer, buffer overflow in WebP decoder, and a number of use-after-free flaws. Google was 'thrifty'' with the bug bounties, handing out only $2,000–$1,000 each to Arthur Gerkis and Juri Aedla. Many of the bugs were detected using the AddressSanitizer. “We’d also like to thank Drew Yao, Braden Thomas, and Jim Smith (all Apple Product Security), Kostya Serebryany of the Chromium development community, Atte Kettunen of OUSPG and Bernhard Bauer of the Chromium development community for working with us during the development cycle and preventing security regressions from ever reaching the stable channel”, enthused Google.
Facebook App Center goes global. Court Orders TSA to Explain Why It is Defying 'Nude' Body Scanner Order. Images: TSA A federal appeals court Wednesday ordered the Transportation Security Administration to explain why it hasn’t complied with the court’s year-old decision demanding the agency hold public hearings concerning the rules and regulations pertaining to the so-called nude body scanners installed in U.S. airport security checkpoints.
The U.S. Circuit Court of Appeals for the District of Columbia Circuit’s brief order came in response to the third request by the Electronic Privacy Information Center for the court to enforce its order. A year ago, the circuit court, in a lawsuit brought by EPIC, set aside a constitutional challenge trying to stop the government from using intrusive body scanners across U.S. airports. But the decision on July 15, 2011 also ordered TSA “to act promptly” and hold public hearings and publicly adopt rules and regulations about the scanners’ use, which it has not done. The appellate court has twice denied motions from EPIC to order the TSA to get going. Microsoft: Windows, Mac malware gets in via Adobe, Java, Office. Microsoft has been doing some research into all the recent cross-platform malware (1, 2, 3) that attacks Windows, Macs, and sometimes even Linux.
The company has concluded that current attacks exploit third-party vulnerabilities in software on these platforms. There are two ways the malicious code is being delivered, according to the software giant: via the Web and via e-mail attachments. More specifically, Microsoft has found cybercriminals are currently leveraging 12 vulnerabilities in Java, seven in Adobe Flash, three in Adobe PDF applications, and three in Microsoft Office (one in Excel, two in Word).
All of these can be used to target and attack multiple platforms. Microsoft: Windows, Mac malware gets in via Adobe, Java, Office. Cybersecurity Act vote not expected to go well for Senate Democrats. Because of continuing disagreements with Republican senators, it does not look likely that Reid will get the 60 votes needed on Thursday to move the bill forward, according to a report by The Hill newspaper.
“To say I’m disappointed is a tremendous understatement. I thought we’d all put national security above partisan politics”, Reid said in a statement quoted by the newspaper. Reid blamed the US Chamber of Commerce for opposing the bill even after the sponsors watered it down by taking out government mandates to improve cybersecurity of critical infrastructure. “The Chamber of Commerce has sucked in most Republicans on this bill”, he said. Big Data: Facebook's next big idea. E-Discovery Landmark Decision For NC: Attorney-Client Privilege Waived In Electronic Discovery Production. In a classic understatement, Judge Gale said in a North Carolina Business Court opinion last Thursday that "North Carolina case law addressing problems inherent in electronic discovery. . . is not yet well developed.
" Op. ¶50. But in Blythe v. Bell, 2012 NCBC 42, the Judge went ahead and posted some road signs along that undeveloped and difficult path. The issue in Blythe was waiver of attorney-client privilege. The Defendants had produced 3.5 million documents on two hard drives of which 1700 turned out afterwards to be potentially privileged. The first lesson of the case is the test the Court will follow in determining whether an inadvertent disclosure will result in a waiver of attorney-client privilege in an electronic production. Judge Gale didn't get much past the reasonableness of the precautions, which he said was "paramount. " The "sheer volume" of the production suggested that "more than minimal efforts" have been taken to guard against an inadvertent production. Wired.com.