Massive Android Security Hole Affects up to 99% of All Android Users

Three researchers in Germany at the University of Ulm have discovered a massive security hole in Android Рso big, in fact, that it affects at least 97%, and as many as 99%, of all Android users. The researchers, Bastian Könings, Jens Nickels, and Florian Schaub, have discovered that the security flaw allows anyone who is sniffing around your connection on an unsecured wireless network to acquire your Google authorization credentials from a specific token (the authToken), giving them access to your contacts, your calendar and, well Рreally any application that authenticates you by using your Google authorization credentials contained within that authToken.

List of Companies Affected by the Epsilon Data Breach

If you received a notice from one or another company with whom you do business or have done business in the past, saying that your email address has been compromised due to a data security breach at email service provider (ESP) Epsilon (due to their customers’ email lists being hacked and stolen), you’re not alone. Oh, you are so not alone. Banks, large merchants, and others, have all had their entire list of customers’ email addresses swiped and leaked due to the Epsilon data breach. Chase Bank, Citi Bank, Best Buy, Krogers – even Disney, have all been affected – as have their customers. Of course, lots of people receiving these notices will assume that they are phishing attempts (and there will undoubtedly be phishing attempts riding on the coat tails of this fiasco). Here is the complete list as we know it today – if you have received a notice saying that your email address has been compromised, please add the name of the company involved to the list here.

Gizmodo, Lifehacker, Gawker and other Gawker Media User Accounts Compromised in Security Breach

If you have ever had an account – even just to leave comments to articles and posts – on Gizmodo, Lifehacker, Gawker, Jezebel, io9, Kotaku, Deadspin, Fleshbot or Jalopnik, then you are in for a nasty surprise. Odds are good that your account has been compromised, and your user name and password posted on the Internet, as the result of security breach of Gawker Media’s servers that happened over the weekend. Gawker media does get points for alerting all of their users as soon as they discovered the breach (about 10 minutes ago as of the time of this posting on 6:20 p.m. PST on Monday, December 13th, 2010).

Microsoft Issues Urgent Windows Update to Protect Internet Explorer and Office Products

Microsoft has just announced an emergency patch for both Internet Explorer (IE) and Office Products, and it is recommended that everyone install this patch ASAP (link to patch included below). This affects Internet Explorer 6 (IE6), Internet Explorer 7 (IE7) and Internet Explorer 8 (IE8) as well as any Microsoft Office Product with ActiveX, including Microsoft Word, Excel, PowerPoint and Microsoft Access.

Warning: Malware Exploits Norton Pifts.exe File – Trust Nobody But Norton! (Link Here)

Malware pushers have been quick to exploit confusion over a patch that was released yesterday by Norton Security for users of older versions of Norton. The patch was accidentally unsigned, which caused Norton to throw an error referencing the “pifts.exe” file. As a result, hords of Norton users have been searching Google for pifts.exe (or searching in their other favourite search engine for pifs.exe).

Hackers Read Your Screen in Your Eyeglasses, Teapots, and Other Reflective Objects

An intriguing and novel eavesdropping technique has been disclosed by a group of German scientists, who describe and demonstrate in their paper “Compromising Reflections, or How to Read LCD Monitors Around the Corner” how your monitor screen can be read from a distance, by pointing a telescope at its content reflected in nearby objects. Teapots, spoons, plastic bottles, glasses and even the surface of the user’s eye offer sufficient quality for text on the screen to be intelligible, even at long distance.