InSecurity Complex

Facebook has changed its application-programming interface to close a loophole developers were using to write applications based on access to photo albums set to be viewable by everyone.

The move has angered some developers who built applications that offer the ability to view photos of people the user is not friends with.

For example, the Photo Stalker app, which CNET News wrote about in March, previously allowed people to see photos of strangers who may or may not know their photos are exposed to the public. Notified of the app, a Facebook spokesman said at the time that it did … Read more

Google should promise to protect the privacy of consumers with its Book Search service, the ACLU, Electronic Frontier Foundation and Samuelson Law Technology & Public Policy Clinic at UC Berkeley Law said in a letter to the search giant on Thursday.

"Under its current design, Google Book Search keeps track of what books readers search for and browse, what books they read, and even what they 'write' down in the margins," the groups wrote in a letter (PDF) to Google Chief Executive Eric Schmidt.

"Given the long and troubling history of government and third-party efforts to compel … Read more

Adobe said Thursday that it will issue fixes next week for a critical hole in Flash that is being exploited in attacks against Adobe Reader version 9 on Windows.

The vulnerability exists in current versions of Flash Player for Windows, Macintosh, and Linux and the authplay.dll component that ships with Adobe Reader and Acrobat v9.x for those same platforms, Adobe said in an advisory.

The vulnerability could cause a system to crash or allow an attacker to take control of the computer, Adobe said.

An update for Flash Player v9 and v10 for Windows, Mac, and Linux will … Read more

During their presentation at the Black Hat and Defcon hacker conferences next week in Las Vegas, security experts will release a tool that can be used to break into Oracle databases.

Chris Gates and Mario Ceballos will present Oracle Pentesting Methodology and give out "all the tools to break the 'unbreakable' Oracle as Metasploit auxiliary modules," according to a summary of their presentation on the Defcon Web site.

The tools are designed to help companies determine whether their systems are vulnerable, Gates said in an e-mail response to questions from CNET News. "There wasn't a good … Read more

Ever sign up for a newsletter and then regret it later and feel too lazy to go back to the source and unsubscribe? Well, instead of just marking the messages as spam and hoping the problem goes away you, can use a new Gmail feature to solve the problem.

Google has added an auto-unsubscribe feature to Gmail that will unsubscribe you from mailing lists that you may have signed up for but then decide you don't want after all.

The feature was being tested on Wednesday for certain Gmail users and was launched on Thursday and will be rolled … Read more

Researchers on Wednesday said they have uncovered attacks in the wild in which malicious Acrobat PDF files are exploiting a vulnerability in Flash and dropping a Trojan onto computers.

The situation could affect tons of users since Flash exists in all popular browsers, is available in PDF files, and is largely operating system-independent.

Any software that uses Flash could be vulnerable to the attack, according to Symantec. Adobe Reader is vulnerable because its Flash interpreter is vulnerable, said Paul Royal, principal researcher at Purewire, a Web security services provider.

In a post on its Web site, Adobe said it "… Read more

The techniques Google uses to protect Chrome users from browser-based attacks have taken on new importance with the company's plan to make the software the centerpiece of a Netbook operating system.

Two weeks ago, Google announced plans for the open-source Chrome OS designed for people who spend most of their time on the Web. The Google Chrome operating system is a "natural extension" of the Chrome browser, Sundar Pichai, vice president of product management, and Linus Upson, engineering director, said in a blog post, with the browser running atop a Linux foundation.

Like the Chrome browser, the … Read more

A Los Angeles councilman and the head of a police group are questioning the city's plan to move government e-mail and other records onto Google's hosted Web service Google Apps.

"Anytime you go to a Web-based system, that puts you just a little further out than you were before," LA City Councilman Tony Cardenas told The Associated Press. "Drug cartels would pay any sum of money to be aware of our progress on investigations."

Paul Weber, president of the LA Police Protective League, also said he is worried about the safety of sensitive police … Read more

Microsoft on Tuesday issued patches to fix critical vulnerabilities in DirectShow and Video ActiveX that have been targeted in attacks, as well as fixes for holes in Embedded OpenType Font Engine and Microsoft Publisher that could allow someone to remotely take control of the PC.

Overall, the six "Patch Tuesday" updates fix nine vulnerabilities in Windows, Microsoft Office, Internet Security and Acceleration Server, Virtual PC, and Virtual Server.

The three DirectShow vulnerabilities could allow an attacker to remotely run code on the machine if a user opened a specially crafted QuickTime file. Microsoft warned of exploits against one … Read more