Well, this was a long time coming. As Chromebooks grow in popularity, so does the risk of one being stolen -- it's just a numbers game, really. It sucks if that happens, but on the bright side, Google has issued an update that will finally allow admins to place lost or stolen Chrome OS devices in a disabled state. They can flip the switch right from their web-based management console.
Hackers have a new security hole to go phishing in
If you use Internet Explorer 11, be aware that researchers have discovered a zero-day vulnerability that could allow attackers to change content on domains remotely. The exploit could also allow hackers to inject malicious content in browsers, steal personal data, and track your online movements. That's the bad news. And the good? You're unlikely to fall prey to such an attack, according to Microsoft.
Don't expect a patch for WebView in pre-KitKat Android devices
If you own an Android handset running a version of the open source operating system that predates Android 4.3 KitKat, you won't be the recipient of a patch for WebView, a component of Android that developers use to display web content in their apps. WebView is also the backbone of Android's built-in browser in all versions up to KitKat. Nevertheless, Google won't spend time plugging up any security holes for WebView in older Android devices because it's "no longer practical."
Fixes for vulnerabilities in 48 different products
Oracle today rolled out a Critical Patch Update for the month of January 2015, which contains fixes for 167 vulnerabilities found in hundreds of the company's products. The most severe of these received a score of 10.0 on the Common Vulnerability Scoring System (CVSS), the highest score available -- they pertain to Fujitsu M10-1 of Oracle Sun Systems Products Suite, Java SE of Oracle Java SE, M10-4 of Oracle Sun Systems Products Suite, and M10-4S Servers of Oracle Sun Systems Products Suite.
User a super hard password to guess, not a superhero
Dark Helmit warned viewers way back in 1987 that 1-2-3-4-5 is the kind of combination only an idiot would have on his luggage, yet nearly three decades later, it ranks number three on SplashData's list of the 25 worst passwords of 2014, which takes into account the most commonly used combinations from 3.3 million leaked passwords last year. In 2013, it ranked number 20.
Weeks after Google's Gmail service was blocked in China, Microsoft's Outlook email service was the target of a cyberattack over the weekend, with fingers once again pointing to Chinese authorities. Online censorship watchdog Greatfire.org said that China initiated what's known as a man-in-the-middle (MITM) attack, affecting people using email clients like Outlook, Mozilla's Thunderbird, and smartphone apps using the SMTP and IMAP protocols.
Google and Microsoft have different opinions on public disclosure policies
For the third time in a month, Google has gone ahead and disclosed all the gory details of a zero day vulnerability affecting Windows before Microsoft could get around to releasing a patch. It affects both Windows 7 and Windows 8.1 and has to do with how applications handle memory encryption to allow for data flow back and forth between processes running in the same logon session.
During the holiday break, Google's Project Zero team disclosed a vulnerability in Windows 8.1 after Microsoft failed to issue a patch within the 90-day deadline that Google gives vendors. That sparked a debate on whether or not Google did the right thing, and while many (not all) of our readers sided with Google, Microsoft has some information that warrants asking the question again. Specifically, Microsoft says it was scheduled to patch the vulnerability on Patch Tuesday, two days after Google's deadline, and that Google ignored its request to withhold details until that time.
There's a bit of debate brewing over whether or not Google did the right thing by posting a Windows 8.1 security vulnerability to the public before Microsoft was able to release a patch. The disclosure came from Google's Project Zero program, which hunts down vulnerabilities in software and alerts its findings to vendors "in as close to real-time as possible." Vendors are then given a 90-day deadline to issue a patch, and in this case, Microsoft didn't react in time.
Guardians of Peace hacking organization has unfinished business
The hacking organization that took credit for infiltrating Sony Pictures Entertainment and stealing 10TB worth of data has also threatened at least one news media organization, according to an FBI bulletin that's making the rounds in cyberspace. Known as the Guardians of Peace, or GOP, the group of hackers proved a major headache for Sony, who's antics appear to have been motivated by The Interview, a comedy involving an assassination attempt against North Korean leader Kim Jong-un.