Cody Taylor

Slatterz writes “Going just a bit further than your average unboxing, someone has stripped a new 17-inch Apple Macbook Pro to its component parts revealing one or two little surprises. The biggest of which is that the built-in battery is easily accessible, requiring the tinkerer to remove just the 13 Philips screws which hold the bottom cover in place, and the three tri-wing security screws which hold the battery in place.”

Read more of this story at Slashdot.

Windows users are being urged to get the latest Microsoft security update or risk getting attacked via a hole in IE 7 that can be exploited to install a backdoor.

CWmike writes “Attackers are already exploiting a bug in Internet Explorer 7 that Microsoft patched just last week, security researchers warned today. Although the attacks are currently in “very, very small numbers,” they may be just the forerunner of a larger campaign, said Trend Micro’s Jamz Yaneza. ‘I see this as a proof-of-concept,’ said Yaneza, who noted that the exploit’s payload is extremely straightforward and explained that there has been no attempt to mask it by, say, planting a root kit on the victimized PC at the same time. ‘I wouldn’t be surprised to see this [exploit] show up in one of those Chinese exploit kits,’ he added. The new attack code, which Trend Micro dubbed ‘XML_Dloadr.a,’ arrives in a spam message as a malicious file masquerading as a Microsoft Word document.”

Read more of this story at Slashdot.

mir writes “It looks like if you use CPAN to install modules, Apple’s latest security update might just have broken your Perl. According to Tatsuhiko Miyagawa ‘The Security Update brings (old) IO.bundle with version 1.22 but your IO.pm has been updated to the latest 1.23 on CPAN shell. (But hey, 1.23 was released in 2006…Why do you bring that ancient version back, Apple!?)’.”

Read more of this story at Slashdot.

The Washington Post’s Security Fix blog is reporting that Verizon, long identified as the largest ISP source of spam, is moving to require use of the submission port, 587, in outbound mail — and thus to require authentication. While spammers may still be able to relay spam through zombies in Verizon’s network, if the victims let their mail clients remember their authentication credentials, at least the zombies will be easily identifiable. Verizon pledges to clean up their zombie problem quickly. We’ll see.

Read more of this story at Slashdot.

crazyeyes writes “Microsoft says it’s ‘optional,’ but they are already planning to slip Internet Explorer 8 into all Windows Vista/XP PCs by March. MS claims that IE8 will offer better performance and security. But what about unwanted stuff like ‘Monetization opportunities (for OEMs)’ and ‘These services will be used (by OEMs) to deliver brand exposure… to the users?'”

Read more of this story at Slashdot.

Presto Vivace writes to tell us that CIO has an interesting article about customer “gag orders” that some ERP vendors are trying to impose contractually. “The effect: customers will be prevented from working with peers and others in the software company’s “ecosystem” to help with technical issues or compare pricing options. ‘In addition,’ Wang adds, ‘the customer now lacks the proper checks and balances in pressuring a vendor to deliver on promised capabilities or address severe security issues, and cannot go to the media as a last resort, if needed.'” What other questionable practices (and potential solutions) have others had to work with?

Read more of this story at Slashdot.

Security and privacy have become so compromised that many experts believe it is time to start over.