From Dark Reading

Flaws in Windows Help and Support Center already seen in the wild, observers say
Microsoft today patched four security vulnerabilities in the Windows environment -- three of them considered critical -- and experts say one of the flaws is already being exploited.

Researchers have already reported the vulnerability in the Windows Help and Support Center feature that comes with Windows XP and Windows Server 2003. Experts say at least three exploits of this flaw have already been spotted in the wild.

From ARS Technica

Laser tag is nice and all, but the weather is supposed to be beautiful this weekend—at least where we are—and we're trying to get you people outside, away from the computer! SUCK UK has a sweet idea, a way to play with water guns that lets you know when the other player has scored a kill.

From C/Net News

A simple change to Google.cn that forces Chinese-language searches to click through to uncensored results was enough to get Google's license in China renewed.
Is Google learning how to read the wind in China?

From ARS Technica

Displeased with the way Microsoft handled the disclosure of a security flaw last month, a group of anonymous researchers has decided to take a more aggressive stance against the company. The group, calling itself the Microsoft-Spurned Researcher Collective (a mockery of Redmond's Microsoft Security Response Center), will perform anonymous full disclosure of any security flaws that it discovers.

The anonymous group asserts that Microsoft has displayed a pattern of hostility towards security researchers, with last month's flaw being the most recent example. Tavis Ormandy, an employee with Google, discovered a flaw in the way that the Windows Help and Support Center in Windows XP handled input. This flaw could be used to attack users of that operating system. Ormandy informed Microsoft of his findings, but after five days deemed the software giant's response inadequate, and so made a full public disclosure of the problem.

This is at odds with the disclosure policy preferred by Microsoft and many other software vendors—including Google. These companies advocate what they call "responsible disclosure," in which communication of the flaw is kept private until a suitable patch or fix can be made available.

[More...] [Comments...]

From Dark reading

Social networking experiment of phony female military intelligence profile fooled even the most security-savvy on LinkedIn, Facebook, Twitter -- and also led to the leakage of sensitive military information

From C/Net News

Half a year ago, Secretary of State Hillary Clinton lauded Internet freedom and criticized China in a high-profile speech in Washington, D.C. A few weeks later, a Global Internet Freedom Caucus on Capitol Hill was formed.

But the Chinese authorities weren't exactly paying attention. Since Clinton's speech, China has reaffirmed its commitment to state censorship, required online map providers to obtain licenses and host their images inside the country, blocked Foursquare, and announced new rules for media companies. Earlier this week, China made Google rethink how it could move some search operations to Hong Kong.

From Information Week

Chinese authorities don't appreciate Google's practice of sending searchers in China to its uncensored Hong Kong search site.

To prevent further deterioration of its business in China, Google has decided to end its practice of redirecting Chinese search site users to its uncensored Hong Kong search site.
Google began the practice began in March, following its decision to stop censoring search results in China.

From Dark Reading

Devil's in the details for Obama administration's draft plan for eliminating passwords and advancing authentication, security expert say

The White House has outlined a national strategy for trusted digital identities that could ultimately eliminate the username-and-password model and lay the groundwork for a nationwide federated identity infrastructure.

From Information Week

Enterprises are increasingly allowing employees to access unsupported applications and devices over their networks, in spite of the security risks, according to a Cisco study.

The siren call of Facebook, YouTube, and Twitter are too tempting for many employees to ignore from their workplace, according to a new study conducted for Cisco by InsightExpress.