Chained Fei writes "Ando Momofuku, Father of the Instant Ramen, passed away on January 5th at the age of 96. He concocted the idea for Instant Ramen after WWII, hoping to reduce the amount of poor nourishment for soldiers in the field. If not for this great man, many a poor college student and programmer would have starved over the years. From the article: 'In 1971, Nissin introduced the Cup Noodle featuring instant ramen in a waterproof plastic foam container. Dubbed the "Ramen King," Ando is credited with expanding Nissin into the No. 1 company in the industry and was well-known for his dedication to his work ... In 1999, Ando opened the Momofuku Ando Instant Ramen Museum in Ikeda, Osaka Prefecture, after installing his second son, Koki, as president of the company.'"

An anonymous reader writes to mention a TechNewsWorld article about social networking sites. Researchers are finding these places are goldmines for social engineering exercises. Between worm attacks and simple human observation, sites like MySpace are the perfect place to obtain saleable personal information. From the article: "The danger is real, according to a study conducted by CA and the National Cyber Security Alliance (NCSA). In October, the alliance issued its first social networking study examining the link between specific online behaviors and the potential for becoming a victim of cybercrime. Despite all the publicity about sexual predators on sites like MySpace and FaceBook, the alliance took a different approach by measuring the potential for threats such as fraud, identity theft, computer spyware and viruses. Although 57 percent of people who use social networking sites admit to worrying about becoming a victim of cybercrime, they are still divulging information that may put them at risk, as Boyd suggested. Social networkers are also downloading unknown files from other people's profiles, and responding to unsolicited instant messages that could contain worms, the NCSA reported."

Hit Reply writes "Eweek is running the contents of a Symantec white paper that details how easy it is for a hacker to manipulate BlackBerry applications. Using a developer key that can be purchased by anyone for $100, an attacker can launch e-mail worms, SMS interception and backdoor attacks, and compromise the integrity of contacts, events and to-do items. The white paper has been yanked from Symantec's Web site." From the article: "Signed applications can send e-mail and read incoming e-mail. A malicious application could be used to allow third parties to send messages from the infected BlackBerry and also read all received messages. A malicious application could also use e-mail as a command and control channel to receive instructions to send and receive e-mails; send and receive SMS messages; add, delete and modify contacts and PIM data; read dialed phone numbers; initiate phone calls; and open TCP/IP connections."

An anonymous reader writes, "At 2:46 CST today, the game Second Life was hit by a massive attack by a rogue programmer. Spinning gold rings began to appear in the air and on the ground, and as users interacted with them they began to chase and replicate. Apparently, most people are willing to touch an object they've never seen before and this invoked a worm script that was designed to multiply and spread across the 2,700+ servers run by Linden Labs in California, the game's owner. Many of the six hundred thousand active users experienced serious lag and lost connectivity to the servers, making it one of the largest known denial-of-service attacks in an online game. Linden Labs had to invoke martial law and lock out all logins by users except their staff as they began the task of cleaning the servers of what they began to term 'the grey goo.'" Comments in the SL blog entry indicate that Linden Labs had already deployed a "grey goo fence" before this worm struck, but someone found a hole in it.

nakhla writes "Last night, I was tasked (by my wife) to help fix her friend's computer. It is a Windows XP home system which has been running slowly, almost to the point of un-usability (like *that's* never happened before). It turns out that hundreds of random processes had filled up its meager 256 MB of RAM. The cause? Nearly 7,500 viruses and worms that had infected the system. That number doesn't even include the hundreds of spyware and adware programs that had installed themselves, as well. Although the box is now behind a firewall, that wasn't always the case. This was, by far, the most infected system I'd ever seen, but I'm sure it can't be the worst ever. What was the worst security cleanup you ever had to perform?"

With Microsoft's Xbox Live service more popular than ever and the other two next-gen consoles almost here, news about the companies' download services is plentiful. For Nintendo, there's word of more Virtual console titles slated for early next year. NES titles include Kid Icarus, Punch-Out, and Kirby's Adventure. Sony has announced that one login will work for every game on their online service, though what you'll find behind the login will differ with every title. Finally, Xbox Live will see even more classic games in the near future. Contra hit the service yesterday, with titles from Atari slated for later this year. A version of the player vs player combat game Worms is also planned for the service. Interesting times for all three online offerings.
Update: 11/09 19:20 GMT by Z : Errr ... you might want to stay away from Contra.

Salvance writes, "A friend of mine has recently been stressed over a security breach at the company he consults for. The company maintains dozens of Windows 98 desktops to support legacy software that cannot be easily replaced. Due to the inherent lack of security in Win98, a worm was able to infiltrate almost every computer and send gigabytes of data (possibly including sensitive company data) to a 'redirector' in Eastern Europe. My friend was working on other security projects at this company and stumbled across this massive hole. He quickly convinced company executives to remove Internet access from all Win98 machines, purchase better firewalls, and implement other data protection strategies. However, the sticking point was client notification. Due to the nature of the legacy systems, there was no way to know what data was transferred. For this reason the company wanted to play it safe and disclose nothing. Of course, my friend is all for disclosure and preventing harmful use of the potentially leaked data. My friend doesn't know what to do, so I'd like to know what others here think."

An anonymous reader writes "Wired is reporting that government regulators have fined rogue adware distributor Zango (formerly 180Solutions) $3 million. This is 'following charges that the company deceived internet users into installing its pop-up software and tried to prevent them from uninstalling it.' ZDNet mentions that 'Zango's executives pointed a finger elsewhere, claiming that the federal violations were due to third-party distributors rather than the software manufacturer itself.' Security researchers are still happily finding examples of Zango software being popped open in rogue distributions such as IM worms. Ben Edelman is claiming to have more evidence of their dubious business practices, casting into question their claims of newfound affiliate responsibility."

Fred writes, "HNS is running a story about Web 2.0 and the new attack vectors it opens up. Worms of the Yamanner, Samy, and Spaceflash types are exploiting client-side AJAX frameworks, providing new avenues of attack and compromising confidential information. On the server side, XML-based Web services are providing distributed application access through Web services interfaces and opening up new vulnerabilities in the process." The article is spread over 6 short pages and there is no printer-friendly URL.

An anonymous reader writes "There's a new Instant Messaging Worm on the loose that is wrapped up in more than a few interesting twists. The people behind the infection lure users in with a message on a Russian hosted website claiming to have 'a virtual card for you' — a reference to the famous Email hoax listed on Snopes and numerous other web hoax sites. At the point of infection, the worm opens up a picture of a heart (from a site called Quatrocantos.com that tackles web scams on a daily basis) — this picture itself related to a different 'virtual card' hoax from 2002. Bearing in mind the people behind this attack are deliberately serving up an image from a 'good guy' website related to virtual card hoaxes, the question is — are they attempting to create a real life infection out of a web-based piece of lore, making a calculated move to tie this attack into numerous Web hoaxes, possibly to confuse infected users looking for help online or simply having a little fun at the good guy's expense?"

Several reader write about a new AIM threat dubbed the "AIM Pipeline Worm" that uses a sophisticated network of "chained" executables to attack the end user. Security Focus has a brief note. One anonymous reader writes: "Using this method, there is no starting point for the attack — a malicious link via IM can send you to any given file, at which point the path of infection you take depends entirely on the file you start off with. The hackers can then decide which order to install malicious software, depending on their needs at the time. At a bare minimum, you will become a Botnet Zombie — if you're really lucky, you might be Trojaned, have a Rootkit installed on your PC, and be used for spam, file storage, and DOS attacks. Unlike similar attacks that have been attempted in the past, the removal of a file from the chain will not stop the attack — you will simply end up with something else installed instead, in the form of a randomly named executable dumped in your system32 folder. You'll still spam an infection link to all your contacts."

Wednesday's press-release-borne message from security firm Sophos that the best way for Windows users to compute untroubled (or less troubled) by malware is to switch to Mac OS X drew more than 500 comments; read on for the Backslash summary of the conversation.

jonny4001 writes "The Harvard Law Review has published a student-written article that argues that hackers, worms, and viruses are good for network security and that the law and public policy should encourage 'beneficial' hacking. From the article: 'Exploitation of security holes prompts users and vendors to close those holes, vendors to emphasize security in system development, and users to adopt improved security practices. This constant strengthening of security reduces the likelihood of a catastrophic attack -- one that would threaten national or even global security [...] Current federal law, however, does not properly value such strategic goals.'"

Kosmik writes "It appears that MSN has been struck by a vindictive new worm, according to security company Panda Software. The worm, acting in the vein of movies like the Ring and FearDotCom, delivers a fateful terror message and then proceeds to disable most of your protection software like anti-virus,firewalls and even your Windows control apps (TaskManager, Regedit). It distributes itself to all your MSN contacts by sending a video called 'Fantasma.'"

javacowboy asks: "For a while now, I've been advising friends who run Windows to try running as a regular user, as opposed to running as administrator, which is the default setting. However, I switched to Mac a year and a half ago and I haven't run Windows since, so I'm probably not the best person to be giving this advice. Still, on a philosophical level, *trying* to run Windows as a non-admin, given the prevalence of viruses, worms, trojans, and spy-ware, seems to make sense. Have any of you tried to run Windows as a non-admin, and how did it work out for you? Are there certain tasks or certain software you need to be admin to run? How realistic is it to expect a Windows user to run their OS as non-root?"

Techdirt has an amusing new disclaimer for the internet penned by lawyer David Canton is response to Rob Hyndman's recent discovery of an impressive disclaimer for a rock preserve. From the disclaimer: "Business is unpredictable and unsafe. The Internet is dangerous. Many blogs have been written about these dangers, and there's no way we can list them all here. Read the blogs. The Internet is covered in slippery slopes with loose, slippery and unpredictable footing. The RIAA can make matters worse. Patent trolls are everywhere. You may fall, be spammed or suffer a DOS attack. There are hidden viruses and worms. You could break your computer. There is wild code, which may be vicious, poisonous or carriers of dread malware. These include viruses and worms. E-mail can be poisonous as well. We don't do anything to protect you from any of this. We do not inspect, supervise or maintain the Internet, blogosphere, ISP's or other features, natural or otherwise."

branewashd writes "The Globe and Mail is covering some new research on the future of spam. The paper 'Spam Zombies from Outer Space', from researchers at the University of Calgary, will be presented on Sunday at the European Institute for Computer Anti-Virus Research conference. According to the paper, the next generation of spam zombies will employ 'sophisticated data mining of their victims saved email'. When a computer is turned into a spam zombie, it will first be mined of its address book, mail client configuration, and mail archives. Then the spam program will use Natural Language Processing techniques to send spam messages to the victim's contacts that look a lot like messages that the user has previously sent. The researchers predict that this will be extremely hard to detect, but they do offer a few suggestions for combating it."

nitsudima writes "The mobile devices you know and love are great for productivity, but they have completely changed the vulnerability state of our networks. Norm Laudermilch tells you why you should be afraid, very afraid." From the article: "The new and largely unexplored propagation vector for malicious code distribution is mobile devices. With 802.11, Bluetooth, WiFI, WiMAX, MMS, Infrared, and cellular data capabilities on almost all new models, these devices provide a wealth of opportunity for the transmission of data. With no notion of user access levels in the compact mobile operating systems, a lack of effective authentication, and no data encryption, these environments are prime targets for the incubation of malicious code."

Iran Contra writes "Security researchers at F-Secure in Finland have discovered a rootkit component in the Bagle worm that loads a kernel-mode driver to hide the processes and registry keys of itself and other Bagle-related malware from security scanners. Bagle started out as a simple e-mail borne executable and the addition of rootkit capabilities show how far ahead of the cat-and-mouse game the attackers are."

Slashback tonight brings some corrections, clarifications, and updates to previous Slashdot stories including Microsoft denies Vista rewrite, Tuttle Oklahoma city manager still doesn't get it, MS Virtual Server slips and VMWare fills the gap, Samsung execs plead guilty to price fixing charges, Tux in retail part 2, a renewed bid to register the Linux trademark in Australia, OpenSPARC.net shades of the past, and a follow up on Mac botnets -- Read on for details.