Firefox 16 Pulled Due to Security Concerns: In the biggest ITSEC embarrassment of the week, a security flaw forced Mozilla to pull Firefox 16 just a day after it was released and after\u00a0Mozilla touted its new safety features\n\tFirefox 16 was supposed to have fixed flaws that could have let hackers execute arbitrary code on users' systems; bypass security checks and prevent Web pages from interacting with the browser in unauthorized ways; perform spoofing or clickjacking attacks; and, in the case of the Android version of Firefox, allow a malicious Web page that was opened in reader mode to gain the browser's OS permissions.\n\tHowever, Mozilla apparently missed a vulnerability that could allow malicious sites to determine the websites users visited and access URLs or URL parameters, according to a blog post\u00a0written by\u00a0Michael Coates, director of security assurance at Mozilla.\n\tA fixed version is now available..\n\tMass-Distributed Malware Reaches Critical Mass: (CSO) Malware purveyors are now primarily in the mass-distribution business. That has been the trend for some time, and the Security Engineering Research Team (SERT) at managed security services provider Solutionary confirms it. Among the key findings of\u00a0the team's third-quarter report: Of the malware they analyzed, 92% was mass-produced.\n\tPinkiePie Strikes Again, Compromises Google Chrome in Pwnium Contest at Hack in the Box:(ThreatPost) \u201cFor the second time this year, an anonymous teenage security researcher has succeeded in producing a full exploit, including a sandbox escape, against Google Chrome. The researcher, who uses the pseudonym PinkiePie, submitted his exploit during the Pwnium contest run by Google at the Hack in the Box conference.\u201d (Bronies FTW)\n\tHackers Steal Thousands of Student Records from Florida College: (NetworkWorld) \u201cAn information breach at a Florida college has compromised information of about 279,000 students and employees, the Florida Department of Education said. Northwest Florida State College \u00a0reported that it found on further investigation that the incident involved more than 3,000 employee records, some of which contain confidential financial information, about 76,000 Northwest College student records containing personal identification information, and another 200,000 records with information including names, Social Security numbers, dates of birth, ethnicity, and gender for students across the state who were eligible for Bright Futures scholarships for the 2005-06 and 2006-07 school years.\u201d\n\tWorld of Warcraft Players Massacred in Hack Attack: (NakedSecurity) \u201cIf you're one of the millions of avid players of the online MMORPG World of Warcraft, then you may have been surprised to find the populations of entire cities killed off this weekend. According to the game's developers, Blizzard, hackers managed to exploit a vulnerability in the game, resulting in the deaths of many player and non-player characters. In a\u00a0forum posting, the company said it was taking the attack "very seriousl.\u201d The hackers' attack saw every character in cities such as Stormwind, Orgrimmar and Tarren Mill killed off, leaving piles of skeletons cluttering the streets and buildings. According to the Blizzard, the vulnerability exploited by the hackers has now been patched.\n\tDSL Modem Hack Used to Infect Millions with Banking Fraud Malware: (ArsTechnica) "Millions of Internet users in Brazil have fallen victim to a sustained attack that exploited vulnerabilities in DSL modems, forcing people visiting sites such as Google or Facebook to reach imposter sites that installed malicious software and stole online banking credentials.\u201d\n\tFaux Apps Found Hijacking Chrome, Spamming Tumblr: (ThreatPost) \u201cA flurry of fake, ad-laden Angry Birds lookalike games have flooded the Google Chrome Web store of late. The online marketplace where Google sells extensions and games for its Chrome browser has seen an influx of games mimicking \u201cBad Piggies,\u201d a new game Rovio Entertainment recently released that puts a twist on its ubiquitous Angry Birds game.\u201d\n\tDorkbot Now Worming Its Way through Skype: (ThreatPost) The Dorkbot worm that fooled many a Facebook and Twitter user is now socially engineering Skype users into downloading the malware, which has a payload that can lock down machines. Various antivirus and security companies say the latest iteration rummages through an infected Skype user's contact list and sends the message "Lol is this your new profile pic?" in English. It sends a similar message in German, too.\n\tExperts Troll 'Biggest Security Mag in the World' with DICKish Submission: (The Register) \u201cSecurity researchers have taken revenge on a publishing outlet that spams them with requests to write unpaid articles \u2013 by using a bogus submission to satirise the outlet's low editorial standards. Hakin9 rather grandly bills itself as the \u2018biggest IT security magazine in the world,\u2019 published for 10 years, and claims to have a database of 100,000 IT security specialists. Many of these security specialists are regularly spammed with requests to submit articles, without receiving any payment in return. Rather than binning another of its periodic requests, a group of researchers responded with a nonsensical article entitled DARPA Inference Checking Kludge Scanning (DICKS), which Warsaw-based Hakin9 published in full, apparently without checking. The gobbledygook treatment appeared as the first chapter in a recent eBook edition of the magazine about Nmap, the popular security scanner.\u201d\n\tWondering what this post looks like translated into Armenian? Go here to see. It's quite pretty.