Peaches
-
Content Count
2130 -
Joined
-
Last visited
Content Type
Profiles
Forums
Calendar
Posts posted by Peaches
-
-
-
February 23, 2012, 1:51PM
Apple Pushes Back Deadline for Sandboxing OS X Apps
by Dennis Fisher
Apple has pushed back the deadline for developers to include a sandbox in all of the apps on the Mac App Store, giving them a reprieve until June 1. The deadline was set for March 1, but Apple has changed it in order to give developers more time to work with the new requirements.
Apple originally informed developers about the new requirements for sandboxing back in November and set the March 1 deadline, giving them about four months to adapt. The Mac App Store first was introduced in early 2011, and it's meant to be the OS X analog to the iTunes App Store, allowing users to download software from a central source. Unlike the iPhone app store, the Mac App Store isn't the sole source for OS X applications, at least not yet. But Apple is introducing some of the same requirements for that store that it has with the iTunes store.
"The vast majority of Mac users have been free from malware and we're working on technologies to help keep it that way. As of March 1, 2012 all apps submitted to the Mac App Store must implement sandboxing. Sandboxing your app is a great way to protect systems and users by limiting the resources apps can access and making it more difficult for malicious software to compromise users' systems," Apple officials said at the time of the original announcement.
More here: https://threatpost.c...s-x-apps-022312
-
HijackThis now open source
HijackThis icon Trend Micro has published the source code of its free anti-malware tool, HijackThis (HJT), on Sourceforge under a GPLv2 licence. Trend Micro says it will be maintaining the original source code but also incorporating modifications from the community.
HijackThis creator, Merijn Bellekom, said that "this means that other people can build on a solid base to create or improve their own anti-malware tools". Bellekom's anti-spyware tool was acquired by Trend Micro in 2007 and is used by many anti-spyware communities.
http://www.h-online.com/security/news/item/HijackThis-now-open-source-1437743.html
-
February 21, 2012, 11:22AM
Microsoft Says Google Bypassing Users' IE Privacy Settings
by Dennis Fisher
The relations among Microsoft, Apple and Google, which are testy in the best of circumstances, are being pressured even more of late as the controversy surrounding Google's actions with cookies and user tracking grows. In the latest installment, Microsoft has said that it has found that Google "is employing similar methods to get around the default privacy protections in IE and track IE users with cookies."
"By default, IE blocks third-party cookies unless the site presents a P3P Compact Policy Statement indicating how the site will use the cookie and that the site’s use does not include tracking the user. Google’s P3P policy causes Internet Explorer to accept Google’s cookies even though the policy does not state Google’s intent," Dean Hachamovitch, corporate vice president for Internet Explorer at Microsoft, said in a blog post.
-
February 22, 2012, 10:45AM
Waves of Attacks Target Adobe Reader Bug From 2010
by Dennis Fisher
Thanks to the wonderful tendency of users not to update their applications, old vulnerabilities never die, they just get overtaken by newer and shinier ones. The attackers know this well, and every once in a while they serve up a nice reminder to the rest of us. The most recent one of these is a string of attacks against an Adobe Reader vulnerability from 2010.
The vulnerability, which is more than two years old, is a flaw in Reader and Acrobat that can be exploited remotely. At the time of the first reports about the bug, there were active attacks going on against it and exploit code was circulating online. But the CVE-2010-0188 bug didn't turn into one of those huge things that involve widespread malware attacks and so on. And it's been patched for a long time at this point, but that doesn't mean it's of no use to the bad guys anymore.
Researchers at Symantec have found that there are still attacks ongoing against the bug, which affects Reader and Acrobat on all of the major platforms. The attacks involve some highly obfuscated JavaScript, as such attacks are wont to do, and the end result is that once the resultant shell code is on the victim's machine, it attempts to download a malicious executable from a remote server.
The attacks against this bug have been coming in waves for the last month or so, and Symantec researchers said that the company has seen more than 10,000 such attacks in just the last couple of weeks.
-
"Dogs Welcome"
A man wrote a letter to a small hotel in a Midwest town he planned to visit on his vacation. He wrote: I would very much like to bring my dog with me. He is well-groomed and very well behaved. Would you be willing to permit me to keep him in my room with me at night?" An immediate reply came from the hotel owner, who wrote: SIR: "I've been operating this hotel for many years. In all that time, I've never had a dog steal towels, bedclothes, silverware or pictures off the walls. I've never had to evict a dog in the middle of the night for being drunk and disorderly. And I've never had a dog run out on a hotel bill. Yes, indeed, your dog is welcome at my hotel. And, if your dog will vouch for you, you're welcome to stay here, too."
-
February 10, 2012, 1:07PM
Researchers Discover Android Mobile Botnet 100k Strong
by Paul Roberts
Follow @paulfroberts
A newly discovered malicious application circulating on third party Android markets in China has created a botnet that contains more than 100,000 compromised devices, researchers report.
Researchers from North Carolina State University and Symantec say the malware, dubbed RootStrap (NC State) installs a known remote access trojan (RAT) named BMaster (Symantec). It is capable of stealing a wide range of information from infected Android devices running versions earlier than 2.3.3 and 3.0, and may be ginning up illilcit profits with premium SMS and telephony scams, according to the report from NC State and Symantec.
Malicious software researches and anti virus companies have observed a sharp spike in the number of malicious programs targeting the Android platform in the last year, as the population of Android devices has skyrocketed. However, botnets are still rare for the mobile world.
Though reliable data on the size and operation of the botnet isn't available, Symantec estimates that it could generating anywhere between $1,600 to $9,000 per day and $547,500 to $3,285,000 per year for its operators, depending on how many infected devices the botmasters are able to sustain.
RootStrap isn't the first example of an active, revenue-generating Android botnet, Symantec points out. However, it may be the first that large enough and profitable enough to rival traditional Windows-based bot networks. That, Symantec points out, means it certainly won't be the last.
Full story here: https://threatpost.c...e-botnet-021012
-
New Tool Cracks Apple iWork Passwords
by Brian Donohue
The Russian software company, ElcomSoft, has developed a tool capable of recovering iWork passwords from Apple Numbers, Pages, and Keynote applications. According to ElcomSoft, 'Distributed Password Recovery' is the first commercially available tool with this capacity.
The tool works by performing a distributed, brute force dictionary attack against user-selectable passwords. Its just the latest effort by the Russian firm, which has
previously released tools for breaking the encryption used to protect data on Apple iPhone and RIM Blackberry devices. ElcomSoft claims this tool gives forensics experts the ability to access a vast array of encrypted evidence.
-
Microsoft fixes Windows 8 Consumer Preview launch event for Feb. 29
New name for beta, but provides no new details
By Gregg Keizer | Computerworld US | 08 February 12
Previously, Microsoft had promised that it would distribute a public beta -- the company used the label "Consumer Preview" instead -- in "late February." Wednesday, Feb. 29 is the last day of the month.
Microsoft did not offer any additional details on the Consumer Preview, including whether it planned to also introduce it at a similar U.S. event. A spokeswoman said that Microsoft would provide more information at a later date. The company will not present the Windows 8 preview at the Mobile World Congress (MWC), but instead at a Barcelona hotel between 3 p.m. and 5 p.m. local time. The MWC runs from Feb. 27 through March 1st.
Microsoft will open the Windows Store to the public at the same time it ships Windows 8 Consumer Preview. Although the company today again declined to comment on a ship date for the final edition of Windows 8, the Consumer Preview's timing hints at a fall 2012 debut assuming the company paces Windows 8's development and testing as it did Windows 7's.
Read more here: http://www.pcadvisor...&olo=newsletter
-
What's the difference between the iPhone 4 and iPhone 4S?
It may look the same as its predecessor, but is the iPhone 4S very different?
By Carrie-Ann Skinner | PC Advisor | 12 December 11
Apple released the iPhone 4S, next iteration of its smartphone, in October this year, but the handset was not quite what everyone, including PC Advisor, was expecting. For a start, the latest version of Apple's smartphone sports the exact same glass and stainless steel design as the iPhone 4. However, the device has proved popular. Within the first three days of availability, Apple said it had sold more than four million of the iPhone 4S, that's more than double the number for the iPhone 4, which sold 1.7 million in its first three days. So if you're contemplating on buying the device for yourself, or a loved one, you're probably questioning just what's the difference between the iPhone 4 and the iPhone 4S.
It may look the same as its predecessor, but is the iPhone 4S very different?
More than two in five smartphones sold in October were Apple's iPhone 4S
Internal redesign
The big differences between the two handset is in the form on what Apple calls a complete internal redesign. To begin with the iPhone 4S feature a dual-core A5 chip, the same used to power the Apple iPad 2, which Apple says delivers twice the processing power and up to seven times faster graphics than iPhone 4.
When Apple launched the iPhone 4, the smartphone was given a dual antennae for the first time ever. The stainless steel band that wraps around the sides of the smartphone was split up into several antennas so that one piece handled Wi-Fi, another GPS, one handled Bluetooth and another did cellular. However, when the handset was held in a certain way, which became known as death grip, many users reported a loss of signal. As a result Apple was forced to offer a bumper to resolve the issue.
While the iPhone 4S has retained the dual antennae, the section that handles the cellular signal has been divided up into two pieces and will "intelligently switch" between the two. So if you apply the death grip to attenuate to one piece of the cellular antenna, the radio will, in theory, switch to the other piece that isn't being
The iPhone's camera has been improved from 5Mp to 8Mp and comes with a f2.4 aperture for improved low-light photography. It also offers grid lines on screen and the ability to capture video in full 1080p HD with real-time video image stabilisation and real-time noise reduction. Apple also says battery life has been improved and according to Apple, the iPhone 4S now offers 8 hours of 3G talk time.
The iPhone 4S runs iOS 5, the latest iteration of Apple's mobile platform, which benefits from 200 new features including a new-look Notification Centre, and iMessage that allows users to send messages, photos, videos and contact information to other users of the app for free over Wi-Fi. Another feature of iOS 5 is iCloud - Apple's online storage service. Music purchased from iTunes, photos, files and contacts can be stored in the free 5GB of online space and then wirelessly access then from a number of different devices including others running iOS and Windows PCs. Furthermore, when content changes on one device, all your other devices are updated automatically and wirelessly. While iOS 5 comes preloaded on Apple's iPhone 4S, it's not really a difference between both handsets as iPhone 4 users can upgrade to iOS via iTunes by connecting their handset to their PC.
However, there is one feature that iPhone 4 owners won't be able to access even if they upgrade to the latest version of iOS and that's Siri the "intelligent assistant".
According to Apple, the voice-control technology understands context allowing users to speak naturally when asking questions. For example if you say 'will I need an umbrella this weekend?' Siri will provide you with a relevant answer, in this case, the weather report. It is integrated into all iPhone apps.
-
Windows 8 aims to take pain out of managing passwords
Juggling passwords for all the Web sites and accounts we use is a neverending challenge, but one that Microsoft hopes to resolve in Windows 8.
Protecting yourself on the Internet typically requires the use of passwords. But that process has never been easy or truly safe. Most people either try to remember too many passwords or simply use the same passwords for all their accounts. Both approaches leave the door open for hackers to access your personal information.
What's needed is a simpler yet still secure approach.
In the latest edition of the Building Windows 8 blog, Dustin Ingalls, a group program manager on Microsoft's security and identity team, explains how both Windows 8 and Internet Explorer 10 will try to adopt that simpler yet secure approach.
http://news.cnet.com/8301-1009_3-57343625-83/windows-8-aims-to-take-pain-out-of-managing-passwords/
-
Microsoft copies Google with silent browser updates
No more clinging to old IE versions
By Gavin Clarke • Get more from this author
Internet Explorer is about to do more than just look like Chrome - it'll silently update on your PC just like Google's browser, too. Microsoft in January will start rolling out auto updates moving you to the latest edition of IE available for your machine's operating system.
Platforms covered are Windows XP, Windows Vista and Windows 7 and the policy means Windows XP holdouts on IE6 or IE7 get booted up to IE8 while Windows Vista and 7 users still on IE7 or even on Windows 8 get shunted up to IE9, released in March.
Silent updates will start in Australia and Brazil and you'll need to have turned on automatic updating via Windows Update.
You won't be forced to move, if you've deliberately decided old is your thing. Microsoft makes available IE8 and IE9 Automatic Update Blocker toolkits to stop auto-updates while those who've actively declined updating in the past won't be moved.
You can also uninstall the update.
-
December 15th, 2011, 16:33 GMT · By Eduard Kovacs
Ellen DeGeneres Fans Lose Money to Facebook Scam
I had just finished writing about the fake nanny emails which target the savings of unsuspecting recipients when I stumbled upon a similar scam that may have made a large number of victims.
An email and a social media account that allegedly belonged to Ellen DeGeneres’ manager were used to offer her fans a place in the show. In reality, this turned out to be nothing more than a classic scheme to steal their money.
According to Hollywood Reporter, an individual created a Facebook profile and a Gmail account on the name of Eric Gold, pretending to be the celebrity’s manager. He then posted ads and sent out emails to her fans, offering them a seat at the TV show and a $3,000 (2,100 EUR) check to cover travel expenses.
"You have been selected from members of the Ellen DeGenere's Facebook Fan page to be on her talk show because of your comment on the 'Halloween edition'. If you are interested in attending, this offer is an all expense paid trip from Ellen in appreciation of being a fan of Ellen.You are required to reply as soon as possible because we have limited time," reads the phony email. Those who responded to the invitation were required to provide names, addresses, email addresses and cell phone numbers to claim their prize and once they responded, they were duped into believing that they quickly had to perform a bank transaction in order to make it to the show.
"You have to quickly rush to bank cash the funds and head to the western union store to wire your ticket and hotel reservation funds. So you are hereby being advised to send the funds to the below Agent's name," read the reply from Eric Gold.
http://news.softpedia.com/news/Ellen-DeGeneres-Fans-Lose-Money-to-Facebook-Scam-241014.shtml
-
If you had one of those days ... enjoy!!
http://www.youtube.com/watch_popup?v=FrTbnczYAd4&feature=player_embedded - Ormie the pig
-
</h1>
<h1>New zero-day vulnerabilities found in Adobe Flash PlayerWhen it comes to malware exploits, Adobe's Flash and PDF software can't seem to catch a break recently.
Recently a vulnerability was found in both Mac and Windows versions of Adobe's Acrobat and Reader products that could allow an attacker to crash the programs and gain control of the system. So far only attacks on Windows machines have been found, but Mac systems could be affected as well. Now two similar vulnerabilities have been found in Adobe's Flash Player, which likewise could result in arbitrary code being executed on the system.
Computerworld is reporting that the flaws, for which advisories have been issued by US-CERT, were discovered by Intevydis, a Russian vulnerability research company. Apparently the vulnerability bypasses antiexploitation features in Windows such as DEP and ASLR, and can get around the Internet Explorer sandbox (there is no information on how other browsers handle the issue).
While Intevydis has so far shown the exploit on Windows machines, apparently it works in OS X as well. So far Adobe has only addressed these exploits for version 9.x of its Reader and Acrobat products for Windows; fixes for the other versions are due in about a month's time. Adobe has not yet issued a response to the current findings regarding Flash Player.
Unlike malware that is directly downloaded to a system and scanned, these malware attempts run through the Flash Player or Adobe Reader programs themselves, making it harder for malware scanners to detect them. The exploits should be addressed by Adobe sooner or later, but until then you might consider a tool like Click2Flash, NoScript, or Click2Plugin for blocking unwanted Flash content from running on your system.
-
I don't care if anyone wishes to test me for drugs ... I have nothing to hide since I only use prescribed medications. In my last place of employment one of the staff was a drug user and scammed the company out of $100,000 before she got caught. No drug testing of employees was done so perhaps with today's popularity of drug usage, it is not such a bad idea.
And living in a right wing regime also kept Canada out of a deep recession and the #1 country rated out of 10 [up from #4] worldwide for investing into. Not bad when other countries are going bankrupt. On one hand people complain government is spending into a deficit and on the other hand when it is a self interest then spending is okay.
A bit off topic but it was brought into the conversation.
British Columbia (Vancouver) $73,972 2011 BC's Local Collective Agreements (2006 - 2011)
I do not feel it is such a shabby wage given the time off & short hours teachers enjoy plus the rich extra benefits demanded. The disadvantaged can only dream of such a salary and benefits.
BC Teachers are asking for the following:
* Ten days paid bereavement leave is among the proposals B.C. teachers requested in their bid for a new collective agreement. But that request and others are unrealistic and out-of-touch with the province’s economic climate, says the B.C. Public School Employers Association.
According to the BCPSEA, it will cost taxpayers an additional $2.1 billion to meet proposals tabled by the B.C. Teachers Federation in contract negotiations, which recently ground to a standstill.
Among the proposals is a 26-week, fully paid leave of absence per year for direct or indirect compassionate care “to any person,” a concession the BCPSEA estimates could cost $49 million.
And I for one cannot afford to foot that kind of bill as many other BC residents cannot afford it either and can only dream of such benefits.
-
Friday, October 14, 2011
Malicious Ads on Bing Lead to ZeroAccess Trojan
Search-engine poisoning has been the bane of many Internet users' existence for a long time, and it's one of many security problems that seems to not be getting any better. In some ways, it may be getting worse, actually. One of the main problems these days is the use of legitimate-looking ads that direct users to malicious sites rather than sites to download applications such as Flash or Firefox.
Researchers have been tracking various SEO-poisoning campaigns for some time now, and the attackers often will pin their campaigns to recent news events and popular search terms. In other cases, they simply go after popular downloads, and that's what's happening in a recent case that researchers at GFI Software discovered this week. In this case, a search on Bing for Adobe Flash turned up an ad pointing users to a site where they can supposedly download Flash 10.
Of course, what those users get isn't Flash, but a kick in the digital teeth in the form of the ZeroAccess Trojan. This piece of malware, also known as Max++ and Sirefef, is a particularly ugly pest and includes some rootkit functionality that gives it the ability to stay resident on an infected machine even after cleanup attempts and reboots. ZeroAccess also is being used in an ongoing attack discovered last week by researchers at Dell SecureWorks in which users are redirected from compromised sites to an attack site that installs the Trojan.
Story - https://threatpost.com/en_us/blogs/malicious-ads-bing-lead-zeroaccess-trojan-101411
-
October 13, 2011, 4:22PM
It's Time For an Apple Patch Tuesday
If there's one thing that can be said about Apple, it's that the company operates on its own timeline. It does what it pleases at whatever time suits it, and the customers appear. Actually, they don't simply appear, they wait expectantly and move as one when asked. This has proven to be enormously profitable for Apple and quite satisfying for most of its customers. But the one area where this has not worked so well is security.
This week has been the perfect example of how things have gone sideways for Apple on security. In the space of two days, the company has pushed out a new version of iTunes, a new version of iOS for the iPhone and iPad, and a new version of Mac OS X. Each of these releases included a huge number of security updates, some of which are critical fixes for problems that had been identified weeks or months earlier. For example, iOS 5, released on Wednesday after much anticipation, included 95 security updates. One of these was a fix that removed the DigiNotar root certificates from the list of trusted roots on iOS, something that all of the major browser vendors--including Apple--had done weeks earlier in their desktop versions due to the seriousness of the compromise of the DigiNotar CA infrastructure. But the company wasn't able to get an iOS update out to fix the problem until this week, more than a month after the first news of the DigiNotar attack came out.
-
Sprint App Disables Drivers' Texts, Calls
Sep 13, 2011 | 1:32 PM ET |
By Samantha Murphy,
TechNewsDaily Senior Staff Writer
Sprint has unveiled a new smartphone app that prevents users from sending text messages and making or receiving phone calls while on the road to prevent distracted driving.
The app is called Sprint Drive First and is already available for Android devices and will soon be available on other platforms. Sprint Drive automatically activates when the phone is moving at a speed of more than 10 miles an hour as determined by the device's GPS system. Sprint said it is using technology to make sure it doesn't have an impact on a phone's battery.
Although text messaging is banned for all drivers in 34 U.S. states and the District of Columbia, it is still a continued problem throughout the country. In fact, each day more than 16 people are killed and more than 1,300 are injured in crashes involving a distracted driver, according to DistractedDriving.gov.
In addition, drivers who use handheld devices are four times as likely to get into crashes serious enough to injure themselves. Sprint Drive First costs $2.00 per month for each phone line after a 15-day free trial. There are no additional SMS or data charges. However, only phones that are on a data and SMS plan with Sprint will be able to subscribe to the service.
This story was provided by TechNewsDaily, a sister site to SecurityNewsDaily. Reach TechNewsDaily senior writer
-
Thursday, October 13, 2011
Bogus Netflix Application For Android Steals Passwords, Won't Let You Watch Movies
A report from Symantec claims that malware authors tricked an untold number of Netflix users into coughing up their account credentials with a Trojan horse application that doubled as a Netflix app for the Android platform.
In a blog post, Symantec researcher Irfan Asrar writes about a new piece of malware, Android.Fakenflick (not to be confused with NPR star reporter David Folkenflick, mind you), which looks identical to the legitimate Neflix application, but sends any user name and passwords entered via the Android phone to a remote server controlled by the attackers. According to Symantec, the malware was first identified on October 10 and has been linked to just a small number of infections. After accepting the user's Netflix credentials, the malware displays an message saying the Android phone is not supported by the application, which is then uninstalled.
The malware is designed to look and behave exactly like the legitimate Netflix application for Android - with a similar look and feel. The application also requests the same permissions of the phone user. Asrar hypothesizes that malware authors were simply jumping on an opportunity to get hungry Netflix users to download their malware, after Netflix released an official Android application that only ran on certain Android phones. An ad hoc effort sprang up to port the app to non supported platforms. Users who downloaded Fakenflick may have thought they were getting a grayware ported version of the application.
-
-
Microsoft: Phishing - Not Zero-Day Threats - Cause the Most Problems
By Steve Ragan on October 12, 2011
On Tuesday, in addition to the monthly "Patch Tuesday" security updates for Windows and Office platforms, Microsoft released the eleventh volume of its Security Intelligence Report. The report, which gives a deep look into security trends, has some interesting data when it comes to malware propagation.
Less than one-percent of the exploits observed in the first-half of 2011 were targeting Zero-Day vulnerabilities Microsoft said. In fact, most of the attacks centered on previously patched issues, and leveraged Phishing to spread the malicious payloads. According to the data, Phishing accounted for 44.8-percent of the malware spread during the reporting period.
Sticking to Phishing, social networks and their users were a favorite target, as the socially engineered attacks originated on such sites, reaching a peak of nearly 85-percent in April. This trend hammers home the point made by the software giant, when they noted that the Web is the main source of malicious infections and malware propagation.
Story & graph - http://www.securityweek.com/microsoft-phishing-not-zero-day-threats-cause-most-problems
-
Wednesday, October 12, 2011
Sony Detects Suspicious Behavior, Locks 93,000 Online Accounts
Sony locked the accounts of some 93,000 individuals on the Playstation Network (PSN), the Sony Entertainment Network (SEN), and Sony Online Entertainment (SOE) services following a mass log-in attempt using username-password combinations obtained from an unnamed source.
The attack affected less than one tenth of a percent of PSN, SEN, and SOE user bases combined, and the majority of log-in attempts failed. However, the 93,000 accounts that Sony ended up locking out were compromised, the company said. According to a statement put out by Sony’s CISO, Philip Reitinger, only a small fraction of the 93,000 compromised accounts showed activity before being locked.
The company plans on contacting the affected gamers via email and encouraging them to perform a password reset, and is assuring users that no credit card data has been compromised.
Story - https://threatpost.com/en_us/blogs/sony-detects-suspicious-behavior-locks-93000-accounts-101211
-
Wednesday, October 12, 2011
Apple Fixes Nearly 80 Bugs in iTunes 10.5
Apple has released a new version of its iTunes software, patching an enormous number of vulnerabilities in the popular music application. Version 10.5 of iTunes includes fixes for several dozen flaws in WebKit alone, and also has some updated functionality designed to support new components coming in iOS in the near future.
The latest release of the iTunes software, which Apple uses not only as a music-playing application but also a control system for iPods, iPhones and iPads, has fixes for vulnerabilities in a slew of components, including ColorSync, CoreFoundation, CoreAudio, CoreMedia and ImageIO. But the largest number of bugs fixed in iTunes 10.5 belongs to WebKit, the framework that underpins iTunes and the Safari browser. There are 73 separate bugs fixed in WebKit in iTunes 10.5, all but one of which are memory-corruption vulnerabilities. Several of the WebKit flaws could lead to remote code execution, while others only result in denial-of-service conditions or a crash of the iTunes software.
The vulnerabilities fixed in iTunes 10.5 only are present on versions of the software running on Windows machines. Some of the flaws did not affect systems running Mac OS X, while others were fixed in various security updates for OS X or in the release of the new Lion operating system. The list of researchers and groups credited with finding vulnerabilities fixed in this release makes for some interesting reading. While a fair number of the bugs were identified by internal people at Apple, several others were discovered by members of Google's Chrome security team and another was reported by David Weston of Microsoft.
Story - https://threatpost.com/en_us/blogs/apple-fixes-nearly-80-bugs-itunes-105-101211
The Toilet seat
in The Comedy Club
Posted
THE TOILET SEAT
Charlie's wife, Lucy, had been after him for several weeks
to paint the seat on their toilet. Finally, he got around to
doing it while Lucy was out. After finishing, he left to take
care of another matter before she returned.
She came in and undressed to take a shower. Before getting
in the shower, she sat on the toilet. As she tried to stand up,
she realized that the not-quite-dry epoxy paint had glued her
to the toilet seat.
About that time, Charlie got home and realized her predicament.
They both pushed and pulled without any success whatsoever.
Finally, in desperation, Charlie undid the toilet seat bolts.
Lucy wrapped a sheet around herself and Charlie drove her
to the hospital emergency room.
The ER Doctor got her into a position where he could study
how to free her (Try to get a mental picture of this.).
Lucy tried to lighten the embarrassment of it all by saying,
"Well, Doctor, I'll bet you've never seen anything like this before."
The Doctor replied, "Actually, I've seen lots of them......
I just never saw one mounted and framed."