Rob wrote in with a link to a CBR Online article discussing drive-by pharming, a new exploitation technique developed by Indiana University and Symantec Corporation. While it's not known if the technique is in use 'in the wild', the exploit could easily co-opt the web-browsing habits of a user that had not properly configured their router. "The attack works because most of the popular home routers ship with default passwords, default internal IP address ranges, and web-based configuration interfaces. The exploit is a single line of JavaScript loaded with a default router IP address, a default password, and an HTTP query designed to reconfigure the router to use the attacker's DNS servers." The article goes on to discuss several related and more advanced techniques related to this one, which security companies will have to keep in mind to guard against future attacks.

dolphinling writes "Everyone is aware that the Mozilla Corporation makes some money, and employs some people now. Google has full-time employees working on Firefox too, as do a number of other places. Yet despite that, in the six months up to Firefox 2 some 27% of the patches to Firefox were submitted by key volunteers, and those patches represent 24% of changes made to the source code. What's more, those numbers only counted contributers with 50 patches or more, so the actual numbers are probably quite a bit higher. It's good to see that even as Mozilla does so well in the business world, it can still keep its ties to the community so strong." They were running these number to find out who they need to start offering support to. So: contribute to Firefox, and you know you'll get a hand up. Nice work, folks.