ISIS captures former Iraqi WMD site

The bad news around the Twitterverse right now is that the Islamic State of Iraq and Syria (ISIS) has captured a former Iraqi chemical weapons site (Edit: Iraq has confirmed this), possibly loaded with useless artillery shells that used to contain mustard gas.

Of course, we know Iraq once had WMDs, and that the Hussein regime used them during the 1980s Iran-Iraq war and on the Kurdish population. We also know that the UN inspectors determined that those weapons were useless in 2003 before the US invaded. Today's reports are consistent with these data -- apparently this is more like a toxic waste dump than an arsenal. The real question is whether anything on that site can be turned into a practical weapon.

Stay tuned, kids.

Via Brian Krebs: Adobe, Microsoft Push Critical Security Fixes

This is a re-blog from another site. Go do this now. --maxomai

Originally posted by briankrebs_rss at Adobe, Microsoft Push Critical Security Fixes

http://krebsonsecurity.com/2014/07/adobe-microsoft-push-critical-security-fixes-5/

http://krebsonsecurity.com/?p=26831

If you use Microsoft products or Adobe Flash Player, please take a moment to read this post and update your software. Adobe today issued a critical update that plugs at least three security holes in Flash. Separately, Microsoft released six security updates that address 29 vulnerabilities in Windows and Internet Explorer.

Most of the bugs that Microsoft nixed with today’s updates (24 of the 29 flaws) are fixed in a single patch for the company’s Internet Explorer browser. According to Microsoft, one of those 24 flaws (a weakness in the way IE checks Extended Validation SSL certificates) was already disclosed publicly prior to today’s bulletins.

The other critical patch from Microsoft fixes a security problem with the way that Windows handles files meant to opened and edited by Windows Journal, a note-taking application built in to more recent versions of the operating system (including Windows Vista, 7 and 8).

More details on the rest of the updates that Microsoft released today can be found at Microsoft’s Technet blog, Qualys’s site, and the SANS Internet Storm Center.

Adobe’s Flash Player update brings Flash to version 14.0.0.145 on Windows, Mac and Linux systems. Adobe said it is not aware of exploits in the wild for any of the vulnerabilities fixed in this release.

To see which version of Flash you have installed, check this link. Chrome and IE10/IE11 on Windows 8.x should auto-update their versions of Flash, although my installation of Chrome says it is up-to-date and yet is still running v. 14.0.0.125.

Flash has a built-in auto-updater, but you might wait days or weeks for it to prompt you to update, regardless of its settings. The most recent versions of Flash are available from the Adobe download center, but beware potentially unwanted add-ons, like McAfee Security Scan). To avoid this, uncheck the pre-checked box before downloading, or grab your OS-specific Flash download from here. Windows users who browse the Web with anything other than Internet Explorer will need to apply this patch twice, once with IE and again using the alternative browser (Firefox, Opera, e.g.).

If you have Adobe AIR installed (required by some programs like Tweetdeck and Pandora Desktop), you’ll want to update this program. AIR ships with an auto-update function that should prompt users to update when they start an application that requires it; the newest, patched version is v. 14.0.0.137 for Windows, Mac, and Android, and can be downloaded manually from here.