Patch for Java Web flaw released
REDWOOD SHORES, Calif., Jan. 14 (UPI) -- Oracle Corp. has released an emergency update to its Java Web browsing software, but U.S. security experts said it still leaves PCs vulnerable to hackers.
The vulnerability, discovered last week, had prompted the U.S. Department of Homeland Security to advise computer users to disable the Java functionality in their Web browsers.
Security experts were urging consumers to download the patch released Sunday, even though some argued the fixes may not keep all forms of Java safe from cyberattacks and malware, The Washington Post reported Monday.
"Note that the vulnerabilities Oracle just patched don't apply to standalone Java applications or server-side Java installs," Sophos security researcher Paul Ducklin wrote in a blog post. "They apply only to applets, which run inside your browser."
Ducklin still recommends computers users disable Java completely if their Web browsing activities don't require it, or run one browser with Java enables when such functionality is needed and another one without for majority of their Web surfing.
Even with the release of the patch, the U.S. Computer Emergency Readiness Team, part of the Department of Homeland Security, is still advising users to disable Java on their systems unless running the software is "absolutely necessary."
Smuggled fossils returning to Mongolia
ULAN BATOR, Mongolia, Jan. 14 (UPI) -- Mongolia says dinosaur fossils recovered after being illegally smuggled into the United States will be part of a new museum's exhibits.
They will join about 500 dinosaur skeletons at the country's Paleontological Center of Academy of Sciences and Natural History Museum to form the core of a new museum dedicated exclusive to dinosaurs, China's state-run Xinhua News Agency reported Sunday.
The new museum, dubbed the Central Dinosaur Museum of Mongolia, will include Tyrannosaurus Bataar and Saurolophus and Oviraptor fossils smuggled illegally to the United States and being returned to their homeland by the U.S. government.
The 70-million-year-old Tyrannosaurus Bataar skeleton unearthed in Mongolia's southern Gobi desert was sold at a New York auction for more than $1 million but was seized by the U.S. Department of Homeland Security after Mongolia said it was illegally smuggled.
Kenya to try anti-poaching technology
NAIROBI, Kenya, Jan. 14 (UPI) -- Kenya's wildlife agency says it plans to install an alarm and notification system around some parks and wildlife sanctuaries in an effort to combat poaching.
Kenya Wildlife Service officials said they hoped the system, connected to fences around selected reserves, would help reduce poaching by up to 90 percent.
If an animal interferes with the fence or if someone tries to tear down or slip through the fence, the alarm will sound and will also send a text message to wildlife rangers who can then converge on the affected area, the British newspaper The Guardian reported.
However, putting the alarm system in all Kenyan parks is impractical since the costs would be extremely high and some parks and sanctuaries are not wholly fenced in, officials said.
"Some parks are very big and the idea would only work in conservancies, which have a much smaller land area," Patrick Omondi, head of the species department at the wildlife service, said.
Tsavo National Park, where an entire family of elephants was recently killed by poachers, is about the size of Belgium.
Kenya lost more than 360 elephants to poaching last year, government figures show.
Across Africa more than 1,000 rhinos and more than 1,000 elephants were lost last year, the victims of poaching driven in large part by demand in Southeast Asia for animal parts considered to have medicinal properties.
'Red October' cyberattack is identified
MOSCOW, Jan. 14 (UPI) -- Russian security researchers say they've uncovered a cyberattack campaign that may have been stealing confidential documents for as long as five years.
Kaspersky Labs said the malware -- designed to steal encrypted files -- targeted government entities such as embassies, nuclear research centers, and oil and gas institutes.
Kaspersky Labs' chief malware researcher, Vitaly Kamluk, said victims had been carefully selected.
"There were a quite limited set of targets that were affected -- they were carefully selected. They seem to be related to some high-profile organizations," he told the BBC.
The malware, which has been dubbed Red October, is similar to the Flame cyberattack identified last year, researchers said.
"It appears to be trying to suck up all the usual things -- word documents, PDFs, all the things you'd expect," Alan Woodward, a security expert from the University of Surrey in Britain, said.
"But a couple of the file extensions it's going after are very specific encrypted files."
Red October also has a previously unseen ability to hide on a machine as if it has been deleted, he said.
"If it's discovered, it hides. When everyone thinks the coast is clear, you just send an email and 'boof' it's back and active again."
Sixty domain names, based mostly in Germany and Russia, were created by the hackers to run the attacks, the researchers said.
