ReadWriteWeb

After almost two months of hacking like mad, LulzSec is apparently disbanding. They declared on their Twitter account that they had dumped a wad of unreleased materials and a goodbye statement on Pastebin. In a rant that might have been composed by cutting up the diaries of 100 college sophomores, they said:

"Our planned 50 day cruise has expired, and we must now sail into the distance, leaving behind - we hope - inspiration, fear, denial, happiness, approval, disapproval, mockery, embarrassment, thoughtfulness, jealousy, hate, even love."

The Department of Homeland Security will release a new guidance document today intended to make the software that runs the Web less susceptible to malicious hacks.

DHS has teamed with security and technology experts at the SANS Institute and Mitre to create a list of the top 25 programming errors that lead to the most serious hacks, according to The New York Times. The idea is to educate companies and organizations about the channels that criminal hackers use to gain access to confidential information and servers. These are often common software errors that can lead to "zero day" exploits.

Apple released Mac OS X 10.6.8 yesterday in preparation for its Lion release. There are several things to like about the new update, including changes to Final Cut Pro X as well as enhancements to the Mac App Store ahead of the release of Lion.

Overlooked in the update is the fact that Apple has included a fair amount of security updates in the software. When it comes to Apple, people always want to talk about what is cool and sleek and fun to use. Yet, as the fake anti-virus malware Mac Defender has shown us, Apple is becoming more of a target for malicious hacks. Apple releases security updates with each version of Mac OS X. Let's take a look at what is significant in version 10.6.8.

The Amazon Web Services cloud outage lead to some contemplation from cloud computing leaders such as Krishnan Subramanian. I'm wondering if the FBI raid on co-location host DigitalOne will lead to some similar considerations.

Colos aren't cloud in most senses of the word, but multi-tenant cloud providers are at least as vulnerable to this sort of problem. There are ways to mitigate the problems, such as fail-over servers with other cloud providers and encrypting data before storing in the cloud, but I don't think anyone wants to deal with this issue.

Early adopters may love to check in at nightlife hotspots on Foursquare and Facebook Places, but what might location technology look like once it moves into the mainstream? Fast-growing startup Life360 is aiming for that mainstream market and has interesting plans. The company offers a free app for family members to track each other's locations.

The in-part Google-financed startup announced a big jump in growth this Spring when a wave of media coverage lead it from 1 million users to 2 million in just 10 weeks. Now the company tells us it's hit 3 million in 9 more weeks and this week it announced a big new feature: carrier-level location tracking of any phones, including feature phones, for free. Life360's plan is to undercut the market on location data, scale up fast with a fremium model and then build its business with value-added services that incumbents in industries like home security and insurance are offering today with super-high margins.

Last week Microsoft issued a blog post stating that Internet Explorer will not support WebGL because WebGL is inherently insecure. The post was based on research conducted by the firm Context, which showed that WebGL could be used for denial of service attacks or use the GPU to run malicious code. Microsoft complained that WebGL is too reliant on third parties (ie, GPU vendors) to secure the Web experience.

The only problem, according to Chrome developer Gregg Tavares (not speaking on behalf of Google), is that Silverlight 5 has the exact same vulnerability. Microsoft says it has fixed the vulnerability and the fix will appear in the next beta release.

Today at the GigaOM Structure event in San Francisco Citrix Data Center and Virtualization CTO Simon Crosby announced that he and Xen founder Ian Pratt are stepping down and starting a new company called Bromium. The company also announced that it closed a series A to the tune of $9.2 million from Andreessen Horowitz, Ignition Partners and Lightspeed Venture Partners.

We caught up with Crosby by phone today to ask a few questions about the Bromium's plans.

The Lulz keep on coming.

Ryan Cleary, the 19-year-old alleged criminal hacker arrested in Britain yesterday, has formally been charged with offenses under the United Kingdom's Criminal Law Act and Computer Misuse Act. The accusations are for a purported Distributed Denial of Service attack against the Serious Organised Crime Agency (SOCA) along with several industry groups. In other News Of The Lulz, the group apparently now has a Brazilian arm that has taken down two government websites, according to PCMag.

New Scotland Yard has caught a black hat hacker believed to be of the Lulz Security hacker group, or so it thought. The British law enforcement agency is reporting that a 19-year-old male has been arrested in Essex, England by the "e-Crime" unit following an investigation into network intrusions and distributed denial of service attacks.

LulzSec is not claiming the suspect as one of its own. In a tweet, LulzSec wrote, "Seems the glorious leader of LulzSec got arrested, it's all over now... wait... we're all still here! Which poor bastard did they take down?"

According to mobile security company Lookout, there is a new version of Android malware in the wild and this one is a little bit different from what has come before.

Known as GGTracker, the application can be downloaded from the mobile browser through an advertisement that brings users to a page that is set up to look like the Android Market. Once a user has downloaded the GGTracker Tracker Trojan it sends SMS messages to premium subscription services that would normally require online registration.