Troy Hunt, software architect and Microsoft MVP, took a crack at the password database recently stolen from Sony Pictures to see what kinds of passwords users chose. The results are, as usual with such things, discouraging.

First, the biggest security screwup in this affair clearly was made by Sony who, according to the hacking group ("LulzSec"), "...stored over 1,000,000 passwords of its customers in plaintext."

Adobe has issued an "out of band" update to Flash Player on Windows, Macintosh, Linux and Solaris to fix a "universal cross-site scripting vulnerability" they learned about this past Friday, June 3.

The vulnerability could be used by an attacker to conduct actions on the user's behalf. Adobe has received reports that the vulnerability is being exploited in the wild in targeted attacks "...to trick the user into clicking on a malicious link delivered in an email message".

Flash Player 10.3.181.16 and earlier for Windows, Macintosh, Linux and Solaris are vulnerable. Users should update to version Player 10.3.181.22 (10.3.181.23 for ActiveX). Google has also released a new version 11.0.696.77 of Chrome which incorporates the update. A new version 10.3.181.22 for Android should be available this week.

Users may download the current version of Flash Player, as always, at http://get.adobe.com/flashplayer.

Adobe is investigating whether the Authplay.dll component that ships with Adobe Reader and Acrobat X (10.0.2), and which delivers Flash functionality to PDF documents, is affected. But they are not aware of any attacks using PDF.

Renesys is reporting that Syrian networks are accessible once again from the Internet, some as of late Friday night and the rest Saturday morning. They had been taken down Friday morning.

The downtime happened during Friday, a day which has become a traditional protest day in Arab countries in recent months. It is possible that the outage was planned specifically to disrupt any such protests. Tune in this coming Friday to see if it happens again.

"...virtually none of the visual indicators that help even a moderately savvy novice computer user make informed decision are present on mobile devices" says Randy Abrams, Director of Technical Education at ESET's Cyber Threat Analysis Center.

According to Renesys, a service which monitors Internet connectivity, "...approximately two-thirds of all Syrian networks became unreachable from the global Internet." at 3:35 UTC today (6:35am local time).

As in many authoritarian countries, virtually all Internet connectivity in Syria flows through a single state telecom company, SyriaTel. (networks AS29256 and AS29386), which has the power to disconnect private and public networks from the rest of the Internet.

The remaining networks online are mostly government networks, although Renesys reports these are sluggish. Private networks, especially those serving mobile providers, are out.

Similar shutoffs happened in other Arab countries during protests; Egypt's shutdown didn't last long.

Google has uncovered a campaign, based in Jinan, China, which they say compromised the personal GMail accounts of "...senior U.S. government officials, Chinese political activists, officials in several Asian countries (predominantly South Korea), military personnel and journalists." The compromise likely happened through phishing.

All weapons used by the US military and other agencies (like the CIA) require approval and rules for use, including "cyber-weapons." The government has a classified list of such weapons, according to the Washington Post.

Sorry, we don't have the list here for you.

Some major botnet takedowns have resulted in a plummmetting volume of spam, but for the most part it seems like business as usual in the world of Internet threats, according to the most recent quarterly McAfee Threat Report.

Apple has issued Security Update 2011-003 for OS X v10.6.7 to add the OSX.MacDefender.A definition to Snow Leopard's File Quarantine feature, and to "...search for and remove known variants of the MacDefender malware."

It's not that surprising to find out that there are phishing sites on Google Docs, although I hadn't thought about it before. It is surprising to see Google making the situation worse.