By Dan Goodin, TheRegister.co.uk
Twitter is sitting on an amateur configuration blunder that makes it trivial for attackers to take control of user accounts, a researcher said Friday.
The error resides in an Adobe Flash object hosted on the microblogging site, said Mike Bailey, a senior security analyst with penetration testing firm Foreground Security. Contrary to Adobe recommendations, the object is free to load files hosted virtually anywhere on the net, including those containing booby-trapped javascript and action script.

H-Online.com
The Tor project developers have advised users to update their Tor anonymity software to version 0.2.1.22 or 0.2.2.7-alpha as soon as possible. This is because, in early January, two of the project`s seven directory authorities (moria1 and gabelmoo) as well as the metrics.torproject.org statistics server were found to have been hacked. Moria also contains the developers` Git and sub-version repositories.

By Robert Lemos, SecurityFocus.com
A law firm suing China and two Chinese software developers over the Green Dam Youth Escort monitoring program suffered several targeted attacks earlier this week, when documents containing malicious exploits were sent to attorneys, the firm stated late Wednesday.

By Graham Cluley, Sophos.com
Hot on the heels of last month`s attack on Twitter, the so-called ˝Iranian Cyber Army˝ appears to have defaced another high profile website.

By John Leyden, TheRegister.co.uk
A Russian security firm has pledged to release details of previously undisclosed flaws in enterprise applications it has discovered every day for the remainder of January.