A social hangout website for teenage girls has sprung a leak that's exposing plaintext passwords protecting as many as 5.5 million user accounts. As this post went live, all attempts to get the leak plugged had failed.

It's bad enough that a SQL-injection vulnerability that dumps passwords remained unfixed even after it was privately reported. It's even worse that the database contained plaintext passwords.

On Sept. 20, Krebs tweeted that his site was hit with a DDoS attack of 665G bps. A day later, on Sept. 21, Octave Klaba, founder of OVH tweeted that his network was affected on Sept. 20 by simultaneous DDoS attacks approaching 1T bps. The peak attacks came in at 191G bps and 799G bps.

Akamai decided on Sept. 22 to drop support for Krebs, who had been a pro bono customer on the platform. An Akamai spokesperson said that decision to drop support for Krebs wasn't made lightly, but the costs and impact of defending against the large DDoS were non-trivial.

Just over a week since Google warned it would start labeling HTTP websites as "not secure," CloudFlare promises to help the many, many website owners who have a mix of both secure and insecure content on their sites, through what it is calling "automatic HTTPS rewrites."

CloudFlare is offering – incorporated into its existing services for no additional fee – a cutting-edge level of encryption that is mildly useful right now but should become increasingly useful as the drive to move to an encrypted internet becomes a reality.

Gmail went down Wednesday across the world for millions, with people in the US and UK apparently hit the hardest.

By 9 a.m. PT, service for a few Gmail for Work users had returned, but remained down on Google's App Status Dashboard. The company said it had identified the cause of the problem and was working on a potential fix.

Reveries of the connected world opens with a tour of the pale green room at the University of California, Los Angeles, where the internet was invented. This is a “holy place”, says our guide, computer scientist Leonard Kleinrock, and the first message sent from the computer here was “prophetic”.

“Tentatively, avidly, or kicking and screaming, nearly 2 billion of us have taken up residence on the Internet, and we’re still adjusting to it.” And we are moving rapidly into a reality where we are no longer permitted to live outside its influence.

On Thursday night, Facebook updated its own site to once again circumvent the Adblock Plus block. The move was expected, since Facebook said earlier that day it would be moving to counter the Adblock Plus update, and warned the plugin would hide legit posts.

That triumph was short lived: Adblock Plus said on Friday morning it had already updated its scripts to re-block the Facebook ads.

The new policy calls for the social network to serve up ads regardless of the presence of ad-blocking software, and in exchange give users greater control over their ad preferences to cut down on intrusive or annoying ads.

The social network notes that, as a free service, it has to use the ads to bring in revenues.

The issue of PPI is three times greater than malware: no less than 60 million download attempts every week. That's something that the authors say represents "a major security threat". They estimate as many as five per cent of all browsers have been affected.

Some software builds in a 20-day delay before waking up so users don't immediately associate it with the free download they just installed. Some check in the computer's registry for anti-virus and that they're not already installed.

The "404 No More" feature uses copies of webpages from the Internet Archive's Wayback Machine to replace 404 "not found" errors with something more useful. If you visit a link to a page that's disappeared, Firefox will fetch from archive.org a version of the page before it vanished.

To try "404 No More", Firefox users will have to install Firefox Test Pilot, a browser plugin for English-language Windows, OS X and Linux Firefox builds that lets you experiment with in-development features.

Security researchers from Proofpoint and Trend Micro have uncovered a massive malvertising campaign that has been targeting over one million users per day and infecting thousands, running since the summer of 2015, with unconfirmed clues showing that it might date back to as early as 2013.

This malvertising campaign marks the first time that crooks leveraged steganography to transmit malicious code embedded in malicious banner ads.

During their operation, the crooks showed malicious ads on 113 domains, including some big names such as The New York Times, Le Figaro, The Verge, PCMag, IBTimes, ArsTechnica, Daily Mail, Telegraaf, La Gazetta dello Sport, CBS Sports, Top Gear, Urban Dictionary, Playboy, Answers.com, Sky.com, and more.