I love Ice Cream, not security flaws!
The new feature (read: 'gimmick') in Android's new Ice Cream Sandwich OS 4.0 is fundamentally flawed.
I'm reminded of when I watched a demo of the latest Lenovo tech (three years ago) called VeriFace Face Recognition. It was being demo'ed with the, then, newly release Windows 7 allowing you to log into your computer simply by letting the Windows log-in prompt scan your face and use basic facial recognition to authenticate you.
This was swiftly proven insecure by simply printing a full page photo of somebody's face and letting the software pull the the recognizable points from the artificial medium.
ICS is basically flawed and vulnerable of the same exact circumvention methods... and with the widely available personal images found via Google+, Flickr, Facebook, etc... a simple bypass can be had with a swift CTRL + P or digital representation of that person via mobile device.
Below is the simplest way I could demonstrate this flaw with a YouTube video by somebody else. 
Dropbox drops the ball
It was posted yesterday, on the Dropbox blog, that a recent code update to the Dropbox programming left user's accounts accessible by any password given for a period of around 4hrs.
Yesterday we made a code update at 1:54pm Pacific time that introduced a bug affecting our authentication mechanism. We discovered this at 5:41pm and a fix was live at 5:46pm. A very small number of users (much less than 1 percent) logged in during that period, some of whom could have logged into an account without the correct password. As a precaution, we ended all logged in sessions.
It is suggested that you take the time to re-secure your account with a new password; preferably not close to what it was.
Hijack an unsecured Facebook account with your cell phone!
Some of you might remember the Firesheep plugin for the Firefox web browser that took the internet by storm a while back. This week ushers in a new method of doing the same exact thing, but this time, using your Android powered cell phone!
FaceNiff installs on any rooted Android phone and lets you sniff your local WiFi connection for floating Facebook packets. Just like Firesheep, FaceNiff will then hijack any session not using an encrypted HTTPS session during their latest picture tagging of last nights drunken haze. Watch the video for the fun:
Chrome gets pwnd!
Looks like the secure browser king has just received egg on it's face! Google Chrome's secure sandbox was just demonstrated circumvented allowing remote execution of code at a medium integrity level while also remaining completely silent (no crashing).