A bug report submitted on Open Radar this week reveals a security vulnerability in the current version of macOS High Sierra that allows the App Store menu in System Preferences to be unlocked with any password. From a report: MacRumors is able to reproduce the issue on macOS High Sierra version 10.13.2, the latest public release of the operating system, on an administrator-level account by following these steps: 1. Click on System Preferences. 2. Click on App Store. 3. Click on the padlock icon to lock it if necessary. 4. Click on the padlock icon again. 5. Enter your username and any password. 6. Click Unlock. As mentioned in the radar, System Preferences does not accept an incorrect password with a non-administrator account. We also weren’t able to unlock any other System Preferences menus with an incorrect password. We’re unable to reproduce the issue on the third or fourth betas of macOS High Sierra 10.13.3, suggesting Apple has fixed the security vulnerability in the upcoming release. However, the update currently remains in testing. Read more of this story at Slashdot.
More:
macOS High Sierra’s App Store System Preferences Can Be Unlocked With Any Password
seoras quotes a report from BBC: A new book by Lord of the Rings author JRR Tolkien is going on sale — 100 years after it was first conceived. Beren and Luthien has been described as a “very personal story” that the Oxford professor thought up after returning from the Battle of the Somme. It was edited by his son Christopher Tolkien and contains versions of a tale that became part of The Silmarillion. The book features illustrations by Alan Lee, who won an Academy Award for his work on Peter Jackson’s film trilogy. It is being published on Thursday by HarperCollins on the 10th anniversary of the last Middle Earth book, The Children of Hurin. Read more of this story at Slashdot. 
A two-year FBI investigation apparently centered on the satirical web site “GodHatesGoths”. Long-time Slashdot reader v3rgEz writes: In 2005, the FBI launched an investigation into the “Church of the Hammer, ” a fundamentalist Christian sect which called for the wholesale slaughter of practitioners of the goth subculture. Two years later, the investigation was closed, on grounds that the Church didn’t exist. The FBI’s threat assessment detailed “an extremely right-wing Christian group that adheres to a Middle Ages Catholic text called the ‘Malleus Malificarum.'” But MuckRock.com reports that “The Bureau’s main source on the case was a goth who had engaged with members of the Church via their Yahoo Group…trying to dispel their misconceptions about the relationship between the subculture and Satanism.” After two years of scouring through crime databases and making phone calls to the Salem police department, FBI investigators actually visited the GodHatesGoths web site — which turned out to be a parody. Read more of this story at Slashdot. 
An anonymous reader writes: Malwarebytes has caught one of Symantec’s resellers running a tech support scam that was scaring users into thinking they were infected with malware and then graciously offering to sell Symantec’s security software at inflated rates. Malwarebytes played along with their scam and found out the company behind it was Silurian Tech Support, located somewhere in North India (surprised?).Symantec told El Reg that it terminated the reseller’s contract and will work with law enforcement to defend its brand and intellectual property. Read more of this story at Slashdot.