A working, cross-platform Java 7 exploit is now in the wild. It's apparently a pair of bugs, working in tandem; neither, alone, would be enough to escape the Java sandbox, but together, any machine, be it Windows, Mac, or Linux, can be instantly and silently compromised, simply by viewing a malicious web page. Only Java 7 is vulnerable, but because of the way Oracle schedules patches, it may be unfixed until October. You can test your machine for the flaw; if vulnerable, you'll want to at least disable Java in your Web browser, if not remove it altogether. On Firefox, NoScript will provide a little protection, by not running Java code unless you click it, but the vulnerability remains.
Why passwords have never been weaker—and crackers have never been stronger. Ars weighs in on the amazing advances the bad guys have made in password cracking over the last few years. Think you know how to choose something that's safe? The probability is quite high that you don't, even if you're technically ept. [more inside]