Day one of ShmooCon started with a fire drill. At about 0200 a.m. on Friday, the hotel fire alarms started to go off, creating a chaotic symphony of lights and sound.Oddly, none of the hackers in the hotel lobby moved while this was taking place. However, several guests in the hotel did use the elevators to come to the lobby (a serious no-no in the event of a real fire). After about 20 minutes, the fire department showed up and fixed the problem \u2013 whatever it was.More security flaws in Apple's Gatekeeper:Patrick Wardle, director of research at Synack and Apple security expert, will detail a Gatekeeper vulnerability on Sunday during ShmooCon.On OS X, Gatekeeper is an anti-Malware defense. Before Gatekeeper existed, most of the malware infections on a Mac were due to users acting on their own, granting access to malicious applications or downloading untrusted software.So Gatekeeper was primarily developed to prevent Mac users from infecting themselves. Another way to look at Gatekeeper is that its whitelisting technology that was bolted onto Apple\u2019s blacklisting technology.There are three settings on Gatekeeper; users can opt to allow applications to be installed if they are taken from the Mac App Store, the Mac App Store and Identified Developers, or anywhere on the Web.However, if an application is signed and verified by Gatekeeper, but uses external libraries, it\u2019s possible to bypass Gatekeeper by linking malicious code to the external libraries, or by delivering Malware in place of the library.This injection method works if the attacker has network-level access, or if they can locate a Cross-Site Scripting flaw in a given domain.Last October Wardle gave a presentation at VirusBulletin outlining unpatched vulnerabilities found in Gatekeeper that allowed attackers to spread unsigned binaries containing malware to unsuspecting machines. Apple has since issued patches, but Wardle found a way to reverse those patches, once again leaving Gatekeeper vulnerable.Wardle plans to release an open source kernel extension that monitors process creation in response to Gatekeeper\u2019s mixed bag of coverage.\u00a0 When enabled, the tool doesn\u2019t concern itself with how the application came to be, if it\u2019s from the Internet and unsigned, it\u2019s blocked.TaxAct warns customers about account compromiseTaxAct, a tax preparation and filing program, recently sent customers a notification surrounding suspicious activities on their accounts.The notice, dated for January 11, 2016, warns the customers that an \u201cunauthorized third party\u201d accessed their account sometime between November 10 and December 4, 2015.\u201cWe have no evidence that any TaxAct system has been compromised and believe the third party used username and password combinations obtained from sources outside of our own system. In order to stop this unauthorized access, we have temporarily disabled your account,\u201d the notification states.\u201cIn addition to your username and password, we have reviewed our website logs for account activity after this attempted access, and found that the tax return(s) stored in your account may have been opened or printed. These documents may contain your name and Social Security number, and may also contain your address, driver\u2019s license number, and bank account information.\u201dThe key takeaway here is that TaxAct wasn\u2019t directly attacked, its customers were. It\u2019s likely the accounts accessed were sharing passwords and fell victim to a Phishing scheme, or they were part of any one of the massive data breaches in 2015, which again makes password recycling an issue.TaxAct will offer 12 months of credit monitoring to those impacted by the incident.