Slashdot Mirror

hypnosec writes with word that the Chaos Computer Club claims to have "managed to break Apple's TouchID using everyday material and methods available on the web. Explaining their method on their website, the CCC hackers have claimed that all they did was photograph a fingerprint from a glass surface, ramped up the resolution of the photographed fingerprint, inverted and printed it using thick toner settings, smeared pink latex milk or white woodglue onto the pattern, lifted the latex sheet, moistened it a little and then placed it on the iPhone 5S's fingerprint sensor to unlock the phone." Update: 09/22 21:32 GMT by T :Reader mask.of.sanity adds a link to a video of the hack.

hypnosec writes "Linus Torvalds has released Linux 3.12-rc1, marking the first major development in over two weeks for the forthcoming successor of the Linux 3.11 kernel. Announcing the closure of the 3.12 merge window, Torvalds said in the release announcement that the window was fairly normal. Dissecting the updates, he noted that 73 percent of them are related to drivers, 12 percent related to architecture updates, and 6 percent related to file systems. ... Torvalds liked the 'scalability improvements that got merged this time around.' Torvalds also mentioned the tty layer locking getting resolved, and work on dentry refcount scalability."

hypnosec writes "PRISM-Proof Security Considerations, a draft proposal to make it harder for governments to implement and carry out surveillance activities like PRISM, has been floated by the Internet Engineering Task Force (IETF). The draft highlights security concerns as a result of government sponsored PRISM-like projects and the security controls that may be put into place to mitigate the risks of interception capabilities. Authored by Phillip Hallam-Baker of the Comodo Group the draft is however very sparse on details on how the Internet can be PRISM-proofed."

hypnosec writes "Linus Torvalds, in response to a petition on Change.org to remove RdRand from /dev/random, has lambasted the petitioner by called him ignorant for not understanding the code in the Linux Kernel. Kyle Condon from the UK raised a petition on Change.org to get Linus to remove RdRand from /dev/random in a bid 'to improve the overall security of the linux kernel.' In his response, Torvalds asked Condon and the supporters of the petition to gain an understanding of Linux drivers and cryptography, and then 'come back here and admit to the world that you were wrong.' Torvalds stressed that kernel maintainers knew what they were doing and the petitioner didn't. Torvalds, in a similar outburst just yesterday, hoped that 'ARM SoC hardware designers all die in some incredibly painful accident.' This came in response to a message from Kevin Hilman when he noted that there were quite a few conflicts in the ARM SoC pull request for Linux 3.12 which were a result of the platform changes conflicting with driver changes going in to the V4L tree."

hypnosec writes "Quantum computers are currently available in very few labs, usually bankrolled by major organizations like Google and NASA. However, a new project called 'Qcloud' aims to break those barriers by making quantum computing available to everyone. The University of Bristol announced the launch of Qcloud today at the British Science Festival 2013, with the goal of making quantum computing resources available to researchers across the globe. Claimed to be the first open-access system of its kind, the quantum chip is located at the Center for Quantum Photonics at the University of Bristol. Researchers can remotely access the processor over the internet for their computational needs. Those looking to test their ideas on the processor would be required to first practice and hone their skills using an online simulator. The university has made tutorials available to researchers so they can learn how to tune the processor and change its output as required. Once they are confident in their skills, researchers can ask for permission to access the real quantum photonic chip."

hypnosec writes "A cyber defense and IT security company has claimed that the reason behind recent surge in number of clients connecting to Tor is in fact a relatively unknown botnet and not NSA or genuine adoption of Tor. In late August there was a huge increase in Tor network traffic and number of clients connecting to the Tor network. As of this writing number of connections has quadrupled with over 2,500,000 clients connecting to the network. According to Fox-it, the surge in traffic is because of a botnet dubbed 'Mevade.A,' which is known to have Tor connectivity features. The company noted that the botnet may have links to a previously detected botnet dubbed 'Sefnit,' which also featured Tor connectivity. Fox-it claimed that they have found "references that the malware is internally known as SBC to its operators.""

hypnosec writes that software developer Michael Koziarski has released a bookmarklet "which he claims has the ability to reveal Mega users' master key. Koziarski went on to claim that Mega has the ability to grab its users' keys and use them to access their files. Dubbed MegaPWN, the tool not only reveals a user's master key, but also gives away a user's RSA private key exponent. 'MEGApwn is a bookmarklet that runs in your web browser and displays your supposedly secret MEGA master key, showing that it is not actually encrypted and can be retrieved by MEGA or anyone else with access to your computer without you knowing,' reads an explanation about the bookmarklet on its official page."

hypnosec writes "Linus Torvalds has just announced the release of Linux 3.11 as anticipated. Torvalds notes that the final version doesn't bring in a lot more than what is already present in the rc7, but it does include fixes — most of them in networking, file systems, and audio."

hypnosec writes "The Government of India is planning to ban the use of U.S.-based email services like Gmail for official communications. It will soon send out a formal notification to it half-million officials across the country, asking them to use official email addresses and services provided by India's National Informatics Center. The move is intended to increase the security of confidential government data and protect it from overseas surveillance."

hypnosec writes that the Tor network has witnessed a massive rise in the number of users connecting to it for the month of August. "The privacy-enhancing network is known for providing an anonymous browsing experience through the use of a series of encrypted relays, and has had as many as 500k users throughout this year so far. But if we check the latest statistics available through Tor Metrics Portal there has been a whopping 100 percent increase in the number of Tor clients and as many as 1,200,000 users are connecting to the network. The previous peak for the network was in January 2012, when it saw as many as 950,000 users."

hypnosec writes "The Oxford Dictionaries Online (ODO) has been updated today to include some of the widely used tech words like Bitcoin, BYOD, Phablet, Selfie, and Twerking among others. Some of the other common tech words which have found a place in the dictionary are 'click and connect', 'digital detox', 'FOMO', 'geek chic', 'hackerspace', 'Internet of Things', 'MOOC', 'selfie', and 'TL;DR'."

hypnosec writes "According to a new revelation by Sarah Sharp, misinterpretation of the USB 2.0 standard may have been the culprit behind USB disconnects on resume in Linux all along rather than cheap and buggy devices. According to Sharp the USB core is to blame for the disconnections rather than the devices themselves as the core doesn't wait long enough for the devices to transition from a 'resume state to U0.' The USB 2.0 standard states that system software that handles USB must provide for 10ms resume recovery time (TRSMRCY) during which it shouldn't attempt a connection to the device connected to that particular bus segment."

hypnosec writes "If you are a BlackBerry owner, navigate to BlackBerry World (or just visit the website) and you will find that developer S4BB has developed over 47k apps for the BB platform. Unsurprisingly, most of them are just spammy apps that don't add any value. Apps like 'Restart Me Free,' 'Daily Quote,' 'Lock for SMS,' 'Search for Amazon,' 'Silent Foto Free' are just a few among the thousands of apps on BlackBerry World that actually have no utility whatsoever. BlackBerry announced back in May that developers were increasingly interested in making apps for the platform, and that BlackBerry World had more than 120,000 apps. This raises questions about the authenticity of the claims, and about the approval process that's been accepting these apps. S4BB may have a few useful apps for the platform, but that doesn't mean all of their apps are of 'A' quality. A statement from BlackBerry said, 'Developers in all app stores employ a number of different monetization tactics. BlackBerry World is an open market for developers and we let market forces dictate the success or failure of these tactics.'"

hypnosec writes "Germany has declared Bitcoin as a 'unit of account', which makes the virtual currency a kind of 'private money' and the process of Bitcoin mining has been deemed 'private money creation.' The recognition as 'unit of account' makes Bitcoin eligible for use in "multilateral clearing circles" and because of this citizens are liable to pay capital gains tax, if they profit from the crypto-currency by sale or purchase within a period of one year – the same as they would have to in case they profit by selling stock, bonds or other form of security. The question here is how the finance ministry would come to know of a person's Bitcoin holding as it is a decentralized currency with no governing body to keep count on the number of Bitcoins a person has. The German government expects that citizens declare their Bitcoin while filing their annual tax return."

hypnosec writes "The CyanogenMod team has announced the release of version 10.2 nightly builds, which are based on Google's latest Android 4.3 Jelly Bean. The current nightly builds have been released for the Google Galaxy Nexus, HTC One, Samsung Galaxy S4, Samsung Galaxy S3, LG Optimus G, Sony Xperia Z, and Motorola Razr among others. As always, CyanogenMod team reminds that these are experimental."

hypnosec writes "In its latest attempt to stop Mozilla from going ahead with its proposed default blocking of third-party cookies in Firefox, the Interactive Advertising Bureau took out a full page ad urging users to stop 'Mozilla from hijacking the Internet.' Through the advert, IAB has claimed that the Firefox maker wants to be the 'judge and jury' when it comes to business models on the web. According to the IAB, Mozilla wants to eliminate the cookies which enable online advertisers to reach the right audience. IAB notes that 'If cookies are eliminated, it is clear to us that consumers will get a less relevant and diverse Internet experience.'"

hypnosec writes "Linus Torvalds released Linux 3.11-rc5 yesterday wishing that it would have been a lovely coincidence if he were able to release final Linux 3.11 as on the exact same day 20 years ago Microsoft released Windows 3.11. 'Sadly, the numerology doesn't quite work out, and while releasing the final 3.11 today would be a lovely coincidence (Windows 3.11 was released twenty years ago today), it is not to be,' notes Torvalds in the release announcement."

hypnosec writes "The Pirate Bay, on its 10th anniversary, has released 'Pirate Browser,' which it claims would allow people to access The Pirate Bay and other such blocked sites. The 'Pirate Browser' is a fully functional browser that currently works with Windows. ... According to the Pirate Browser website, the browser is basically a bundled package consisting of the Tor client and Firefox Portable browser. The package also includes some tools meant for evading censorship in countries like UK, Finland, Denmark, and Iran among others."

hypnosec writes "Raynaldo Rivera, who went by the online moniker 'neuron', has been sentenced to a one-year prison term, 13 months of home detention, 1,000 hours of community service and has been ordered to pay over $600,000 in restitution. Rivera pleaded guilty in October 2012 to charges of conspiring to cause damage to a protected computer after participating in the attack on Sony Pictures in 2011. The court documents note that the main motive of the Lulzsec hacking collective, and offshoot of Anonymous, during its two-month hacking rampage and attacks on corporate and government entities like the Sony Pictures, was to see the 'raw, uninterrupted, chaotic thrill of entertainment and anarchy.'"

hypnosec writes "NVidia has now open-sourced the operating system that powers the gaming console to encourage its modification and further development. Powered by NVidia's homegrown Tegra 4 processor, the console runs Android, which shouldn't surprise many as the company moves ahead with its open-sourcing intentions. The GPU company has said that the SHIELD is an 'open gaming platform' that allows for 'an open ecosystem,' enabling developers to develop content as well as applications that takes advantage of the underlying hardware and which can be enjoyed on bigger displays as well as mobile screen." Playing with it isn't without risks (like potentially voiding the warranty), but NVIDIA's blog post says they're also providing a recovery image to fall back to.

hypnosec writes "Winners of the Pwnie Awards 2013 were announced at a special event during the Black Hat security conference in Las Vegas. The highlight of the awards were Edward Snowden, Hakin9 and Barnaby Jack. Barnaby Jack was given posthumous Pwnie award for 'lifetime achievement' while Edward Snowden and the NSA were jointly given the award of 'Epic 0wnage'. Hakin9 on the other hand was awarded 'Most Epic FAIL'. Best Privilege Escalation Bug award went to David Wang aka planetbeing and the Evad3rs team."

hypnosec writes that the government of Thailand "has declared Bitcoin illegal following which all trading activities related to the electronic currently have been suspended indefinitely. Through a message posted on its website, the Bitcoin Co. Ltd. has said officials of the Foreign Exchange Administration and Policy Department cited absence of applicable laws, capital controls "and the fact that Bitcoin straddles multiple financial facets" as reasons because of which the virtual currency is illegal. This ruling implies that activities such as buying & selling of Bitcoins, buying or selling any service in exchange of Bitcoins, sending Bitcoins to anyone located outside of Thailand, and receiving Bitcoins from anyone outside of Thailand are illegal. This has forced the company to indefinitely suspend operations."

hypnosec writes "Samsung has announced the world's fastest NAND memory that supports the eMMC 5.0 standard. The new memory chips are based on 10nm class NAND flash technology and feature an interface speed of 400MB/s. Further, the 32GB and 64GB densities have a random read and write speed of 7,000 IOPS (inputs/outputs per second) while the sequential read and write speeds stand at 250MB/s and 90MB/s respectively. The chips will provide for better multitasking, HD video recording, gaming and browsing."

hypnosec writes "The longstanding stalemate between the Government of India and BlackBerry (formerly RIM) is over after the government reportedly accepted the solution provided by BlackBerry regarding lawful interception of messages sent using BBM and internet emails sent using BlackBerry Internet Services (BIS). As a result of this, the government will now be able to monitor e-mails in real-time sent using BlackBerry services and messages on BlackBerry Messenger. According to Economic Times, which claims to have reviewed a copy of the internal Department of Telecom document, 'Baring a few minor points for improvement of viewers, the lawful interception system for BlackBerry Services is ready for use.' The initial demands of the government also included the ability to intercept and monitor emails and messages sent using BlackBerry Enterprise Server, but it seems that this demand have been shelved for now."

hypnosec writes "Nintendo has revealed that it has detected illicit logins in nearly 24,000 accounts on one of the main fan sites in Japan 'Club Nintendo' and account details such as real names, addresses, emails and phone numbers may have been accessed. According to Nintendo the mass login attempts have been made using a list of login credentials containing usernames and password obtained from some service other than Nintendo. The company revealed that it detected over 15 million login attempts out of which 23,926 were successful."

hypnosec writes "Huawei, in collaboration with China Mobile, has successfully deployed 4G services on Mount Everest, about 5,200 meters above sea level. Announcing the development, Huawei revealed that work was completed last month and users can now access 4G services like streaming live HD videos from the base camp on the mountain."

hypnosec writes "Harlan – a declarative programming language that simplifies development of applications running on GPU has been released by a researcher at Indiana University. Erik Holk released his work publicly after working on it for two years. Harlan's syntax is based on Scheme – a dialect of LISP programming language. The language aims to help developers make productive and efficient use of GPUs by enabling them to carry out their actual work while it takes care of the routine GPU programming tasks. The language has been designed to support GPU programming and it works much closer to the hardware." Also worth a mention is Haskell's GPipe interface to programmable GPUs.

hypnosec writes "The Fedora Project has officially announced the release of Fedora 19 'Schrödinger's Cat' today. New features for the open source distribution include the developer's assistant, which accelerates development efforts by providing templates, samples and toolchains for a different languages; OpenShift Origin, which allows easy building of Platform-as-a-Service infrastructure; node.js; Ruby 2.0.0; MariaDB; Checkpoint & Restore, which allows users to checkpoint and restore processes; and OpenLMI, which makes remote management of machines simpler. The distribution also packs GNOME 3.8, KDE Plasma Workspace 4.10 and MATE Desktop 1.6."

hypnosec writes with word that "The Linux 3.10 kernel has been officially released on Sunday evening which makes the 3.10-rc7 the last release candidate of the latest kernel which yields the biggest changes in years. Linus Torvalds was thinking of releasing another rc but, went against the idea and went ahead with official Linux 3.10 commit as anticipated last week. Torvalds notes in the announcement that releases since Linux 3.9 haven't been prone to problems and 3.10 is no different."

hypnosec writes "ICANN, as a step towards expanding global top level domain names, has approved a new Domain Name Registrar Accreditation Agreement that is expected to bring about waves of continued improvements in the domain name ecosystem (PDF). The new agreement is a result of efforts of over a year of negotiations that took place between ICANN and Registrar Stakeholders Group. The new agreement brings quite a few improvements, including making it mandatory for registrars to appoint a point-of contact for reporting abuse, and to establish registrar responsibilities for reseller compliance, enhancement of compliance tools, audit rights, and certification requirements, among others."

hypnosec writes "Knoppix 7.2 has been released for public testing — unlike its predecessor, Knoppix 7.1, which was only made available through the annual Linux Magazine CeBIT edition. Based on Debian "Wheezy", Knoppix 7.2 packs quite a few new features, including newer desktop packages from Debian/testing and Debian/unstable Jessie. The latest version uses the Linux 3.9 kernel and xorg 7.7, and comes loaded with LibreOffice 4.0, GIMP 2.8, Chromium 27 (and Firefox/Iceweasel 21), Wine 1.5, and Virtualbox version 4.2.10. It uses LXDE by default. For users who still want to go for KDE or GNOME, version 4.8.4 and 3.4.2 of the respective desktops are available from the Knoppix DVD."

hypnosec writes "Under new EU regulations ISPs and Telcos serving European customers will have to come clean within 24 hours in case of a security or data breach that leads to theft, loss, or compromise of data. Companies will have to disclose the nature and size of the breach within the first 24 hours. Whenever it's not possible to submit such data, they must provide 'initial information' within the stipulated time and full details within three days. Under the new terms the affected organizations will be required to reveal information such as information that has been compromised and the steps that have been taken or will be taken to resolve the situation. If the breach 'is likely to adversely affect' personal information or privacy, affected businesses and consumers will be notified of the breach."

hypnosec writes "World's largest Bitcoin exchange, Mt. Gox, has halted U.S. dollar withdrawals of customer funds in the U.S., citing a need for system improvements. According to Mt. Gox, the exchange has experienced a huge number of requests for deposits as well as withdrawals from both established markets and new markets, following which its bank hasn't been able to process transactions on time. This led to difficulties for its overseas clients, especially those in the U.S. The exchange said that the deposits in USD, transfers to Mt. Gox, and deposits and withdrawals in other currencies will remain unaffected during this period. Mt. Gox will be resuming the USD withdrawals for its U.S. clients once the improvement of its systems is complete." Wired suggests the slowness may be due in part to reluctance from banks to get entwined with Bitcoin for a number of reasons. "The problem is that U.S. banks are afraid that doing business with Bitcoin companies might draw the attention of U.S. or state regulators ... This reluctance may be fed by the sense that Bitcoin poses a threat to the banking industry. Anyone can transfer Bitcoins anywhere for free and that could put a dent in some banking transaction processing fees."

hypnosec writes that the first ever practical implementation of the stored program concept took place 65 years ago, "as the Manchester Small Scale Experimental Machine aka 'Baby' became the world's first computer to run an electronically stored program on June 21, 1948. The 'Baby' was developed by Frederic C. Williams, Tom Kilburn and Geoff Tootill at the University of Manchester. 'Baby' served as a testbed for the experimental Williams-Kilburn tube – a cathode ray tube that was used to store binary digits, aka bits. The reason this became a milestone in computing history was that up until 'Baby' ran the first electronically stored program, there was no means of storing and accessing this information in a cost-effective and flexible way."

hypnosec writes "Kickass Torrents hasn't been accessible since sometime yesterday, and now it has been confirmed that the domain name of the torrent website has been seized by Philippine authorities. Local record labels and the Philippine Association of the Recording Industry said that the torrent site was doing 'irreparable damages' to the music industry and following a formal complaint the authorities resorted to seizure of the main domain name. The site hasn't given up, and is operating as usual under a new domain name. The government of the Philippines has confirmed that the domain name has been seized based on formal complaints and copyright grounds."

hypnosec writes "OWASP's Top 10, the Open Web Application Security Project's top 10 most critical web application security risks, has been updated and a new list for 2013 published. Last updated back in 2010, the organization has published the new list wherein the importance of cross-site scripting (XSS) and cross-site request forgery (CRSF) has been diluted a little, while risks related to broken session management and authentication have moved up a notch. Code injection, which was the topmost risk in 2010, has retained its position in the updated list. The 2013 Top Ten list (PDF) has been compiled based on half a million vulnerabilities discovered in thousands of applications from hundreds of vendors."

hypnosec writes "Linus Torvalds has released Linux 3.10-rc5, and he is certainly not happy with the changes merged last week. Rc5 is bigger than rc4 and has code scattered across its entire code base because it addresses many outstanding problems. In the release announcement, Torvalds noted, 'I wish I could say that things are calming down, but I'd be lying. rc5 is noticeably bigger than rc4, both in number of commits and in files changed (although rc4 actually had more lines changed, so there's that).' Torvalds has warned that he is going to start cursing again, and said, 'I'm going to call you guys out on, and try to come up with new ways to insult you, your mother, and your deceased pet hamster.'"

hypnosec writes "Microsoft in collaboration with the FBI have successfully taken down the Citadel botnet which was known to control millions of PCs across the globe and was allegedly responsible for bank fraud in excess of $500 million. Citadel was known to have over 1,400 instances across the globe with most located in the US, Europe, India, China, Hong Kong and Singapore. It would install key-logging tools on target systems, which were then used to steal online banking credentials."

hypnosec writes "KingCope, known for many concrete zero-day exploits, has published yet another zero-day through full disclosure – this time for Plesk, a hosting software package made by Parallels and used on thousands of servers across the web. According to KingCope, Plesk versions 9.5.4, 9.3, 9.2, 9.0 and 9.6 on three different Linux variants Red Hat, CentOS and Fedora are vulnerable to the hack. The exploit, as noted by the hacker, makes use of specially crafted HTTP queries that inject PHP commands. The exploit uses POST request to launch a PHP interpreter and the attacker can set any configuration parameters through the POST request. Once invoked, the interpreter can be used to execute arbitrary commands."

hypnosec writes "Security expert Tavis Ormandy has discovered a vulnerability in the Windows kernel which, when exploited, would allow an ordinary user to obtain administrative privileges of the system. Google's security pro posted the details of the vulnerability back in May through the Full Disclosure mailing list rather than reporting it to Microsoft first. He has now gone ahead and published a working exploit. This is not the first instance where Ormandy has opted for full disclosure without first informing the vendor of the affected software."

hypnosec writes "Mozilla has confirmed reports that indicated a probable collaboration with Foxconn for development of Firefox OS based devices. Announcing the 'wide ranging partnership' with Foxconn, Mozilla's SVP of Mobile Devices noted in a blog post that collaboration between the two companies 'demonstrates the full potential of Firefox OS,' and it would not only enable the smartphone 'but also a wide range of mobile devices.'"

hypnosec writes "According to recent statistics, Switzerland has topped the IPv6 adoption charts by leapfrogging Romania, which led the charts for nearly a year. According to Google, Switzerland's adoption stands at 10.11 percent — the highest for any country. Romania, on the other hand, has an adoption rate of 9.02 percent, followed by France at 5.08 percent. Switzerland took the top position near the end of May and the primary reason seems to be Swisscom and its drive to adopt the next IP version. The U.S. stands at fourth place with just 2.76 percent adoption."

hypnosec writes "Opera has released its first Chromium-based, completely re-engineered browser as a preview for Windows and Mac systems (download). The new browser has been given quite a makeover and comes with a refresh of Opera's 'Speed Dial' bookmarking feature. Users can now not only organize their shortcuts into folders, but also group them into folders automatically by simply dragging one bookmark over another. Opera has also included a faster bookmarking tool dubbed 'Stash,' allowing users to return to the links quickly. The new version has combined its search and address bars, allowing users to make searches directly via Amazon, Bing, Google and Wikipedia."

hypnosec writes "Libertyreserve.com has been shut with the founder arrested by police in Spain this week over his alleged involvement in money laundering. Libertyreserve.com has been down for over three days now and the arrest seems to be the reason behind the outage. Arthur Budovsky Belanchuk, a 39-year-old male, has been arrested by Spanish authorities as a part of their ongoing investigations into money laundering. U.S. officials may very well seek his extradition."

hypnosec writes "What is believed to be one of the six working Apple-1 computers has fetched a whopping $671,400 for its current owner at an auction in Germany. The Apple-1 was built by Steve Wozniak back in 1976 in the garage of Steve Jobs' parents. The model sold at auction is either from the first lot of 50 systems ordered by Paul Terrell, owner of the Byte Shop chain of stores, or part of the next lot of 150 systems the duo built to sell to friends and vendors. The retail price for the Apple-1 at the time was $666.66."

hypnosec writes "The Electronic Frontier Foundation (EFF) has started accepting donations in the form of Bitcoins again after a two year hiatus, stating that the legal uncertainty hovering over the digital currency has all but disappeared. On their blog the EFF noted that a report from U.S. Treasury Department's Financial Crimes Enforcement Network (FinCEN), in addition to their own findings, 'have confirmed that, as a user of Bitcoin or any virtual currency, EFF itself is likely not subject to regulation.'"

hypnosec writes "IBM is taking its COBOL server platform to the next level by updating the mainframe platform in a bid to extend and enable its mainframes to host cloud based applications and services. The latest update is looking to add XMLS Server as well as Java 7 capabilities to the System/z COBOL platform and this update would extend the overall lifespan of COBOL by taking it up a notch and gearing it towards the cloud computing arena."

hypnosec writes with report of the possible theft of up to 22 million user IDs revealed by Yahoo! Japan. That scale is massive, but, he writes, "According to Yahoo, the information that was stolen didn't have passwords or any other information that would allow unauthorized users to carry out user identity verification." A story at the Japan Times adds a bit more detail.

hypnosec writes "Mozilla is not going ahead with its plans to block third-party cookies by default in the Beta version of its upcoming Firefox 22. Mozilla needs more time to analyze the outcome of blocking these cookies. The non-profit organization released Firefox Aurora on April 5 with a patch by Jonathan Mayer built into it which would only allow cookies from those websites which the user has visited. The patch would block the ones from sites which hadn't been visited yet. The reason for Mozilla's change in plans is that they're currently looking into 'false positives.' If a user visits one part of a group of site, cookies from that part will be allowed, but cookies from related sites in the group may be blocked, and they're worried it will create a poor user experience. On the other side of the coin, there are 'false negatives.' Just because a user may have visited a particular site doesn't mean she is comfortable with the idea of being tracked."

hypnosec writes "Linus Torvalds has released the Linux 3.10-rc1 kernel marking the closure of the 3.10 merge window. The Linux 3.10-rc1 is the second biggest rc release in years and the closure of the merge windows means that the features expected out of the Linux 3.9 successor are chalked out. "So this is the biggest -rc1 in the last several years (perhaps ever) at least as far as counting commits go," Linus notes in the release announcement."