Slashdot Mirror

hypnosec writes "Matthew Garrett published some patches today which break hibernate and kexec support on Linux when Secure Boot is used. The reason for disabling hibernation is that currently the Linux kernel doesn't have the capability of verifying the resume image when returning from hibernation, which compromises the Secure Boot trust model. The reason for disabling the kexec support while running in Secure Boot is that the kernel execution mechanism may be used to load a modified kernel thus bypassing the trust model of Secure Boot." Before arming your tactical nuclear flame cannon, note that mjg says "These patches break functionality that people rely on without providing any functional equivalent, so I'm not suggesting that they be merged as-is." Support for signed kexec should come eventually, but it looks like hibernation will require some clever hacking to support properly in a Restricted Boot environment.

hypnosec writes "Well known iOS security researcher Pod2g has confirmed that a working untethered iOS 6 jailbreak is ready and would be released as soon as iOS 6.1 GM is released. In an interview with iDigitalTimes, the security researcher has revealed that they are already in possession of a functional untethered iOS 6 and iOS 6.1 beta 4 jailbreak, and the majority of the work has been done by @planetbeing and @pimskeks. '6.0 is jailbroken, 6.1 beta 4 also. Now we are waiting 6.1 to confirm and release,' said the researcher. He said that the jailbreak would have been possible without him as he came into the iOS 6 jailbreak scene at a later stage and provided pointers that pushed the other researchers to the maximum."

hypnosec writes "The Raspberry Pi Foundation has released OpenArena – a multiplayer first person shooter game based on Quake III — for the Raspberry Pi. Available as a free download, the game has been rated 'Adults Only' because of the blood and guns. The open-source game is powered by the 'ioquake3' fork of the engine that Quake III runs on id's Tech 3 engine. Modifications have been made to the gameplay by removing the copyrighted material and adding new free content."

hypnosec writes "Microsoft upped its security ante with Address Space Layout Randomization (ASLR) in Windows 7 and Windows 8, but it seems this mechanism to prevent hackers from jumping to a known memory location can be bypassed. A hacker has released a brilliant, yet simple trick to circumvent this protection. KingCope, a hacker who released several exploits targeting MySQL in December, has detailed a mechanism through which the ASLR of Windows 7, Windows 8 and probably other operating systems can be bypassed to load a DLL file with malicious instructions to a known address space."

hypnosec writes "The Linux Foundation has announced the release of Linux 3.4 under its Long Term Support Initiative (LTSI), which will be maintained for the next two years with back-ported features from newer Linux kernels. Based on Linux 3.4.25, the LTSI 3.4 is equipped with features such as Contiguous Memory Allocator – which is helpful for embedded devices with limited hardware resource availability; AF_BUS – a kernel-based implementation of the D-Bus protocol; and CoDel (controlled delay) – a transmission algorithm meant for optimization of TCP/IP network buffer control."

hypnosec writes "The Indian Government has decided it won't be using telecom equipment from international vendors, and has barred all such foreign companies from participating in the US$3.8 billion National Optical Fiber Network (NOFN) project — a project aimed at bringing high-speed Internet connectivity to the rural areas of India. The DoT has decided that it will be going ahead with 100 per cent domestic sourcing and has released a list of certified GPON suppliers. This decision comes after the research wing of the ministry, C-DoT, advised the telecom department to bar Chinese companies like ZTE and Huawei, keeping in line with a similar decision by the U.S. In an internal memo, the research body advised the department that both these Chinese companies are a security threat to the telecom world."

hypnosec writes "Stephen Hawking's ability to communicate has been deteriorating over the years and as it stands, he is only able to communicate at the rate of 1 word per minute. Intel CTO Justin Rattner has revealed that they are working on an interface that will boost the scientist's speech to up to 10 words per minute. Beyond twitching his cheek, Hawking is also capable of other voluntary facial expressions which can be tapped to achieve faster communications with the help of a better character interface and a better word predictor."

hypnosec writes "How long does a bug take to get resolved? A week? A month? A year? Well, a bug prevalent in the KDE libraries since 2002 has finally been resolved after a decade it has been revealed. The bug was present in the "Reject Cross-Domain Cookies" feature of KDE Libraries. Thiago Macieira noted in the KDE Libraries Revision 974b14b8 that he observed that his web cookies were being forgotten following a kded restart."

hypnosec writes "Online version control system GitHub, which is based on Git — the distributed version control system developed by Linus Torvalds — now has over three million registered users, it has been revealed. Announcing the achievement, the code sharing site used by the likes of jQuery, Perl, PHP, Ruby as well as Joomla said in a blog post that the 'three millionth person signed up for a GitHub account' on Monday night."

hypnosec writes "Korean scientists have developed a 'fluid-like' polymer electrolyte used in lithium-ion batteries that would pave way for flexible batteries and flexible smartphones. The discovery was made by a joint team of researchers that was led by Professor Lee Sang-young of Ulsan National Institute of Science and Technology. The new electrolyte, though flexible, is made of solid materials hence making the batteries more stable than the lithium-ion batteries used today." Paper, but full text is paywalled.

hypnosec writes "Following news that a Java 0-day has been rolled into exploit kits, without any patch to fix the vulnerability, Mozilla and Apple have blocked the latest versions of Java on Firefox and Mac OS X respectively. Mozilla has taken steps to protect its user base from the yet-unpatched vulnerability. Mozilla has added to its Firefox add-on block-list: Java 7 Update 10, Java 7 Update 9, Java 6 Update 38 and Java 6 Update 37. Similar steps have also been taken by Apple; it has updated its anti-malware system to only allow version 1.7.10.19 or higher, thereby automatically blocking the vulnerable version, 1.7.10.18." Here are some ways to disable Java, if you're not sure how.

hypnosec writes "Anonymous has filed a petition with the U.S. Government asking the Obama administration to make Distributed Denial of Service (DDoS) attacks a legal form of protest. Anonymous has argued that because of advancements in internet technology, there is a need for new ways of protest. The hacking collective doesn't consider DDoS as a form of attack and equates it to hitting the 'refresh' button on a webpage. Comparing these attacks to the 'occupy' protests, Anonymous notes that instead of people occupying an area, it is their computers occupying a website for a particular period of time."

hypnosec writes "The Raspberry Pi Foundation has announced that it could have sold over a million units of its credit-card-sized computer, the Raspberry Pi. Announcing the achievement, the foundation wrote that one of its distributors, Element14, has sold over half a million units of the Raspberry Pi, and even though the foundation doesn't have up-to-date figures from its other distributor, RS Components, it is expecting to have sold its millionth unit of the computer."

hypnosec writes "CERN has revealed that the Large Hadron Collider (LHC) is going into hibernation and will be shut down for a period of two years for upgrades. The LHC will go through a maintenance and upgrade phase starting in March that will bring the atom smasher up to speed with its maximum energy levels. From the article: 'The machine that last year helped scientists snare the elusive Higgs boson – or a convincing subatomic impostor – faces a two-year shutdown while engineers perform repairs that are needed for the collider to ramp up to its maximum energy in 2015 and beyond. The work will beef up electrical connections in the machine that were identified as weak spots after an incident four years ago that knocked the collider out for more than a year.'"

hypnosec writes "With Linux enthusiasts and distro publishers eagerly waiting for a solution to Microsoft's UEFI SecureBoot, there are those who have already looked at the viability of Linux on Microsoft Surface tablet. Matthew Garrett, a.k.a. UEFI-guru, has revealed that those who are keeping their fingers crossed and hoping to find run Linux on Microsoft's tablet are on an uphill walk and it doesn't seem to be an easy one. So why is this? The answer is in the manner in which Microsoft has restricted the Surface from loading non-signed software / binaries by implementing UEFI SecureBoot. Microsoft has loaded on the ARM based tablet its private key instead of the 'Microsoft Windows UEFI Driver Publisher' key, which is needed to sign non-Microsoft software like Linux distributions or loaders. So, no publisher key = no signed non-Microsoft binary = no Linux."

hypnosec writes "The Free Software Foundation is on an offensive against restricted boot systems and is busy appealing for donations and pledge in the form of signatures in a bid to stop systems such as the UEFI SecureBoot from being adopted on a large-scale basis and becoming a norm in the future. The FSF, through an appeal on its website, is requesting users to sign a pledge titled 'Stand up for your freedom to install free software' that they won't be purchasing or recommending for purchase any such system that is SecureBoot enabled or some other form of restricted boot techniques. The FSF has managed to receive, as of this writing, over 41,000 signatures. Organizations like the Debian, Edoceo, Zando, Wreathe and many others have also showed their support for the campaign."

mbadolato writes "On December 9, 2012, Slashdot reported that the FreeBSD Foundation was falling short of their 2012 goal of $500,000 by nearly 50%. For all of those that continued to echo about how FreeBSD is dying, it's less than three weeks later and the total is presently nearing $200,000 OVER the goal. Netcraft continues to be wrong." And reader hypnosec adds another crowdfunding success story: "The Wikimedia Foundation has announced at the conclusion of its ninth annual fund-raiser that it has managed to raise a whopping $25 million from 1.2 million donors in just over a week's time. ... As compared to last year's fund-raiser, which got completed in 46 days, this year's was completed in just nine days."

hypnosec writes "A new version of GNU C Library (glibc) has been released and with this new version comes support for the upcoming 64-bit ARM architecture a.k.a. AArch64. Version 2.17 of glibc not only includes support for ARM, it also comes with better support for cross-compilation and testing; optimized versions of memcpy, memset, and memcmp for System z10 and zEnterprise z196; and optimized version of string functions, on top of some quite a few other performance improvements, states the mailing list release announcement. Glibc v 2.17 can be used with a minimum Linux kernel version 2.6.16."

hypnosec writes "BLAKE2 has been recently announced as a new alternative to the existing cryptographic hash algorithms MD5 and SHA-2/3. With applicability in cloud storage, software distribution, host-based intrusion detection, digital forensics and revision control tools, BLAKE2 performs a lot faster than the MD5 algorithm on Intel 32- and 64-bit systems. The developers of BLAKE2 insist that even though the algorithm is faster, there are no loose ends when it comes to security. BLAKE2 is an optimized version of the then SHA-3 finalist BLAKE."

hypnosec writes "The Ada Resource Association (ARA) announced that the Ada 2012 programming language has been approved and published as a standard by the International Organization for Standardization (ISO). Announcing the development, ARA and Ada-Europe said that the new version brings with it the concept of contract-based programming, Concurrency and Multicore Support, Increased Expressiveness and Container Enhancements.'"

hypnosec writes "By using liquid metal researchers have created wires that can stretch up to eight times their original length while retaining their conduction properties. Scientists over at North Carolina State University made the stretchable wires by filling in a tube made out of an extremely elastic polymer with gallium and an indium liquid metal alloy."

hypnosec writes "The Worldwide Web Consortium (W3C) has announced that it has finalized the definition of HTML5 and that it is ready for interoperability testing. HTML5 hasn't been given the status of standard yet but it is feature complete now, giving developers a stable target to develop their web applications. The W3C said in the announcement 'HTML5 is the cornerstone of the Open Web Platform" and that it provides an environment which can utilize all of a device's capabilities like videos, animations, graphics and typography. The HTML5 specifications still have a long way to go before they hit the Recommendation status. HTML5 will have to go through a round of testing that looks specifically into interoperability and performance after which time it will be given a Candidate Recommendation title."

hypnosec writes "The Linux 3.7 kernel has been delayed by one week as Linus Torvalds has released the Linux 3.7-rc8 instead. Because of some hiccups following the 'resurrection of a kswapd issue,' Torvalds wasn't comfortable releasing version 3.7 this week and instead went ahead with another release candidate. Torvalds revealed in his release announcement that because of this delay, the merge window for Linux 3.8 will close just around Christmas time."

hypnosec writes "Microsoft is trying to make up for below expected earnings following Windows 8's and Surface RT's lack luster adoption rates by increasing the prices of its products between 8 and 400 per cent. Trying to make more out of its enterprise customers who are tied under its Software Assurance payment model, Microsoft has increased user CALs pricing 15 per cent; SharePoint 2013 pricing by 38 per cent; Lync Server 2013 pricing by 400 per cent; and Project 2013 Server CAL by 21 per cent."

hypnosec writes "The Pirate Bay's artist promotion platform (the Promo Bay), despite being perfectly legal, is being blocked by several UK Internet service providers including BT, and Virgin Media. The Promo Bay was launched this week as a promotion platform for content creators like filmmakers and musicians enabling them to showcase their talent and work to thousands of people across the web. Even though the idea is novel, The Promo Bay has somehow found itself on a block list alongside the Pirate Bay."

hypnosec writes "The Raspberry Pi Foundation has announced that the cheaper variant of the Raspberry Pi — the Model A — has entered production phase. Model A of the credit-card sized computer has been stripped of its Ethernet port and a USB port, leaving just one USB port. This model comes with 256MB RAM, but as it is less complex compared to its predecessor it will consume less power, thus opening up quite a few new usage scenarios. The Foundation has posted the first image of the $25 Model A on its site and noted 'We're anticipating that those of you who buy the Model A will be using it for different applications from Model B owners.'"

hypnosec writes "Amidst the ongoing civil war, Syria has gone off the Internet as of a few hours ago, with all the 84 IP block within the country unreachable from the outside. Renesys, a research firm keeping tabs on the health of the Internet, reported at about 5:25 ET that Syria's Internet connectivity has been shut down. The internet traffic from outside to Syrian IP addresses is going undelivered, and anything coming from within the country is not reaching the Internet. Akamai has tweeted that its traffic data supports what Renesys has observed." Reader trickstyhobbit adds a report from Slate that the connection "appear[s] to have been knocked off line by heavy fighting earlier this morning. They are also reporting that the shutdown may have been intentional to aid in a government operation."

hypnosec writes "A new flaw has been discovered in printers manufactured by Samsung whereby a backdoor in the form of an administrator account would enable attackers to not only take control of the flawed device, but will also allow them to attack other systems in the network. According to a warning on US-CERT the administrator account is hard-coded in the device in the form of an SNMP community string with full read-write access. The backdoor is not only present in Samsung printers but also in Dell printers that have been manufactured by Samsung. The administrator account remains active even if SNMP is disabled from the printer's administration interface."

hypnosec writes "Oracle has proposed a new project for OpenJDK — Nashorn, which aims to implement a high-performance yet lightweight JavaScript runtime that would run on the JVM natively. Nashorn will be headed by Jim Laskey, multi-language Lead at Oracle and the project will be sponsored by HotSpot group. The project proposes an implementation of JavaScript such that it can run standalone JavaScript applications via the JSR 223 APIs. Nashorn's design will enable it to take advantage of new JVM technologies like the MethodHandles and the InvokeDynamic APIs."

hypnosec writes "The Raspberry Pi Foundation has announced a new add-on – a camera module that will enable the credit card sized computer to snap pictures as well as record 1080p videos. Showcased by RS Components at the Elecontrica 2012 in Germany [watch video here] the £16 (apprx) module will be equipped with a 5MP sensor and will plug into the otherwise unused CSI pins of the Pi. The camera module's board is still in prototype stage and is expected to reach production sometime soon. Liz Upton, Executive Director of the Foundation said in a blog post, 'We've a (very) little way to go before we're able to send it out to manufacture.' According to Upton, testing slots have been booked in December to check on electromagnetic radiations from the ribbon cable."

hypnosec writes "Plans for 64-bit Firefox for Windows have been put on hold by Mozilla in a bid to concentrate more on the 32-bit version. Eliminating the 64-bit nightly builds was proposed by Benjamin Smedberg, a Firefox developer, last week. Some of the reasons Smedberg cited include missing plugins for 64-bit version; lack of windowproc hooking which facilitates smooth functioning of whatever plugins are available; and the inability to work on the crash reports submitted for the 64-bit versions because they were not on high priority. The proposal, it seems, has been accepted as is evident from this bug report." The bug tracking system seems unable to differentiate between 64-bit and 32-bit builds, causing a few issues since Windows 64-bit builds are much buggier. They also intend to reintroduce 64-bit Windows nightlies some time next year.

hypnosec writes "ICANN is receiving more and more requests for new generic top level domains, and governments around the world are busy registering their complaints and objections with the proposed names. To date, more than 200 objections have been raised against proposed gTLDs, with Australia leading the pack with over 120 objections. Some of the other countries which are at the forefront of registering their objections include France, Germany and India. US and UK are near the bottom of the list. ICANN's "early warnings" about national objections to gTLDs serves as formal objections but it doesn't mean that these domains will never be signed off. There is always room for discussions and mediation that would allow prospective registrants to keep on pursuing their claims. Australia has objected to names such as '.baby,' '.app,' and '.beauty' among other. It has also objected to names such as '.sucks' and '.wtf,' stating that these names have 'an overtly negative or critical connotation.'"

hypnosec writes "The Linux Foundation's plans for releasing a signed pre-bootloader that will enable users to install Linux alongside Windows 8 systems with UEFI have been reportedly delayed. The Foundation proposed a signed pre-bootloader that will chain-load a bootloader which, in turn, will boot the desired operating system, thus keeping Linux installations for novice users as simple as it was before. Further, this particular component is meant for small-time Linux distros which otherwise wouldn't have the required expertise or resources to develop their own system to tackle the secure boot issue. This was going as per plans up until Linux kernel maintainer James Bottomley disclosed that he has been having rather bizarre experiences with Microsoft sysdev centre. Bottomley said, 'The first time I sent the loader through, it got stuck (it still is, actually). So I sent another one through after a week or so. That actually produced a download, which I've verified is signed (by the MS UEFI key) and works, but now the Microsoft sysdev people claim it was "improperly" signed and we have to wait for them to sort it out. I've pulled the binary apart, and I think the problem is that it's not signed with a LF [Linux Foundation] specific key, it's signed by a generic one rooted in the UEFI key. I'm not sure how long it will take MS to get their act together but I'm hoping its only a few days." Update: 11/21 14:22 GMT by U L : See the Original weblog post, and one interesting tidbit: Microsoft banned bootloaders licensed under the GPLv3 and "similar open source licenses."

hypnosec writes "The FreeBSD project has suffered a security breach. Hackers have successfully compromised servers that were part of the infrastructure used to build third-party software packages. The Security team over at the FreeBSD project is of the opinion that hackers were able to gain access to the servers using legitimate SSH keys and not by exploiting any operating system vulnerabilities. Instances of intrusion were first detected on November 11. FreeBSD project, through a message on public announcements mailing list said that the security breach hasn't affected the project's core components like kernel or system libraries but, has affected third-party software packages being distributed by the project."

hypnosec writes "Kim Dotcom has revealed that Megaupload's successor, Mega, which is reportedly launching on January 20, 2013, will be operating through a new domain name: Mega.co.nz. Through a tweet Dotcom announced that Mega has found a new home and that the new domain name is protected by the law. Dotcom also revealed that lobbyists won't be able to do anything about this, as 'judges are not influenced by politics in New Zealand.' Recent announcements about Mega's domain — Me.ga — didn't go as planned following a decision by the Government of Gabon to suspend the domain name. Dotcom had announced at the time that despite the blockage, Mega would launch as planned."

hypnosec writes with news that two security consultants have found vulnerabilities in Call of Duty: Modern Warfare 3 and the CryEngine 3 graphics engine that could harm game makers and players alike. Presenting at the Power of Community (POC2012) security conference, the researchers demonstrated how a denial-of-service attack could affect Modern Warfare 3, and how a server-level attack on CryEngine 3 allowed them to "create a remote shell on a game-player's computer." "'Once you get access to the server, which is basically the interface with the company, you can get access to all of the information on the players through the server,' Ferrante said. In general, game companies don't seem to be very focused on security but rather on performance of the game itself, Ferrante said. Adding security checks can slow down games, and if the companies don't deem the problem a very critical issue, it will usually be ignored. 'These are games that have a very large market,' Auriemma said."

hypnosec writes "Kim Dotcom's plan to launch a 'bigger, better, faster, stronger, safer' Megaupload successor, Mega, is already in peril as Gabon's government has suspended the domain me.ga . Announcing his decision, Gabon's Communication Minister Blaise Louembe said 'I have instructed my departments... to immediately suspend the site www.me.ga' in a bid to 'protect intellectual property rights' and 'fight cyber crime effectively.' Dotcom revealed through a tweet that he is in possession of an alternative domain name and that the recent suspension 'demonstrates the bad faith witch hunt the U.S. government is on.'"

hypnosec writes "Two MIT electrical engineering professors, Joel Dawson and David Perreault, have claimed that they have cracked the age old efficiency problem related to the power amplifier in smartphones by designing a new amplifier that consumes just half the power as compared to their current counterparts. Current transistor-based power amplifiers consume power in two modes – standby and output signal mode. The only way to reduce power consumption and increase battery life is to use the least possible power when in standby mode. The problem here is that if the power is kept very low when in standby mode, because of sudden jumps from low-power standby mode to high-power output mode, signals get distorted. This is why current technologies waste a lot of electricity as standby power levels are kept at a relatively higher level to avoid distortion. The new technology, dubbed asymmetric multilevel outphasing, is basically a blazingly fast electronic gearbox that would select the best possible voltage to send across to the transistors that would minimize power consumption."

hypnosec writes "Kim Dotcom has let out more information about the launch of Megaupload's successor Mega, which he claims will be 'bigger, better, faster, stronger, [and] safer.' Mega is currently looking for partners willing to provide servers, support and connectivity to become 'Mega Storage Nodes.' The prime requirement, according to Dotcom, is that the servers should be located outside the U.S. and that the companies should also be based outside of the U.S. For this reason, Dotcom has decided that the new service will be launching with 'Me.ga' domain name."

hypnosec writes "The Oak Ridge National Laboratory has unveiled a new supercomputer – Titan, which it claims is the world's most powerful supercomputer, capable of 20 petaflops of performance. The Cray XK7 supercomputer contains a total of 18,688 nodes and each node is based on a 16-core AMD Opteron 6274 processor and a Nvidia Tesla K20 Graphical Processing Unit (GPU). To be used for researching climate change and other data-intensive tasks, the supercomputer is equipped with more than 700 terabytes of memory."

hypnosec writes "Carnegie Mellon university researchers have developed a surveillance system that can not only recognize human activities but can also predict what might happen next. Scientists, through the Army-funded research dubbed Mind's Eye, have created intelligent software that recognizes human activities in video and can predict what might just happen next; sounding an alarm if it detects anomalous behavior. "

hypnosec writes "Developers over at Red Hat are busy porting OpenJDK to ARM's latest 64-bit architecture — the ARMv8, also known as the AArch64. The current OpenJDK ARM situation is rather unsatisfactory: for the current 32-bit ARM processors, there are two versions of the HotSpot JVM for OpenJDK — Oracle's proprietary JIT, and a less sophisticated free JIT that performs poorly in comparison. To avoid a similar situation for the 64-bit platform, the developers are working on an entirely Free Software port of HotSpot to 64-bit ARM."

hypnosec writes "A hacker who claims to be a member of the hacking collective Anonymous has revealed that the hacktivist group is working on a Wikileaks-like service dubbed Tyler and that it will be launched on December 21. The Anonymous member revealed that the service will be decentralized and will be based on peer-to-peer service, unlike Wikileaks, thus making Tyler rather immune to closure and raids. The site will serve as a haven for whistleblowers, where they can publish classified documents and information. The hacker said in an emailed interview that 'Tyler will be P2P encrypted software, in which every function of a disclosure platform will be handled and shared by everyone who downloads and deploys the software.'" That sounds like a lot to live up to. Decentralized, attack-resistant and encrypted all sound nice, but I'm curious both about the funding it would take, and whether it matches Wikileaks' own security.

hypnosec writes "Cyber-scammers have started using '1.usa.gov' links in their spam campaigns in a bid to fool gullible users into thinking that the links they see on a website or have received in their mail or newsletter are legitimate U.S. Government websites. Spammers have created these shortened URLs through a loophole in the URL shortening service provided by bit.ly. USA.gov and bit.ly have collaborated, enabling anyone to shorten a .gov or .mil URL into a 'trustworthy' 1.usa.gov URL. Further, according to an explanation provided by HowTo.gov, creating these usa.gov short URLs does not require a login." Which might not be a big deal, except that the service lets through URLs with embedded redirects, and it is to these redirected addresses that scammers are luring their victims.

hypnosec writes "The Dutch Ministry of Justice and Security has proposed some rather over the line measures and wants to extend such powers to the police that would allow them to break into computers and mobile phones in any part of the world. According to the proposal (PDF in Dutch), dated October 15, the ministry has asked for powers that would allow police to not only break into computers, but also allow them to install spyware, search for data in those computers, and destroy data. As explained by digital rights group 'Bits of Freedom,' which obtained the copy of the proposal, if the Dutch police get such powers, the security of computer users would be lessened and there will be a 'perverse incentive to keep information security weak.'"

hypnosec writes "Amazon, in an email to Kindle owners, has a revealed that following the settlement in the eBook price fixing lawsuit customers will be entitled to refunds between 30 cents and $1.32 on each book purchased. If the $69 million settlement is approved, the funds will be provided as credits to customers directly in their accounts. Users may request checks for the amount of credit that has been applied to their accounts. 'If the Court approves the settlements, the account credit will appear automatically and can be used to purchase Kindle books or print books,' wrote Amazon in the email."

hypnosec writes "Raynaldo Rivera has pleaded guilty at the US District Court for the Central District of California to hacking the Sony Pictures Entertainment website in May 2011. The 20-year-old in his plea agreement revealed that he joined Lulzsec in May of last year in a bid to help the hacking collective carry out cyberattacks on governments and businesses. Rivera, who surrendered to the FBI on August 28 this year, admitted that he was the one who launched an SQL injection attack against sonypictures.com that enabled him to extract confidential information from the website's database."

hypnosec writes "The German Government has gone a bit too far trying to be transparent, inadvertently revealing that German police monitor Skype, Google Mail, MSN Hotmail, Yahoo Mail, and Facebook chat when necessary. The revelations, spotted by the annalist blog, come from a report of expenses incurred by the Federal Ministry of the Interior following a parliamentary inquiry. The report contains lots of tables and as many would find those boring, some highlights: On page 34 and page 37 of the report line item 486 and 265 respectively, represent decoding software for Google Mail, MSN Hotmail, Yahoo Mail for prevention and investigation."

hypnosec writes "Apple, Adobe, Google, HP, Microsoft and many others have joined forces and launched a new resource – the Web Platform in a bid to create a 'definitive resource' for all open Web technologies. The companies have come together to provide developers with a single source of all the latest information about HTML5, CSS3, WebGL, SVG and other Web standards. The platform will also offer tips and best practices on web development as well as web technologies. 'We are an open community of developers building resources for a better web, regardless of brand, browser or platform,' notes the WebPlatform site."

hypnosec writes "Entire cities in the World of Warcraft have been destroyed with no one spared, not even the NPCs. About 13:00 GMT, forums on WOW started getting the first comments from users regarding players and NPCs dying on the Ragnaros-EU realm in Orgrimmar. Users of the online game started reporting that Draenor had a similar sight to offer. Some of the other realms where this was reported include Tarren Mill, and Twisting Nether." Also at Joystiq, and (with more screenshots) at WCCF Tech, which reports that "it appears the damage is most severe in World of Warcraft European servers."