Slashdot Mirror

See subject stupid: Sub 4% of the time I *may* do a lookup that's not in my fav sites cached in RAM @ top of hosts operating in KERNELMODE SPEED (far faster vs. usermode slow solutions are including browser addons that don't do as much & eat more or even windows' usermode slower dnscache (breaks down w/ large hosts & IS faulty which even MS mgt. agreed w/ me on))!

Each lookup page's LOAD FASTER as they're 40% SMALLER IN MASS (due to no ads) http://www.techweekeurope.co.uk/e-marketing/adblock-plus-adblocking-network-traffic-172245/

* I also avoid a security issue riddled DNS system (massively bloated resource pig too if locally installed w/ more moving parts for breakdown/exploit too) https://news.slashdot.org/comments.pl?sid=9007355&threshold=-1&commentsort=0&mode=thread&pid=51969075/ 96++% of the time too!

APK

P.S.=> It's faster, leaner & safer vs. local DNS (which hosts work fine with) + I use OpenDNS (I do use DNS)... apk

Take a read https://apple.slashdot.org/com... it covers sites BEYOND where you spend 95++% of your time online (favorite sites hardcoded @ the TOP of hosts avoiding remote DNS resolution turn-around time resolved FASTEST from local RAM, cached) since IF I miss a lookup (& have to go thru the blocked bad sites/ads)?

BLOCKING ADS ON THOSE SITES OFFSETS THAT MISS BEING RESOLVED IN HOSTS by far!

(Since ads = almost 1/2 the size of pages & thus loadspeed in mass alone, let alone scripts that process ontop of THAT lag, of every site page out there nowadays-> http://www.techweekeurope.co.u... )

APK

P.S.=> DNS is also INEFFICIENT + INSECURE (gb's of RAM worth, more moving parts complexity, security issues galore etc. all listed here by category into the hundreds of evidences thereof too -> https://news.slashdot.org/comm... )... apk

Just how thoroughly have hackers licked antivirus programs? So thoroughly that even Symantec, which essentially invented commercial antivirus, is jumping ship on the concept, the Wall Street Journal reports. Antivirus "is dead," Symantec Senior VP Brian Dye tells the paper. "We don't think of antivirus as a moneymaker in any way." Symantec's new stance, he explains, will be to assume that hackers can and will break through any antivirus protection, and to focus on containing the damage once they do. Symantec will create a response team businesses can call on if they've been hacked, intelligence briefings they can buy on specific threats, and technologies for identifying advanced malware in networks. Rivals already have similar products—as Channelnomics notes, other companies have been decrying the decline in antivirus effectiveness for years—but Symantec is hoping its conversion, even if late, can stem plummeting revenue. Dye says the company realized it was time "to get your act together and go play the game you should have been playing in the first place." http://www.newser.com/story/18... http://www.techweekeurope.co.u...

http://www.techweekeurope.co.u...

For example, see here... Even a President can do something right once in a while: http://www.newser.com/story/20... and we need that, because: http://www.techweekeurope.co.u...

Regarding the authority "issue" - the City of London Police seizing a domain name is no different to the Metropolitan Police seizing it, the jurisdictional "issues" are the same. The reason the City of London Police are doing this a lot is because they are highly specialised in economic crime detection, investigation and enforcement, so combating criminal level copyright infringement is in fact one of their specialities.

The problem however is the legality of the very act of the police in seizing domain names. Apparently, they do not have the power to do so. Instead, they request the "cooperation" of registrars who are threatened with possible legal sanctions in the same breath. Here is an excerpt of one of their letters :-

“Suspension of the domain(s) is intended to prevent further crime. Where possible we request that domain suspension(s) are made within 48 hours of receipt of this Alert. In respect of the information provided by us, we respectfully ask you to consider your liability and the wider public interest should those services be allowed to continue.”

I don't think you should be comfortable with the police making threats to force registrars to shut down online services in the absence of any court orders, findings of liability or any judgment that the online service is in fact against the law.

Not sure how this brief blurb with no link got posted, but here is a link to an actual story.

While we disagree, it would be nice if you wouldn't be so quick to dismiss my arguments as nonsense conclusions that I'm jumping to.

The problems with police and photographers in the UK are frequent, and troublesome as I said. I'm not at home at the moment, but there is actually a site indexing complaints about this happening, and it was well over a thousand.

A small percentage perhaps, but a large enough number to be worrying.

As for R v Majid, I shall quote from the Wikipedia page on Reasonable Doubt :

However, juries in criminal courts in England are no longer customarily directed to consider whether there is "reasonable doubt" about a defendant's guilt. Indeed, a recent conviction was appealed after the judge had said to the jury "You must be satisfied of guilt beyond all reasonable doubt." The conviction was upheld but the Appeal Court made clear their unhappiness with the judge's remark, indicating that the judge should instead have said to the jury simply that before they can return a verdict of guilty, they "must be sure that the defendant is guilty".

There is also a reference on that page for the quotes etc, if you need to verify.

Your breakdown of the law as written certainly seems logical and seems to make sense. I'd say I would agree with your conclusion were it not for troubling news stories which seem to contradict it.

I would think this Wikipedia page has a good summary.

The problem with the law is that it is still assuming that the person does have the key. I know that the law is worded to assume the person does not have a key unless it is proven beyond a reasonable doubt, but in practice that is apparently an easy thing to prove (and perhaps skirt the intention of that clause), based on prosecutions. The law is flawed...it shouldn't have such a clause at all.

The problem is the burden of proof is reversed. It shouldn't be.

You quoted section 53 (3), but that follows 53 (2), which is why RIPA is disturbing:

In proceedings against any person for an offence under this section, if it is shown that that person was in possession of a key to any protected information at any time before the time of the giving of the section 49 notice, that person shall be taken for the purposes of those proceedings to have continued to be in possession of that key at all subsequent times, unless it is shown that the key was not in his possession after the giving of the notice and before the time by which he was required to disclose it.

So basically, they assume you have it.

And what constitutes reasonable doubt? I have true crypt installed, perhaps that is sufficient?

Any such law like that should be written to only persecute people if they are known to have a key and refuse to hand it over. Anything else, even the clause in RIPA, leads to abuses of power. Demonstrably so.

Not to mention, the idea that you can be in jail until you hand over a key is horribly flawed, not to mention injust. The defense you mention that you feel justifies the act? You get to use that after you've already been arrested, jailed, fingerprinted etc...

Another point, what is the criteria for determining ifi information is encrypted or not? Lets say I have an encrypted partition disguised as a garbage file...they can't prove it is an encrypted volume, but what is to stop them from being sure it is and prosecuting me if they don't hand over they key?

If RIPA was nothing as you suggest, it wouldn't be such a cause for concern, domestically in the UK with financial institutions, media institutions etc. And, it is. You need only search to see the reactions to it.

Also of interest:

http://www.techweekeurope.co.u...

All those having internet facing java services had remote vulnerabilities known by oracle and the NSA for months (at least if Oracle does the same as Microsoft, something very probable if not worse), and if your internal network had some value for the NSA or people working for it, it is already backdoored.

I suggest anyone interested in this controversy read the following:

How a Crypto ‘Backdoor’ Pitted the Tech World Against the NSA

Although this is in regard to GCHQ, it probably applies to NSA as well: ‘We Can Trust GCHQ On Encryption’

The DES case is well understood

The DES case is well understood NOW. DES was at the subject of conspiracy theories, suspicion, and fear for nearly 20 years, just in the same way that this controversy is likely to go.

The ironic thing about the DES controversy is that it was secretly stronger than many people knew, not weaker, and there are people that adopted other far weaker encryption schemes out of fear and suspicion rather than use DES. The secret techniques that DES was hardened against made cracking many of those other encryption much easier. I wonder how many secrets were lost because people went to those other encryption methods that were vulnerable to the secret cryptanalysis techniques that DES was immune to?

Here is a though provoking piece for you: ‘We Can Trust GCHQ On Encryption’

LOL, sorry, no. DES was only ever intended for unclassified data and was limited in strength. The record is clear that NSA strengthened the DES algorithm against attacks not publicly known at the time. The best anyone ever did against full strength DES was pretty much brute force (linear was very late to the game, and limited). That is what the DES Cracking project was about, finally putting a bullet in DES to get the next standard going. Now we have AES, and nobody can really claim that it is weak, can they? IIRC AES it approved for both unclassified and classified data. People always suspected that NSA had inserted a back door in DES with the S-Box changes when they had actually strengthened it against differential cryptanalysis which humbled many other schemes, but not DES. DES was almost perfect as designed, as long as you executed it as designed. That is no reduced number of rounds, no changes to the S-boxes, no other toying. It was exactly as strong as it needed to be, and pretty much free of weaknesses other than speed (it was designed for hardware where it was fast, but many did it in software where it was slow). Only the key length was a long term issue, and then you could still do triple DES. Here is the funny thing - many people suspected the government put in a back door and went with some other crypto scheme that was almost certainly inferior if for no other reason than they weren't designed to resist the secret differential cryptanalysis technique, or any other secret techniques. People ran from the back door boogey man and ran over the cliff of poorly designed crypto, and that doesn't even take into account mistakes in implementation. We will almost certainly be seeing the same sort of thing playing out in the future. "You can't trust AES, it was approved by NSA! There must be a back door! No, we're going to use Krasnovian Software A.G.'s ROT-39, developed by our resident super genius."

Wouldn't the same argument apply? - ‘We Can Trust GCHQ On Encryption’

It will be interesting to see how it plays out.

Since the start had big problems, but the reasons are the worrysome ones, sometimes for misconfigured network devices, forgetting to update a SSL certificate, dealing with leap years, and even over DNS (this one was last month, and took down other MS services).

According to Research from Segate, a hybrid drive needs just 8gb of NAND to achive %95 performance of a a NAND drive in a typical business environment "During the five days of study, the average amount of data read by machines in a business environment stood at 19.48GB. Out of this amount, just 9.59GB was unique; the rest consisted of duplicate reads" Of course this is not exactly a large scale study, but it was presented in a industry workshop so its not just fabricated marketing material either. http://www.techweekeurope.co.uk/news/seagate-hybrid-drives-dont-need-more-than-8gb-of-nand-124069

Since benchmarking software is useless for gauging the effect of caching, It would be interesting to see a similar study done on typical usage scenarios for a home machine.

And much of their old dominance was founded on their monopoly of the OS through windows, and they were not shy about (ab)using it.

True. And they figured they could just copy the Desktop model onto smaller devices. Just like with Win8 they are trying to push the (failed) mobile interface onto the Desktop, resulting in (you guessed it) equal failure.

For example, they allegedly tweaked Win95 to kill WordPerfect. Novell sued but lost the court case.

Novell had accused the company of crippling WordPerfect, by deliberately removing Application Programming Interfaces (APIs) which it used from windows 95, even though they were present in the beta version of the operating system.

Actually the court case was put on hold while the U.S DoJ pursued the Anti-trust. It has since been resumed, and is now actively in the court system, at least in the U.S Courts.

To kill off Netscape, they not only bundled IE with every copy of Windows but also allegedly altered or manipulated its application programming interfaces (APIs) in the OS to favor Internet Explorer over third party web browsers. This led directly to the anti-trust lawsuit by the government against MS.

It was one of many things that brought about the Anti-trust lawsuits by the U.S DoJ, another being Novell's anti-trust suit, another being SaMBa's suit, and more. Of course, the demise of Netscape brought us Thunderbird and Firefox. The results of the anti-trust trial brought official documentation for the CIFS/SMB/AD protocols used by Windows for the SaMBa team (which they paid $14k for) so they now have 100% compatibility, and more.

Now that the fight is over mobile and tablet space, MS is still sticking to its game plan by trying to leverage its old dominance into these new markets. Hence you only get the full product (in this case, Office) if you use Winph8 for mobile or Surface Pro for tablets. Their hand is weaker though since they do not control the underlying OS (iOS and Android) so they are relying on attachment to Office to drive the numbers.

They could very easily make equivalent version on all platforms that are just as capable as what is on the Windows Desktop, or offered by Office 365 subscriptions. The fact is they are choosing not to in (vain) hopes of trying to drive people to the Windows platform.

And much of their old dominance was founded on their monopoly of the OS through windows, and they were not shy about (ab)using it.

For example, they allegedly tweaked Win95 to kill WordPerfect. Novell sued but lost the court case.

Novell had accused the company of crippling WordPerfect, by deliberately removing Application Programming Interfaces (APIs) which it used from windows 95, even though they were present in the beta version of the operating system.

To kill off Netscape, they not only bundled IE with every copy of Windows but also allegedly altered or manipulated its application programming interfaces (APIs) in the OS to favor Internet Explorer over third party web browsers. This led directly to the anti-trust lawsuit by the government against MS.

Now that the fight is over mobile and tablet space, MS is still sticking to its game plan by trying to leverage its old dominance into these new markets. Hence you only get the full product (in this case, Office) if you use Winph8 for mobile or Surface Pro for tablets. Their hand is weaker though since they do not control the underlying OS (iOS and Android) so they are relying on attachment to Office to drive the numbers.

Little details always mess numbers

Amazon Cloud Service Hit By Car Crash

One of Amazon’s EC2 cloud computing data centres was knocked offline after it failed to cope with a power outage caused by a car crash

That's the problem though, it's not a majority of voters. Polls to date are overwhelmingly against a default filter:

http://www.techweekeurope.co.uk/news/80-percent-against-default-porn-filter-91476

80% of parents are against it, yes parents, not lone single adults, actual parents. Factor in the rest of the population including those without kids and it'll sway even more against it.

I'd wager at most 10% of the population support a default filter. This is a fascist minority who want to impose their will on the vast majority of the population and The Daily Mail and Claire Perry are the figureheads of the campaign.

Yesterday's posting at slashdot was about a MIT project which produced a map of each person's email contacts. Probably a similar kind of mapping tool could produce strange maps of these code names and involved persons
 
...and once again thanks NSA, for spying on us Europeans

Security researches can't do reverse engineering or publish too soon what they find, at least if they are working in the open (think that don't applies to black hats). Government, in the other hand, have first hand the information of exploits far before is patched, or even could get intentional backdoors in commercial software.

Anyway, patching a bug won't remove the already put backdoor in that computer, unless you do a clean reinstall after those bugs are fixed.

A lot of systems that had to be compromised by the NSA and associates before this patch could finally be released.

Same company behind. Fixing bugs will be expressely delayed until even the NSA actively exploits them. But i suppose that the world need an updated version of the russian roulette for this century.

At least they don't host your company data.

Prolexic says more on the false claim of "the largest DDoS ever" here http://www.techweekeurope.co.uk/news/prolexic-ceo-scott-hammack-biggest-cyber-attack-lies-spamhaus-113551

In an interview Weev says he wants to run for Congress, despite regarding the government as "seditious thugs". http://www.techweekeurope.co.uk/interview/angel-or-demon-hacker-would-the-real-weev-please-stand-up-110637

They're being opposed on that too. http://www.techweekeurope.co.uk/news/amazon-domain-south-america-icann-gtld-99819

Here is a report for the European Parliament (Pdf) about cyber crime and privacy of Cloud services, co-written by Caspar Bowden, it discusses the ramifications of FISAAA. The salient section is "3.4. The inter-state/states/companies relation" on page 34.

http://www.europarl.europa.eu/committees/en/studiesdownload.html?languageDocument=EN&file=79050

Furthermore, proposed changes to the EU's data protection regulations will facilitate FISAAA. Specifically, if a Security Companies' audit of a Cloud Service uncovers U.S. spying, they will be obligated not to inform an affected EU company. I wonder what pressure the U.S. is applying to get this passed...

US lobbying waters down EU data protection reform

"For example, IMCO voted to allow easier profiling of users by companies, and lessen the importance of reporting personal data breaches as soon as they occur. At the same time, most proposals to strengthen regulation were rejected.

I have zero sympathy for this kind of hacker, but that's a lot of time for a DDOS that apparently they didn't even execute if I read the charges right.

Attempt a felony, be charged with a felony.

Join in a criminal conspiracy, provide support for the conspiracy, go down with your co-conspirators.

It doesn't matter whether the conspiracy succeeds or fails. Traditionally, it didn't matter whether you expected things to be taken as far as they were or end as badly as they did. There are echoes of this in the felony murder rule.

You don't want to be caught driving the getaway car in a holdup where someone gets shot. You don't even want to be the guy who supplied the car used in the robbery,

''Perpetrators of distributed denial of service attacks laud them as civil protests but they can be incredibly damaging to the finances and reputations of online businesses.
Simultaneously, they impact on the general public's ability to use online services,'' said detective chief inspector Terry Wilson of the PCeU.
''These men provided the infrastructure for such attacks. The sentences they have received are indicative of how serious the crime is and the tough approach the courts will take to such criminals.''
In April last year, an anti-abortion activist with links to Anonymous was given 32 months in prison for hacking into the records and website of the British Pregnancy Advisory Service (BPAS).

UK Anonymous Hackers Get Jail Time

Weatherhead, who got 18 months, was the only one whose case went to trial.

Juries convict. The geek serves hard time. You are going to see this happen more often, not less.

Why do people just make things up as you've done here?

Using the built in browser, browsing to maps.google.com redirected to just the generic search page. Google was refusing to serve up the webpage to windows phone users. This has nothing to do with APIs accessing google maps. They blocked the phones' browsers entirely.

To his defense, he just seems to be confusing together two separate recent episodes of Google blocking access to their service for Microsoft platforms.

One was WP8 phones being redirected away from mobile Google maps, just based on browser UA string (if WP8 users faked their UA, the service worked perfectly, so the mobile IE10 browser is fully capable of rendering the code). The other was that Microsoft is not getting the same rich API access to Youtube for WP8 Youtube app as Android and iOS Youtube apps are using, so lacking much of the functionality.

http://thenextweb.com/insider/2013/01/05/calling-shenanigans-on-googles-windows-phone-8-maps-narrative/ http://www.techweekeurope.co.uk/news/microsoft-fuming-over-google-block-of-youtube-windows-app-102979

In case you are wondering what Elop thought of this news.

"in a conference call two weeks ago, Nokia CEO Stephen Elop said that he would welcome such a rival. Elop said that a Microsoft smartphone would act as a “stimulant” to all companies making Windows Phone 8 devices, but added that he wasn’t aware of any plans to do so." http://www.techweekeurope.co.uk/news/microsoft-smartphone-windows-phone-8-98096

Whatever you think of Steve Ballmer how he for the record got for a bargain the most expensive advertising campaign in history for next to nothing, and a patent cartel with Nokia, and it seems things are unlikely to change in the future.

I'm astonished the Finnish Government has done nothing all I can find is this quote http://www.reuters.com/article/2012/06/20/us-finnish-government-wont-buy-nokia-sha-idUSBRE85J15V20120620?irpc=932 "This is not our business. We are developing Finland into a country where companies can do well, but this is not the way of support along which the government will go,"

The Wireless Power Consortium (creator of Qi) believes this activity is a smokescreen, designed to promote a proprietary standard, against an established open standard (Qi is based on shared IP). Also Google's stance is confused, since the Nexus 4 actually uses Qi. More details here http://www.techweekeurope.co.uk/news/qi-wireless-charging-powermat-pma-97875

One exciting thing is the Pi can now run the Ice Cream Sandwich version of Android... http://www.techweekeurope.co.uk/news/raspberry-pi-512mb-ram-96143

On July 31 they said ICS was coming, in only 256MB RAM. They said that it was working except for sound, with a new VideoCore binary. Then they claimed (eventually, after much begging and wringing of hands) that they couldn't release it. Now they're claiming you need 512MB? First, that's a lie. Second, does this mean I'm not going to be able to run ICS on my Rev.A? Because I was promised that I could.

The idea of being able to run ICS would be more exciting if they would release it, which they don't appear to be willing or able to do. It hasn't quite reached bait and switch yet, but it's close.

One exciting thing is the Pi can now run the Ice Cream Sandwich version of Android... http://www.techweekeurope.co.uk/news/raspberry-pi-512mb-ram-96143

Fujitsu. http://www.techweekeurope.co.uk/news/fujitsu-blacklisted-government-92249

Same company. They just dropped the Siemens suffix in 2009 when they finalised the takeover.

Someone feel free to correct me, but from memory the only other company bidding on the rural broadband contracts was Siemens, and they've hit the government's blacklist due to repeated failures to deliver.

Fujitsu. http://www.techweekeurope.co.uk/news/fujitsu-blacklisted-government-92249

That phone looks exactly like Android but with a slightly different skin. It even has the same four hardware buttons on the bottom like Android 2.x devices.

http://www.techweekeurope.co.uk/news/telefonica-firefox-os-smartphone-prototype-85340/attachment/photo-06-07-2012-12-11-38

Sure a perfectly flat bit of glass with rounded edges and just enough room to grip it seems obvious now, but who had actually thought of it before?

Knight Ridder Media? The only difference seems to be embossed vs flat screen.

Well, I'm from Cambridge, where our Lib Dem MP not only stood by his promise to students but also has a clue when it comes to technical matters and is one of the more prominent voices in Parliament trying to restore some sanity to this particular debate. So while I have little sympathy with the Lib Dems who got into government and then stabbed the students in the back, just as I had little sympathy when the last Labour MP here made a similar mistake and later lost her seat, I don't agree that all Lib Dems are "FUCKING LIARS". It's simply not true.

No, not half a country: half of the world. The report says that the bulk of the piracy is in developing countries (not that they have much chance of suing there). Oh, and the report uses made-up numbers for the financial losses as usual.

The problem with Greenpeace is that it doesn't always lie.

It was quite right regarding the whales, and has been quite succesful as a result.

Obviously on nuclear it's almost entirely wrong though.

But I disagree that we should stop listening to them because a) it means there's a counterbalance to the massive fossil fuel lobby that due to their past successes, people listen to, and b) I don't think most companies are doing nearly enough, most carbon neutral schemes are actually complete bollocks and don't actually result in a reasonable amount of carbon neutrality, and do we even definitely know that Greenpeace did lie in this case? or are we supposedly meant to trust Apple (whose now deceased CEO was famous for outright lying to the world)?

Look at jo_ham's retarded post below in the discussion "Apple put out a press release gently correcting them", oh well, if Apple put out a press release then obviously it's true. If you read TFA then Greenpeace made an estime of 100 MW sure, but even Amazon queried their 20 MW value and believed it would be at least 78 MW - I fail to believe someone with as much data centre experience with Amazon would come up with an estimate 4x too high.

Still, fanboys will believe what fanboys believe - Apple releases a press release and it's obviously completely true, and would never be an attempt at saving face.

Really, reading TFA the only evidence that Apple's new datacentre will only use 20 MW is Apple's say so? Sorry, but I'd rather trust Amazon and Greenpeaces's estimate than blindly swallow anything the company at the centre of the criticism has to say. If it was just Apple vs. Greenpeace then sure you'd have two polar opposites, but Amazon is relatively neutral in this because is itself wouldn't want to get tangled up unnecessarily in data centre controversy when it owns so many so that adds sway to Greenpeaces argument somewhat. The Amazon article is far more interesting than the PR piece in the summary:

http://www.techweekeurope.co.uk/news/amazon-queries-facebook-apple-sola-69713

Or the original blog:

http://perspectives.mvdirona.com/2012/03/17/ILoveSolarPowerBut.aspx

171 acres of trees are being cleared for Apple's solar array.

So in this case it seems perhaps the real problem is immediately assuming Greenpeace is lying and Apple is right based on nothing more than an Apple press release.

How much did they pay on the Google Books settlement? Oh, wait, that wasn't 'breaking the law', as there wasn't a court involved ... so let's go with:

• Deceptive AdWords, Australia
• Content regulation, India
• Copyright of news snippets, Germany
• Copyright of books, France

And how many do you need? Only one to disprove your claim that there aren't any. To claim 'tons of' ... more than that. (and in that case, showing where they won doesn't show that there aren't any that they lost)

(and look, I'm supportive of some of the stuff Google does ... but your selective listing is insinuating that they've never done illegal stuff, which was the original claim ... and doing illegal stuff, and being found guilty by the courts are two different things, as everyone tries to settle out of court to avoid setting a legal precident)

ICANN has taken the application system offline after a fault, and will extend the deadline till Friday 20 April. Details here
http://www.techweekeurope.co.uk/wp-content/uploads/2012/04/internetimageoverload-287x331.jpg

McAfee has previously announced products to secure embedded devices, which could include implants.

In TFA, the "yesterday" link appears to have been fat-fingered. Here is the fixed link:
--
[...]was automatically passing their mobile numbers to any site they visited[...]
--

Second link is wrong. It should be: http://www.techweekeurope.co.uk/news/o2s-customer-phone-number-leakage-a-cock-up-56263.

This was the title of the article I used (says it all):
Serious Security Bugs Found In Android Kernel

You linked
http://linux.slashdot.org/story/10/11/02/2238205/Serious-Security-Bugs-Found-In-Android-Kernel

which is a summary of
http://www.techweekeurope.co.uk/news/serious-security-bugs-found-in-android-kernel-11040
which says

Coverity said it will hold off releasing the details of the flaws until January to allow Google and handset vendors to issue fixes. The flaws could be patched via an over-the-air update, Coverity said.

Not my fault if you failed to RTFA.

The OP points out that it covers other Google products, and it could also cover other mobile phone environments. We expect it will also be followed up very quickly by similar patent claims in Europe, where the German courts have been fast, and friendly towards patent holders. http://www.techweekeurope.co.uk/news/bt-sues-google-claiming-android-patent-infringements-50431