Slashdot Mirror

another random user writes with news of a vulnerability in the Skype password reset tool "All you need to do is register a new account using that email address, and even though that address is already used (and the registration process does tell you this) you can still complete the new account process and then sign in using that account Info (original post in Russian)" concealment adds a link to another article with an update that Skype disabled the password reset page as a temporary fix.

An anonymous reader writes "Now that Windows 8 is on sale and has already been purchased by millions, expect very close scrutiny of Microsoft's latest and greatest security features. 0-day vulnerabilities are already being claimed, but what about the malware that's already out there? When tested against the top threats, Windows 8 is immune to 85 percent of them, and gets infected by 15 percent, according to tests run by BitDefender."

An anonymous reader writes "Apple has quietly decided that it probably shouldn't be using JavaScript code on its UK site to hide its second Samsung apology. While you still have to scroll down in almost cases, the company is no longer forcing it; check it out yourself at Apple UK."

An anonymous reader writes "Apple today posted its second Samsung apology to its UK website, complying with requests by the UK Court of Appeal to say its original apology was inaccurate and link to a new statement. As users on Hacker News and Reddit point out, however, Apple modified its website recently to ensure the message is never displayed without visitors having to scroll down to the bottom first."

An anonymous reader writes "Apple today posted its second Samsung apology to its UK website, complying with requests by the UK Court of Appeal to say its original apology was inaccurate and link to a new statement. As users on Hacker News and Reddit point out, however, Apple modified its website recently to ensure the message is never displayed without visitors having to scroll down to the bottom first."

An anonymous reader writes "Security firm Kaspersky has released its latest IT Threat Evolution report. There were some interesting findings in the report, as always, but the most interesting thing that stuck out was all the way at the bottom: 'Microsoft products no longer feature among the Top 10 products with vulnerabilities. This is because the automatic updates mechanism has now been well developed in recent versions of Windows OS.'"

An anonymous reader writes "Windows 8 was released late last week, and already this week French security firm VUPEN says it has broken Microsoft's latest and greatest security features. The company claims it has developed a 0-day exploit for Windows 8 and IE10, by chaining multiple undisclosed flaws together."

An anonymous reader writes "Google announces a new Voter Information Tool which, as its name implies, can be used by voters to find relevant information such as where you can vote and for whom. The search giant is releasing the new feature just over a week in advance of the US Presidential Election on November 6. This raises the question: can Google influence the elections even more than it already does via lobbying?" I've found Ballotpedia useful as well.

An anonymous reader writes "The Federal Bureau of Investigation (FBI) is finally stepping up its game when it comes to hackers. Maybe it was Anonymous that did it or maybe it was statements from the US Secretary of Defense two weeks ago, but either way, the FBI is now hunting hackers 24/7." I'm happy that the FBI no longer has an investigation schedule when it comes to online crime, but I have to think that I'm not the only one who assumed they were doing this before.

An anonymous reader writes "Last night, the Internet Archive threw a party; hundreds of Internet Archive supporters, volunteers, and staff celebrated that the site had passed the 10,000,000,000,000,000 byte mark for archiving the Internet. As the non-profit digital library, known for its Wayback Machine service, points out, the organization has thus now saved 10 petabytes of cultural material." The announcement coincided with the release of an 80-terabyte dataset for researchers and, for the first time, the complete literature of a people: the Balinese.

An anonymous reader writes "Is Google planning on integrating an antivirus scanner into Android? A just-released Google Play store app update, as well as the company's recent acquisition of VirusTotal seem to hint that yes, Google is looking into it. 'Google yesterday started rolling out an update to its Google Play Store app: version 3.8.17 from August was bumped to version 3.9.16 in October. Android Police got its hands on the APK and posted an extensive tear down. The first change noted was the addition of new security-related artwork (exclamation icons and security shields) as well as the following strings: App Check 'Allow Google to check all apps installed to this device for harmful behavior? To learn more, go to Settings > Security.''"

An anonymous reader writes "Last week, Mozilla announced it will prompt Firefox users on Windows with old versions of Adobe Reader, Adobe Flash, and Microsoft Silverlight to update their plugins, but refused to detail how the system will work. Now, the organization has unveiled 'click-to-play plugin blocks,' which will be on by default in Firefox 17, starting with the three aforementioned plugins. (Expect more to be added eventually.) Furthermore, you can try out the feature for yourself now in Firefox 17 beta for Windows, Mac, and Linux." Also coming in Firefox 17 is support for Mozilla's "Social API." The announcement describes it thus: "Much like the OpenSearch standard, the Social API enables developers to integrate social services into the browser in a way that is meaningful and helpful to users. As services integrate with Firefox via the Social API sidebar, it will be easy for you to keep up with friends and family anywhere you go on the Web without having to open a new Web page or switch between tabs. You can stay connected to your favorite social network even while you are surfing the Web, watching a video or playing a game."

another random user writes "A researcher by the name of Suriya Prakash has claimed that the majority of phone numbers on Facebook are not safe. It's not clear where he got his numbers from (he says 98 percent, while another time he says 500 million out of Facebook's 600 million mobile users), but his demonstration certainly showed he could collect countless phone numbers and their corresponding Facebook names with very little effort. Facebook has confirmed that it limited Prakash's activity but it's unclear how long it took to do so. Prakash disagrees with when Facebook says his activity was curtailed." Update: 10/11 17:47 GMT by T : Fred Wolens of Facebook says this isn't an exploit at all, writing "The ability to search for a person by phone number is intentional behavior and not a bug in Facebook. By default, your privacy settings allow everyone to find you with search and friend finder using the contact info you have provided, such as your email address and phone number. You can modify these settings at any time from the Privacy Settings page. Facebook has developed an extensive system for preventing the malicious usage of our search functionality and the scenario described by the researcher was indeed rate-limited and eventually blocked." Update: 10/11 20:25 GMT by T : Suriya Prakash writes with one more note: "Yes, it is a feature of FB and not a bug.but FB never managed to block me; the vul was in m.facebook.com. Read my original post. Many other security researchers also confirmed the existence of this bug; FB did not fix it until all the media coverage." Some of the issue is no doubt semantic; if you have a Facebook account that shows your number, though, you can decide how much you care about the degree to which the data is visible or findable.

An anonymous reader writes "Last night, Google held its Pwnium 2 competition at Hack in the Box 2012, offering up a total of $2 million for security holes found in Chrome. Only one was discovered; a young hacker who goes by the alias 'Pinkie Pie' netted the highest reward level: a $60,000 cash prize and a free Chromebook (the second time he pulled it off). Google today patched the flaw and announced a new version of Chrome for Windows, Mac, and Linux."

An anonymous reader writes "Mozilla today announced it will soon start prompting Firefox users to upgrade select old plugins. This will only affect Windows users, and three plugins: Adobe Reader, Adobe Flash, and Microsoft Silverlight. Mozilla says Firefox users will 'soon see a notification urging them to update' when they visit a web page that uses the plugins."

An anonymous reader writes "Like any popular platform, Android has malware. Google's mobile operating system is relatively new, however, so the problem is still taking form. In fact, it turns out that the larger majority of threats on Android come from a single malware family: Android.FakeInstaller, also known as OpFake, which generates revenue by silently sending expensive text messages in the background. McAfee says that the malware family makes up more than 60 percent of Android samples the company processes."

An anonymous reader writes "Google today announced a huge change for Google Apps, including its Business, Education, and Government editions. As of October 1, users will no longer have the ability to download documents, spreadsheets, and presentations in old Microsoft Office formats (.doc, .xls, .ppt)." The perils of cloud computing; LibreOffice will probably be the best conversion utility at that point. Apropos: Reader akumpf writes with an essay about the dangers of letting our data and our tools be hosted by the same provider.

An anonymous reader writes "iOS 6 has seen rapid adoption among iPhone and iPad users, reports developer David Smith. Smith's applications like Audiobooks get around 100k downloads weekly and he's taken to mapping the adoption of Apple's software releases over the last couple of years. This update's data shows a 35.4% adoption of iOS 6, with iOS 5.x holding court at 71.5% adoption. That's a pretty rapid pace, eclipsing Android Jelly Bean's 2-month adoption levels of 1.2% easily."

An anonymous reader writes "Microsoft doesn't like long passwords. In fact, the software giant not only won't let you use a really long one in Hotmail, but the company recently started prompting users to only enter the first 16 characters of their password. Let me rephrase that: if you have a password that has more than 16 characters, it will no longer work. Microsoft is making your life easier! You no longer have to input your whole password! Just put in the first 16 characters!" At least they warn you; I've run into some sites over the years that silently drop characters after an arbitrary limit.

New submitter SquarePixel writes "Microsoft is urging Safari users to switch to Bing after Google was fined $22.5 million for violating Safari privacy settings. 'Microsoft is keen to make sure that no-one forgets this, let alone Safari users, and the page summarizes the events that took place.' It tells users how Google promised not to track Safari users, but tracked them without their permission and used this data to serve them advertisement. Lastly, it tells how Google was fined $22.5 million for this and suggests users to try the more privacy oriented Bing search engine."

An anonymous reader writes with an item from The Next Web: "Security researchers participating in the Mobile Pwn2Own contest at the EuSecWest Conference in Amsterdam [Wednesday] demonstrated how to hack Android through a Near Field Communication (NFC) vulnerability. The 0day exploit was developed by four MWR Labs employees (two in South Africa and two in the UK) for a Samsung Galaxy S 3 phone running Android 4.0.4 (Ice Cream Sandwich). Two separate security holes were leveraged to completely take over the device, and download all the data from it."

An anonymous reader writes "Yesterday, XDA Developers forum users kinfaus and pokey9000 were discussing how the latest devices from Amazon (the second-generation 7 Kindle Fire and the 7 Kindle Fire HD) come with more sophisticated protection than their predecessors, including locked bootloaders and 'high security' features offered by their OMAP processors. Today, the devices have been rooted." Using a known bug in busybox dating to April even.

An anonymous reader writes "On Thursday we discussed news that Google pressured Acer and Chinese e-commerce giant Alibaba to cancel the launch of a phone running the Aliyun OS. Google has now addressed the issue, speaking out on the importance of compatibility for Android devices. Andy Rubin, who runs Android development at Google, said Aliyun was a non-compatible version of Android, which weakens the ecosystem. He pointed out that the Open Handset Alliance provides all the tools necessary to make it compatible. An Alibaba exec fired back, saying, 'Aliyun OS is not part of the Android ecosystem so of course Aliyun OS is not and does not have to be compatible with Android. It is ironic that a company that talks freely about openness is espousing a closed ecosystem.'"

An anonymous reader writes "Google today [Friday] announced it is discontinuing support for Internet Explorer 8 in Google Apps, including its Business, Education, and Government editions. The kill date is November 15, 2012. After that, IE8 users accessing Google Apps will see a message recommending that they upgrade their browser."

dgharmon writes "'I hate it,' Wozniak told Bloomberg in Shanghai today, referring to the patent battle. He thinks the ruling will be overruled. Samsung will of course appeal, and this case will go back and forth for months still, but Wozniak just wishes everyone could get along. 'I don’t think the decision of California will hold. And I don’t agree with it — very small things I don’t really call that innovative. I wish everybody would just agree to exchange all the patents and everybody can build the best forms they want to use everybody’s technologies,' he said."

An anonymous reader writes "A member of the Anonymous hacktivist group appears to have taken down GoDaddy with a massive Distributed Denial of Service (DDoS). The widespread issue seems to be affecting countless websites and services around the world, although not for everyone. Godaddy.com is down, but so are some of the site's DNS servers, which means GoDaddy hosted e-mail accounts are down as well, and lots more. It's currently unclear if the servers are being unresponsive or if they are completely offline. Either way, the result is that if your DNS is hosted on GoDaddy, your site may also look as if it is down, because it cannot resolve."

An anonymous reader writes "At the start of this month, news broke that The Pirate Bay co-founder Gottfrid Svartholm had been arrested in Cambodia. A bunch of updates followed, including that Svartholm would be deported to Sweden, and that the two countries of course collaborated on his capture. The latest tidbit, as of today, is the craziest one yet: Sweden essentially paid Cambodia tens of millions of dollars. The Government of Sweden has agreed to give 400 million Swedish Kronor ($59.4 million) to Cambodia for various reasons, including democratic development, human rights, education, environment protection, climate change, sustainable development, and poverty reduction. You name it (just don't say international arrests)."

An anonymous reader writes, quoting the article: "At the start of this month, news broke that Iran and North Korea have strengthened their ties, specifically by signing a number of cooperation agreements on science and technology. The two states signed the pact on Saturday, declaring that it represented a united front against Western powers. Ayatollah Ali Khamenei, Iran's Supreme Leader, told Kim Yong Nam, North Korea's ceremonial head of state, the two countries have common enemies and aligned goals. On Monday, security firm F-Secure weighed in on the discussion. The company believes Iran and North Korea may be interested in collaborating against government-sponsored malware attacks such as Duqu, Flame, and Stuxnet."

An anonymous reader writes "The Next Web is reporting that Google Drive, the search giant's long anticipated cloud storage service, is set to launch next week. From the article: 'What's interesting though is that Google is planning to start everyone with 5 GB of storage. Of course you can buy more, but that trumps Dropbox's 2 GB that is included with every account. Dropbox does make it easy to get more space, including 23 GB of potential upgrades for HTC users. What's also interesting is the wording related to how the system will work. It's been long-thought that Windows integration will come easy, but that getting the Google Drive icon into the Mac a la Dropbox would be a bit harder. From what we're reading, Google Drive will work "in desktop folders" on both Mac and Windows machines, which still leaves the operation question unanswered.'"

hypnosec writes with the arguably welcome news that "[The U.S.] Congress is gathering further information on iOS developers and how they deal with and implement privacy policies. The Next Web got hold of a letter from Congress which had been sent out to Tapbots, along with some 32 other iOS developers, including both Twitter and Facebook, and the devs of Path, SoundCloud, Foodspotting and Turntable.fm. The apps were picked because they come under the social networking umbrella in the 'essentials' area of the App Store. The letter begins: 'We are writing to you because we want to better understand the information collection and use policies and practices of apps for Apple's mobile devices with a social element.' What follows is a series of eight questions designed to gather more details regarding the popularity of the app in question, and the privacy policy to which it holds (and how it's made known to users)."

An anonymous reader writes "Following the recent Italian case, Apple is now being sued by the Belgian consumer association 'Test-Achats' (french/dutch website) for not applying the EU consumer protection laws by only giving a one-year warranty on its products. At the same time, Apple is not only refusing to give the mandatory two-year warranty but is also selling the additional year of warranty with its Applecare products. If the consumer association wins its case, Apple could be forced to refund Applecare contracts to its Belgian customers while providing the additional year of warranty for free."

New submitter EuNao writes "TED (Technology, Entertainment, Design), the organization based on 'ideas worth sharing,' launched a new initiative this past week. It is called TED-Ed, and it aims to engage students with unforgettable lessons. There are many places in the world where a wonderful teacher or mentor is teaching something mind-blowing, but as it stands now not many people have access to that powerful experience. Ted-Ed aims to bring that engaging experience to everyone who has an internet connection. Here are summaries and links to the nine videos that were initially released."

New submitter BSAtHome writes "People with a healthy interest in fundamental freedoms and basic human rights have probably heard about SABAM, the Belgian collecting society for music royalties, which has become one of the global poster children for how outrageously out-of-touch-with-reality certain rightsholders groups appear to be. This morning, word got out in Belgian media that SABAM is spending time and resources to contact local libraries across the nation, warning them that they will start charging fees because the libraries engage volunteers to read books to kids. Volunteers. Who – again – read books to kids."

Sparrowvsrevolution writes "In the wake of news that the iPhone app Path uploads users' entire contact lists without permission, Forbes dug up a study from a group of researchers at the University of California at Santa Barbara and the International Security Systems Lab that aimed to analyze how and where iPhone apps transmit users' private data. Not only did the researchers find that one in five of the free apps in Apple's app store upload private data back to the apps' creators that could potentially identify users and allow profiles to be built of their activities; they also discovered that programs in Cydia, the most popular platform for unauthorized apps that run only on 'jailbroken' iPhones, tend to leak private data far less frequently than Apple's approved apps. The researchers ran their analysis on 1,407 free apps (PDF) on the two platforms. Of those tested apps, 21 percent of official App Store apps uploaded the user's Unique Device Identifier, for instance, compared with only four percent of unauthorized apps."

patiwat writes "The Thai government has called Twitter's tweet censorship move a 'welcome development.' Tweets may now be blocked at the request of the Thai government; the system will be used to discourage and punish lese majeste (criticism of the Thai King). The government previously declared that Facebook users worldwide 'liking' a lese majeste Facebook link would also be prosecuted; over 10,000 Facebook pages have been removed and hundreds of individuals, including children and academics, have been jailed. Calls to reform the lese majeste laws have been fiercely criticized by no less than the Army Commander, whose backing is critical to the government's stability."

symbolset writes "TheNextWeb is reporting that the first official jailbreak for Windows Phone 7, ChevronWP7, has 'sold out' of tokens to enable homebrew application support. Only 10,000 tokens to jailbreak Windows Phones were ever granted. According to an announcement through ChevronWP7's Twitter feed, they're discussing whether they will ask Microsoft to make more available. With Lumia falling flat in Europe Microsoft needs all the enthusiastic modding fans they can get."

Mightee writes "Pakistan, which was in the news last year for blocking Facebook over a 'Draw Mohammad Day' competition, is seeking to ban the social network again due to the second round of the same competition, reports Pakistan Today. Justice Sheikh Azmat Saeed, presiding over the Lahore High Court, ordered the Ministry of Information and Technology to block access to Facebook nationwide on the charge of 'spreading religious hatred on the Internet.' The court also directed the ministry to police the Internet and block all other websites that were found guilty of the same charge, but it spared search engines like Google (which it is targeting for other reasons)."

riverat1 writes "The Next Web has a story on Muammar Gaddafi's monitoring of the internet and other telecommunications. As you might expect, the monitoring was intense. The story names companies that supplied the monitoring software, most notably Amesys, a unit of the French company Bull SA. There is a more detailed story behind the paywall at the Wall Street Journal." Boeing's Narus division may also have been involved (collecting very important Analytics and nothing suspicious of course). Update: 09/01 16:08 GMT by UL :Axure pointed out that VASTech (South Africa), ZTE (China), and the aforementioned Narus (US) also provided assistance, making the title of the article a bit inaccurate. It seems the Libyan Internet monitoring was an international affair (my apologies to Europe).

"Twitter has confirmed that it will meet with the UK Home Secretary on Thursday, after being called in for discussions over the role it played in the recent UK riots. Twitter will send a representative to the meeting scheduled for August 25. Both Facebook and RIM will also send representatives to the meeting in regards to their effects on the riots."

Orome1 writes "38-year-old Yasuhiro Kawaguchi is the first person in Japan to get arrested for storing malware on his computer after the upper house's Judicial Affairs Committee has confirmed the new anti-malware law passed by the Japanese parliament. The law considers the creation, distribution and storage of malware a crime punishable with up to three years in prison and a fine that could reach the sum of 500,000 yen ($6,200)."

Bruce Schneier's blog has a bit about a subject that gets my blood boiling too. He says "I'm really getting tired of stories like this: Computer disks and USB sticks were dropped in parking lots of government buildings and private contractors, and 60% of the people who picked them up plugged the devices into office computers... People get USB sticks all the time. The problem isn't that people are idiots... The problem is that the OS trusts random USB sticks."

EastDakota writes "CloudFlare was originally conceived by the team behind the open source community. Project Honey Pot as an easy way to protect any website from hackers and spammers. The concern from the beginning was that it would add latency. It was quite a surprise when the free service launched 8 months ago and ended up speeding up websites by 60%."

Several readers have sent word that Anonymous has hacked servers belonging to Iran's Ministry of Foreign Affairs, making off with over 10,000 emails. "The Ministry’s website is still down as of this writing, and the servers are under Anonymous control. ... The email archive includes approvals and rejections for a variety of visas and passports, among other requests and correspondence. 'It’s near the election’s anniversary. We had to do something,' said one of the Iranian members of Anonymous from #OpIran. He said they take down Iranian government servers on a regular basis for operation days, but that obviously retrieving information required a different approach to the group’s signature DDoS attack. He also indicated an as-yet unannounced attack. 'For the election’s anniversary, we have a complete DDoS attack day' planned, he said.

durianwool writes "To avoid a defamation suit, a man in Malaysia has settled with lawyers saying he will tweet 100 times over the next 3 days that he's sorry for defaming a magazine company. Realizing the mistake in an original tweet, the man issued an apology tweet. That was not acceptable to the company, and the company (also his employer) pursued the matter with lawyers which demanded he place ads in newspapers. Not being able to afford newspaper advertisements, Fahmi Fadzil agreed to settle the matter with a series of apologies on Twitter instead."

Several readers have sent in follow-up articles to Wednesday's news that iPhone location data was being tracked and stored. First, it seems Android shares a similar problem, though the file containing the location data is "only accessible on devices that have been rooted and opened up to installation of unsigned apps." Developer Magnus Eriksson has created an app to flush this data. Next: the iPhone tracking file is not new, just in a different place than it used to be. Reader overThruster then points out a CNet story indicating that law enforcement has been aware of this file for some time, and has used it in a forensics context. This story is a growing concern for Apple, particularly now that Senator Al Franken (PDF) and Rep. Ed Markey (PDF) have both written letters to Steve Jobs demanding details about the location tracking. Finally, PCMag explains how to view the location data present on your iPhone, should you so desire.

revealingheart writes "The BBC is set to close down 200 of its websites in the near future as part of cost-cutting measures. Hearing that 172 of these sites would be deleted from the Web entirely, an anonymous individual has taken matters into his or her own hands. The result is a BitTorrent file that anyone can download to store a backup of these 'lost' websites forever. The cost of the project? Apparently no more than $3.99 for a VPS server to crawl and retrieve all the sites."

Another day, another dozen WikiLeaks stories, several of which revolve around money. PayPal has given in to pressure to release WikiLeaks funds, though they still won't do further transactions. Mobile payment firm Xipwire is attempting to take PayPal's place. "We do think people should be able to make their own decisions as to who they donate to." PCWorld wonders if the WikiLeaks' money woes could lead to great adoption of Bitcoin, the peer-to-peer currency system we've discussed in the past. Meanwhile, Representative Ron Paul spoke in defense of WikiLeaks on the House floor Thursday, asking a number of questions, including, "Could it be that the real reason for the near universal attacks on WikiLeaks is more about secretly maintaining a seriously flawed foreign policy of empire than it is about national security?" The current uproar over WikiLeaks has prompted Paul Vixie to call for an end to the DDoS attacks and Vladimir Putin to break out a metaphor involving cows and hockey pucks.

DaveNJ1987 writes "Kuwait has banned the use of Digital Single Lens Reflex (DSLR) cameras in public places for anyone who is not a journalist. The ban, which was passed by the unanimous agreement of the country's Ministry of Social Affairs, Ministry of Information and Ministry of Finance, prevents the public from using DSLR devices on the streets of the Middle Eastern State. Tourists are to be affected by the new laws and must be aware of this before travelling to Kuwait. Smaller digital cameras and camera phones are exempt from the ban."

olsmeister writes "For 18 minutes this past April, 15% of the world's internet traffic was routed through servers in China. This includes traffic from both .gov and .mil US TLDs." The crazy thing is that this happened months ago, and nobody noticed. Hope you're encrypting your super-secret stuff.

An anonymous reader tipped the fact that, with the .com namespace getting pretty well mined out, GoDaddy.com's front page for domain registrations now defaults to .co instead of .com. The article claims that GoDaddy registers about half of new domain names. Neither the article nor GoDaddy makes it explicit that .co is a ccTLD belonging to Colombia, or that registering one costs about three times as much as a .com, at $29.99 per year. And if you select a .co domain name from GoDaddy's front page, a number of TLD variants are presented alongside .co — but .com is not among them.