×
Canada

Sony Rootkit Redux: Canadian Business Groups Lobby For Right To Install Spyware 240

Posted by Soulskill from the do-not-want dept.
An anonymous reader writes "Michael Geist reports that a coalition of Canadian industry groups, including the Canadian Chamber of Commerce, the Canadian Marketing Association, the Canadian Wireless Telecommunications Association and the Entertainment Software Association of Canada, are demanding legalized spyware for private enforcement purposes. The potential scope of coverage is breathtaking: a software program secretly installed by an entertainment software company designed to detect or investigate alleged copyright infringement would be covered by this exception. This exception could potentially cover programs designed to block access to certain websites (preventing the contravention of a law as would have been the case with SOPA), attempts to access wireless networks without authorization, or even keylogger programs tracking unsuspecting users (detection and investigation)."
Security

Semi-Automatic Hacking of Masked ROM Code From Microscopic Images 42

Posted by Soulskill from the making-a-computer-read-a-computer dept.
An anonymous reader writes "Decapping chips and recovering code or data is nothing new, but the old problem of recovering Masked ROM through visual inspection (binary '0' and '1' can be distinguished within the images) is normally done by crowd sourcing a manual typing effort. Now a tool that semi-automates this process and then recovers the data automatically has been released."
Bug

Kaspersky Update Breaks Internet Access For Windows XP Users 92

Posted by timothy from the all-a-secret-plot dept.
An anonymous reader writes "Yesterday afternoon, Kaspersky Labs released a definition update that blocked all Internet and Intranet access on Windows XP workstations. While there has been no official communication from Kaspersky, their forum is lit up with angry customers relying on each other to find a fix." Update: 02/05 16:42 GMT by T : Thanks to an anonymous reader, who says that Kaspersky has issued a statement, and a fix (though the fix takes some manual labor to implement).
Databases

MySQL 5.6 Reaches General Availability 47

Posted by timothy from the magic-8-ball-says dept.
First time accepted submitter jsmyth writes "MySQL 5.6.10 has been released, marking the General Availability of version 5.6 for production." Here's more on the features of 5.6. Of possible interest to MySQL users, too, is this look at how MySQL spinoff MariaDB (from Monty, one of the three creators of MySQL) is making inroads into the MySQL market, including (as we've mentioned before) as default database system in some Linux distributions.
Australia

Why Australian Telco's Plan To Shape BitTorrent Traffic Won't Work 84

Posted by timothy from the locking-doorknobs-on-revolving-doors dept.
New submitter oztechmuse writes "Australian Telco Telstra is planning to trial shaping some BitTorrent traffic during peak hours. Like all other telcos worldwide, they are facing increasing traffic with a long tail of users: 20% of users consume 80% of bandwidth. The problem is, telcos in Australia are already shaping BitTorrent traffic as a study by Measurement Lab has shown and traffic use continues to increase. Also, the 20% of broadband users consuming the most content will just find a different way of accessing the content and so overall traffic is unlikely to be reduced."
Android

Wireless Carriers Put On Notice About Providing Regular Android Security Updates 171

Posted by Soulskill from the suggestion-placed-in-circular-file dept.
msm1267 writes "Activist Chris Soghoian, who in the past has targeted zero-day brokers with his work, has turned his attention toward wireless carriers and their reluctance to provide regular device updates to Android mobile devices. The lack of updates leaves millions of Android users sometimes upwards of two revs behind in not only feature updates, but patches for security vulnerabilities. 'With Android, the situation is worse than a joke, it’s a crisis,' said Soghoian, principal technologies and senior policy analyst with the American Civil Liberties Union. 'With Android, you get updates when the carrier and hardware manufacturers want them to go out. Usually, that’s not often because the hardware vendor has thin [profit] margins. Whenever Google updates Android, engineers have to modify it for each phone, chip, radio card that relies on the OS. Hardware vendors must make a unique version for each device and they have scarce resources. Engineers are usually focused on the current version, and devices that are coming out in the next year.'"
Crime

Researchers Demo Hack Against African Micro-Finance Accounts 52

Posted by timothy from the and-such-small-portions dept.
mask.of.sanity writes "Security researchers have shown how to raid Africa micro-finance bank accounts en masse using fake audio one time passwords. The banks use audio one-time passwords to authenticate users logging into their accounts, but failed to implement properly security controls across numerous systems. Crucially, the researchers did not reveal how they cracked the encryption in order to protect users."
Google

US Wants Apple, Google, and Microsoft To Get a Grip On Mobile Privacy 103

Posted by Soulskill from the because-they've-done-a-bang-up-job-so-far dept.
coondoggie writes "When it comes to relatively new technologies, few have been developing at the relentless pace of mobile. But with that development has come a serious threat to the security of personal information and privacy. The Federal Trade Commission has issued a report (PDF) on mobility issues and said less than one-third of Americans feel they are in control of their personal information on their mobile devices. 'The report makes recommendations for critical players in the mobile marketplace: mobile platforms (operating system providers, such as Amazon, Apple, BlackBerry, Google, and Microsoft), application (app) developers, advertising networks and analytics companies, and app developer trade associations. ... The report recommends that mobile platforms should: Provide just-in-time disclosures to consumers and obtain their affirmative express consent before allowing apps to access sensitive content like geolocation; Consider developing a one-stop “dashboard” approach to allow consumers to review the types of content accessed by the apps they have downloaded; Consider offering a Do Not Track (DNT) mechanism for smartphone users.'"
Bug

Typing These 8 Characters Will Crash Almost Any App On Your Mountain Lion Mac 425

Posted by Soulskill from the break-different dept.
An anonymous reader writes "All software has bugs, but this one is a particularly odd one. If you type "File:///" (no quotes) into almost any app on your Mac, it will crash. The discovery was made recently and a bug report was posted to Open Radar. First off, it’s worth noting that the bug only appears to be present in OS X Mountain Lion and is not reproducible in Lion or Snow Leopard. That’s not exactly good news given that this is the latest release of Apple’s operating system, which an increasing number of Mac users are switching to. ... A closer look shows the bug is inside Data Detectors, a feature that lets apps recognize dates, locations, and contact data, making it easy for you to save this information in your address book and calendar."
China

Washington Post: We Were Also Hacked By the Chinese 135

Posted by Soulskill from the they-just-want-to-fit-in dept.
tsu doh nimh writes "A sophisticated cyberattack targeted The Washington Post in an operation that resembled intrusions against other major American news organizations and that company officials suspect was the work of Chinese hackers, the publication acknowledged on Friday. The disclosure came just hours after a former Post employee shared information about the break-in with ex-Postie reporter Brian Krebs, and caps a week marked by similar stories from The New York Times and The Wall Street Journal. Krebs cites a former Post tech worker saying that the publication gave one of its hacked servers to the National Security Agency for analysis, a claim that the Post's leadership denies. The story also notes that the Post relied on software from Symantec, the same security software that failed to detect intrusions at The New York Times for many months."
Communications

Twitter #Hacked 111

Posted by timothy from the coz-it's-a-hashtag-see dept.
theodp writes "Earlier this week, hackers gained access to Twitter's internal systems and stole information, compromising 250,000 Twitter accounts before the breach was stopped. Reporting the incident on the company's official blog, Twitter's manager of network security did not specify the method by which hackers penetrated its system, but mentioned vulnerabilities related to Java in Safari and Firefox, and echoed Homeland Security's advisory that users disable Java in their browsers. Sure, blame everything on Larry Ellison. Looks like bad things do happen in threes — Twitter's report comes on the heels of disclosures of hacking attacks on the WSJ and NY Times."
Java

Oracle Responds To Java Security Critics With Massive 50 Flaw Patch Update 270

Posted by timothy from the no-more-jeans-all-patches dept.
darthcamaro writes "Oracle has been slammed a lot in recent months about its lackluster handling of Java security. Now Oracle is responding as strongly as it can with one of the largest Java security updates in history. 50 flaws in total with the vast majority carrying the highest-possible CVSS score of 10."
Government

Federal Gun Control Requires IT Overhaul 436

Posted by Soulskill from the give-me-back-my-stapler dept.
New submitter Matt Slaybaugh writes "John Foley at InformationWeek has an editorial saying that the missing piece in the new gun control legislation is adequate data management. 'President Obama introduced 23 executive orders on Jan. 16 aimed at reducing gun violence through a combination of tougher regulation and enforcement, research, training, education and attention to mental healthcare. Several of the proposed actions involve better information sharing, including requiring federal agencies to make relevant data available to the FBI's background check system and easing legal barriers that prevent states from contributing data to that system.' But concrete plans are needed now to improve the current poor system of data collection and sharing. Federal CIO Steven VanRoekel's Digital Government Strategy, introduced in May, 'defines an IT architecture and processes for sharing digitized content securely, using Web APIs and with attention to protecting privacy. ... Unfortunately, on top of the data quality issues identified by the White House, and the FBI's and ATF's outdated IT systems, there's a lack of transparency about the systems used to enforce federal gun-control laws.'"
Programming

Is 'Brogramming' Killing Requirements Engineering? 432

Posted by Soulskill from the made-up-words-you-already-hate dept.
chicksdaddy writes "Veracode's blog has an interesting piece that looks at whether 'brogramming' — the testosterone- and booze-fueled coding culture depicted in movies like The Social Networkspells death for the 'engineering' part of 'software engineering.' From the post: 'The Social Network is a great movie. But, let's face it, the kind of "coding" you're doing when you're "wired in"... or drunk... isn't likely to be very careful or – need we say – secure. Whatever else it may have done, [brogramming's] focus on flashy, testosterone-fueled "competitive" coding divorces "writing software" – free form, creative, inspirational – from "software engineering," its older, more thoughtful and reliable cousin.' The article picks up on Leslie Lamport's recent piece in Wired: 'Why we should build software like we build houses' — also worth reading!"
Security

Online Ads Are More Dangerous Than Porn, Cisco Says 110

Posted by samzenpus from the watch-what-you-click dept.
wiredmikey writes "The popular belief is that security risks increase as the user engages in riskier and shadier behavior online, but that apparently isn't the case, Cisco found in its 2013 Annual Security report. It can be more dangerous to click on an online advertisement than an adult content site these days, according to Cisco. For example, users clicking on online ads were 182 times more likely to wind up getting infected with malware than if they'd surfed over to an adult content site, Cisco said. The highest concentration of online security targets do not target pornography, pharmaceutical, or gambling sites as much as they affect legitimate sites such as search engines, online retailers, and social media. Users are 21 times more likely to get hit with malware from online shopping sites and 27 more times likely with a search engine than if they'd gone to a counterfeit software site, according to Cisco's report (PDF). There is an overwhelming perception that people get compromised for 'going to dumb sites,' Mary Landesman, senior security researcher at Cisco, told SecurityWeek."
China

Wall Street Journal Hit By Chinese Hackers, Too 92

Posted by samzenpus from the join-the-party dept.
wiredmikey writes "The Wall Street Journal said Thursday its computers were hit by Chinese hackers, the latest U.S. media organization citing an effort to spy on its journalists covering China. The Journal made the announcement a day after The New York Times said hackers, possibly connected to China's military, had infiltrated its computers in response to its expose of the vast wealth amassed by a top leader's family. The Journal said in a news article that the attacks were 'for the apparent purpose of monitoring the newspaper's China coverage' and suggest that Chinese spying on U.S. media 'has become a widespread phenomenon.'"
Businesses

Amazon.com Suffers Outage: Nearly $5M Down the Drain? 173

Posted by timothy from the what-is-the-richter-scale-for-net-outages? dept.
First time accepted submitter Brandon Butler writes "Amazon.com, the multi-billion online retail website, experienced an outage of unknown proportions on Thursday afternoon. Rumblings of an Amazon.com outage began popping up on Twitter at about 2:40 PM ET. Multiple attempts to access the site around 3:15 PM ET on Thursday were met with the message: 'Http/1.1 Service Unavailable.' By 3:30 PM ET the site appeared to be back online for at least some users. How big of a deal is an hour-long Amazon outage? Amazon.com's latest earnings report showed that the company makes about $10.8 billion per quarter, or about $118 million per day and $4.9 million per hour." Update: 01/31 22:25 GMT by T : "Hackers claim credit."
Security

Turning the Belkin WeMo Into a Deathtrap 146

Posted by timothy from the they-keep-poltergeisting-me! dept.
Okian Warrior writes "As a followup to yesterday's article detailing 50 Million Potentially Vulnerable To UPnP Flaws, this video shows getting root access on a Belkin WeMo remote controlled wifi outlet. As the discussion notes, remotely turning someone's lamp on or off is not a big deal, but controlling a [dry] coffeepot or space heater might be dangerous. The attached discussion also points out that rapidly cycling something with a large inrush current (such as a motor) could damage the unit and possibly cause a fire." In the style of Bruce Schneier's movie-plot threat scenarios, what's the most nefarious use you can anticipate such remote outlet control being used for?
Communications

FTC Gets 744 New Ideas On How To Hang Up On Robocallers 281

Posted by timothy from the I'd-prefer-starving-them-in-a-cage dept.
coondoggie writes "The Federal Trade Commission today said the submission period for its Robocall Challenge had ended and it got 744 new ideas for ways to shut down the annoying automated callers. The FTC noted that the vast majority of telephone calls that deliver a prerecorded message trying to sell something to the recipient are illegal. The FTC regulates these calls under the Telemarketing Sales Rule and the Challenge was issued to developing technical or functional solutions and proofs of concepts that can block illegal robocalls which, despite the agency's best efforts, seem to be increasing."
Patents

Micron Lands Broad "Slide To Unlock" Patent 211

Posted by timothy from the is-it-malice-blindness-or-incompetence dept.
Zordak writes "Micron has recently landed U.S. Patent 8,352,745, which claims priority back to a February 2000 application---well before Apple's 2004 slide-to-unlock application. While claim construction is a highly technical art, the claims here are (for once) almost as broad as they sound, and may cover the bulk of touch screen smart phones on the market today. Dennis Crouch's Patently-O has a discussion."

Slashdot Top Deals