An anonymous reader writes "If you thought that Facebook's recent unannounced change of its users' email address tied with their account to Facebook ones was bad, you'll be livid if you check your mobile phone contacts and discover that the change has deleted the email addresses of many of your friends. According to Facebook, the glitch was due to a bug in its application-programming interface, and causes the last added email address to be pulled and added to the user's phone Contacts. The company says they are working hard at fixing the problem, but in the meantime, a lot of users have effectively lost some of the information stored on their devices."
Slashdot is powered by your submissions, so send in your scoop
Nerval's Lobster writes "Tech writer David Strom starts a discussion about how you should go about securing virtual machines for your organization. 'The need to protect physical infrastructure is well known at this point: most enterprises would balk at a network without any firewalls, intrusion prevention devices or anti-virus scanners. Yet these devices aren’t as well deployed in the virtual context. ... Take firewalls, for example. The traditional firewalls from Checkpoint or Juniper aren’t designed to inspect and filter the vast amount of traffic originating from a hypervisor running, say, ten virtualized servers. Because VMs can start, stop, and move from hypervisor to hypervisor at the click of a button, protective features have to be able to handle these movements and activities with ease and not set off all sorts of alarms within an IT department.' He goes through the main functional areas that need protection, and points out that many vendors make it difficult to price out a given security plan."
Sparrowvsrevolution writes "On Monday, Twitter published its first-ever Transparency Report, detailing how many times governments around the world demanded its users' information and asked it to remove content. The results show that the U.S. government asked for more Twitterers' private data than all other governments combined: 679 requests in the first half of 2012, of which 75% were at least partially granted. That's more than all of last year, with half of 2012 still to go. Within hours, the issue of governments helping themselves to Twitter users' private data was illustrated in the case of Malcolm Harris, an Occupy Wall Street protester who had his Twitter data subpoenaed in a criminal case for 'disorderly conduct.' Twitter had fought the request, which will help prosecutors identify Harris as the tweets' source. But a Manhattan judge ruled that users have no expectation of privacy for their Twitter data."
ShipLives writes "Mobile security researchers have identified an aspect of Android 4.0.4 (Ice Cream Sandwich) and earlier models that clickjacking rootkits could exploit. As part of an effort to identify potential weaknesses in smartphone platforms, the team was able to develop a proof-of-concept prototype rootkit that attacks the Android framework, rather than the underlying operating system kernel."
An anonymous reader writes "Last week, a number of Cisco customers began reporting problems with three specific Linksys-branded routers. When owners of the E2700, E3500, are E4500 attempted to log in to their devices, they were asked to login/register using their 'Cisco Connect Cloud' account information. The story that's emerged from this unexpected "upgrade" is a perfect example of how buzzword fixation can lead to extremely poor decisions."
An anonymous reader writes in with a Wired story about the problems caused by the leap second last night. "Reddit, Mozilla, and possibly many other web outfits experienced brief technical problems on Saturday evening, when software underpinning their online operations choked on the “leap second” that was added to the world’s atomic clocks. On Saturday, at midnight Greenwich Mean Time, as June turned into July, the Earth’s official time keepers held their clocks back by a single second in order to keep them in sync with the planet’s daily rotation, and according to reports from across the web, some of the net’s fundamental software platforms — including the Linux operating system and the Java application platform — were unable to cope with the extra second."
snydeq writes "The Compute Engine announcement at Google I/O made it clear that Google intends to take Amazon EC2 head on. Michael Crandell, who has been testing out Compute Engine for some time now, divulges deeper insights into the nascent IaaS, which, although enticing, will have a long road ahead of it in eclipsing Amazon EC2. 'Even in this early stage, three major factors about Google Cloud stood out for Crandell. First was the way Google leveraged the use of its own private network to make its cloud resources uniformly accessible across the globe. ... Another key difference was boot times, which are both fast and consistent in Google's cloud. ... Third is encryption. Google offers at-rest encryption for all storage, whether it's local or attached over a network. 'Everything's automatically encrypted,' says Crandell, 'and it's encrypted outside the processing of the VM so there's no degradation of performance to get that feature.'"
Tmack writes "The last time we had a leap second, sysadmins were taken a bit by surprise when a random smattering of systems locked up (including Slashdot itself) due to a kernel bug causing a race condition specific to the way leap seconds are handled/notified by ntp. The vulnerable kernel versions (prior to 2.6.29) are still common amongst older versions of popular distributions (Debian Lenny, RHEL/CentOS 5) and embedded/black-box style appliances (Switches, load balancers, spam filters/email gateways, NAS devices, etc). Several vendors have released patches and bulletins about the possibility of a repeat of last time. Are you/your team/company ready? Are you upgraded, or are you going to bypass this by simply turning off NTP for the weekend?" Update: 07/01 03:14 GMT by S : ZeroPaid reports that this issue took down the Pirate Bay for a few hours.
wiredmikey writes "It's refreshing to see a security report from a security vendor that isn't all doom-and-gloom and loaded with FUD. Web Application Security firm WhiteHat Security released a report this week (PDF) showing that the number of major vulnerabilities has fallen dramatically. Based on the raw data gathered from scans of over 7,000 sites, there were only 79 substantial vulnerabilities discovered on average in 2011. To compare, there were 230 vulnerabilities on average discovered in 2010, 480 in 2009, 795 in 2008, and 1,111 in 2007. As for the types of flaws discovered, Cross-Site Scripting (XSS) remained the number one problem, followed by Information Leakage, Content Spoofing, Insufficient Authorization, and Cross-Site Request Forgery (CSRF) flaws. SQL Injection, an oft-mentioned attack vector online – was eighth on the top ten."
shinjikun34 writes "I am currently stationed on a U.S. Navy ship deployed in a country with restrictive internet policies. We are currently in the process of setting up an entertainment internet connection for the crew to use in their downtime. I suggested (and was thereby tasked with finding) a VPN service that would support 100 to 500 devices, have an end point inside the continental United States, be reasonably priced, and secure/trustworthy. Something that is safe to use for banking and other financial affairs. Ideally, it would be fast enough to support several VoIP calls (Skype, Google Voice, etc) along side online gaming, with possible movie/music streaming. It will need an end point in the U.S. to allow for use of Google Books, Netflix, Hulu, and other services that restrict access based on region. I, in all honesty, have no idea where to begin searching, and I ask the good folks of Slashdot to aid me in my quest. One of the main requirements I was given is that the company has to be trustworthy. And it has to be a company — computer in someone's closet hosting a VPN isn't acceptable to the Navy. What services would Slashdot recommend? (I understand that our connection without a VN probably won't be able to handle the described load, but I would prefer a VN service that offers capacity above our need. That way when T/S'ing the connection, the VPN can be at least partially ruled out.)"
CWmike writes "Microsoft will support full upgrades to Windows 8 only from the three-year old Windows 7, according to a report Thursday by ZDNet blogger Mary Jo Foley. Citing unnamed sources, Foley said that Microsoft has informed select partners of the upgrade paths to Windows 8. While Microsoft may be revealing upgrade paths to some partners, it has been much more reticent to keep customers informed than three years ago when it rolled out Windows 7. Among the details the company has not disclosed are the on-sale date and the pricing of the two retail editions. By this time in 2009, Microsoft had revealed both: On June 2 that year, it pegged a launch date for Windows 7, and by June 25 had not only posted prices for the operating system but had also kicked off a pre-sale that discounted upgrades by as much as 58%. The increased secrecy from the company was demonstrated best last week, when it unveiled its first-ever tablet, the Surface, but left many questions unanswered, including the price, sales date, and even the hardware's battery life."
sl4shd0rk writes "A new Mac OS X exploit was discovered Friday morning by Kaspersky Labs which propogates through a zipfile attachment. The attachment tricks the Mac user into installing a variant of the MaControl backdoor via point-and-grunt. Embedded in the virus is an encrypted IP address belonging to a server in China which is believed to be a C+C server. Once installed, the virus opens a backdoor allowing the attacker on the C+C server to run commands on the compromised machine. Shortly after Kaspersky's announcement, AlienVault Labs claims to have found a similar version of the Mac malware which infects Windows machines. The Windows version appears to be a variant of the Gh0st RAT malware used last month in targeted attacks against Central Tibetan Administration. Both viruses are suspected of being tools in a campaign to attack Uyghur Activists."
An anonymous reader writes "Jeff Atwood at Coding Horror has a post about the awfulness of PHP — or, rather, a post about posts about the awfulness of PHP. He points out that PHP has been the whipping boy for the developer community for years, and while everybody seems happy to complain about it, nobody seems willing to do anything about it. He writes, 'From my perspective, the point of all these "PHP is broken" rants is not just to complain, but to help educate and potentially warn off new coders starting new codebases. Some fine, even historic work has been done in PHP despite the madness, unquestionably. But now we need to work together to fix what is broken. The best way to fix the PHP problem at this point is to make the alternatives so outstanding that the choice of the better hammer becomes obvious.'"