benfrog writes "The security bug that has been stalling the 'dot-word TLD land grab' might be fixed, but ICANN says it needs another week 'to sift through its mountains of TAS logs, in order to figure out which applicants' data was visible to which other applicants.' Needless to say, some are less than thrilled about the further delay."
Trailrunner7 writes, quoting Threatpost: "Search giant Google said it is quintupling the top bounty it will pay for information on security holes in its products to $20,000. Google said it was updating its rewards and rules for the bounty program, which is celebrating its first anniversary. In addition to a top prize of $20,000 for vulnerabilities that allow code to be executed on product systems, Google said it would pay $10,000 for SQL injection and equivalent vulnerabilities in its services and for certain vulnerabilities that leak information or allow attackers to bypass authentication or authorization features."
judgecorp writes "TapLogger, a proof-of-concept Trojan for Android developed by resarchers at Pennsylvania State University and IBM, uses information from the phone's motion sensor to deduce what keys the user has tapped (PDF), thus revealing otherwise-hidden information such as passwords and PINs."
With more on the Flashback malware plaguing many Macs, beaverdownunder writes with some explanation of how the infection grew so quickly: "Alexander Gostev, head of the global research and analysis team at Kaspersky, says that 'tens of thousands of sites powered by WordPress were compromised. How this happened is unclear. The main theories are that bloggers were using a vulnerable version of WordPress or they had installed the ToolsPack plug-in.'"
CowboyRobot writes "Last year, a Nigerian man boarded a plane from N.Y. to L.A. using an invalid ID and a boarding pass issued to another person. A week later he was caught again with 10 expired boarding passes. In response to this and similar events, the Transportation Security Administration has begun testing a new system at Washington's Dulles International Airport that verifies an air traveler's identity by matching photo IDs to boarding passes and ensures that boarding passes are authentic. The test will soon be expanded to Houston and Puerto Rico."
New submitter seb42 writes "Pixel Qi announces new screens that can match or exceed the image quality of the screen in the iPad3, with a very low power mode that runs at a full 100X power reduction from the peak power consumed by the iPad3 screen. Hope the Google tablet has this tech." The claims are pretty bold, and specific: "We have a new architecture that matches the resolution of the ipad3 screen, and its full image quality including matching or exceeding contrast, color saturation, the viewing angle and so forth with massive power savings."
chicksdaddy writes "Threatpost is reporting on a new study of mobile malware that finds accountability, not superior technology, has kept Apple's iOS ecosystem free of viruses, even as the competing Android platform strains under the weight of repeated malicious code outbreaks. Dan Guido of the firm Trail of Bits and Michael Arpaia of iSEC Partners told attendees at the SOURCE Boston Conference on Thursday about an empirical analysis of existing malicious programs for the Android and iOS platforms which shows that Google is losing the mobile security contest badly — every piece of malicious code the two identified was for the company's Android OS, while Apple's iOS remained free of malware, despite owning 30% of the mobile smartphone market in the U.S. Apple's special sauce? Policies that demand accountability from iOS developers, and stricter controls on what applications can do once they are installed on Apple devices."
mspohr writes with this excerpt from Democracy Now!: "National Security Agency whistleblower William Binney reveals he believes domestic surveillance has become more expansive under President Obama than President George W. Bush. He estimates the NSA has assembled 20 trillion 'transactions' — phone calls, emails and other forms of data — from Americans. This likely includes copies of almost all of the emails sent and received from most people living in the United States. Binney talks about Section 215 of the USA PATRIOT Act and challenges NSA Director Keith Alexander's assertion that the NSA is not intercepting information about U.S. citizens." The parts about National Security Letters in particular are chilling, even though the issue is not new.
Sparrowvsrevolution writes "Security firm Dr. Web released new statistics Friday showing that the process of eliminating Flashback from Macs is proceeding far slower than expected: On Friday the security firm, which first spotted the Mac botnet earlier this month, released new data showing that 610,000 active infected machines were counted Wednesday and 566,000 were counted Thursday. That's a slim decrease from the peak of 650,000 to 700,000 machines infected with the malware when Apple released its cleanup tool for the trojan late last week. Earlier in the week, Symantec reported that only 140,000 machines remained infected, but admitted Friday that an error in its measurement caused it to underestimate the remaining infections, and it now agrees with Dr. Web's much more pessimistic numbers."
Sparrowvsrevolution writes "Four years ago, security researcher Adam J. O'Donnell used game theory to predict in a paper for IEEE Security and Privacy when malware authors would start targeting Macs. Based on some rough assumptions and a little algebra, he found that it would only become profitable to target Apple's population of users when they reached 16% market share. So why are we now seeing mass attacks on Macs like the Flashback trojan when Apple only has 11% market share? O'Donnell says it turns out he may have underestimated the effectiveness of the antivirus used by most Windows users, which now makes overconfident Mac users a relatively vulnerable and much more appealing target. Based on current antivirus detection rates, O'Donnell's equations now show that victimizing Macs becomes a profitable alternative to PCs at just 6.5% market share."
Qedward writes "The European Parliament has approved the controversial data transfer agreement, the bilateral PNR (passenger name register), with the US which requires European airlines to pass on passenger information, including name, contact details, payment data, itinerary, email and phone numbers to the Department of Homeland Security. Under the new agreement, PNR data will be 'depersonalized' after six months and would be moved into a 'dormant database' after five years. However the information would still be held for a further 15 years before being fully 'anonymized.'"
Jeremiah Cornelius writes "Khosrow Zarefarid warned of a security flaw in Iran's banking system providing affected institutions the details, including 1,000 captured bank accounts. When the affected banks, including the largest state institutions didn't respond, Khosrow hacked 3 million accounts across at least 22 banks. He then dropped these details — including card numbers and PINs — on his blog. Three Iranian banks Saderat, Eghtesad Novin, and Saman have already warned customers to change their debit card PINs. 'Zarefarid is reportedly no longer in Iran, though it is unclear when he left.'"
peetm writes "Two 70-year-old papers by Alan Turing on the theory of code breaking have been released by the government's communications headquarters, GCHQ. It is believed Turing wrote the papers while at Bletchley Park working on breaking German Enigma codes. A GCHQ mathematician said the fact that the contents had been restricted 'shows what a tremendous importance it has in the foundations of our subject.'"
New submitter grzzld writes "I am a systems analyst for a County in New York. Last year I made a SharePoint site that manages grants and it was well received. So much so that it won a NACo award. Since then, there have been several requests from other municipalities from around the country who would like to get this SharePoint site. The county is trying to figure out how to protect ourselves from people making money from it and having people hold us liable if it they use it and something goes awry. I am afraid that ultimately nothing will be done and the site will not be shared since at the end of the day it is much easier to not do anything and just say no. I proposed that we license it under an Open Source agreement but I am not versed enough in the differences between all of them. It is also unclear to me if I could do this since the nature of the 'program' is a SharePoint site. It seemed like CodePlex would be a good place to put this since it is Microsoft centric and it an open source initiative. I just want to contribute my work to others who may find it useful. The county just wants to make sure they can't be held liable and have somebody turn my work around and make a buck. How can I release this to the world and make sure the county's concerns are addressed?"