33649901
submission
cadeon writes:
I work for a small company with a workforce management software product. We brought a fairly unique approach to market in 2004, and have developed the idea continuously since then. Our first of three patents was awarded in 2007.
At the moment we have exactly one customer. And while I can't blame our lack of commercial success on our ideas being copied — "No one ever got fired for buying $established_product" — I find myself wondering if it's time to try and enforce our patents.
Would doing so make us a patent troll, or is this the situation patents were created to help solve? If this isn't the right situation, what is?
33647441
submission
wiredmikey writes:
Late last week, news broke that web security and performance startup CloudFlare was attacked, resulting in a hacker being able to successfully redirect web traffic of one of the company’s largest clients, 4Chan.org. While CloudFlare was the victim in this attack, the methods used, along with a flaw in Google’s platform, potentially exposed a large number of Google Apps for Business customers.
It turns out, the attackers utilized some crafty social engineering to gain access to CloudFlare CEO Matthew Prince's voicemail and gain access to his Gmail account. From there, the attackers exploited a weakness in Google's Two-Factor authentication security which essentially disabled the service and let the attacker in and to access CloudFlare.Com email. (His personal email was listed as an account recovery)
Once the attacker obtained access to CloudFlare email accounts, he/she able to access a password reset. After likely searching for “4Chan” the attacker was able to quickly do a password reset and gain access to 4Chan’s CloudFlare account. From there, the attacker was able to temporarily redirect traffic from 4Chan.org to the attacker’s handle on Twitter.
Late Sunday, and into Monday, Google confirmed with that an authentication flaw did exist related to its two-factor authentication process that was used in the attack.
“We fixed a flaw that, under very specific conditions, existed in the account recovery process for Google Apps for Business customers,” a Google spokesperson told SecurityWeek. “If an administrator account that was configured to send password reset instructions to a registered secondary email address was successfully recovered, 2-step verification would have been disabled in the process. This could have led to abuse if their secondary email account was compromised through some other means.”
While an authentication flaw, social engineering, and questionable account recovery methods all played a part in the attack, CloudFlare admits, in Prince’s own words, that they “did some dumb things” which enabled the attacker to login and modify some customer records to redirect traffic, leading to the attack’s success.
“One dumb thing that we did early on,” Prince said, “was that in order to make sure that emails we sent to customers were performing correctly and that nobody was abusing our email sending process, some administrators within CloudFlare were BCC’d on transactional emails that were sent to customer accounts.”
This incent leaves us with some important considerations, especially for users that have a phone number associated with a Google account. For many, it's important to realize that your Google account may only be as secure as your four-digital voicemail PIN, so even with these recent kinks, adding two-factor authentication is a good idea for an additional layer of security.
33469631
submission
Screen404-O writes:
During radio interview ( http://wtop.com/120/2882193/Gov-Drones-over-Va-great-cites-battlefield-success ) VA Governor suggest that "Police drones flying over Virginia would be "great" and "the right thing to do" for the same reasons they are so effective in a battlefield environment,..."
Is this the next step toward militarizing our law enforcement with the ever present "eye in the sky"? What are the privacy implications?
33381211
submission
An anonymous reader writes:
CNN takes a look at Apple's response to the Department of Justice's investigation into eBook price fixing. The filing 'cuts the government's case to shreds' while at the same time not bothering to defend the five publishers also under investigation. Apple said, 'The Government starts from the false premise (PDF) that an eBooks "market" was characterized by "robust price competition" prior to Apple's entry. This ignores a simple and incontrovertible fact: before 2010, there was no real competition, there was only Amazon. At the time Apple entered the market, Amazon sold nearly nine out of every ten eBooks, and its power over price and product selection was nearly absolute.'
33378277
submission
mikejuk writes:
Following the successful defence of the Internet agains SOPA website owners are being invited to sign up to a project that will enable them to participate in future protest campaigns. The banner logo for the "bat-signal" site is a cat a reference to Ethan Zuckerman's cute cat theory of digital activism The idea is that sites would respond to the call to "defend the Internet" by joining a group blackout or getting users to sign petitions.
31499427
submission
philip.paradis writes:
Samba, the Windows interoperability suite of programs for Linux and Unix, appears to have recently suffered from a remote root code execution vulnerability. The relevant CVE hasn't been updated yet, but users are presumably encouraged to patch affected systems.
31191961
submission
parallel_prankster writes:
Researchers in MIT are developing tiny robots that can assemble themselves into products and then disassemble when no longer needed. "A heap of smart sand would be analogous to the rough block of stone that a sculptor begins with. The individual grains would pass messages back and forth and selectively attach to each other to form a three-dimensional object; the grains not necessary to build that object would simply fall away. When the object had served its purpose, it would be returned to the heap. Its constituent grains would detach from each other, becoming free to participate in the formation of a new shape." To attach to each other, to communicate and to share power, the cubes use 'electropermanent magnets,' materials whose magnetism can be switched on and off with jolts of electricity. Another discussion for this paper can be read here
30941829
submission
Trailrunner7 writes:
Alternative mobile app markets have become a great place to find new games, utilities and other apps. But mostly they're great if you're looking for the latest stealthy Android malware. The newest example is a piece of malware called TGLoader that is showing up in repackaged legitimate apps and has the ability to get root privileges on victims' phones and also cost them quite a bit of money by sending SMS messages to premium-rate numbers.
The TGLoader malware has appeared in some alternative Android app markets recently, and researchers at North Carolina State University discovered and analyzed it, finding it has a wide range of capabilities. The malware uses the "exploid" root exploit to get root privileges on compromised phones, and from there it starts installing a variety of apps and Android code that are designed to perform a long list of malicious actions.
29933981
submission
mr crypto writes:
In 2010 the Washington DC election board announced it had set up an e-voting system for absentee ballots and was planning to use it in an election. However, to test the system, it invited the security community and members of the public to try and hack it three weeks before the election.
"It was too good an opportunity to pass up," explained Professor Alex Halderman from the University of Michigan. "How often do you get the chance to hack a government network without the possibility of going to jail?"
With the help of two graduate students, Halderman started to examine the software. Despite it being a relatively clean Ruby on Rails build, they spotted a shell injection vulnerability within a few hours