Submission + - How intercept calls on new Cisco phones (scmagazine.com.au)
mask.of.sanity writes: Researchers have demonstrated a series of exploits that turn Cisco IP phones into listening bugs, and could allow a denial of service attack capable of silencing a call centre.
It allows internal staff and competitors with a little publicly-available information to hijack the phones, wiretap calls and eavesdrop on confidential meetings.
The attacks work through a sequence of exploits against the latest Cisco phones enabled to run off the shelf.
Most people are vunerable, the researchers say, because they do not harden their systems in line with recommended security requirements.
It allows internal staff and competitors with a little publicly-available information to hijack the phones, wiretap calls and eavesdrop on confidential meetings.
The attacks work through a sequence of exploits against the latest Cisco phones enabled to run off the shelf.
Most people are vunerable, the researchers say, because they do not harden their systems in line with recommended security requirements.
Comment Addicts (Score 1) 1
Is COD the gaming equivalent of crack?
Submission + - PlayStation Network Down, Xbox 360 Up (ibtimes.com) 1
Daniel_Lee writes: The Sony PlayStation Network (PSN) outage has angered and frustrated Sony fans into rushing to retail stores and trading in their PlayStation3 (PS3) consoles for rival Microsoft Xbox 360 systems. Reports from retail stores indicated that more customers have been trading in their entire PlayStation3 set including both console and games for the Xbox 360, mostly for Call of Duty online gamers.
Submission + - Flash 10.3 Update Puts Users In Charge Of Privacy (computerworld.com)
CWmike writes: "Adobe has released an important update to its Flash Player software that fixes critical security flaws and gives users a better way of controlling whether they are being tracked on the Web. The Flash Player 10.3 update, released Thursday, lets users manage Flash cookies using their browser's privacy settings or through a new control panel. Flash cookies, also called 'Local Stored Objects,' have been a sore spot for Adobe users since 2009, when researchers showed they were being used extensively to track Web surfers. The problem is that Flash cookies historically have been hard to remove, unlike traditional cookies, and some sites have used them to track users who have wanted to block cookies. Seth Schoen, a senior staff technologist with the Electronic Frontier Foundation who has followed the Flash cookie problem, said: 'I'm glad Adobe is addressing this in a comprehensive way,' he said by email. 'It's a shame that it's taken such a long time, but it's good that it's finally happened.'"
Submission + - Comcast Helps Fix TPB's Connectivity Issues (torrentfreak.com)
MagusSlurpy writes: "Far from blocking The Pirate Bay, Comcast was just one of several ISPs on which TPB was unreachable today. Comcast reached out to the torrent site, and its engineers provided technical support, eventually determining that the connectivity issues stemmed from a reverse path filtering issue at an intermediate ISP, Serious Tubes Networks."
Submission + - The Agonies of holding down a Day Job! (survivingeconomiccollapse.net)
An anonymous reader writes: Interesting and hilarious rant from a man fed up with his pointless corporate day job!
Submission + - Google Engineers Deny Hack Exploited Chrome (computerworld.com)
CWmike writes: "Several Google security engineers have countered claims that a French security company, Vupen, found a vulnerability in Chrome that could let attackers hijack Windows PCs running the company's browser. Instead, those engineers said the bug Vupen exploited to hack Chrome was in Adobe's Flash, which Google has bundled with the browser for over a year. Google's official position, however, has not changed since Vupen said it had sidestepped not only the browser's built-in 'sandbox' but also by evading Windows 7's integrated anti-exploit technologies. But others who work for Google were certain that at least one of the flaws Vupen exploited was in Flash's code, not Chrome's. 'As usual, security journalists don't bother to fact check,' said Tavis Ormandy, a Google security engineer, in a tweet earlier Wednesday. 'Vupen misunderstood how sandboxing worked in Chrome, and only had a Flash bug.' Chris Evans, a Google security engineer and Chrome team lead, tweeted, 'It's a legit pwn, but if it requires Flash, it's not a Chrome pwn.'"
Submission + - FCC Commissioner joins NBC-Comcast (comcast.com)
demonbug writes: Several sources are reporting that FCC Commissioner Meredith Baker will be leaving her position at the FCC on June 3. Just four months after voting to approve the merger of NBC-Universal and Comcast, she will be taking a position as the Senior Vice President for Government Affairs (a lobbying position) with Comcast.
Submission + - ant.com video downloader snoops (iwtf.net)
simonplexus writes: "I was recently doing some web development and discovered that a popular 4 star rated Firefox addon with nearly 7 million users (source: here) is behaving in a way which I did not expect. The Addon in question is the video downloader and player from ant.com, which allows viewing or downloading of videos from sites like youtube.com and many other popular video sites.
What I discovered has prompted me to write this article – that this addon is in fact clandestinely collecting data about every site that the addon users visit (not just ant.com or video sites) and specifically tying this back to you via a cookie and what appears to be a unique identifier, aka UUID — contrary to the published privacy policy. This happens in regular browsing, browsing on your corporate VPN, ‘Private browsing’ mode and browsing via proxies or anonymising services such as Tor, completely bypassing many layers of anonymity and security afforded by services such as proxies, Tor and corporate VPNs."
What I discovered has prompted me to write this article – that this addon is in fact clandestinely collecting data about every site that the addon users visit (not just ant.com or video sites) and specifically tying this back to you via a cookie and what appears to be a unique identifier, aka UUID — contrary to the published privacy policy. This happens in regular browsing, browsing on your corporate VPN, ‘Private browsing’ mode and browsing via proxies or anonymising services such as Tor, completely bypassing many layers of anonymity and security afforded by services such as proxies, Tor and corporate VPNs."
Submission + - YouTube, gaming and social networking busting TV's (arnnet.com.au) 1
splitenz writes: TV executive tells major Australian broadband conference that television audiences are slipping away into social media, gaming and other online subscription spaces. YouTube and online gaming is taking the traditional TV audience online and TV is struggling to fightback.
Submission + - Binary Compatibility and versioning
Wolfling1 writes: Binary compatibility is a common problem when there are multiple versions of a library. This is particularly topical given the mess Microsoft made of ADO with the recent release of Win7SP1. I have some opinions about how version numbering should be used to ensure consistent interfaces, but I am curious to read /.'s opinion on how libraries should be deployed to prevent unwanted backwards/forwards compatibility issues.
Submission + - Another Facebook Blunder (tidbits.com)
sixfive0two writes: The news site Ars Technica (owned by Condé Nast Digital) woke up Thursday morning to find their Facebook page locked after an unknown person complained to Facebook that some piece of Ars Technica content infringed on their rights. With no warning, explanation, or clear appeal process, and with only minimal communication after Ars staffers started to investigate, the Ars Technica Facebook page remains inaccessible.
The Ars comments are worth a look
The Ars comments are worth a look
Submission + - Amazon EC2 Crash Caused Data Loss (businessinsider.com)
Relayman writes: Henry Blodget is reporting that the recent EC2 crash caused permanent data loss. Apparently, the backups that were being made were not sufficient to recover the lost data. Although a small percentage of the total data was lost, any data loss can be bad to a Website operator.
Submission + - Scientists builds microscale on-chip qubit emitter (itnews.com.au)
schliz writes: Researchers have developed an on-chip, microscale photon pair emitter as part of a project that aims to deliver the “world’s first chip-based quantum information device” within five years. The 80-micron-long silicon photonic crystal waveguide slowed light by a factor 20 to 30, and could be one way of scalably generating qubits for future cryptographic and computing applications.
