justice4all writes "Google is working on a fix to a zero-day flaw discovered by British security expert Thomas Cannon that could lead to user data on a mobile phone or tablet device being exposed to attack. Cannon informed Google before posting information about the flaw on his blog. 'While doing an application security assessment one evening I found a general vulnerability in Android which allows a malicious website to get the contents of any file stored on the SD card,' Cannon wrote. 'It would also be possible to retrieve a limited range of other data and files stored on the phone using this vulnerability.'" Sophos's Chester Wisniewski adds commentary on how this situation is one of the downsides to Android's increasing fragmentation in the mobile marketplace.

theodp writes "The Irish government has been given a stark warning from some of the biggest American companies in Ireland on the risk of a mass exodus if the country's controversial low corporate tax rate is raised in return for an IMF/EU bailout to shore up the country's beleaguered banking system. According to The Telegraph, a statement signed by senior execs at Microsoft, HP, Bank of America, Merrill Lynch, and Intel points out that although Ireland's tax rate may be low in European terms, it is not when compared with locations such as Singapore, India and China. Separately, the head of Google's 2,000-strong European HQ in Dublin told the Belfast Telegraph, 'anything that impinges on Ireland's competitiveness is going to be a big thing for Google,' adding, 'anything that increases the cost-base of a business is negative for competitiveness.'"

CWmike writes "A computer security researcher says he plans to release code Thursday that could be used to attack some versions of Google's Android phones over the Internet. The attack targets the browser in older, Android 2.1-and-earlier versions of the phones. It is being disclosed Thursday at the HouSecCon conference by M.J. Keith, a security researcher with Alert Logic. Keith says he has written code that allows him to run a simple command line shell in Android (video) when the victim visits a website that contains his attack code. The bug used in Keith's attack lies in the WebKit browser engine used by Android. Google said it knows about the vulnerability. 'We're aware of an issue in WebKit that could potentially impact only old versions of the Android browser,' Google spokesman Jay Nancarrow confirmed in an e-mail. 'The issue does not affect Android 2.2 or later versions.' Version 2.2 runs on 36.2 percent of Android phones, Google says"

crudmonkey writes "Researchers have discovered a biological shocker: female boa constrictors are capable of giving birth asexually. But the surprise doesn't end there. The study in Biology Letters found that boa babies produced through this asexual reproduction — also known as parthenogenesis — sport a chromosomal oddity that researchers thought was impossible in reptiles. While researchers admit that the female in the study may have been a genetic freak, they say the findings should press researchers to re-think reptile reproduction. Virgin birth among reptiles, especially primitive ones like boas, they argue may be far commoner than ever expected."

thecarchik sends in this piece, which was published last March but remains timely: "OK, so here's a little test: Which saves more gasoline, going from 10 to 20 mpg, or going from 33 to 50 mpg? If you're like most Americans, you picked the second one. But, in fact, that's exactly backwards. Over any given mileage, replacing a 10-mpg vehicle with one that gets 20 mpg saves five times the gasoline that replacing a 33-mpg vehicle with one that gets 50 does. Last summer, Duke University's Fuqua School of Business released a study that shows how much damage comes from using MPG instead of consumption to measure how green a car is. Management professors Richard Larick and Jack Soll's experiments proved that consumers thought fuel consumption was cut at an even rate as mileage increased."

suraj.sun writes with this excerpt from the NY Post: "According to a person familiar with the matter, the Department of Justice and Federal Trade Commission are locked in negotiations over which of the watchdogs will begin an antitrust inquiry into Apple's new policy of requiring software developers who devise applications for devices such as the iPhone and iPad to use only Apple's programming tools. Regulators, this person said, are days away from making a decision about which agency will launch the inquiry. It will focus on whether the policy, which took effect last month, kills competition by forcing programmers to choose between developing apps that can run only on Apple gizmos or come up with apps that are platform-neutral, and can be used on a variety of operating systems, such as those from rivals Google, Microsoft, and Research In Motion. An inquiry doesn't necessarily mean action will be taken against Apple, which argues the rule is in place to ensure the quality of the apps it sells to customers. Typically, regulators initiate inquiries to determine whether a full-fledged investigation ought to be launched. If the inquiry escalates to an investigation, the agency handling the matter would issue Apple a subpoena seeking information about the policy."

eldavojohn writes "Republican Virginia Attorney General Ken Cuccinelli has requested receipts and research documents relating to nearly half a million dollars in state taxpayer money used to conduct climate change research at the University of Virginia while under direction of Michael Mann, originator of the famous 2001 IPCC Hockey Stick graph depicting rapid climate change. Mann appears to be a prime target for Cuccinelli — who has also requested hearings with the EPA to contest the grounds of their carbon dioxide studies. Mann's expenditures of taxpayer money may become problematic if Cuccinelli finds violations of Virginia's Fraud Against Taxpayers Act. Cuccinelli has been active in pushing conservative views in the past, including an effort to remove the titillating mammary from the beloved Great Seal of Virginia. No end in sight for the politicizing of the science and research surrounding climate change."

wto605 writes "As computers are used for more and more vital business functions, small businesses must have office employees who understand the dangers of, and how to recognize and avoid, malware, spam, and phishing. After having been stung by monthly virus cleanups (at $75 an hour) due to an otherwise competent office manager, my parents have realized they need to be aware of their employees' computer skills beyond the ability to type a letter in Microsoft Word (currently the closest thing they have to a test of computer competence). The problem is, as a small business, they have no IT expert who would be able to judge a potential employee's competency. I'm wondering if anyone knows of a good way to test these security/safety awareness skills, such as an online test, a set of questions, etc. I have already pointed them to Sonicwall's Spam and Phishing test, but it definitely does not cover all of the issues facing computer users."

Kohenkatz writes "A McAfee Update today (DAT 5958) incorrectly identifies svchost.exe, a critical Windows executable, as a virus and tries to remove it, causing endless reboot loops." Reader jswackh adds this terse description: "So far the fixes are sneakernet only. An IT person will have to touch all affected PCs. Reports say that it quarantines SVCHOST. [Affected computers] have no network access, and missing are taskbar/icons/etc. Basically non-functioning. Windows 7 seems to be unaffected." Updated 20100421 20:08 GMT by timothy: An anonymous reader points out this easy-to-follow fix for the McAfee flub.

XML co-founder Tim Bray has taken the job of 'Developer Advocate' at Google. Don't other companies call that position 'Evangelist?' Because he sure doesn't mince words against the iPhone in his first sermon: 'It's a sterile Disney-fied walled garden surrounded by sharp-toothed lawyers. The people who create the apps serve at the landlord's pleasure and fear his anger.

MikeChino sends in this excerpt from Inhabitat: "China already has the most advanced and extensive high-speed rail lines in the world, and soon that network will be connected all the way to Europe and the UK. With initial negotiations and surveys already complete, China is now making plans to connect its HSR line through 17 other countries in Asia and Eastern Europe in order to connect to the existing infrastructure in the EU. Additional rail lines will also be built into South East Asia as well as Russia, in what will likely become the largest infrastructure project in history." They hope to get it done within 10 years, with China providing the financing in exchange for raw materials, in some cases.

Trailrunner7 writes "Security researchers have found that Vodafone, one of the world's larger wireless providers, is distributing some HTC phones with malware pre-installed on them. The phone, HTC's Magic, runs the Google Android mobile operating system, and is one of the more popular handsets right now. A researcher at Panda Software received one of the handsets recently, and upon attaching it to her PC, found that the phone was pre-loaded with the Mariposa bot client. Mariposa has been in the news of late thanks to some arrests connected to the operation of the botnet."

An anonymous reader writes "Microsoft has finally shown 'Windows Phone 7 Series' and it's supposed to be a completely new smartphone OS. A phone from Microsoft to get excited about that is going to work properly and take on the iPhone's world domination? "

An anonymous reader writes "I purchased Rebel EFI in support of Psystar's crusade back in October. Just 3 short months later, I have no support. I found this out when I upgraded my hard drive and installed Snow Leopard using Rebel EFI. The program can no longer 'phone home' to activate or download/install drivers. This is a direct contradiction to Psystar's promise posted on their website: 'Psystar will continue to support all of its existing customers of hardware and software through this transitional period. Warranties on hardware will continue to be honored as long the customer has a valid warranty. Rebel EFI support for existing customers, as always, will remain exclusively available through email and the built-in ticket interface.' Has anyone else run into this issue? It has been 9 days with no response from Psystar by e-mail or phone."