Comment yes. (Score 1, Funny) 400
yes.
Submission + - Browser user-agent triggered backdoor found in D-Link home routers (devttys0.com)
StealthHunter writes: It turned out that just by setting a browsers user-agent to "xmlset_roodkcableoj28840ybtide" anyone can remotely bypass all authentication on D-Link routers. It seems that thttpd was modified by Alphanetworks who inserted the backdoor. Unfortunately, vulnerable routers can be easily identified by services like shodanHQ. At least these models may have vulnerable firmware: DIR-100, DI-524, DI-524UP, DI-604S, DI-604UP, DI-604+, TM-G5240.
Submission + - QR code phishing study demonstrates viability of the attack - users ARE curious! (meiji.ac.jp)
StealthHunter writes: QR codes are starting to appear everywhere. The 2D barcode is an easy way to get unauthenticated data into a smartphone, and many apps automatically visit URLs found in QR codes without allowing the user to see the URL first. We attempt to teach users not to click on links, but what about QR codes? A new study shows that people scan QR codes primarily out of curiosity, and that the devices used to scan are unpatched against the latest exploits leaving users fundamentally unprotected.
The work from Carnegie Mellon will be presented at the Workshop on Usable Security in Japan next week. The data collection period strangely correlates with news and Slashdot posts observing such an attack.
The work from Carnegie Mellon will be presented at the Workshop on Usable Security in Japan next week. The data collection period strangely correlates with news and Slashdot posts observing such an attack.
Submission + - Mobile Phone Use Patterns Identify Individuals Better Than Fingerprints (securityledger.com)
chicksdaddy writes: "Mobile phone use may be a more accurate identifier of individuals than even their own fingerprints, according to research published on the web site of the scientific journal Nature.
Scientists at MIT and the Université catholique de Louvain in Belgium analyzed 15 months of mobility data for 1.5 million individuals who the same mobile carrier. Their analysis, “Unique in the Crowd: the privacy bounds of human mobility” showed that data from just four, randomly chosen “spatio-temporal points” (for example, mobile device pings to carrier antennas) was enough to uniquely identify 95% of the individuals, based on their pattern of movement. Even with just two randomly chosen points, the researchers say they could uniquely characterize around half of the 1.5 million mobile phone users. The research has profound implications for privacy, suggesting that the use of mobile devices makes it impossible to remain anonymous – even without the use of tracking software.
For their research, they studied anonymized carrier data from a “significant and representative part of the population of a small European country.” In the study, the researchers used sample data collected between April 2006 and June 2007. Each time a user interacted with their mobile phone operator network by initiating or receiving a call or a text message, the location of the connecting antenna was recorded, providing both a spatial and temporal data point.
“We show that the uniqueness of human mobility traces is high, thereby emphasizing the importance of the idiosyncrasy of human movements for individual privacy,” the researchers write. Given the amount of information that can be inferred from mobility data, as well as the potentially large number of simply anonymized mobility datasets available, this is a growing concern.”"
Scientists at MIT and the Université catholique de Louvain in Belgium analyzed 15 months of mobility data for 1.5 million individuals who the same mobile carrier. Their analysis, “Unique in the Crowd: the privacy bounds of human mobility” showed that data from just four, randomly chosen “spatio-temporal points” (for example, mobile device pings to carrier antennas) was enough to uniquely identify 95% of the individuals, based on their pattern of movement. Even with just two randomly chosen points, the researchers say they could uniquely characterize around half of the 1.5 million mobile phone users. The research has profound implications for privacy, suggesting that the use of mobile devices makes it impossible to remain anonymous – even without the use of tracking software.
For their research, they studied anonymized carrier data from a “significant and representative part of the population of a small European country.” In the study, the researchers used sample data collected between April 2006 and June 2007. Each time a user interacted with their mobile phone operator network by initiating or receiving a call or a text message, the location of the connecting antenna was recorded, providing both a spatial and temporal data point.
“We show that the uniqueness of human mobility traces is high, thereby emphasizing the importance of the idiosyncrasy of human movements for individual privacy,” the researchers write. Given the amount of information that can be inferred from mobility data, as well as the potentially large number of simply anonymized mobility datasets available, this is a growing concern.”"
Submission + - Study says users (at least a set that thinks about security) prefer Android (pcmag.com)
StealthHunter writes: The survey, conducted by av-comparatives, asked 5000 users questions about browsers, mobile OS, etc. "The survey also asked about preferred mobile operating systems and preferred browsers. Android took 51 percent of mobile users, Symbian 17 percent, and iOS/Apple 17 percent. The report notes that the dominance of Android means it will remain the biggest target for malware."
This survey doesn't quite match recent market-share numbers by Neilson which shows 52% Android, 34% iOS, and 8% BlackBerry.
This survey doesn't quite match recent market-share numbers by Neilson which shows 52% Android, 34% iOS, and 8% BlackBerry.
Submission + - Ungoogleable! Google makes Swedish Language Council remove word (bbc.co.uk)
bargainsale writes: Google seems to be having a fit of the MacJobs here ... personally I can only call this sort of behaviour ungoogleable.
Submission + - Fantastic JS1K submissions (js1k.com)
An anonymous reader writes: With just five days left in the current "write 1kb of JavaScript" competition, the submissions are becoming increasingly impressive. Take for instance a beautiful 3d animation, written in 1k and drawing on a 2d canvas. Or a mine cart animation. If you wait long enough you'll actually get to caves! Can you manage to write a demo that fits on the hall of fame before the deadline closes?
Submission + - T-Mobile ends contracts, ends subsidies.
AlphaWolf_HK writes: In what I see as a refreshing change, T-Mobile, the fourth largest carrier in the USA, has made sweeping changes to its service, with its CEO saying: "Here's the deal: If we suck this month, go somewhere else. If we're good, stay with us." after quietly ending contract plans last weekend. As part of that change, the new base plan will include unlimited access, including voice, text, and data. Data will be restricted to edge speeds after 500GB with no overage costs, but can be upgraded to 2.5GB for $10, or unlimited for $20. Portable wifi hotspot usage is also unrestricted for no additional cost. In addition, LTE services just went live in 8 markets. As is already standard practice with t-mobile, you are free to bring your own device. However, customers won't be fronting the full cost of the phone with unsubsidized plans. Unlike in the past, they'll know exactly what they're paying for the phone by means of interest free installments, and paying off the phone is an option at any time. Oh, and they're also offering the iphone 5 next month for $650. Or, you can do as I did and drop a cool $300 on a Nexus 4 directly from google, which unofficially works with t-mobiles LTE.
Comment Depends on use-case (Score 5, Insightful) 273
If your use-case is "leave attached to my TV" then a Pi makes a lot of sense. If you want to have a resilient case, be portable, have a small screen attached, etc, then maybe a phone makes more sense.
Submission + - Could the Election of the New Pope be Hacked? 1
Hugh Pickens writes writes: "The rules for papal elections are steeped in tradition. John Paul II last codified them in 1996, and Benedict XVI left the rules largely untouched. The "Universi Dominici Gregis on the Vacancy of the Apostolic See and the Election of the Roman Pontiff" is surprisingly detailed. Now as the College of Cardinals prepares to elect a new pope, security people like Bruce Schneier wonder about the process. How does it work, and just how hard would it be to hack the vote? First, the system is entirely manual, making it immune to the sorts of technological attacks that make modern voting systems so risky. Second, the small group of voters — all of whom know each other — makes it impossible for an outsider to affect the voting in any way. The chapel is cleared and locked before voting. No one is going to dress up as a cardinal and sneak into the Sistine Chapel. In short, the voter verification process is about as good as you're ever going to find. A cardinal can't stuff ballots when he votes. Then the complicated paten-and-chalice ritual ensures that each cardinal votes once — his ballot is visible — and also keeps his hand out of the chalice holding the other votes. Ballots from previous votes are burned, which makes it harder to use one to stuff the ballot box. What are the lessons here? First, open systems conducted within a known group make voting fraud much harder. Every step of the election process is observed by everyone, and everyone knows everyone, which makes it harder for someone to get away with anything. Second, small and simple elections are easier to secure. This kind of process works to elect a pope or a club president, but quickly becomes unwieldy for a large-scale election. And third: When an election process is left to develop over the course of a couple of thousand years, you end up with something surprisingly good."
Submission + - Firefox Will Soon Block Third-Party Cookies (webpolicy.org)
An anonymous reader writes: Stanford researcher Jonathan Mayer has contributed a Firefox patch that will block third-party cookies by default. It's now on track to land in version 22. Kudos to Mozilla for protecting their users and being so open to community submissions. The initial response from the online advertising industry is unsurprisingly hostile and blustering, calling the move 'a nuclear first strike.'
Comment This is getting (has gotten?) out of control (Score 1) 3
Let the companies innovate to make money, sitting on patents is getting ridiculous. Especially when the patent is awarded for something like (move your finger from left to right across a touch screen in order to effect some action"
The right solution is to award patents only for real innovation (for some definition of innovation) AND to arm the patent office with capable people that can actually understand what they are reviewing (which comes with the added cost of paying these competent people). Neither of these are likely to happen, so how do we go about fixing the situation?
Submission + - Curiosity killed the QRcode app, study finds curious men are most likely victims (cmu.edu)
An anonymous reader writes: It turns out that people scan QR codes simply because they are curious, not because the want information about a product. [Un]fortunately, curiosity is also a primary motivator for phishing campaigns used by scammers. In a recent study CMU researchers performed a QRishing (QR code phishing) experiment placing various types of QR codes around Pittsburgh. Besides finding that curiosity was the chief reason people scanned, it was also obvious that men are much more likely to fall victim to this scam.
In the real world, this attack would likely have been far more effective since these researchers were handcuffed by ethical research rules. Attackers could place QRcodes over existing ones or deface public property like parking meters. Heck, who wouldn't scan a QR code stick that had been placed on the neighborhood cat?
With the incredibly long and spurious patch cycle for today's Android devices, scanning a QR code could result in a bad guy having complete control of your mobile phone. Be wary next time you see one of these codes, certainly use a reader app that at least shows you the URL before launching your, probably old, browser!
In the real world, this attack would likely have been far more effective since these researchers were handcuffed by ethical research rules. Attackers could place QRcodes over existing ones or deface public property like parking meters. Heck, who wouldn't scan a QR code stick that had been placed on the neighborhood cat?
With the incredibly long and spurious patch cycle for today's Android devices, scanning a QR code could result in a bad guy having complete control of your mobile phone. Be wary next time you see one of these codes, certainly use a reader app that at least shows you the URL before launching your, probably old, browser!
Submission + - Nikon Agrees to Pay Microsoft "Android Tax" on Smart Cameras (dailytech.com) 3
walterbyrd writes: "Remember Nikon Corp.'s (TYO:7731) Android-powered smart cameras like the Coolpix S800c? Well it appears that adding Google Inc.'s free operating system isn't going to be quite so free — Microsoft Corp. has successfully shaken down the Japanese camera maker for a licensing fee."
Comment This not a samsung bug, and it's already fixed (Score 1) 151
The dialer no longer allows special characters that are part or USSD codes. see patch:
https://android.googlesource.com/platform/packages/apps/Contacts/+/39948dc7e34dc2041b801058dada28fedb80c388%5E!/#F0
now, everyone can still rant about how long it will take for owners to receive an updated version of Android (if ever).
and before anyone starts the iOS vs Android bantering. No, iOS does not have this particular flaw:
"Specifically, if a URL contains the * or # characters, the Phone application does not attempt to dial the corresponding phone number."
https://developer.apple.com/library/ios/#featuredarticles/iPhoneURLScheme_Reference/Articles/PhoneLinks.html
