Forgot your password?
typodupeerror

+ - Airbnb Partners With Cities For Disaster Preparedness->

Submitted by Anonymous Coward
An anonymous reader writes "Every time a city- or state-wide disaster strikes, services to help the victims slowly crop up over the following days and weeks. Sometimes they work well, sometimes they don't. Today, city officials in San Francisco and Portland announced a partnership with peer-to-peer lodging service Airbnb to work out some disaster-preparedness plans ahead of time. Airbnb will locate hosts in these cities who will commit to providing a place to stay for people who are displaced in a disaster, and then set up alerts and notifications to help people find these hosts during a crisis. The idea is that if, say, an earthquake or wildfires for thousands of people to evacuate their homes, they can easily be absorbed into an organized group of willing hosts, rather than being shunted to one area and forced to live in a school gymnasium or similar."
Link to Original Source
Android

Old Apache Code At Root of Android FakeID Mess 121

Posted by Soulskill
from the write-once-run-anywhere dept.
chicksdaddy writes: A four-year-old vulnerability in an open source component that is a critical part of Android leaves hundreds of millions of mobile devices susceptible to silent malware infections. The vulnerability affects devices running Android versions 2.1 to 4.4 ("KitKat"), according to a statement released by Bluebox. The vulnerability was found in a package installer in affected versions of Android. The installer doesn't attempt to determine the authenticity of certificate chains that are used to vouch for new digital identity certificates. In short, Bluebox writes, "an identity can claim to be issued by another identity, and the Android cryptographic code will not verify the claim."

The security implications of this are vast. Malicious actors could create a malicious mobile application with a digital identity certificate that claims to be issued by Adobe Systems. Once installed, vulnerable versions of Android will treat the application as if it was actually signed by Adobe and give it access to local resources, like the special webview plugin privilege, that can be used to sidestep security controls and virtual 'sandbox' environments that keep malicious programs from accessing sensitive data and other applications running on the Android device. The flaw appears to have been introduced to Android through an open source component, Apache Harmony. Google turned to Harmony as an alternative means of supporting Java in the absence of a deal with Oracle to license Java directly.

Work on Harmony was discontinued in November, 2011. However, Google has continued using native Android libraries that are based on Harmony code. The vulnerability concerning certificate validation in the package installer module persisted even as the two codebases diverged.

+ - Old Apache Code at Root of Android FakeID Mess->

Submitted by chicksdaddy
chicksdaddy (814965) writes "The Security Ledger reports that a four year-old vulnerability in an open source component that is a critical part of Android mobile OS leaves hundreds of millions of mobile devices susceptible silent malware infections. (https://securityledger.com/2014/07/old-apache-code-at-root-of-android-fakeid-mess/)

The vulnerability was disclosed on Tuesday (http://bluebox.com/news/). It affects devices running Android versions 2.1 to 4.4 (“KitKat”), according to a statement released by Bluebox. According to Bluebox, the vulnerability was found in a package installer in affected versions of Android. The installer doesn't attempt to determine the authenticity of certificate chains that are used to vouch for new digital identity certificates. In short, Bluebox writes “an identity can claim to be issued by another identity, and the Android cryptographic code will not verify the claim.”

The security implications of this are vast. Malicious actors could create a malicious mobile application with a digital identity certificate that claims to be issued by Adobe Systems. Once installed, vulnerable versions of Android will treat the application as if it was actually signed by Adobe and give it access to local resources, like the special webview plugin privilege, that can be used to sidestep security controls and virtual ‘sandbox’ environments that keep malicious programs from accessing sensitive data and other applications running on the Android device.

In a scenario that is becoming all too common: the flaw appears to have been introduced to Android through an open source component — this time from Apache Harmony (http://harmony.apache.org/), an open source alternative to Oracle’s Java. Google turned to Harmony as an alternative means of supporting Java in the absence of a deal with Oracle to license Java directly.

Work on Harmony was discontinued in November, 2011. However, Google has continued using native Android libraries that are based on Harmony code. The vulnerability concerning certificate validation in the package installer module persisted even as the two codebases diverged."

Link to Original Source

+ - Chinese government probes Microsoft over anti-monopoly issues

Submitted by DroidJason1
DroidJason1 (3589319) writes "The Chinese government is investigating Microsoft for possible breaches of anti-monopoly laws, following a series of surprise visits to Redmond's offices in cities across China on Monday. These surprise visits were part of China's ongoing investigation, and were based on security complaints about Microsoft’s Windows operating system and Office productivity suite. Results from an earlier inspection apparently were not enough to clear Microsoft of suspicion of anti-competitive behavior. Microsoft's alleged anti-monopoly behavior is a criminal matter, so if found guilty, the software giant could face steep fines as well as other sanctions."
The Almighty Buck

35% of American Adults Have Debt 'In Collections' 445

Posted by Soulskill
from the all-the-cool-kids-are-doing-it dept.
New submitter meeotch writes: According to a new study by the Urban Institute, 35% of U.S. adults with a credit history (91% of the adult population of the U.S.) have debt "in collections" — a status generally not acquired until payments are at least 180 days past due. Debt problems seem to be worse in the South, with states hovering in the 40%+ range, while the Northeast has it better, at less than 30%. The study's authors claim their findings actually underrepresent low-income consumers, because "adults without a credit file are more likely to be financially disadvantaged."

Oddly, only 5% of adults have debt 30-180 days past due. This latter fact is partially accounted for by the fact that a broader range of debt can enter "in collections" status than "past due" status (e.g. parking tickets)... But also perhaps demonstrates that as one falls far enough along the debt spiral, escape becomes impossible. Particularly in the case of high-interest debt such as credit cards — the issuers of which cluster in states such as South Dakota, following a 1978 Supreme Court ruling that found that states' usury laws did not apply to banks headquartered in other states.

Even taking into account the folks who lost a parking ticket under their passenger seat, 35% is a pretty shocking number. Anyone have other theories why this number is so much higher than the 5% of people who are just "late"? How about some napkin math on the debt spiral?
Businesses

EA Tests Subscription Access To Game Catalog 54

Posted by Soulskill
from the in-case-you-wanted-to-subscribe-to-yet-another-service dept.
An anonymous reader writes: Electronic Arts has announced a new program called "EA Access," a subscription-based service that will grant Xbox One users access to a small catalog of EA's popular games, as well as early trials of upcoming games. They're beta testing the service now, and the available games are FIFA 14, Madden NFL 25, Peggle 2, and Battlefield 4. (More titles will be added later.) They're charging $5 per month or $30 per year. It probably won't ever include their newest releases, but it's interesting to see such a major publisher experimenting with a Netflix-style subscription service.

+ - Six Ways Big Telecom Tries to Kill Community Broadband

Submitted by Jason Koebler
Jason Koebler (3528235) writes "Beyond merely staying out of each other's way in many big cities, ISPs have managed to throw up legal, logistical, and financial roadblocks at every turn to prevent municipally owned fiber networks from taking hold in many parts of the country.
The lobbying money is well-documented, but some of the other strategies, such as threatening to cut off business with companies who help build municipal fiber networks, are less known. Catharine Rice of the Coalition for Local Internet Choice, says there are at least six distinct tactics national telecom companies have perfected to do this."
The Internet

Which Is Better, Adblock Or Adblock Plus? 292

Posted by Soulskill
from the who-blacklists-the-blacklisters dept.
An anonymous reader writes: Wladimir Palant is the creator of the Adblock Plus browser extension, but he often gets asked how it compares to a similar extension for Chrome called Adblock. In the past, he's told people the two extensions achieve largely the same end, but in slightly different ways. However, recent changes to the Adblock project have him worried. "AdBlock covertly moved from an open development model towards hiding changes from its users. Users were neither informed about that decision nor the reasons behind it." He goes through the changelog and highlights some updates that call into question the integrity of Adblock. For example, from an update on June 6th: "Calling home functionality has been extended. It now sends user's locale in addition to the unique user ID, AdBlock version, operating system and whether Google Search ads are being allowed. Also, AdBlock will tell getadblock.com (or any other website if asked nicely) whether AdBlock has just been installed or has been used for a while — again, in addition to the unique user ID." Of course, Palant has skin in this game, and Adblock Plus has dealt with fallout from their "acceptable ads policy," but at least it's still developed in the open.

+ - Huge waves measured for first time in Arctic Ocean->

Submitted by vinces99
vinces99 (2792707) writes "As the climate warms and sea ice retreats, the North is changing. An ice-covered expanse now has a season of increasingly open water that is predicted to extend across the whole Arctic Ocean before the middle of this century. Storms thus have the potential to create Arctic swell – huge waves that could add a new and unpredictable element to the region. A University of Washington researcher made the first study of waves in the middle of the Arctic Ocean and detected house-sized waves during a September 2012 storm. The results were recently published in Geophysical Research Letters.

“As the Arctic is melting, it’s a pretty simple prediction that the additional open water should make waves,” said lead author Jim Thomson, an oceanographer with the UW Applied Physics Laboratory. His data show that winds in mid-September 2012 created waves of 5 meters (16 feet) high during the peak of the storm. The research also traces the sources of those big waves: high winds, which have always howled through the Arctic, combined with the new reality of open water in summer."

Link to Original Source

+ - Are you being tracked by your phone's wifi?

Submitted by toshikodo
toshikodo (2976757) writes "The authorities in the UK city of York are about to role out a system supplied by Purple Wifi that will, according to the BBC, track people as they move around the city using the mac address from the wifi pings received from their mobile phones. They claim that this tracking will be anonymous unless you sign up for their "free" wifi, but what if they have already obtained your mac address from some other source, say some hotel you stayed in two years ago? Will this really be anonymous, and is this something local government should ever be involved with?"
Build

A Look At the Firepick Delta Circuit Board Assembler (Video) 40

Posted by Roblimo
from the components-get-tinier-every-year dept.
From the Firepick website: 'We are developing a really cool robotic machine that is capable of assembling electronic circuit boards (it also 3D prints, and does some other stuff!). It uses a vacuum nozzle to pick really tiny resistors and computer chips up, and place them down very carefully on a printed circuit board.' There are lots of companies here and in China that will happily place and solder components on your printed circuit board, but hardly any that will do a one-off prototype or a small quantity. And the components have gotten small enough that this is really a job for a robot (or at least a Waldo), not human fingers. || There are obviously other devices on the market that do this, but Firepick Delta creator Neil Jansen says they are far too expensive for small companies, let alone individual makers.

The Firepick Delta Hackaday page talks about a $300 price for this machine. That may be too optimistic, but even if it ends up costing two or three times that amount, that's still a huge step forward for small-time inventors and custom manufacturers who need to populate just a few circuit boards, not thousands. They have a Haxlr8r pitch video, and have been noticed by TechCrunch, 3DPrintBoard.com, and Adafruit, just to name a few. Kickstarter? Not yet. Maybe next year. Open source? Totally, complete with GitHub repository. And they were at OSCON 2014, which is where Timothy found them. (Alternate Video Link)

+ - US Navy sonar causing whale deaths->

Submitted by Taco Cowboy
Taco Cowboy (5327) writes "US Navy's sonar is so loud that it is causing whales' brain to hemorrhage and blood vessels bursting, and when that happened, whales go up to the shallow waters and sometimes ended up beaching themselves.That happened in the Bahamas, back in March, 2000

On the morning of March 15, 2000, 17 beaked whales stranded themselves on beaches in the northern Bahamas. It was an terrible and extraordinary event: Beaked whales are the world’s deepest-diving mammals, and these creatures had spent most of their lives in deep undersea canyons. For even one to show up in shallow water would be extremely unusual, for 17 to strand was almost inconceivable

It just so happened that just a few feet away from one of the beaches lived Ken Balcomb, a beaked whale researcher who more than anyone in the world was equipped to find out what happened. Long before Mr. Balcomb started studying whales he had served two tours of duty in the Navy, where he’d done classified work with submarine-detecting sonar. He knew just how loud it could be, and in days following the stranding he photographed Navy destroyers in Bahamian waters

Mr. Balcomb had several of the dead whales’ heads sent for autopsies—and when they returned evidence of hemorrhages, he knew what happened. The whales had fled to shallow water to escape noise so concussively loud it burst blood vessels in their brains.

“I believe the Navy did it,” Balcomb soon announced at a press conference. With that began an epic legal and scientific battle to make the Navy admit what happened, and then to do something about it. Against all odds, it’s a battle in which Balcomb and environmentalists have been largely successful, winning commitments from the Navy to research sonar’s effects on whales and to consider them when planning training exercises"

Link to Original Source

We have a equal opportunity Calculus class -- it's fully integrated.

Working...