Forgot your password?

Close
typodupeerror

+ - Tool reveals iPad and iPhone user locations->

Submitted by mask.of.sanity
mask.of.sanity writes "A researcher has found that Apple user locations can be potentially determined by tapping into Apple Maps and he has created a Python tool to make the process easier.

iSniff GPS accesses Apple's database of wireless access points, which is collected by iPhones and iPads that have GPS and wifi location services enabled.

Apple uses this 'crowd-sourced' data to run its location services, however the location database is not meant to be public.

You can download the tool via Giuthub."
Link to Original Source

+ - New Zealand set to prohibit software patents->

Submitted by Drishmung
Drishmung writes "The New Zealand Commerce Minister Craig Foss today (9 May 2013) announced a significant change to the Patents Bill currently before parliament, replacing the earlier amendment with far clearer law and re-affirming that software really will be unpatentable in New Zealand.

An article on the Institute of IT Professionals web site by IT Lawyer Guy Burgess looks at the the bill and what it means, with reference to the law in other parts of the world such as the USA, Europe and Britain (which is slightly different from the EU situation)."
Link to Original Source

+ - OSINT Tool Lets You Gather Facebook User Profiles And Phone Numbers By Area Code->

Submitted by chicksdaddy
chicksdaddy writes "We all know that Facebook Graph Search is going to be a privacy nightmare (http://actualfacebookgraphsearches.tumblr.com/). But one person's nightmare is another's wet dream — notably: social engineers, penetration testers and stalkers. Meet Facebook Harvester, a new module for Recon-ng an open source web reconnaissance framework that allows anyone with a Facebook Developer account to harvest phone numbers associated with Facebook user accounts, The Security Ledger reports.

Harvester allows Recon-ng uses to query the Graph Search API directly for phone number information. It enables brute force searching by partial phone numbers, including area code, area code + exchange or the last four digits, according to a blog post by Rob Simon (@_Kc57), a Canton, Ohio- based security professional, who wrote about Harvester on his personal blog. (http://kc57.com/facebook-osint-module-for-recon-ng/). In one powerful example of Graph Search’s capabilities, Simon entered just an area- and exchange code, returning a list of names, Facebook usernames and account profiles, gender and full phone numbers in that area.

There are some limitations to the Facebook Harvester module, to be sure. It is a proof-of-concept and only useful for gathering phone numbers. The plug-in also requires an active authentication token from Facebook to work. Those are issued from Facebook’s developer site and only last for about an hour, though Simon says he has discovered a means to bypass the limits put on the Graph API.

A Facebook spokesman said there are other protections — including limits on the number of queries to the API. Besides: tools like Harvester are a violation of Facebook's Terms of Use, which require company permission to do any "scraping" or automated crawling of user accounts."
Link to Original Source

+ - U.S. DOJ say they don't need warrants for e-mail, Facebook chats->

Submitted by gannebraemorr
gannebraemorr writes "The U.S. Department of Justice and the FBI believe they don't need a search warrant to review Americans' e-mails, Facebook chats, Twitter direct messages, and other private files, internal documents reveal. Government documents obtained by the American Civil Liberties Union and provided to CNET show a split over electronic privacy rights within the Obama administration, with Justice Department prosecutors and investigators privately insisting they're not legally required to obtain search warrants for e-mail."
Link to Original Source

+ - Ancient DNA Found Hidden Below Sea Floor->

Submitted by sciencehabit
sciencehabit writes "In the middle of the South Atlantic, there's a patch of sea almost devoid of life. There are no birds, few fish, not even much plankton. But researchers report that they've found buried treasure under the empty waters: ancient DNA hidden in the muck of the sea floor, which lies 5000 meters below the waves. The DNA, from tiny, one-celled sea creatures that lived up to 32,500 years ago, is the first to be recovered from the abyssal plains, the deep-sea bottoms that cover huge stretches of Earth. The researchers say that the ability to retrieve such old DNA from such large stretches of the planet's surface could help reveal everything from ancient climate to the evolutionary ecology of the seas.
 "
Link to Original Source

+ - DNA Reveals Common Ancestor for Europeans that Lived 1,000 Years Ago->

Submitted by Anonymous Coward
An anonymous reader writes "Scientists analyzed and compared DNA samples and discovered that Europeans might have a lot more in common than previously believed. Based from the DNA samples from people throughout the continent, scientists unveiled that most of the people shared common ancestors just over 1,000 years ago. This discovery reconfirmed previous mathematical models that suggested a link between Europeans. Despite those previous models, this finding still plays a huge part in understanding how people relate to one another in a region that has been so accustomed to existing as distinctive ethnic groups."
Link to Original Source

Comment: Millions of users leaving... even before video ads (Score 2) 180

by knorthern knight (#43663067) Attached to: Facebook To Introduce Video Ads

http://www.guardian.co.uk/technology/2013/apr/28/facebook-loses-users-biggest-markets
http://www.geek.com/news/millions-are-leaving-facebook-every-month-due-to-boredom-1553510/
http://technorati.com/social-media/article/facebook-deserted-by-millions-of-users/

Summary, their oldest markets, i.e. US/Canada/Europe have reached "peak Facebook", and numbers are going down in those older markets. E.g. in the Technorati article...

> Data released by analytics firm SocialBakers suggests that people are
> leaving Facebook in their millions.
>
> It reveals that the social network has shed 6 million US visitors in the
> last month, which represents a 4% fall. The UK fares no better having
> lost 1.4 million users last month, a drop of 4.5%.

> Worryingly for Facebook this is far from a blip. In the last six months the site
> has lost 9 million users in America and 2 million in the UK. There's a similar
> picture across the developed world, with usage falling in Canada, Spain,
> France, Germany and Japan.

Yes, the numbers of well-off North Americans and Europeans leaving will be more than offset by the influx of third-worlders. But that guy or gal in the call centre in Mumbai, or the peasant in Asia, is not worth as much to advertisers as the westerners that they replace.

Comment: Re:Priority Failure. (Score 1) 338

by knorthern knight (#43662683) Attached to: BT Begins Customer Tests of Carrier Grade NAT

> But what if it's 20,000 customer's on an IP? and what if every time you reboot
> your modem you stay on the same node behind the same NAT with the same IP?

That would destroy the internet as we know it. Several hundred max. Problem is that many websites have a ton of 3rd-party ads displaying. That will eat up a bunch of ports. There are 64K ports, with the bottom 1K being reserved. After that, a NAT machine has to start terminating connections with prejudice. I don't like much of the crap in IPV6, but it's come down to the point where having IPV6 is a lesser evil than not having IPV6.

+ - Internet Explorer 0-day attacks on US nuke workers hit 9 other sites->

Submitted by SternisheFan
SternisheFan writes "Ars reports:

Attacks exploiting a previously unknown and currently unpatched vulnerability in Microsoft's Internet Explorer browser have spread to at least nine other websites, including those run by a big European company operating in the aerospace, defense, and security industries as well as non-profit groups and institutes, security researchers said.

The revelation, from a blog post published Sunday by security firm AlienVault, means an attack campaign that surreptitiously installed malware on the computers of federal government workers involved in nuclear weapons research was broader and more ambitious than previously thought. Earlier reports identified only a website belonging to the US Department of Labor as redirecting to servers that exploited the zero-day remote-code vulnerability in IE version 8.

A separate blog post from security firm CrowdStrike said its researchers unearthed evidence suggesting that the campaign began in mid-March. Their analysis of logs from the malicious infrastructure used in the attacks revealed the IP addresses of visitors to the compromised sites. The logs showed addresses from 37 different countries, with 71 percent of them in the US, 11 percent in South/Southeast Asia, and 10 percent in Europe. CrowdStrike's data showed IP addresses before exploit code was run against the visitors' machines. Not all those visitors were likely compromised since the exploit code worked only against people using IE8.

CrowdStrike researchers seemed to concur with their counterparts from Invincea, who—as Ars reported on Friday—said the attacks at least in part targeted people working on sensitive government programs. Malicious links embedded in the Department of Labor website focused on webpages that dealt with illnesses suffered by employees and contractors developing atomic weapons for the Department of Energy. But they went on to say the campaign could be much broader.

"The specific Department of Labor website that was compromised provides information on a compensation program for energy workers who were exposed to uranium," CrowdStrike said. "Likely targets of interest for this site include energy-related US government entities, energy companies, and possibly companies in the extractive sector. Based on the other compromised sites other targeted entities are likely to include those interested in labor, international health and political issues, as well as entities in the defense sector."

Such "watering hole" attacks—which plant malware exploits on websites that are frequented by specific groups or people—have become a common technique in targeted attacks. Once compromised by the IE zero-day, computers are infected with a version of Poison Ivy, a backdoor tool that has been widely used in past espionage campaigns. The command-and-control servers used to communicate with infected machines show signs that they were set up by a Chinese hacking crew known as DeepPanda.

Microsoft confirmed the remote code-execution vulnerability on Friday night. Versions 6, 7, 9, and 10 of the browser are immune to these attacks, so anyone who can upgrade to one of the latest two versions should do so immediately or switch to a different browser. For anyone who absolutely can not move away from IE 8, company researchers recommend the following precautions:

Set Internet and local intranet security zone settings to "High" to block ActiveX

Controls and Active Scripting in these zones

This will help prevent exploitation but may affect usability; therefore, trusted sites should be added to the Internet Explorer Trusted Sites zone to minimize disruption. Configure Internet Explorer to prompt before running Active Scripting or to disable Active Scripting in the Internet and local intranet security zones This will help prevent exploitation but can affect usability, so trusted sites should be added to the Internet Explorer Trusted Sites zone to minimize disruption.

Users can also install EMET—short for Enhanced Mitigation Experience Toolkit—which adds a variety of exploit mitigations and security defenses and is especially useful for users of older versions of Windows, such as XP.

Technical details about the "use after free" bug are available here from Rapid7. The security firm has already folded attack code exploiting the vulnerability into the Metasploit framework used by security professionals and hackers. Researchers at FireEye have also delved into the exploit circulating online. They found it uses "return oriented programming," a technique used to defeat data-execution prevention and other exploit mitigations. The FireEye researchers said they also verified the exploit works against IE8 on Windows 7.

Microsoft's advisory on Friday said researchers were still investigating the vulnerability. When the inquiry concludes, they will decide whether to release an unscheduled update or provide a fix as part of the company's regular patching cycle. Story updated to add details from FireEye in second-to-last paragraph"
Link to Original Source

+ - English May Have Retained Words From an Ice Age Language->

Submitted by sciencehabit
sciencehabit writes "If you've ever cringed when your parents said "groovy," you'll know that spoken language can have a brief shelf life. But frequently used words can persist for generations, even millennia, and similar sounds and meanings often turn up in very different languages. Now, a new statistical approach suggests that peoples from Alaska to Europe may share a linguistic forebear dating as far back as the end of the Ice Age, about 15,000 years ago. Indeed, some of the words we use today may not be so different than those spoken around campfires and receeding glaciers."
Link to Original Source

+ - Willow Garage Spinoff Is Showing Off Some Very Cool Robots->

Submitted by Anonymous Coward
An anonymous reader writes "Willow Garage-spinoff Industrial Perception Inc. (IPI) is beginning to show off some of its robotics innovations. Here is more on what the spinoff is up to. IPI is focused on 3D vision-guided robotics technology industrial solutions. They have form factors designed for tasks such as truck and container unloading, e-commerce fulfillment and package sorting."
Link to Original Source

Comment: Bye-bye smartphone virus cleaning software writers (Score 4, Insightful) 94

Tell the guys writing the smartphone virus cleaning software that our world is in danger of obliteration by a large asteroid, and we're building a series of Ark ships to get everybody off the planet to safety. The smartphone virus cleaning software writers will depart on the "B" Ark, along with hairdressers and middle-managers.

Then the rest of us will laugh our asses off.

+ - Porn-Trolling lawyers facing disbarment, fines, and criminal prosecution.

Submitted by JayRott
JayRott writes "Prenda Law (the porn copyright trolls previously mentioned here) have finally been handed Judge Otis D. Wright II's order. The order is every bit as entertaining as one would expect. It even has a liberal sprinkling of Star Trek references.
Brett Gibbs, John Steele and Paul Hansmeier are facing an $82,000 fine (noted by Judge Wright to be just below the cost of a proper appeal, a reference to Prenda's settlement offers which fell just below the cost of a proper defense.) Judge Wright will also "refer this matter to the United States Attorney for the Central District of California. The will also refer this matter to the Criminal Investigation Division of the Internal Revenue Service and will notify all judges before whom these attorneys have pending cases."
Prenda law appears to be floating belly-up in the fishbowl.

Ars Technica coverage: http://arstechnica.com/tech-policy/2013/05/prenda-hammered-judge-sends-porn-trolling-lawyers-to-criminal-investigators/

Pope Hat coverage: http://www.popehat.com/2013/05/06/does-prenda-believe-in-no-win-scenarios-because-judge-wright-just-gave-them-one/#more-18627

Link to full order: http://www.popehat.com/wp-content/uploads/2013/05/PendaSanctionsOrder.pdf"

Your computer account is overdrawn. Please reauthorize.

Close