A few weeks ago you had a chance to ask Brian Krebs about security, cybercrime and what it's like to be the victim of Swatting. Below you will find his answers to your questions.

Bennett Haselton writes: United Airlines announced that they will offer up to 1 million air miles to users who can find security holes in their website. I demonstrated a way to brute-force a user's 4-digit PIN number and submitted it to them for review, emailing their Bugs Bounty contact address on three occasions, but I never heard back from them. Read on for the rest. If you've had a different experience with the program, please chime in below.

retroworks writes: Josh Horwitz' story in Quartz reports both the apparent rapid success of Uber adaptation in China, and a queasy footnote for shareholders applauding the rapid growth. While China is a natural ride-sharing haven, it also has a tradition of gaming the western system. From the story: "Accomplices can sit in their apartments, disable location settings, and specify a pickup not far from the actual location of driver's vehicle, the report said. The driver then accepts the hail, and goes on a trip without a passenger. After the accomplice approves payment, the driver will – hopefully – pay back the fee and share a cut of the bonus. It's not the most clever get-rich scheme on the planet. But for drivers, it's better than waiting for a hail in a parking lot." Uber's spokeswoman told the Quartz writer that the company has an on-the-ground team who investigate into these various type of fraud, then uses "deep analytics, and new tools developed by our Chinese engineers in our dedicated fraud team to combat against such fraud." The Uber spokeswoman declined to elaborate on the nature of these tools.

DavidGilbert99 writes with news that a bug in iOS has made it so anyone can crash an iPhone by simply sending it a text message containing certain characters. "When the text message is displayed by a banner alert or notification on the lockscreen, the system attempts to abbreviate the text with an ellipsis. If the ellipsis is placed in the middle of a set of non-Latin script characters, including Arabic, Marathi and Chinese, it causes the system to crash and the phone to reboot." The text string is specific enough that it's unlikely to happen by accident, and users can disable text notification banners to protect themselves from being affected. However, if a user receives the crash-inducing text, they won't be able to access the Messages app without causing another crash. A similar bug crashed applications in OS X a few years ago.

Errorcod3 writes: Google has temporarily shut down Map Maker while it works on a way to stop people from inserting pranks into its maps. A statement from Google explains that the service isn't going away, just shutting down while a new moderation system is worked on. "Given the current state of the system, we have come to the conclusion that it is not fair to any of our users to let them continue to spend time editing. Every edit you make is essentially going to a backlog that is growing very fast," Google's Pavithra Kanakarajan wrote. "We believe that it is more fair to only say that if we do not have the capacity to review edits at roughly the rate they come in, we have to take a pause. We have hence decided to temporarily disable editing across all countries starting Tuesday, May 12, 2015, till we have our moderation system back in action."

An anonymous reader writes: A number of early Apple Watch adopters have complained that their tattoos cause interference with many of the new product's key features. According to multiple tattooed sources, inked wrists and hands can disrupt communication with the wearable's sensors installed in the underside of the device leading to malfunction. Owners of Apple Watch have taken to social media to voice their frustration using the hashtag #tattoogate and sharing their disappointment over the newly discovered Apple flaw. One user reported that the Watch's lock system did not disable as it should when the device was placed on a decorated area of skin – forcing those affected to constantly enter their security pins. A further source suggested that notification alerts would fail to 'ping' as they are supposed to, and that heart rate monitoring differed significantly between tattooed and non-tattooed wrist readings.

jones_supa writes: Well, we saw this one coming. Just a couple of days after computer science student Erik Roystan Ross released a free recreation of the first level of Nintendo's 1996 Super Mario 64, Nintendo filed a Digital Millennium Copyright Act complaint. It was sent to the content distribution network CloudFlare and the complaint asked to immediately disable public access to the page hosting the remade game. CloudFlare forwarded the complaint to the person hosting Ross' game, after which the hosting provider (a friend of Ross) had to take the game down. Nintendo also sent Ross takedown notices for his downloadable desktop versions of the Bob-Omb Battlefield. Nintendo is famously protective of its copyright, taking issue even with "Let's Play" videos posted on YouTube and threatening to shut down live-streamed Super Smash Bros tournaments."

sciencehabit writes: In 2013, the Syrian military allegedly launched sarin gas rockets into a rebel-held town, killing hundreds. After diplomats brokered a deal to eradicate the weapons, international organizations began the dangerous job of destroying them. One roadblock to chemical weapons disposal is that heat and humidity quickly break down enzymes that can disable the deadly chemicals. Now, researchers have developed a highly stable compound that can inactivate nerve agents like sarin in a matter of minutes.

An anonymous reader writes Nvidia surprised members of the overclocking community this week when it pulled OC support from drivers for its 900M series mobile graphics cards. Many users (particularly those who bought laptops with higher-end cards like the 980m) were overclocking – until the latest driver update. Now, Nvidia is telling customers not to expect OC capabilities to return. “Unfortunately GeForce Notebooks were not designed to support overclocking,” wrote Nvidia’s Manuel Guzman. “Overclocking is by no means a trivial feature, and depends on thoughtful design of thermal, electrical, and other considerations. By overclocking a notebook, a user risks serious damage to the system that could result in non-functional systems, reduced notebook life, or many other effects.”

New submitter cyranix writes "You may never have to reboot your Linux machine ever again, even for kernel patching," and excerpts from the long (and nicely human-readable) description of newly merged kernel code that does what Ksplice has for quite a while (namely, offer live updating for Linux systems, no downtime required), but without Oracle's control. It provides a basic infrastructure for function "live patching" (i.e. code redirection), including API for kernel modules containing the actual patches, and API/ABI for userspace to be able to operate on the patches (look up what patches are applied, enable/disable them, etc). It's relatively simple and minimalistic, as it's making use of existing kernel infrastructure (namely ftrace) as much as possible. It's also self-contained, in a sense that it doesn't hook itself in any other kernel subsystem (it doesn't even touch any other code). It's now implemented for x86 only as a reference architecture, but support for powerpc, s390 and arm is already in the works (adding arch-specific support basically boils down to teaching ftrace about regs-saving).

schwit1 writes, "Are paparazzi flying drones over your garden to snap you sunbathing? You may need the Rapere, the drone-hunting drone which uses 'tangle-lines' to quickly down its prey." From The Telegraph's article: It has been designed to be faster and more agile than other drones to ensure that they can't escape - partly by limiting flight time and therefore reducing weight. “Having worked in the UAS industry for years, we've collectively never come across any bogus use of drones. However it's inevitable that will happen, and for people such as celebrities, where there is profit to be made in illegally invading their privacy, there should be an option to thwart it,” the group say on their website. This seems more efficient than going after those pesky paparazzi drones with fighting kites (video), but it should also inspire some skepticism: CNET notes that the team behind it is anonymous, and that "Rapere works in a lab setting, however there aren't any photos or videos of the killer drone in action. The website instead has only a slideshow of the concept."

Earthquake Retrofit writes The Register is reporting that the Tor Project has warned that its network – used to mask peoples' identities on the internet – may be knocked offline in the coming days. In a Tor blog post, project leader Roger 'arma' Dingledine said an unnamed group may seize Tor's directory authority servers before the end of next week. These servers distribute the official lists of relays in the network, which are the systems that route users' traffic around the world to obfuscate their internet connections' public IP addresses.

Forbes contributor Jason Evangelho has nothing good to say about a recent Windows 7 patch that's causing a range of trouble for some users. He writes: If you have Windows 7 set to automatically update every Tuesday, it may be to permanently disable that feature. Microsoft has just confirmed that a recent update — specifically KB 3004394 — is causing a range of serious problems and recommends removing it. The first issue that caught my attention, via AMD’s Robert Hallock, is that KB 3004394 blocks the installation or update of graphics drivers such as AMD’s new Catalyst Omega. Nvidia users are also reporting difficulty installing GeForce drivers, though I can’t confirm this personally as my machines are all Windows 8.1. Hallock recommended manually uninstalling the update, advice now echoed officially by Microsoft. More troubles are detailed in the article; on the upside, Microsoft has released a fix.

HughPickens.com writes: Benny Evangelista reports at the San Francisco Chronicle that a class-action suit has been filed in District Court in San Francisco on behalf of Toyer Grear and daughter Joycelyn Harris, claiming that Comcast is "exploiting them for profit" by using their home router as part of a nationwide network of public hotspots. Comcast is trying to compete with major cell phone carriers by creating a public Xfinity WiFi Hotspot network in 19 of the country's largest cities by activating a second high-speed Internet channel broadcast from newer-model wireless gateway modems that residential customers lease from the company.

Although Comcast has said its subscribers have the right to disable the secondary signal, the suit claims the company turns the service on without permission. It also places "the costs of its national Wi-Fi network onto its customers" and quotes a test conducted by Philadelphia networking technology company Speedify that concluded the secondary Internet channel will eventually push "tens of millions of dollars per month of the electricity bills needed to run their nationwide public Wi-Fi network onto consumers." The suit also says "the data and information on a Comcast customer's network is at greater risk" because the hotspot network "allows strangers to connect to the Internet through the same wireless router used by Comcast customers."

An anonymous reader writes Google today provided an update on its plan to remove Netscape Plugin Application Programming Interface (NPAPI) from Chrome, which the company says will improve the browser's security, speed, and stability, as well as reduce complexity in the code base. In short, the latest timeline is as follows: Block all plugins by default in January 2015, disable support in April 2015, and remove support completely in September 2015. For context, Google first announced in September 2013 that it was planning to drop NPAPI. At the time, Google said anonymous Chrome usage data showed just six NPAPI plugins were used by more than 5 percent of users, and the company was hoping to remove support from Chrome "before the end of 2014, but the exact timing will depend on usage and user feedback."

An anonymous reader sends this excerpt from Forbes: [Facebook] announced yesterday that it was shutting down a feature that the Obama campaign used in 2012 to register over a million voters. During the election supporters shared access to their list of Facebook friends list with the campaign through an app. Researchers have found that while people view often political messages with skepticism, they are more receptive and trusting when the information is coming from somebody they know. The feature was credited with boosting Obama’s get-out-the-vote efforts which were crucial to his victory, but Facebook has decided to disable this ability in order to (rightfully) protect users from third-party apps collecting too much of their information.

The company insists that it favors no particular ideology and that its efforts are “neutral.” The first part is likely true, but the second is not possible. The company’s algorithms take into account a proprietary mix of our own biases, connections, and interests combined with Facebook’s business priorities; that is the farthest thing from neutral. Facebook says it just want to encourage “civic participation,” but politically mobilizing the subsection of people that are on their network is not without its own impacts.

An anonymous reader writes Google today announced plans to disable fallback to version 3 of the SSL protocol in Chrome 39, and remove SSL 3.0 completely in Chrome 40. The decision follows the company's disclosure of a serious security vulnerability in SSL 3.0 on October 14, the attack for which it dubbed Padding Oracle On Downgraded Legacy Encryption (POODLE). Following Mozilla's decision on the same day to disable SSL 3.0 by default in Firefox 34, which will be released on November 25, Google has laid out its plans for Chrome. This was expected, given that Google Security Team's Bodo Möller stated at the time: "In the coming months, we hope to remove support for SSL 3.0 completely from our client products."

NotInHere writes: Only three days after the public learned that the ChromeOS project was going to disable ext2fs support for external drives (causing Linux users to voice many protests on websites like Slashdot and the issue tracker), the ChromeOS team now plans to support it again. To quote Ben Goodger's comment: "Thanks for all of your feedback on this bug. We've heard you loud and clear. We plan to re-enable ext2/3/4 support in Files.app immediately. It will come back, just like it was before, and we're working to get it into the next stable channel release."

HughPickens.com writes Auto loans to borrowers considered subprime, those with credit scores at or below 640, have spiked in the last five years with roughly 25 percent of all new auto loans made last year subprime, a volume of $145 billion in the first three months of this year. Now the NYT reports that before they can drive off the lot, many subprime borrowers must have their car outfitted with a so-called starter interrupt device, which allows lenders to remotely disable the ignition. By simply clicking a mouse or tapping a smartphone, lenders retain the ultimate control. Borrowers must stay current with their payments, or lose access to their vehicle and a leading device maker, PassTime of Littleton, Colo., says its technology has reduced late payments to roughly 7 percent from nearly 29 percent. "The devices are reshaping the dynamics of auto lending by making timely payments as vital to driving a car as gasoline."

Mary Bolender, who lives in Las Vegas, needed to get her daughter to an emergency room, but her 2005 Chrysler van would not start. Bolender was three days behind on her monthly car payment. Her lender remotely activated a device in her car's dashboard that prevented her car from starting. Before she could get back on the road, she had to pay more than $389, money she did not have that morning in March. "I felt absolutely helpless," said Bolender, a single mother who stopped working to care for her daughter. Some borrowers say their cars were disabled when they were only a few days behind on their payments, leaving them stranded in dangerous neighborhoods. Others said their cars were shut down while idling at stoplights. Some described how they could not take their children to school or to doctor's appointments. One woman in Nevada said her car was shut down while she was driving on the freeway. Attorney Robert Swearingen says there's an old common law principle that a lender can't "breach the peace" in a repossession. That means they can't put a person in harm's way. To Swearingen, that would mean "turning off a car in a bad neighborhood, or for a single female at night."

Today at Apple's September press conference, they announced the new iPhone 6 models. There are two of them — the iPhone 6 is 4.7" at 1334x750, and the iPhone 6 Plus is 5.5" at 1920x1080. Both phones are thinner than earlier models: 5S: 7.6mm, 6: 6.9mm, 6 Plus: 7.1mm. The phones have a new-generation chip, the 64-bit A8. Apple says the new phones have a 25% faster CPU, 50% faster GPU, and they're 50% more energy efficient (though they were careful to say the phones have "equal or better" battery life to the 5S). Apple upgrade the phones' wireless capabilities, moving voice calls to LTE and also enabling voice calls over Wi-Fi. The phones ship on September 19th, preceded by the release of iOS 8 on September 17th.

Apple also announced its entry into the payments market with "Apple Pay." They're trying to replace traditional credit card payments with holding an iPhone up to a scanner instead. It uses NFC and the iPhone's TouchID fingerprint scanner. Users can take a picture of their credit cards, and Apple Pay will gather payment information, encrypt it, and store it. (Apple won't have any of the information about users' credit cards or their purchases, and users will be able to disable the payment option through Find My iPhone if they lose the device.) Apple Pay will work with Visa, Mastercard, and American Express cards to start. 220,000 stores that support contactless payment will accept Apple Pay, and many apps are building direct shopping support for it. It will launch in October as an update for iOS 8, and work only on the new phones.

Apple capped off the conference with the announcement of the long-anticipated "Apple Watch." Their approach to UI is different from most smartwatch makers: Apple has preserved the dial often found on the side of analog watches, using it as a button and an input wheel. This "digital crown" enables features like zoom without obscuring the small screen with fingers. The screen is touch-sensitive and pressure sensitive, so software can respond to a light tap differently than a hard tap. The watch runs on a new, custom-designed chip called the S1, it has sensors to detect your pulse, and it has a microphone to receive and respond to voice commands. It's powered by a connector that has no exposed contacts — it magnetically seals to watch and charges inductively. The Apple Watch requires an iPhone of the following models to work: 6, 6Plus, 5s, 5c, 5. It will be available in early 2015, and will cost $349 for a base model.