An anonymous reader writes: YouTube has set up a new team dedicated to weeding out false copyright claims and subsequent erroneous takedowns, responding to community criticism. Complaints have accused the video streaming site of a lazy approach to monitoring content, and using an unreliable automated system, Content ID, to enforce copyright policy. In response to these allegations, YouTube has announced that it will be introducing a workforce focused entirely on minimizing mistakes that delete legitimate videos. The tech giant has also promised to improve transparency into the status of monetization claims, and help strengthen communications between video creators and its support teams.

An anonymous reader writes: A CloudFlare engineer has discovered that 1000 of the top one million websites, including bitcoin holding sites and trading sites, are running a default setting that enables cross-site scripting. This article details his examination of the top 1 million Alexa sites for evidence of compromised settings and finds that about 1000 of the sites on the list are capable of being compromised because of running a header called Access-Allow-Origin. He found the vulnerability while working on a legitimate use of domain-communication called Cross Origin Resource Sharing for the Stripe API. The header, which Johnson claims the vulnerable websites are outputting, is concluded with a wild-card asterisk, meaning that the sites in question are giving full permission for cross-domain communication via venerable protocols such as SOAP/AJAX XML exchanges.

A few weeks ago you had a chance to ask author, entrepreneur, and software developer Jeff Atwood about founding Stack Overflow and the Stack Exchange Network, as well as his new endeavor, the Discourse open-source discussion platform. Below you will find his answers to your questions.

An anonymous reader writes: The RIAA says that the FBI has seized the domain of file-sharing service ShareBeast, shutting down what it said was responsible for the leaks of thousands of songs. The site now only displays a notice saying the FBI acted "pursuant to a seizure warrant related to suspect criminal copyright infringement." In a statement, RIAA CEO Cary Sherman called the seizure "a huge win for the music community and legitimate music services. ShareBeast operated with flagrant disregard for the rights of artists and labels while undermining the legal marketplace."

jfruh writes: The latest attack vector hackers are taking advantage of: Google's Webmaster tools, which allow domain owners to index new pages for searching and react quickly to Google-detected malware. It's that last capability that hackers are after, tweaking things to keep infected sites under their control longer. From the ITWorld story: "According to the Sucuri researchers, by becoming verified owners for compromised websites, attackers can track how well their BHSEO campaigns perform in Google Search. They can also submit new spam pages to be indexed faster instead of waiting for them to be discovered naturally by Google's search robots, they can receive alerts if Google flags the websites as compromised, and, most importantly, they can remove legitimate owners of the site from the Search Console."

Bennett Haselton writes: United Airlines announced that they will offer up to 1 million air miles to users who can find security holes in their website. I demonstrated a way to brute-force a user's 4-digit PIN number and submitted it to them for review, emailing their Bugs Bounty contact address on three occasions, but I never heard back from them. Read on for the rest. If you've had a different experience with the program, please chime in below.

ausrob writes: Cementing their position as Australia's most backwards and dangerous government in recent memory comes this nasty bit of legislation, riddled with holes (which is nothing new for this decrepit Government): "The legislation allows rights holders to go to a Federal Court judge to get overseas websites, or "online locations", blocked that have the "primary purpose" of facilitating copyright infringement. If a rights holder is successful in their blocking request, Australian internet providers, such as Telstra and Optus, will need to comply with a judge's order by disabling access to the infringing location." Adds reader Gumbercules!! links to another story on the legislation, writing: Aside from the sheer inefficiency of trying to spot piracy by blocking individual sites, there's also the risk that servers which house other, more legitimate sites, will be caught up in the net. Unsurprisingly, the bill does nothing to remedy the fact that Australians pay far more for access to media than other places in the World or that media is often not available or extremely delayed, here.

A week ago you had the chance to ask Fark Founder Drew Curtis about wasting hours at work reading stories about Florida, and his Kentucky gubernatorial campaign. We'll be checking back with Drew as the race proceeds, but for now you can read his answers to your questions below.

An anonymous reader writes: The blockade of the Pirate Bay by UK ISPs is causing trouble for CloudFlare customers. Several websites have been inadvertently blocked by Sky because a Pirate Bay proxy is hosted behind the same IP-addresses. In a response, CloudFlare threatened to disconnect the proxy site from its network. Like any form of censorship web blockades can sometime lead to overblocking, targeting perfectly legitimate websites by mistake. This is also happening in the UK where Sky's blocking technology is inadvertently blocking sites that have nothing to do with piracy.

msm1267 writes Dark corners of the Internet harbor trouble. They're supposed to. But what about when Yahoo, CNN.com, TMZ and other busy destination sites heave disaster upon visitors? That's the challenge posed by malvertising, the latest hacker Golden Goose used in cybercrime operations and even in some targeted attacks. Hackers are thriving in this arena because they have found an unwittingly complicit partner in the sundry ad networks to move malicious ads through legitimate processes. Adding gasoline to the raging fire is the abuse of real-time ad bidding, a revolution in the way online ads are sold. RTB enables better ad targeting for advertisers and less unsold inventory for publishers. Hackers can also hitch a ride with RTB and target malicious ads on any site they wish, much the way a legitimate advertiser would use the same system.

MojoKid writes: It's long been a pet peeve of many end users that Microsoft has made it such a challenge to procure a legitimate ISO image of its various operating systems. It seems like the company should have no problem offering them in an easy-to-find spot on its website, because after all, it's not like they can be taken utilized without a legal key. Sometimes, people simply lose the disc or ISO they had, and so it shouldn't be such a challenge to get a replacement. Fortunately, with a new feature on the Microsoft site, you are now able to get that replacement Windows 7 ISO. However, it's behind a bit of protection. You'll need to provide your legal product code, and then the language, in order to go through to the download page. If you've somehow lost your key but are still using the OS that it's tied to, you can retrieve it through a few different third party tools. However, it does seem like not all valid keys work properly just yet, since some users are reporting valid keys throwing errors or not enabling a download for some reason.

HughPickens.com writes: Erik Wemple writes at the Washington Post that Fox News recently took the controversial step of posting a horrific 22-minute video online that shows Jordanian pilot Lt. Muath al-Kaseasbeh being burned to death. Fox warned internet users that the presentation features "extremely graphic video." "After careful consideration, we decided that giving readers of FoxNews.com the option to see for themselves the barbarity of ISIS outweighed legitimate concerns about the graphic nature of the video," said Fox executive John Moody. "Online users can choose to view or not view this disturbing content."

But Fox's decision drew condemnation from some terrorism experts. "[Fox News] are literally — literally — working for al-Qaida and ISIS's media arm," said Malcolm Nance. "They might as well start sending them royalty checks." YouTube removed a link to the video a few hours after it was posted, and a spokesperson for Facebook told the Guardian that if anyone posted the video to the social networking site it would be taken down. CNN explained that it wouldn't surface any of the disturbing images because they were gruesome and constituted propaganda that the network didn't want to distribute. "Does posting this video advance the aims of this terror group or hinder its progress by laying bare its depravity?" writes Wemple. "Islamic State leaders may indeed delight in the distribution of the video — which could be helpful in converting extremists to its cause — but they may be mis-calibrating its impact. If the terrorists expected to intimidate the world with their display of barbarity, they may be disappointed with the reaction of Jordan, which is vowing 'strong, earth-shaking and decisive' retaliation."

A while ago you had a chance to ask Executive Director of the Tor project Andrew Lewman about fighting laws and technology that threaten anonymity and the importance of privacy. Below you'll find his answers to your questions.

Bennett Haselton writes: They would never admit it, but your high school admins would probably breathe a sigh of relief if all of their sexting-mad students would go ahead and install Snapchat so that evidence of (sometimes) illegal sexting would disappear into the ether. They can't recommend that you do this, because it would sound like an implicit endorsement, just like they can't recommend designated drivers for teen drinking parties -- but it's a good bet they would be grateful. Read on for the rest.

An anonymous reader writes with an excerpt from Wired about the one big problem that comes with crowdsourced data: enough eyeballs may make all bugs shallow, but may not fare as well against malice and greed: Maps are dotted with thousands of spam business listings for nonexistent locksmiths and plumbers. Legitimate businesses sometimes see their listings hijacked by competitors or cloned into a duplicate with a different phone number or website. In January, someone bulk-modified the Google Maps presence of thousands of hotels around the country, changing the website URLs to a commercial third-party booking site ... Small businesses are the usual targets. ....These attacks happen because Google Maps is, at its heart, a massive crowdsourcing project, a shared conception of the world that skilled practitioners can bend and reshape in small ways using tools like Google's Mapmaker or Google Places for Business. ... In February, an SEO consultant-turned-whistleblower named Bryan Seely demonstrated the risk dramatically when he set up doppelganger Google Maps listings for the offices of the FBI and Secret Service..

samzenpus (5) writes "Recently you had a chance to ask Jennifer Granick, the Director of Civil Liberties for the Center for Internet and Society at Stanford Law School, about surveillance, data protection, copyright, and number of other internet privacy issues. Below you'll find her answers to those questions."

First time accepted submitter AudioEfex (637163) writes "Demonoid has emailed all registered users that it is back online — at its original site — in a new "cloud based" back-end. There have been various attempts in the past (including one accused of simply being malware), but so far this appears to be the original site admins and a legitimate resurrection. User registrations are also open at this time, but as a semi-private tracker, it's unknown how long that will continue."

jones_supa writes: "A notable security vulnerability has been discovered which impacts both OAuth and OpenID, which are software packages that provide a secure delegated access to websites. Wang Jing, a Ph.D student at the Nanyang Technological University in Singapore, discovered that the 'Covert Redirect' flaw can masquerade as a login popup based on an affected site's domain. Covert Redirect is based on a well-known exploit parameter. For example, someone clicking on a malicious phishing link will get a popup window in Facebook, asking them to authorize the app. Instead of using a fake domain name that's similar to trick users, the Covert Redirect flaw uses the real site address for authentication. If a user chooses to authorize the login, personal data will be released to the attacker instead of to the legitimate website. Wang did already warn a handful of tech giants about the vulnerability, but they mostly dodged the issue. In all honesty, it is not trivial to fix, and any effective remedies would negatively impact the user experience. Users who wish to avoid any potential loss of data should be careful about clicking links that immediately ask you to log in to Facebook or Google, and be aware of this redirection attack."

A while ago you had a chance to ask John McAfee about his past, politics, and what he has planned for the future. As usual, John answered with extreme frankness, with some interesting advice for anyone stuck at a checkpoint in the third world. Below you can read all his answers to your questions.

angry tapir writes "Attackers have abused the WordPress pingback feature, which allows sites to cross-reference blog posts, to launch a large-scale, distributed denial-of-service (DDoS) attack, according to researchers from Web security firm Sucuri. The attack involved over 162,000 legitimate WordPress websites being forced to send hundreds of requests per second to a popular WordPress site, preventing access to it for many hours. The attack exploited an issue with the XML-RPC (XML remote procedure call) implementation in WordPress that's used for features like pingback, trackback, remote access from mobile devices and others, and brought back into the spotlight the denial-of-service risks associated with this functionality that have been known since 2007."