chicksdaddy writes "The saga of the application-signing flaw affecting Google's Android mobile phones took another turn Tuesday when a Silicon Valley startup teamed with graduate students from Northeastern University in Boston to offer their own fix-it tool for hundreds of millions of Android phones that have been left without access to Google's official patch. Duo Security announced the availability of an Android utility dubbed 'ReKey' on Tuesday. The tool allows users to patch the so-called 'Master Key' vulnerability on Android devices, even in the absence of a security update from Android handset makers and carriers who service the phones, according to a post on the Duo Security blog. Jon Oberheide, the CTO of Duo Security, said that ReKey provides an in-memory patch for the master key vulnerability, dynamically instrumenting the Dalvik bytecode routines where the vulnerability originates, patching it in-memory. Oberheide said that ReKey will also 'hook' (or monitor) those routines to notify you if any malicious applications attempt to exploit the vulnerability. Despite the availability of a patch since March, many Android users remain vulnerable to attacks that take advantage of the application signing flaw. That is because Android handset makers have been slow to issue updates for their handsets. For platforms (HTC and Samsung) that have been patched, carriers delayed the rollout to customers further. 'The security of Android devices worldwide is paralyzed by the slow patching practices of mobile carriers and other parties in the Android ecosystem,' said Oberheide. However, the fragmentation of the Android ecosystem is significant enough that it is no longer feasible for Google to take over responsibility for distributing patches. Third parties may need to step in to fill the void." A related article makes the case that the release of the Master Key vulnerability started an important conversation within the open source community.
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×
An anonymous reader writes "Despite backing from the Clinton Climate Initiative, and a $111 million investment from Subway Restaurant mogul Fred DeLuca, a planned city for Central Florida called 'Destiny' was doomed from the start, according to memos retrieved from Florida's Department of Community Affairs. According to state officials, despite a great deal of hype about Destiny, Florida, becoming the first fully sustainable city in the U.S., plans to build the city were rejected almost immediately due to concerns over 'possible urban sprawl, energy inefficient land use patterns, the endangerment of natural resources, and the undermining of agriculture.'"
Daniel_Stuckey writes "Just to address one thing straight away: one of your favorite science fiction stories dealing, whether directly or indirectly, with surveillance is bound to be left off this list. And 1984's a given, so it's not here. At any rate, the following books deal in their own unique way with surveillance. Some address the surveillance head-on, while others speculate on inter-personal intelligence gathering, or consider the subject in more oblique ways. Still others distill surveillance down to its essence: as just one face of a much larger, all-encompassing system of control, that proceeds from the top of the pyramid down to its base."
colinneagle writes "Ethical hacking professor Sam Bowne recently put a cookie re-use method to test on several major web services, finding that Office 365, Yahoo mail, Twitter, LinkedIn, Amazon, eBay, and WordPress all failed the security test. Both Amazon and eBay can be tied directly to your money via the method of payment you have on record. And, just for kicks, we tried it with Netflix. And it worked. Microsoft has apparently known that accounts can be hijacked since at least 2012 when The Hacker News reported the Hotmail and Outlook cookie-handling vulnerability, so Bowne was curious if Microsoft closed the hole or if stolen cookies could still be re-used. He claims he 'easily reproduced it using Chrome and the Edit This Cookie extension.'"
jones_supa writes "Entertainment industry groups in Norway have spent years lobbying for tougher anti-piracy laws, finally getting their way earlier this month. But with fines and site-blocking now on the agenda, an interesting trend has been developing. According to a new report published by Ipsos, between 2008 and 2012 piracy of movies and TV shows collapsed in Norway, along with music seeing a massive drop to less than one fifth of the original level. Olav Torvund, former law professor at the University of Oslo, attributes this to good legal alternatives which are available today (Google translation of Norwegian original). Of those questioned for the survey, 47% (representing around 1.7 million people) said they use a streaming music service such as Spotify. And of those, just over half said that they pay for the premium option."
dryriver sends this quote from Phys.org: "Harvesting waste heat from power stations and even vehicle exhaust pipes could soon provide a valuable supply of electricity. A small team of Monash University researchers ... has developed an ionic liquid-based thermocell (abstract). Thermocell technology is based on harnessing the thermal energy from the difference in temperature between two surfaces and converting that energy into electricity. The new thermocell could be used to generate electricity from low grade steam in coal fired power stations at temperatures around 130C. This would be implemented by having the steam pass over the outer surface of the hot electrode to keep it hot while the other electrode is air or water cooled."
itwbennett writes "The W3C's Tracking Protection Working Group, which is mainly concerned with standardizing the mechanisms for server-side compliance with do-not-track requests, has rejected a proposal by from the Digital Advertising Alliance (DAA) that would have allowed advertisers to continue profiling users who had asked not to be tracked. The proposal would also have allowed them to 'retarget' ads to those users by showing ads relevant to one site or transaction on all subsequent sites they visited, according to the co-chairs of the W3C's Tracking Protection Working Group. The working group co-chairs also said that they planned to reject proposals similar to those made by the DAA."
New submitter Jawnn writes "The Washington Post reports that the EFF has filed suit against the NSA in Federal Court in San Francisco, on behalf of multiple groups (court filing). Those groups include, 'Rights activists, church leaders and drug and gun rights advocates.' EFF Legal Director Cindy Cohn said, 'The First Amendment protects the freedom to associate and express political views as a group, but the NSA's mass, untargeted collection of Americans' phone records violates that right by giving the government a dramatically detailed picture into our associational ties. Who we call, how often we call them, and how long we speak shows the government what groups we belong to or associate with, which political issues concern us, and our religious affiliation. Exposing this information – especially in a massive, untargeted way over a long period of time – violates the Constitution and the basic First Amendment tests that have been in place for over 50 years.' Apparently, not everyone out there is believing the 'If you have nothing to hide' excuses being offered up from various government quarters."
video interviews with Peter Wayner. Third time being the charm, his latest book, Future Ride, is now out and available for purchase. If you've followed and possibly even enjoyed this string of interviews with Peter, Future Ride might be valuable reading material for you. It's what I call a "futureproofing" book, and in today's fast-changing world being prepared for tomorrow -- even just in the sense of thinking about the many ways our society might change if our cars and trucks drive themselves -- is valuable for business and career reasons, aside from the sheer joy of speculating about what the future may hold.
First time accepted submitter jameshumphreys writes "London startup what3words has successfully launched a new website which has carved the world map into almost 57 trillion 3m x 3m squares, assigning each square a simple, unique 3 word address. For instance, the 'what3words' for the famous Peter Pan statue in London's Hyde Park is 'union.prop.enjoy'. This means you can easily describe even remote locations with great precision. CEO Chris Sheldrick says, 'We see our service being most useful where current methods of describing location (e.g. postcodes or ZIP codes) don't do the job well enough or don't do the job at all — but of course it has applications as a preferred alternative even where the existing solutions do a decent job, but perhaps less precise/customised than w3w.' An API is planned 'in the coming weeks.'" The heart of Disneyworld could be "Radioactive Humanoid Mice"; what would you call your neck of the woods?
An anonymous reader writes "A Newtown couple, both scientists, who lost their daughter in the school shooting, are wondering whether there were clues in the shooter's physiological makeup — his DNA, his blood, his brain chemistry. They are now involved in a search for biomarkers, similar to those that may indicate disease, for violence. They are raising money to help fund this research, but the effort is running into obstacles, in part, over ethical concerns. 'I'm not opposed to research on violence and biomarkers, but I'm concerned about making too big of a leap between biomarkers and violence,' said Troy Duster, a researcher at the University of California at Berkeley. There is concern that science may find biomarkers long before society can deal with its implications."
Rebecka writes "Hurricane Sandy, which pelted multiple states in Oct. and created billions of dollars in damage, was a freak occurrence and not an indication of future weather patterns, according to NASA's Goddard Institute for Space Studies via LiveScience. The study (abstract), which calculated a statistical analysis of the storm's trajectory and monitored climate changes' influences on hurricane tracks, claims that the tropical storm was merely a 1-in-700-year event. 'The particular shape of Sandy's trajectory is very peculiar, and that's very rare, on the order of once every 700 years,' said senior scientist at NASA and study co-author, Timothy Hall. According to Hall, the extreme flooding associated with the storm was also due to the storm's trajectory which was described as being 'near perpendicular.' The storm's unusual track was found to have been caused by a high tides associated with a full moon and high pressure that forced the storm to move off the coast of the Western North Atlantic."
Nerval's Lobster writes "Developer and editor Jeff Cogswell is back with a comparison of Eclipse and Visual Studio, picking through some common complaints about both platforms and comparing their respective features. 'First, let's talk about usability,' he writes, 'and let's be frank: Neither Eclipse nor Visual Studio is a model for sound usability.' That being said, as an open-source project, Eclipse wins some points for its customizability and compatibility with languages; it's more difficult to modify Visual Studio to meet some programmer needs, which has led to any number of abandoned projects over the years. Microsoft choosing to eliminate macros in recent versions of Visual Studio has also led to some programmer frustrations (and a need for external tools)."
An anonymous reader writes "A new piece of malware is targeting OS X to extort money from victims by accusing them of illegally accessing pornography. Ransomware typically uses claims of breaking the law and names law enforcement (such as the CIA or FBI) to scare victims, but it is usually aimed at Windows users, not Mac users. The security firm Malwarebytes first spotted this latest threat, noting that criminals have ported the ransomware scheme to OS X and are even exploiting a Safari-specific feature. The ransomware page in question gets pushed onto unsuspecting users browsing high-trafficked sites as well as when searching for popular keywords."
astroengine writes "A planned six-hour spacewalk outside the International Space Station came to a dramatic and abrupt end on Tuesday when water started building up inside the helmet of Italian astronaut Luca Parmitano. Parmitano and NASA astronaut Chris Cassidy were less than an hour into their spacewalk, their second in a week, when Parmitano reported that his head felt wet. 'My head is really wet and I have a feeling it's increasing,' Parmitano reported to ground control teams at the Johnson Space Center in Houston. Parmitano returned safely to the space station interior, but the cause of the leak was not immediately known."
another random user writes with an excerpt from TorrentFreak: "It's no secret that copyright holders are trying to take down as much pirated content as they can, but their targeting of open source software is something new. In an attempt to remove pirated copies of Game of Thrones from the Internet, HBO sent a DMCA takedown to Google, listing a copy of the popular media player VLC as a copyright infringement. An honest mistake, perhaps, but a worrying one. ... Usually these notices ask Google to get rid of links to pirate sites, but for some reason the cable network also wants Google to remove a link to the highly popular open source video player VLC. ... The same DMCA notice also lists various other links that don't appear to link to HBO content, including a lot of porn related material, Ben Harper's album Give Till It's Gone, Naruto, free Java applets and Prince of Persia 5."
New submitter Anita Hunt (lissnup) writes "This snooping hack-in-a-backpack could become a hot Summer accessory, since Reuters reported that 'researchers at iSec hacked into a Verizon network extender, which anyone can buy online, and turned it into a cell phone tower (video interview) small enough to fit inside a backpack capable of capturing and intercepting all calls, text messages and data sent by mobile devices within range.'"
First time accepted submitter CherryLongman writes "If you feel as if every mosquito in a 50-mile radius has you locked in its sights, while your friends are rarely bitten, you could be right. Up to 20 percent of us are highly alluring to mosquitoes — and scientists have discovered some surprising reasons."
Lauren Weinstein writes "In a clear demonstration that actions do have consequences, often unintended ones, 'The New York Times' reports that Russia is again demanding a UN Internet takeover of exactly the sort repressive governments around the world have long been lusting after, and using Edward Snowden's continued presence in Russia as a foundation for this new thrust. Acting as a catalyst for a crackdown against freedom of speech on the Net was certainly not Snowden's intention — quite the opposite, it's reasonable to assume." Not to worry.
New submitter Bauermlb writes "I service computers for retired folks in my community, often older machines with modest speed (2 GHz Centron) and modest memory (512 MB). Adding AVAST to one of these machines slows it to a crawl. Any recommendations for a light-duty antivirus program with a low overhead? (These people do not tend to surf 'dirty' sites.)"
HonorPoncaCityDotCom writes "BBC reports that a North Korean-flagged ship carrying suspected 'sophisticated missile equipment' bound from Cuba to North Korea has been stopped near Manzanillo on the Atlantic side of the canal. President Ricardo Martinelli said the authorities were checking the ship for drugs when they found the suspected weapons in containers of brown sugar. Experts believe the communist state is working towards developing a nuclear warhead small enough to put on a long-range missile. Under UN sanctions, North Korea is banned from weapons exports and the import of all but small arms. The 35-member crew have been detained, including the captain who the Panamanian president said tried to kill himself during the search. Security Minister Jose Raul Mulino said the ship 'aroused suspicion by the violent reaction of the captain and the crew.' Martinelli also published a photograph that appeared to show two large green containers, adding that the arms shipment had been uncovered 'in containers underneath a cargo of sugar.'" Also at the New York Times.
WebMink writes "After strong criticism last year, Github has finally accepted the view that public repositories with no open source license are a bad thing. Self-described as the 'world's largest open source community,' a significant number of GitHub projects come with no rights whatsoever for you to use their code in an open source project. But from now on, creators of new repositories will have to pick from a small selection of OSI-approved licenses or explicitly opt for 'no license'. In Github's words, 'please note that opting out of open source licenses doesn't mean you're opting out of copyright law.'" A quick scan of their new choose a license site reveals at least a few flaws: they present simplicity, caring about patents, and sharing improvements with others as mutually exclusive points when they clearly are not (e.g. the Apache license and the GPLv3 both help with patent concerns, but only Apache is mentioned; and the MIT/X license is listed as the simple license when BSD-style is more prevalent). They also imply it is entirely optional to actually note your copyright in your files, when it is really bad practice not to unless you really want to make it impossible for people to understand the copyright history when e.g. merging your code into another project. Their list of licenses does provide a nice overview of the features of each, but regrettably encourages the use of the GPLv2 (without the "or later version" clause), listing the GPLv3 and all versions of the LGPL in league with seldom used licenses like the Perl Artistic license.
Daniel_Stuckey writes "The technology is here. So-called 'smart guns' are being programmed to recognize a gun owner's identity and lock up if the weapon ends up in the wrong hands. Entrepreneurs and engineers have been developing technology to make safer guns since the early '90s, and by now we've got working prototypes of guns that read fingerprints, hand grips or even sensors embedded under the skin. But after 15 years of innovation, personalized guns still haven't penetrated the marketplace."
CowboyRobot writes "As the Internet Corporation for Assigned Names and Numbers (ICANN) continues its march toward the eventual approval of hundreds, if not more than 1,000, generic top-level domains (gTLDs), security experts warn that some of the proposed names could weaken network security at many companies. Two major issues could cause problems for companies: If domain names that are frequently used on a company's internal network — such as .corp, .mail, and .exchange — become accepted gTLDs, then organizations could inadvertently expose data and server access to the Internet. In addition, would-be attackers could easily pick up certificates for domains that are not yet assigned and cache them for use in man-in-the-middle attacks when the specific gTLD is deployed." Another way to look at it: why were they using invalid domains in the first place?
An anonymous reader writes, quoting the BBC: "A letter sent to the UK's four leading ISPs from the government has made them very cross indeed. The letter comes from the Department for Education but it sets out a list of demands from Downing Street, with the stated aim of allowing the prime minister to make an announcement shortly. The companies are asked, among other things, for a commitment to fund an 'awareness campaign' for parents. They're not particularly happy about promising cash for what the letter concedes is an 'unknown campaign' but it's the next item on the menu which is the source of most of their anger." That next item is making and marketing Internet censorship filters as "default-on" rather than "active choice": "'It sounds like a good idea until you think it through,' said one industry source. 'There are three reasons why it doesn't work. First it may be illegal under the Regulation of Investigatory Powers. Then there's the fact that no filter is perfect, and finally kids are smart enough to find their way around them.'" From the sound of it, it might just be newspeak vs newspeak. The entire letter is included in the article.