New submitter Juggler writes "Mailpile, a new Free Software project out of Iceland, launched at the #OHM2013 hacker festival in Holland today. The talk's brief demo garnered rounds of applause and was followed by the launch of an Indiegogo campaign which, if funded, will allow them work full time on building a modern e-mail/web-mail client. The team's main goals are to address the usability issues that prevent non-technical folks from taking advantage of secure e-mail today, bring new life to FOSS e-mail development and provide a realistic alternative to keeping e-mail in the cloud."
chicksdaddy writes "Two researchers at the Black Hat Briefings security conference Thursday said Smart TVs from electronics giant Samsung are rife with vulnerabilities in the underlying operating system and Java-based applications. Those vulnerabilities could be used to steal sensitive information on the device owner, or even spy on the television's surroundings using an integrated webcam. Speaking in Las Vegas, Aaron Grattafiori and Josh Yavor, both security engineers at the firm ISEC Partners, described Smart TVs as Linux boxes outfitted with a Webkit-based browser. They demonstrated how vulnerabilities in SmartHub, the Java-based application that is responsible for many of the Smart TV's interactive features, could be exploited by a local or remote attacker to surreptitiously activate and control an embedded webcam on the SmartTV, launch drive-by download attacks and steal local user credentials and those of connected devices, browser history, cache and cookies as well as credentials for the local wireless network. Samsung has issued patches for many of the affected devices and promises more changes in its next version of the Smart TV. This isn't the first time Smart TVs have been shown to be vulnerable. In December, researchers at the firm ReVuln also disclosed a vulnerability in the Smart TV's firmware that could be used to launch remote attacks."
New submitter wabrandsma sends this excerpt from New Scientist: "The Bradley Manning case continues a trend of government prosecutions that use familiarity with digital tools and knowledge of computers as a scare tactic and a basis for obtaining grossly disproportionate and unfair punishments, strategies enabled by broad, vague laws like the CFAA and the Espionage Act. Let's call this the 'hacker madness' strategy. Using it, the prosecution portrays actions taken by someone using a computer as more dangerous or scary than they actually are by highlighting the digital tools used to a nontechnical or even technophobic judge. ... We've seen this trick before. In a case that we at the Electronic Frontier Foundation handled in 2009, Boston College police used the fact that our client worked on a Linux operating system with "a black screen with white font" as part of a basis for a search warrant. Luckily the Massachusetts Supreme Court tossed out the warrant after EFF got involved, but who knows what would have happened had we not been there. And happily, Oracle got a big surprise when it tried a similar trick in Oracle v. Google and discovered that the judge was a programmer who sharply called them on it."
An anonymous reader writes "Today's home routers include a multitude of extra functionality, such as the ability to act as a file and print server. An article from CNET shows how an attacker can use vulnerabilities in these services, such as buffer overflows, directory traversal, race conditions, command injections, and bad permissions to take over the router from the local network without knowing the administrative password. Some of the worst vulnerabilities were in undocumented, proprietary services that users cannot disable and allowed an attacker to achieve a root shell. The researchers who discovered the vulnerabilities will be demonstrating them at the Wall of Sheep and Wireless Village at DEF CON."
Back in June, the U.S. International Trade Commission issued an import ban on the iPhone 4 and iPad 2 3G due to patent violations. Now, the White House has exercised its privilege to overrule the ban. In his letter to the ITC (PDF), Ambassador Michael Froman said 'he was not making a decision about the merits of Samsung's case, or its right to seek compensation. Rather, he emphasized that because the patent in question was now a widely held technology standard, banning the products in question would be too disruptive to consumers and the economy.' This is the first time an ITC decision has been overruled since 1987.
bogaboga writes "You might be wondering why the U.S. Public Broadcasting Service doesn't have a compelling Android footprint. I was wondering too; until they provided the answer. They say, 'Simply put, it’s too complicated for us to even consider an Android app for the first version; we’ll continue to support those viewers with mobile web. ... As we’re focused on the tablet for this project, we’re only designing for the larger screen sizes. But even there, there are a wide range of sizes and aspect ratios. It’s possible to build flexible sizing for these screen layouts, just as we do for the range of desktop web screen sizes. But the flip side to these wide variations is that in a touch experience, ergonomics plays an important role in the design. Navigational elements need to be within easy reach of the edges of the screens since people often are holding their tablets. If the experience is not fine-tuned to each variation the experience would suffer.' They also cite fragmentation. I'm left wondering whether they didn't find support for various screen sizes on Android developer website. Their budget is undoubtedly limited; are their concerns legit? What companies and organizations have developed Android applications that are good to work with on various screen sizes?"
theodp writes "Over at Popular Science, Tom Foste takes a look at the $79 Leap Motion controller and inventors David Holz and Michael Buckwald, best friends since they were fifth graders in Florida. Potential applications for the device are many, as proof-of-concept demos ranging from controlling Windows 8 (video) to driving JPL's Athlete Rover (video) show. 'If we're successful and build something that is a fundamentally better way to interact with a computer, there are essentially an unlimited number of use cases,' Buckwald says. 'Eventually, anything that has a computer could be controlled with it—every laptop, every desktop, every smartphone, every tablet, every TV, every surgical station, every robot, potentially even a Leap in every car.' And even if 'it's got some growing pains to experience,' writes Ars Technica's Lee Hutchinson, 'it's cool-it's extremely cool. It's not yet a game-changing interface device, but it could be.'"
Hugh Pickens DOT Com writes "BBC reports that French scientists studying erosion on Mont Blanc have discovered that glaciers shield summits from erosion, acting as a protective lid and playing little part in erosion. In contrast, water and rain eroded glacier-free areas 10 times faster than areas protected by the glacier. These results may explain the high altitude of the Alps. Driven by the tectonic collision of Europe with Africa, the high alpine bedrock is rising about one millimeter each year. Glacier-free areas of the Alps erode at a similar rate but where the mountains are protected by ice, the peaks wear away at one tenth that rate. A long-term effect of this might be a rise in the maximum altitude of the Alps. 'However, mountains don't grow to infinity, so there must be another mechanism which has lowered the summit of Europe,' says Fritz Schlunegger. 'According to (Dr) Godon's findings, this erosion is not related to glaciers, so we still have to think about other possibilities.' Around the globe, mountain glaciers — especially those at low latitudes — are retreating in response to climate change. The glaciers around Mount Everest have lost more than one-eighth of their area in the past 50 years, and the snowline had retreated 180 meters up the mountain sides. The results suggest that changes like these could change the shapes of the world's highest mountains, and that climate and mountain landscape are intimately linked."
Duggeek writes "After 17 years, one of the best kept secrets in shopping, Geeks.com, has shuttered its online doors. Myself, I have a small book of sales orders from years past. According to the latest announcement, that stack will not be growing any larger. Quoting: 'Our vision has always been to provide the geeky tech consumer an alternative avenue to purchase quality refurbished and new techy products and gadgets. That vision was the cornerstone of our slogan "Best Deals Every Nanosecond." Unfortunately after a lot of difficult consideration the owners of Geeks.com feel we are unable to come through on this vision any longer. There are many why's... The e-commerce landscape, as well as the consumer electronics market, has changed dramatically with intense competition and a 1000lb gorilla (do we really need to say who) competitor that can lose millions of dollars to buy customers and suck up inventory. They can lose money with impunity, supported by the stock market. We cannot.' The landing page of their website now goes directly to this announcement; the storefront is switched off. They maintain a Facebook page where a combination of remorse and surprise is rapidly growing. The letter also asserts that they will fulfill all business obligations to online customers during their transition to both a solitary, brick-and-mortar presence in California and a wholesale division, Evertek. Personally, just about every keyboard in my closet was purchased from them, and another box full of USB devices as well. Five of my PC builds exist because of them. Feel free to share your own memories of the former Computer Geeks Discount Outlet."
An anonymous reader writes "YouTube co-founder Chad Hurley says internet users should be able to legitimately watch content from anywhere in the world at any time. He says the days of national TV networks controlling the global online rights to shows has to end. 'I think the business models are breaking down and the companies that are going to win in this new world are the ones that make it as easy as possible for the consumers to consume the content wherever and whenever they want.' Hurley also says YouTube will be bidding for more online live sports."
vikingpower writes "Randall Munroe, the comic author best known as the creator of the xkcd webcomic, reveals the secret backstory of his epic, 3099-panel 'Time' strip in an interesting interview with Wired. He says, 'In my comic, our civilization is long gone. Every civilization with written records has existed for less than 5,000 years; it seems optimistic to hope that the current one will last for 10,000 more ... The Earth’s axis wobbles over the millennia, and some individual stars move visibly, so I used a few different pieces of astronomy software–with a lot of hand correction and tweaking–to render the future night sky. When the Sun sets in the night sequence, one of the first things you see is the gap where Antares should be, which was the first clue that this is taking place in the far future. Later in the night–which lasted for several days of real time–more astronomical details let readers pin down the date more precisely.' The comic can be seen as an animation on YouTube. There is also a complete click-through version available on geekwagon. This comic inspired a dedicated wiki and has its own glossary."
An anonymous reader sends this quote from an article at CNet: "The U.S. government is quietly pressuring telecommunications providers to install eavesdropping technology deep inside companies' internal networks to facilitate surveillance efforts. FBI officials have been sparring with carriers, a process that has on occasion included threats of contempt of court, in a bid to deploy government-provided software capable of intercepting and analyzing entire communications streams. The FBI's legal position during these discussions is that the software's real-time interception of metadata is authorized under the Patriot Act. Attempts by the FBI to install what it internally refers to as 'port reader' software, which have not been previously disclosed, were described to CNET in interviews over the last few weeks. One former government official said the software used to be known internally as the 'harvesting program.'"
itwbennett writes "Researchers demonstrated at Black Hat this week two attacks that bypassed Secure Boot in order to install a UEFI bootkit — boot rootkit — on affected computers. The first exploit works because certain vendors do not properly protect their firmware, allowing an attacker to modify the code responsible for enforcing Secure Boot, said researcher Yuriy Bulygin, who works at McAfee. The second exploit demonstrated by the researchers can run in user mode, which means that an attacker would only need to gain code execution rights on the system by exploiting a vulnerability in a regular application like Java, Adobe Flash, Microsoft Office or others. In both cases, the exploits are possible not because of vulnerabilities in Secure Boot itself, but because of UEFI implementation errors made by platform vendors." Of course, a hardware security system that is too complex to verify seems like a fatal flaw.
WebMink writes "In an interview at OSCON, Mark Shuttleworth of Canonical spoke about the vision behind the Ubuntu Edge phone as a concept device to test features the mobile industry is too conservative to try. Notably, he agreed with the Free Software Foundation's demands that the device should carry no proprietary software and have Free drivers (transcript): '... we'll ship this with Android and Ubuntu, no plans to put proprietary applications on it. We haven't finalized the silicon selection so we're looking at the next generation silicon from all major vendors. I would like to ship it with all Free drivers.'" Although not a hard promise, it is a promising development.
curtwoodward writes "Uber, the well-funded startup that hails cabs and black cars with a smartphone app, is a pretty slick way to book a ride. But how competitive is Uber with the traditional, highly regulated cab market? According to results from the startup's move into Boston, not very. Figures released in a court case show that, over 15 months, Uber processed just $9 million in gross fares (the drivers get most of that). Meanwhile, Boston's overall cab industry is pegged at doing about $250 million a year in fares. Despite the publicity, Uber still has a long way to go."
cold fjord writes "The Telegraph reports, 'GCHQ has received at least £100 million from the U.S. to help fund intelligence gathering, raising questions over American influence on the British agencies. ... It also emerged that the intelligence agency wants the ability to "exploit any phone, anywhere, any time" and that some staff have raised concerns over the "morality and ethics" of their operational work. ... The agency has faced claims it was handed intelligence on individuals from the US gained from the Prism programme that collected telephone and web records. However, it has been cleared of any wrongdoing or attempts to circumvent British law by the parliamentary intelligence and security committee, as well as by Mr Hague. The payments from the U.S. National Security Agency (NSA) are detailed in GCHQ's annual "investment portfolios", leaked by Mr Snowden to The Guardian. The NSA paid GCHQ £22.9million in 2009, £39.9million in 2010 and £34.7million in 2011/12. ...Another £15.5million went towards redevelopment projects at GCHQ's site in Bude, Cornwall, which intercepts communications from the transatlantic cables that carry internet traffic. ... A Cabinet Office spokesman said: "In a 60-year alliance it is entirely unsurprising that there are joint projects in which resources and expertise are pooled, but the benefits flow in both directions."'" dryriver also wrote in with news that several telecoms are collaborating with GHCQ (BT, Vodafone, and Verizon at least). From the article: "GCHQ has the ability to tap cables carrying both internet data and phone calls. By last year GCHQ was handling 600m 'telephone events' each day, had tapped more than 200 fibre-optic cables and was able to process data from at least 46 of them at a time. ... Documents seen by the Guardian suggest some telecoms companies allowed GCHQ to access cables which they did not themselves own or operate, but only operated a landing station for. Such practices could raise alarm among other cable providers who do not co-operate with GCHQ programmes that their facilities are being used by the intelligence agency."