wiredmikey writes "Security researchers have discovered new Android malware controlled via SMS that can do a number of things on the compromised device including recording calls and surrounding noise. Called TigerBot, the recently discovered malware was found circulating in the wild via non-official Android channels. Based on the code examination, the researchers from NQ Mobile, alongside researchers at North Carolina State University said that TigerBot can record sounds in the immediate area of the device, as well as calls themselves. It also has the ability to alter network settings, report its current GPS coordinates, capture and upload images, kill other processes, and reboot the phone. TigerBot will hide itself on a compromised device by forgoing an icon on the home screen, and by masking itself with a legit application name such as Flash or System. Once installed and active, it will register a receiver with a high priority to listen to the intent with action 'android.provider.Telephony.SMS_RECEIVED.'"

asgard4 writes "Decades in the making, Donald Knuth presents the latest few chapters in his by now classic book series The Art of Computer Programming. The computer science pioneer's latest book on combinatorial algorithms is just the first in an as-of-yet unknown number of parts to follow. While these yet-to-be-released parts will discuss other combinatorial algorithms, such as graph and network algorithms, the focus of this book titled Volume 4A Combinatorial Algorithms Part 1 is solely on combinatorial search and pattern generation algorithms. Much like the other books in the series, this latest piece is undoubtedly an instant classic, not to be missing in any serious computer science library or book collection." Keep reading for the rest of asgard4's review.

holmesfsf writes "Creeped out by the Lower Merion School District's remote monitoring of students? Check out the Free Software Foundation's response to the laptop spying scandal and help build a wiki listing of school districts that provide students with laptops, so that the FSF can campaign against mandatory, proprietary laptops."

Michael J. Ross writes "Of all Web technologies, JavaScript may have the most checkered past — first heralded as a powerful object-oriented language for jazzing up Web pages, but later condemned as a source of spammy pop-up windows and horrid animations polluting websites everywhere. Yet during the past several years, Web designers and developers are increasingly using JavaScript unobtrusively, for client-site interactivity — as a supplement to server-side functionality, not a replacement, and built upon standards-compliant (X)HTML and CSS. As a result, the once-derided language is now enjoying a true resurgence in interest and use. This has been bolstered by the proliferation of JavaScript libraries, of which jQuery is clearly the front runner. Web programmers seeking to get up to speed on this exciting resource can turn to Learning jQuery 1.3: Better Interaction Design and Web Development with Simple JavaScript Techniques." Keep reading for the rest of Michael's review.

glow-in-the-dark writes "The Swiss office for Data Protection has asked Google to turn off Street View within the country because it doesn't meet the conditions demanded when permission was given to go ahead with the photography. Google answered privacy concerns with the following points (I'm translating them from German; here's an automated translation): 'Google will publish in advance where it is going to record the images, so you can act accordingly.' Do they want you to hide? Where is the real obligation here? 'Google has made masking the images of people and car license plates obligatory.' I think this is where trouble starts, because their permission to go ahead appears to have been dependent on how well they did this. I have browsed one particular town as an experiment and was quite quickly able to find unmasked faces. This means that either the algorithm they use doesn't work, or that it is done manually and they've fallen behind (in which case they should not have put up the images). 'Although a picture of a home is generally not covered under Data Protection, Google has agreed to remove them if asked. Follow the same process as removing a person.' I think it wouldn't be half as bad if the pictures weren't taken with a high enough resolution to see inside a house. In short, Google has not been given the easy ride it had in other countries regarding Street View. I actually suspect there is more to come."

Mark writes "Usability expert and columnist Jakob Nielsen wants to abolish password masking: 'Usability suffers when users type in passwords and the only feedback they get is a row of bullets. Typically, masking passwords doesn't even increase security, but it does cost you business due to login failures.' I've never been impressed by the argument that 'I can't think why we need this (standard) security measure, so let's drop it.' It usually indicates a lack of imagination of the speaker. But in this case, does usability outweigh security?"

tonywong writes "Mrs Ethelston's Church of England Primary School, in Uplyme, Devon, prohibited parents photographing their own children during a school event, claiming it was due to changes in child protection and images legislation. This may be harsh but not as bizarre as another UK school attempting to cover up photos of all the students with smiley faces last year. Perhaps the UK has more bogeymen per square kilometer (kilometre if you're a non USian) than the rest of the world, or is the UK on the leading edge of things-to-come?"

Hugh Pickens writes "New Scientist reports that a team of steganographers at the Institute of Telecommunications in Warsaw, Poland have figured out how to send hidden messages using the internet's transmission control protocol (TCP) using a method that might help people in totalitarian regimes avoid censorship. Web, file transfer, email and peer-to-peer networks all use TCP, which ensures that data packets are received securely by making the sender wait until the receiver returns a 'got it' message. If no such acknowledgment arrives (on average 1 in 1000 packets gets lost or corrupted), the sender's computer sends the packet again in a system known as TCP's retransmission mechanism. The new steganographic system, dubbed retransmission steganography (RSTEG), relies on the sender and receiver using software that deliberately asks for retransmission even when email data packets are received successfully (PDF). 'The receiver intentionally signals that a loss has occurred,' says Wojciech Mazurczyk. 'The sender then retransmits the packet but with some secret data inserted in it.' Could a careful eavesdropper spot that RSTEG is being used because the first sent packet is different from the one containing the secret message? As long as the system is not over-used, apparently not, because if a packet is corrupted, the original packet and the retransmitted one will differ from each other anyway, masking the use of RSTEG."

Village Idiot sends word of a patent granted to MIT researchers for a cone of silence a la Maxwell Smart. This one doesn't use plastic, but rather active and networked sensors and speakers embedded in a (probably indoor) space such as an open-plan office. "In 'Get Smart,' secret agents wanting a private conversation would deploy the 'cone of silence,' a clear plastic contraption lowered over the agents' heads. It never worked — they couldn't hear each other, while eavesdroppers could pick up every word. Now a modern cone of silence that we are assured will work is being patented by engineers Joe Paradiso and Yasuhiro Ono of the Massachusetts Institute of Technology. ... Instead of plastic domes, they use a sensor network to work out where potential eavesdroppers are, and speakers to generate a subtle masking sound at just the right level. ... The array of speakers... aims a mix of white noise and randomized office hubbub at the eavesdroppers. The subtle, confusing sound makes the conversation unintelligible." One comment thread on the article wonders about the propriety of tracking people around an office in order to preserve privacy.

pinguin-geek writes "Researchers at the McCormick School of Engineering and Applied Science at Northwestern University have identified a new 'guilt-by-association' threat to privacy in peer-to-peer (P2P) systems that would enable an eavesdropper to accurately classify groups of users with similar download behavior. While many have pointed out that the data exchanged over these connections can reveal personal information about users, the researchers shows that only the patterns of connections — not the data itself — is sufficient to create a powerful threat to user privacy. To thwart this threat, they have released SwarmScreen, a publicly available, open source software that restores privacy by masking a user's real download activity in such a manner as to disrupt classification."

theodp writes "On Tuesday, the USPTO awarded Microsoft a patent for the Automatic Censorship of Audio Data for Broadcast, an invention that addresses 'producing censored speech that has been altered so that undesired words or phrases are either unintelligible or inaudible.' The patent describes methods for muting offensive words and replacing them with less offensive versions, and 'a third alternative provides for overwriting the undesired word with a masking sound, i.e., "bleeping" the undesired word with a tone.' After all, there's nothing worse than being subjected to offensive speech when you're shooting someone in the head."

An anonymous reader writes "The Washington Post's Security Fix blog is running a fascinating series that peers inside some of the Web-based services cyber crooks are using to ply their trade: from masking their identity, to defeating CAPTCHAs, to creating counterfeit documents and validating stolen credit and debit cards. Everyone familiar with this space hears about these kinds of tools and services all the time in the abstract, but the Post blog includes screen shots and background details on the popularity of the services and how each one is helping to bring cyber crime that much closer to the realm of even the most newbie scam artists." Many of these tools require a working knowledge of Russian. Wouldn't surprise me to learn that Chinese-language tools exist too.

ozmanjusri writes "Coders working on Wine for Mac have found that the Mac loader has gained its own undocumented ability to load and understand Windows Portable Executable (PE) files. They found PE loading capabilities in Leopard that weren't there in Tiger. Further dissection showed that Apple is masking references to 'Win' and 'PE' in the dll, which means it's not an accidental inclusion. Is Apple planning native PE execution within OS X?"

Cory Foy writes ""Whatever you do, don't touch that module of code. The guy who wrote it is no longer here, and no one knows how it works." In Practices of an Agile Developer, Venkat Subramaniam and Andy Hunt put that quote as an example of something we are all afraid to hear, but probably have in our careers. They then go on to list a collection of practices which can keep you from hearing, or worse, saying that phrase. How do they do?" Read the rest of Cory's review for the answer.

Ravi writes "Any one who has had the opportunity to manipulate images would be aware of Adobe's Photoshop - considered to be the market leader in image manipulation software. But with its high price tag, buying Photoshop is akin to putting strain on your bank balance. What is interesting is that there is a very popular free alternative to Photoshop in GIMP. For those in the dark, GIMP is a state of the art image manipulation software which runs on multiple architectures and OSes and which is released under the GNU free License (GPL). I have been using GIMP exclusively for touching up images for many years now and it has met all my graphics manipulation needs." Read the rest of Ravi's review

bbyakk writes "After 6 months of development, Inkscape 0.44 is out. This version of the SVG-based vector graphics editor brings improved performance and tons of new features: Layers dialog, docked color palette, clipping and masking, native PDF export with transparency, configurable keyboard (including Xara emulation), Outline mode for complex drawings, innovative 'node sculpting' and lots more. Check out the full release notes, enjoy the screenshots, or download your package for Windows, Linux or Mac OS X."

capt turnpike writes "The hits just keep coming... according to eWEEK.com, someone is using actual excerpts of BBC news stories to 'launch drive-by downloads of bots, spyware, back doors and other Trojan downloaders.' One example is a story blurb masking the download and installation of a keylogger -- with no user interaction. And it doesn't even tell you it loves you."

zackmac writes "For over two weeks domain registrar GoDaddy has been serving blank pages to Safari and Opera users who attempt to access sites using its domain forwarding and masking service. GoDaddy is blaming Apple as the source of the problem, and with nowhere to turn, Mac users are flocking to Apple's support forums to discuss the issue in-depth. Apple has so far been unresponsive and GoDaddy has directed affected customers to contact Apple Support. An inconvienent workaround is to open the website first in Firefox or Internet Explorer and then the page will load in Safari or Opera. Speculation abounds as to the cause of the problem and how to fix it. The current belief is malformed headers, an invalid 302 header with a bogus location and a redirect loop."

afabbro writes "Google backed off its beta of Google Groups within 24 hours of making it mandatory for all users. You may recall that its lack of features (date searches), unwanted features (e-mail masking), and clunky user interface met with a very chilly reception here. Unfortunately, as of December 5th, Google Groups Beta is back and you can't get to the original (wonderful) Google Groups anymore. Be sure to share your opinion with Google."

mindpixel writes "I first mentioned Virtual Observatories in my July 2000 Slashdot interview. Now, nearly four years later, Spacetelescope.org is reporting a European team has used the Astrophysical Virtual Observatory (AVO) to find 30 supermassive black holes that had previously escaped detection behind masking dust clouds. The identification of this large population of long-sought 'hidden' black holes is the first scientific discovery to emerge from a Virtual Observatory. The result suggests that astronomers may have underestimated the number of powerful supermassive black holes by as much as a factor of five."