chicksdaddy writes "The saga of the application-signing flaw affecting Google's Android mobile phones took another turn Tuesday when a Silicon Valley startup teamed with graduate students from Northeastern University in Boston to offer their own fix-it tool for hundreds of millions of Android phones that have been left without access to Google's official patch. Duo Security announced the availability of an Android utility dubbed 'ReKey' on Tuesday. The tool allows users to patch the so-called 'Master Key' vulnerability on Android devices, even in the absence of a security update from Android handset makers and carriers who service the phones, according to a post on the Duo Security blog. Jon Oberheide, the CTO of Duo Security, said that ReKey provides an in-memory patch for the master key vulnerability, dynamically instrumenting the Dalvik bytecode routines where the vulnerability originates, patching it in-memory. Oberheide said that ReKey will also 'hook' (or monitor) those routines to notify you if any malicious applications attempt to exploit the vulnerability. Despite the availability of a patch since March, many Android users remain vulnerable to attacks that take advantage of the application signing flaw. That is because Android handset makers have been slow to issue updates for their handsets. For platforms (HTC and Samsung) that have been patched, carriers delayed the rollout to customers further. 'The security of Android devices worldwide is paralyzed by the slow patching practices of mobile carriers and other parties in the Android ecosystem,' said Oberheide. However, the fragmentation of the Android ecosystem is significant enough that it is no longer feasible for Google to take over responsibility for distributing patches. Third parties may need to step in to fill the void." A related article makes the case that the release of the Master Key vulnerability started an important conversation within the open source community.
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's now on IFTTT. Check it out! Check out the new SourceForge HTML5 Internet speed test! ×
An anonymous reader writes "Despite backing from the Clinton Climate Initiative, and a $111 million investment from Subway Restaurant mogul Fred DeLuca, a planned city for Central Florida called 'Destiny' was doomed from the start, according to memos retrieved from Florida's Department of Community Affairs. According to state officials, despite a great deal of hype about Destiny, Florida, becoming the first fully sustainable city in the U.S., plans to build the city were rejected almost immediately due to concerns over 'possible urban sprawl, energy inefficient land use patterns, the endangerment of natural resources, and the undermining of agriculture.'"
Daniel_Stuckey writes "Just to address one thing straight away: one of your favorite science fiction stories dealing, whether directly or indirectly, with surveillance is bound to be left off this list. And 1984's a given, so it's not here. At any rate, the following books deal in their own unique way with surveillance. Some address the surveillance head-on, while others speculate on inter-personal intelligence gathering, or consider the subject in more oblique ways. Still others distill surveillance down to its essence: as just one face of a much larger, all-encompassing system of control, that proceeds from the top of the pyramid down to its base."
colinneagle writes "Ethical hacking professor Sam Bowne recently put a cookie re-use method to test on several major web services, finding that Office 365, Yahoo mail, Twitter, LinkedIn, Amazon, eBay, and WordPress all failed the security test. Both Amazon and eBay can be tied directly to your money via the method of payment you have on record. And, just for kicks, we tried it with Netflix. And it worked. Microsoft has apparently known that accounts can be hijacked since at least 2012 when The Hacker News reported the Hotmail and Outlook cookie-handling vulnerability, so Bowne was curious if Microsoft closed the hole or if stolen cookies could still be re-used. He claims he 'easily reproduced it using Chrome and the Edit This Cookie extension.'"
jones_supa writes "Entertainment industry groups in Norway have spent years lobbying for tougher anti-piracy laws, finally getting their way earlier this month. But with fines and site-blocking now on the agenda, an interesting trend has been developing. According to a new report published by Ipsos, between 2008 and 2012 piracy of movies and TV shows collapsed in Norway, along with music seeing a massive drop to less than one fifth of the original level. Olav Torvund, former law professor at the University of Oslo, attributes this to good legal alternatives which are available today (Google translation of Norwegian original). Of those questioned for the survey, 47% (representing around 1.7 million people) said they use a streaming music service such as Spotify. And of those, just over half said that they pay for the premium option."
dryriver sends this quote from Phys.org: "Harvesting waste heat from power stations and even vehicle exhaust pipes could soon provide a valuable supply of electricity. A small team of Monash University researchers ... has developed an ionic liquid-based thermocell (abstract). Thermocell technology is based on harnessing the thermal energy from the difference in temperature between two surfaces and converting that energy into electricity. The new thermocell could be used to generate electricity from low grade steam in coal fired power stations at temperatures around 130C. This would be implemented by having the steam pass over the outer surface of the hot electrode to keep it hot while the other electrode is air or water cooled."
itwbennett writes "The W3C's Tracking Protection Working Group, which is mainly concerned with standardizing the mechanisms for server-side compliance with do-not-track requests, has rejected a proposal by from the Digital Advertising Alliance (DAA) that would have allowed advertisers to continue profiling users who had asked not to be tracked. The proposal would also have allowed them to 'retarget' ads to those users by showing ads relevant to one site or transaction on all subsequent sites they visited, according to the co-chairs of the W3C's Tracking Protection Working Group. The working group co-chairs also said that they planned to reject proposals similar to those made by the DAA."
New submitter Jawnn writes "The Washington Post reports that the EFF has filed suit against the NSA in Federal Court in San Francisco, on behalf of multiple groups (court filing). Those groups include, 'Rights activists, church leaders and drug and gun rights advocates.' EFF Legal Director Cindy Cohn said, 'The First Amendment protects the freedom to associate and express political views as a group, but the NSA's mass, untargeted collection of Americans' phone records violates that right by giving the government a dramatically detailed picture into our associational ties. Who we call, how often we call them, and how long we speak shows the government what groups we belong to or associate with, which political issues concern us, and our religious affiliation. Exposing this information – especially in a massive, untargeted way over a long period of time – violates the Constitution and the basic First Amendment tests that have been in place for over 50 years.' Apparently, not everyone out there is believing the 'If you have nothing to hide' excuses being offered up from various government quarters."
video interviews with Peter Wayner. Third time being the charm, his latest book, Future Ride, is now out and available for purchase. If you've followed and possibly even enjoyed this string of interviews with Peter, Future Ride might be valuable reading material for you. It's what I call a "futureproofing" book, and in today's fast-changing world being prepared for tomorrow -- even just in the sense of thinking about the many ways our society might change if our cars and trucks drive themselves -- is valuable for business and career reasons, aside from the sheer joy of speculating about what the future may hold.
First time accepted submitter jameshumphreys writes "London startup what3words has successfully launched a new website which has carved the world map into almost 57 trillion 3m x 3m squares, assigning each square a simple, unique 3 word address. For instance, the 'what3words' for the famous Peter Pan statue in London's Hyde Park is 'union.prop.enjoy'. This means you can easily describe even remote locations with great precision. CEO Chris Sheldrick says, 'We see our service being most useful where current methods of describing location (e.g. postcodes or ZIP codes) don't do the job well enough or don't do the job at all — but of course it has applications as a preferred alternative even where the existing solutions do a decent job, but perhaps less precise/customised than w3w.' An API is planned 'in the coming weeks.'" The heart of Disneyworld could be "Radioactive Humanoid Mice"; what would you call your neck of the woods?
An anonymous reader writes "A Newtown couple, both scientists, who lost their daughter in the school shooting, are wondering whether there were clues in the shooter's physiological makeup — his DNA, his blood, his brain chemistry. They are now involved in a search for biomarkers, similar to those that may indicate disease, for violence. They are raising money to help fund this research, but the effort is running into obstacles, in part, over ethical concerns. 'I'm not opposed to research on violence and biomarkers, but I'm concerned about making too big of a leap between biomarkers and violence,' said Troy Duster, a researcher at the University of California at Berkeley. There is concern that science may find biomarkers long before society can deal with its implications."
Rebecka writes "Hurricane Sandy, which pelted multiple states in Oct. and created billions of dollars in damage, was a freak occurrence and not an indication of future weather patterns, according to NASA's Goddard Institute for Space Studies via LiveScience. The study (abstract), which calculated a statistical analysis of the storm's trajectory and monitored climate changes' influences on hurricane tracks, claims that the tropical storm was merely a 1-in-700-year event. 'The particular shape of Sandy's trajectory is very peculiar, and that's very rare, on the order of once every 700 years,' said senior scientist at NASA and study co-author, Timothy Hall. According to Hall, the extreme flooding associated with the storm was also due to the storm's trajectory which was described as being 'near perpendicular.' The storm's unusual track was found to have been caused by a high tides associated with a full moon and high pressure that forced the storm to move off the coast of the Western North Atlantic."
Nerval's Lobster writes "Developer and editor Jeff Cogswell is back with a comparison of Eclipse and Visual Studio, picking through some common complaints about both platforms and comparing their respective features. 'First, let's talk about usability,' he writes, 'and let's be frank: Neither Eclipse nor Visual Studio is a model for sound usability.' That being said, as an open-source project, Eclipse wins some points for its customizability and compatibility with languages; it's more difficult to modify Visual Studio to meet some programmer needs, which has led to any number of abandoned projects over the years. Microsoft choosing to eliminate macros in recent versions of Visual Studio has also led to some programmer frustrations (and a need for external tools)."
An anonymous reader writes "A new piece of malware is targeting OS X to extort money from victims by accusing them of illegally accessing pornography. Ransomware typically uses claims of breaking the law and names law enforcement (such as the CIA or FBI) to scare victims, but it is usually aimed at Windows users, not Mac users. The security firm Malwarebytes first spotted this latest threat, noting that criminals have ported the ransomware scheme to OS X and are even exploiting a Safari-specific feature. The ransomware page in question gets pushed onto unsuspecting users browsing high-trafficked sites as well as when searching for popular keywords."
astroengine writes "A planned six-hour spacewalk outside the International Space Station came to a dramatic and abrupt end on Tuesday when water started building up inside the helmet of Italian astronaut Luca Parmitano. Parmitano and NASA astronaut Chris Cassidy were less than an hour into their spacewalk, their second in a week, when Parmitano reported that his head felt wet. 'My head is really wet and I have a feeling it's increasing,' Parmitano reported to ground control teams at the Johnson Space Center in Houston. Parmitano returned safely to the space station interior, but the cause of the leak was not immediately known."