itwbennett writes: Patrick Wardle and Colby Moore, both of whom work for security firm Synack, will show at Defcon how a Dropcam could turn into a Trojan horse. Here are the basics: Moore and Wardle plucked the private and public SSL certificates from the Dropcam they analyzed. With those in hand, it would be possible for them to view videos a person has stored or upload their own videos that would appear to have come from a specific Dropcam. 'It would allow an attacker to basically hijack or take over the video stream,' Wardle said. For its part, Nest, which acquired Dropcam in June, maintains that such an attack would require physical access to a Dropcam: 'The Synack folks were not able to remotely compromise any of our cameras — only ones they had physical access to,' wrote spokeswoman Kate Brinks. But it's not far fetched that an attacker could buy a Dropcam and give it as a gift to someone, essentially a Trojan horse attack that opens up their video to monitoring.
jfruh writes: The FTC has moved aggressively recently against companies that make it too easy for people — especially kids — to rack up huge charges on purchases within apps. But at a dicussion panel sponsored by free-market think tank, TechFreedom, critics pushed back. Joshua Wright, an FTC commissioner who dissented in a recent settlement with Apple, says a 15-minute open purchase window produced "obvious and intuitive consumer benefits" and that the FTC "simply substituted its own judgment for a private firm's decision as to how to design a product to satisfy as many users as possible."
jfruh writes: Investigators in a criminal case want to see some emails stored on Microsoft's servers in Ireland. Microsoft has resisted, on the grounds that U.S. law enforcement doesn't have jurisdiction there, but a New York judge ruled against them, responding to prosecutors' worries that web service providers could just move information around the world to avoid investigation. The case will be appealed.
jfruh writes: The rapid rise of Japan's high-tech sector in the 1970s and '80s prompted widespread surprise and more than a little anxiety in the West, with many American sci-fi writers and movie makers depicting a Japanese-dominated near future. The country's economy entered a seemingly permanent recession in the 1990s and it was soon eclipsed by China as the world's #2 economy and source of Western fears about Asian dominance. But Japanese tech companies and enginners keep on innovating in areas ranging from airplanes to tuna.
jfruh writes: IBM has been trying to sell its chipmaking division for a while now as part of its plan to unload underperforming assets, but it's now turning out that nobody else wants an underperforming chipmaking divion either, at least not at the prices IBM is asking. Globalfoundries, which used to be AMD's manufacturing arm and is now largely owned by the government of Abu Dhabi, was reportedly interested in buying, but only wanted the intellectual proprty and engineering staff — they felt IBM's manufacturing plants were of "little or no value."
itwbennett writes: In a personal blog post last week, ex-Oracle employee Kevin Closson said that Oracle database shops might unwittingly find themselves hit with pricey license fees if an audit turned up accidental usage of the in-memory option, which is turned on by default latest release of Database 12c. In a blog post late Monday, Maria Colgan, an Oracle product manager, responded to the claims, saying that while in-memory 'has been seamlessly integrated into the core of the database as a new component of the Shared Global Area (SGA),' it is not turned on by default. She then went on to spell out in detail the steps needed to enable the feature.
itwbennett writes: Since 2007, the U.S. telecom infrastructure has been targeted by more than a thousand malicious acts that resulted in severe outages, (those affecting at least 900,000 minutes of user calls, or when it impacts 911 service, major military installations, key government facilities, nuclear power plants or major airports) according to data obtained from the Federal Communications Commission (FCC) under the Freedom of Information Act. For the last three years, vandalism was the single biggest cause of outages identified, accounting for just over a third of the incidents in each year. Gun shots accounted for 9 percent of the outages in 2013, 7 percent in 2012 and 4 percent in 2011. Cable theft accounted for roughly similar levels — 4 percent of outages in 2013, 8 percent in 2012 and 7 percent in 2011. The FCC didn't list all the causes.
jfruh writes: When Facebook launched social plugins that could be installed on third party websites, it promised the information those plugins gathered would not be used to target ads. But now the company has reversed course, announcing plans to track users across multiple websites and use their browsing history to target ads, just as Google does. Privacy groups are gearing up to try to stop them.
itwbennett writes: Attackers are exploiting a vulnerability in distributed search engine software Elasticsearch to install DDoS malware on Amazon and possibly other cloud servers. Last week security researchers from Kaspersky Lab found new variants of Mayday, a Trojan program for Linux that's used to launch distributed denial-of-service (DDoS) attacks. The malware supports several DDoS techniques, including DNS amplification. One of the new Mayday variants was found running on compromised Amazon EC2 server instances, but this is not the only platform being misused, said Kaspersky Lab researcher Kurt Baumgartner Friday in a blog post.
jfruh writes: For some time, Intel has been offering custom-tweaked chips to big customers. While most of the companies that have taken them up on this offer, like Facebook and eBay, put the chips into servers meant for internal use, Oracle will now be selling systems running on custom Xeons directly to end users. Those customers need to be careful about how they configure those systems, though: in the new Oracle 12c, the in-memory database option, which costs $23,000 per processor, is turned on by default.
jfruh writes: An investigation by Chinese jounralists led many Chinese citizens to worry that their every move is being tracked and personal data intentionally intruded upon. The nefarious institution conducting this surveillance? Apple, via iOS 7's "Frequent Locations" feature. In the wake of the report, which ran on a state-owned television channel, Apple released a statement assuring users that isn't tracking their location data, but that hasn't stopped a woman in China from filing a class action suit in a California Court.