Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×
Google

Submission + - U.S. senator asks FTC to probe Apple, Google (msn.com)

Pigskin-Referee writes: NEW YORK — A U.S. senator has urged the Federal Trade Commission to investigate reports that applications on the Apple and Google mobile systems steal private photos and contacts and post them online without consent.

Democrat Charles Schumer's request comes after iPhone maker Apple tweaked its privacy policies last month after prodding from other lawmakers.

The distribution of third-party applications on iPhones and phones running on Google's Android system has helped create a surge in the popularity of those devices in recent years.

Related story: Android apps can snoop photos, too

However, Schumer said on Sunday that he was concerned about a New York Times report that iPhone and Android applications can access a user's private photo collection.

He also referred to a discovery last month that applications on devices such as the iPhone and iPad were able to upload entire address books with names, telephone numbers and email addresses to their own servers.

"These uses go well beyond what a reasonable user understands himself to be consenting to when he allows an app to access data on the phone for purposes of the app's functionality," Schumer said in a letter to the FTC.
Advertise | AdChoices

The lawmaker said it was his understanding that many of these uses violate the terms of service of the Apple and Android platforms. He said "it is not clear whether or how those terms of service are being enforced and monitored."

Related story: iPhone flaw allows apps access to your contacts

As a result, he said, "smartphone makers should be required to put in place safety measures to ensure third party applications are not able to violate a user's personal privacy by stealing photographs or data that the user did not consciously decide to make public".

Schumer said phone makers have an obligation to protect the private content of their customers.

"When someone takes a private photo, on a private cellphone, it should remain just that: private," said Schumer.

Microsoft

Submission + - Microsoft Patches BEAST SSL Flaw in Windows (threatpost.com)

Trailrunner7 writes: Microsoft on Tuesday patched the vulnerability in Windows that was exploited by the BEAST SSL attack tool developed by Juliano Rizzo and Thai Duong last year. The patch is one of several rated important that was issued by Microsoft in January's Patch Tuesday release, and there also was a critical bulletin released, fixing two separate vulnerabilities in Windows Media Player.

The vulnerability that is fixed by the patch in MS12-006 actually lies in the SSL 3.0/TLS 1.0 protocol. The attack that Rizzo and Duong developed and released in September enables them to decrypt users' SSL sessions on the fly and hijack them, including sessions with online banking sites and other sensitive sites. The bug has been known for a long time, but it wasn't until last year that a practical exploitation of it surfaced.

Chrome

Submission + - WebGL - A New Dimension for Browser Exploitation (contextis.com)

Pigskin-Referee writes: WebGL is a new web standard for browsers which aims to bring 3D graphics to any page on the internet. It has recently been enabled by default in Firefox 4 and Google Chrome, and can be turned on in the latest builds of Safari. Context has an ongoing interest in researching new areas affecting the security landscape, especially when it could have a significant impact on our clients. We found that:

        A number of serious security issues have been identified with the specification and implementations of WebGL.
        These issues can allow an attacker to provide malicious code via a web browser which allows attacks on the GPU and graphics drivers. These attacks on the GPU via WebGL can render the entire machine unusable.
        Additionally, there are other dangers with WebGL that put users’ data, privacy and security at risk.
        These issues are inherent to the WebGL specification and would require significant architectural changes in order to remediate in the platform design. Fundamentally, WebGL now allows full (Turing Complete) programs from the internet to reach the graphics driver and graphics hardware which operate in what is supposed to be the most protected part of the computer (Kernel Mode).
        Browsers that enable WebGL by default put their users at risk to these issues.

Botnet

Submission + - Spam Network Shut Down (wsj.com)

Pigskin-Referee writes: Microsoft Corp. and federal law enforcement agents seized computer equipment from Internet hosting facilities across the U.S. in a sweeping legal attack designed to cripple the leading source of junk email on the Internet.

Microsoft launched the raids as part of a civil lawsuit filed in federal court in Seattle in early February against unnamed operators of the Rustock "botnet," a vast network of computers around the globe infected with malicious software that allows its masterminds to distribute enormous volumes of spam, peddling everything from counterfeit software to pharmaceuticals.

In recent years, Microsoft has stepped up legal actions against a variety of Internet nuisances like spam that it believes inflict harm on its product and reputation. Spam taxes the servers of its Hotmail email service, and impacts the Internet experience of users of Microsoft software like Windows and Office. The malicious code used to form spam botnets often exploits security vulnerabilities in products like Windows.

A collection of hard drives Microsoft seized in Kansas City, Mo., as part of a nationwide takedown of a leading source of spam.

That lawsuit was unsealed late Thursday by a federal judge, at Microsoft's request, after company executives said they dealt a seemingly lethal blow to the botnet in their raids on Wednesday.

As part of that dragnet, U.S. marshals accompanied employees of Microsoft's digital crimes unit into Internet hosting facilities in Kansas City, Mo.; Scranton, Pa; Denver; Dallas; Chicago; Seattle and Columbus, Ohio. The Microsoft officials brought with them a federal court order granting them permission to seize computers within the facilities alleged to be "command-and-control" machines, through which the operators of the Rustock botnet broadcast instructions to their army of infected computers, estimated by Microsoft at more than one million machines world-wide.

Read more: http://online.wsj.com/article/SB10001424052748703328404576207173861008758.html#ixzz1Gy9RVQcp

The Internet

Submission + - Comcast, Level 3 Still Negotiating (dslreports.com)

Pigskin-Referee writes: Comcast, Level 3 Still Negotiating, and still having a very public fight

Earlier this month Level3 proclaimed that Comcast was violating net neutrality by demanding they pay a new connection fee to deliver Internet video services to Comcast customers. Comcast responded by claiming the dispute was just another peering dispute. Level 3 has continued to argue that Comcast is misleading people, this wasn't a normal peering dispute, and Comcast was simply trying to cash in on Level's handling of Netflix traffic. Whatever it is (and it has been amusing to see "peering experts" disagree completely on an agreement nobody has actually seen), Comcast says they're still working with Level3 on business arrangements and "revisions" to Comcast's initial proposal:

While we continue to believe the peering dispute that Level 3 initiated with Comcast is best resolved through discussions between engineers and business people, we think it is important to give a status update to the Internet community. Level 3 and Comcast engineering teams held several in-person discussions over the past 48 hours to discuss potential significant revisions to parts of our peering and direct connect architecture. Together, we constructively developed a potential new and different architectural approach that we proposed to trial with Level 3 as soon as next month. We proposed a mutual and relatively modest investment that would allow us both to better understand the traffic, routing, and economic considerations.

Comcast says Level3 walked away from negotiations and claims the company "effectively demanded unlimited capacity at our cost." Level3 hasn't fired back yet, as they've apparently been busy demanding NBC/Comcast merger conditions. However, Level3's argument has consistently been that Comcast is using their massive customer base as leverage to impose additional last mile tolls, and that Level3 isn't "demanding unlimited capacity" for free. Paying Comcast customers are simply accessing the content of their choice, argues Level3, and the idea this last mile exchange must be "balanced" is a red herring.

Facebook

Submission + - Google Will Kill Chrome OS Next Year (businessinsider.com)

Pigskin-Referee writes: Gmail creator Paul Buchheit is putting Google's new Chrome OS on a deathwatch.

He writes on FriendFeed: "Prediction: ChromeOS will be killed next year (or "merged" with Android)." His reasoning for why Chrome is toast: "Because ChromeOS has no purpose that isn't better served by Android (perhaps with a few mods to support a non-touch display)"

While it sounds like a bold statement, he also adds, "I was thinking, 'is this too obvious to even state?', but then I see people taking ChromeOS seriously, and Google is even shipping devices for some reason."

He's 100% correct about Chrome. We've been thinking about this too. What problem does Chrome solve? We're stumped.

Buchheit left Google years ago to start FriendFeed, which was a Twitter rival. Twitter won out and Facebook bought FriendFeed. He spent a few years at Facebook and is now with Y Combinator.

Read more: http://www.businessinsider.com/gmail-creator-paul-buchheit-predicts-google-kills-chrome-os-next-year-2010-12#ixzz18HeZrKlb

Spam

Submission + - Alleged Russian spam-lord hauled into US court (theregister.co.uk)

Pigskin-Referee writes: A Russian who allegedly at one time ran a network of compromised machines responsible for a third of global spam appeared in federal court in Wisconsin on Friday to deny the charges.

Oleg Y Nikolaenko, 23, a resident of Moscow, faces charges that he forged email spam messages in violation of the US CAN-SPAM Act, following his arrest in Las Vegas' Bellagio Hotel last month.

Prosecutors allege that the Russian was responsible for pumping out a staggering 10 billion spam messages per day, touting penis pills and counterfeit goods using the infamous Mega-D botnet network.

Nikolaenko entered a not guilty plea. He was denied bail after prosecutors successfully arguing he presented a flight risk if released.

Comment No Drivers - No Java - No Good (Score -1, Troll) 46

FreeBSD is a nice 'hobby' OS; however, it it lacks drivers for virtually all modern devices. There are no drivers for all but a few 'N' protocol wireless cards, and even those drivers are not as fully functional as those available for Windows. They have never gotten Java updated to where it is usable in the latest versions of Firefox either. Its support for SATA drives is somewhat limited. In fact, the number of devices that are not supported by FreeBSD is far larger than the number supported. Amd64 support is still not up to snuff either. Supposedly, they have improved their ACL support. I will have to investigate to see if it is up to the levels of other *.nix systems.

The FreeBSD team appears more interested in bumping its version number every few months than it is in getting its OS fully functional in a modern world. It took years before they even got support for nVidia drivers in 64bit mode. Of all the non Windows operating systems available, I would put FreeBSD at the bottom of the list.

Slashdot Top Deals

Karl's version of Parkinson's Law: Work expands to exceed the time alloted it.

Working...