Jump to content

NewsBot

Editor
  • Content Count

    901
  • Joined

  • Last visited

  • Days Won

    3

Everything posted by NewsBot

  1. If you signed up for Pokémon Go with your Google account, you might not know it but the game now has "full account access." That can be a major security risk. Adam Reeve, who first documented the issue on his Tumblr blog, said it appears to be a problem isolated to iPhones and iPads. It's not thought to affect Android devices. In our testing on two iPhones, the Pokémon Go app didn't explicitly ask permission for full account access when logging in with a Google username and password. By this point, it should have told us what data the app needs. Instead, it simply skipped straight to the app's terms of service, which makes no reference to the full account access. Under the hood, you've given the app and its creators access to your search history, personal information, Google Photos, everything in Google Drive, search and location history, and more. Not only can the app read your data, inbox, calendar events, and search history, it can also modify it. That's usually reserved for trusted apps, like browsers and mail clients -- such as Google Chrome -- and not games or most other apps. View the full article
  2. One of the most fun ways to communicate is using animated GIFs or graphics interchange format. Twitter had added GIFs to its list of features back in 2014 with the integration for GIPHY and Riffsy added in this February, but the GIF size was limited to 5MB. But now you can add animated GIFs which are up to 15MB in size, provided you add these GIFs from the desktop. GIF size limit for mobile uploads and photo size limit for mobile and desktop uploads stays the same at 5MB. This feature will be limited to the web only. This feature will only be available on Twitter and has not been added to TweetDeck yet. GIFs are generally well compressed and exceeding 5MB on a GIF file found online isn’t that common. Sure the 15MB file limit now also lets you create your own high quality GIFs to upload to Twitter, but only on the web is this possible as of now. This may let you add in longer GIFs, just in case. View the full article
  3. It’s hard to believe it’s been almost seven years since Mozilla Research first began sponsoring the development of Rust, at the time little more than an ambitious research experiment with a small but devoted community. Remarkably, despite a long history of inventions and discoveries, Rust’s key principles have remained constant. The Rust core team’s original vision—a safe alternative to C++ to make systems programmers more productive, mission-critical software less prone to memory exploits, and parallel algorithms more tractable—has been central to Mozilla’s interest in backing the Rust project and, ultimately, using Rust in production. An equally promising development has been the fact that Rust’s safety and modern features are attracting new people to systems programming. For Mozilla, where community-based development is quite literally our mission, widening our circle is vital. So I’m pleased to mark an important milestone: with Firefox 48, Mozilla will ship our first Rust component to all desktop platforms, and with Android support coming soon. View the full article
  4. YouTubers including PewDiePie were paid tens of thousands of dollars to give video games positive reviews, it's been claimed. Warner Bros, makers of Shadow of Mordor, has reached a settlement with the Federal Trade Commission (FTC) after they were accused of hiding the payments from people. The FTC, a consumers rights organisation, stated Warner Bros had deceived customers by paying YouTubers to promote the game without admitting it. The company is now banned from hiding similar deals in the future and from pretending sponsored videos are the work of independent producers. "Consumers have the right to know if reviewers are providing their own opinions or paid sales pitches," said Jessica Rich from the FTC. View the full article
  5. Tor has been the go-to for anonymous communication online for years now — and that has made it one of the juiciest targets possible to the likes of the NSA and FBI. A new anonymizing protocol from MIT may prove more resilient against such determined and deep-pocketed attackers. The potential problem with Tor is that if an adversary gets enough nodes on the network, they can work together to track the progress of packets. They might not be able to tell exactly what is being sent, but they can put together a breadcrumb trail tying a user to traffic coming out of an exit node — at least, that’s the theory. A team of researchers led by MIT grad student Albert Kwon (with help from EPFL) aims to leapfrog Tor’s anonymizing technique with a brand new platform called Riffle. “Tor aims to provide the lowest latency possible, which opens it up to certain attacks,” wrote Kwon in an email to TechCrunch. “Riffle aims to provide as much traffic analysis resistance as possible.” In addition to wrapping messages in multiple layers of encryption (the eponymous technique of Tor, “The Onion Router”), Riffle adds two extra measures meant to baffle would-be attackers. First, servers switch up the order in which received messages are passed on to the next node, preventing anyone scrutinizing incoming and outgoing traffic from tracking packets using metadata. View the full article
  6. Like many forms of encryption in use today, HTTPS protections are on the brink of a collapse that could bring down the world as we know it. Hanging in the balance are most encrypted communications sent over the last several decades. On Thursday, Google unveiled an experiment designed to head off, or at least lessen, the catastrophe. In the coming months, Google servers will add a new, experimental cryptographic algorithm to the more established elliptic curve algorithm it has been using for the past few years to help encrypt HTTPS communications. The algorithm—which goes by the wonky name "Ring Learning With Errors"—is a method of exchanging cryptographic keys that's currently considered one of the great new hopes in the age of quantum computing. Like other forms of public key encryption, it allows two parties who have never met to encrypt their communications, making it ideal for Internet usage. Virtually all forms of public key encryption in use today are secured by math problems that are so hard that they take millennia for normal computers to solve. In a world with quantum computers, the same problems take seconds to solve. No one knows precisely when this potential doomsday scenario will occur. Forecasts call for anywhere from 20 to 100 years. But one thing is certain: once working quantum computers are a reality, they will be able to decrypt virtually all of today's HTTPS communications. Even more unnerving, eavesdroppers who have stashed away decades' worth of encrypted Internet traffic would suddenly have a way to decrypt all of it. View the full article
  7. Symantec has warned customers that security flaws in the firm's systems outed by Google's Project Zero last month won't be fixed until mid-July. Patches were rushed out to cover some of the "as bad as it gets" flaws identified by Project Zero, but patches to secure the fundamental architectural flaws are still some weeks away. The cloud-based versions of Symantec's Endpoint Protection Small Business Edition will finally be updated this week, but users of the workstation versions will have to wait weeks. Symantec has promised updates "by mid-July" and recommended that customers apply them as a matter of urgency, but in the meantime Symantec's systems remain vulnerable. Project Zero publicized the flaws found in Symantec's Norton Antivirus products last week, after uncovering them in May and reporting them to Symantec. View the full article
  8. Security experts have documented a disturbing spike in a particularly virulent family of Android malware, with more than 10 million handsets infected and more than 286,000 of them in the US. Researchers from security firm Check Point Software said the malware installs more than 50,000 fraudulent apps each day, displays 20 million malicious advertisements, and generates more than $300,000 per month in revenue. The success is largely the result of the malware's ability to silently root a large percentage of the phones it infects by exploiting vulnerabilities that remain unfixed in older versions of Android. The Check Point researchers have dubbed the malware family "HummingBad," but researchers from mobile security company Lookout say HummingBad is in fact Shedun, a family of auto-rooting malware that came to light last November and had already infected a large number of devices. For the past five months, Check Point researchers have quietly observed the China-based advertising company behind HummingBad in several ways, including by infiltrating the command and control servers it uses. The researchers say the malware uses the unusually tight control it gains over infected devices to create windfall profits and steadily increase its numbers. HummingBad does this by silently installing promoted apps on infected phones, defrauding legitimate mobile advertisers, and creating fraudulent statistics inside the official Google Play Store. View the full article
  9. Facebook appears to have a major tax headache on its hands after the Internal Revenue Service sued the social network on Wednesday to force it to comply with summonses related to a 2010 asset transfer. According to documents the IRS filed in San Francisco federal court, the agency suspects Facebook and its accounting firm, Ernst & Young, understated the value of intangible assets transferred to Ireland by billions of dollars. The IRS says it is seeking an order to enforce six summonses that asked Facebook to appear at the agency’s offices in San Jose, Calif., and to produce papers and others records. According to IRS agent Nina Stone, Facebook failed to show up at the appointed date of June 17, and nor did it provide the documents. “Facebook complies with all applicable rules and regulations in the countries where we operate,” a spokesperson for the company told Fortune by email. The dispute arose as a result of an ongoing audit of Facebook by IRS that stretches back to 2010. In that year, the company chose to designate Facebook Ireland as the rights-holder for its worldwide business outside of the U.S. and Canada, and also to transfer intellectual property assets such as its platform and “marketing intangibles.” View the full article
  10. Is your antivirus protecting your computer or making it more hackable? Internet security experts are warning that anti-malware technology is becoming less and less effective at protecting your data and devices, and there's evidence that security software can sometimes even make your computer more vulnerable to security breaches. This week, the U.S. Department of Homeland Security's Computer Emergency Readiness Team (CERT) issued a warning about popular antivirus software made by Symantec, some of it under the Norton brand, after security researchers with Google's Project Zero found critical vulnerabilities. "These vulnerabilities are as bad as it gets. They don't require any user interaction, they affect the default configuration, and the software runs at the highest privilege levels possible," wrote Google researcher Tavis Ormandy in a blog post. Symantec said it had verified and addressed the issues in updates that users are advised to install. View the full article
  11. Security software giant Avast Software has acquired rival AVG Technologies. Avast will pay $25 cash for each of AVG’s outstanding ordinary shares in a deal amounting to around $1.3 billion. Founded out of Czechoslovakia in the early 1990s — initially called Grisoft — AVG has grown to become one of the biggest brands in desktop and mobile security apps. It also offers a range of related services, including AVG Cleaner for Android and Mac. The company is now headquartered in Amsterdam. Avast’s origins can also be traced back to the old Czechoslovakia, as the company was founded out of Prague in 1988. It has since emerged as one of the leading online security firms and is reported to control more than a fifth of the global antivirus software market. Though it is better known for its security software, Avast has branched out into other verticals — earlier this year, the company launched a new initiative to reveal the best Wi-Fi hotspots, using crowdsourced data. View the full article
  12. Cable giant Comcast will allow popular web video streaming service Netflix onto its X1 platform, the companies confirmed after being asked by Recode about talks to do so. Said the pair in a statement: “Comcast and Netflix have reached an agreement to incorporate Netflix into X1, providing seamless access to the great content offered by both companies. We have much work to do before the service will be available to consumers later this year. We'll provide more details at that time.” Sources said the deal to be on the cable giant’s set-top box would be akin to the arrangement that Netflix has cut with smaller cable operators in the United States and bigger ones across the globe. Basically, the Netflix app is present on the X1 platform, for users to sign into, making it easier than using other ways to do so. Netflix also has deals with Apple, Roku and Google’s Chromecast, with its app offered on these Internet TV services. It also is embedded in smart televisions. A recent report by Morgan Stanley, in fact, raised this possibility of a Comcast deal, especially noting that it could benefit by getting a larger bounty from Netflix for adding subscribers. It would also help Comcast have a more competitive video offering to others, like Roku, Verizon and Dish, that have apps from services like Hulu and Netflix. View the full article
  13. Since it first debuted in 2007, Netflix’s streaming video service has remained largely unchanged. A lot of content has come and (mostly) gone, but the basic idea – that of a streaming, web-based service – has stayed the same. That may not be the case for long. Netflix is reportedly considering adding offline functionality, which would enable users to download content and watch it offline. Subscribers would still be able to stream online, but they would also be able to enjoy Netflix in places without Wi-Fi or 4G. That second part, of course, would be a major change. So what do stakeholders think of the new idea? We polled Netflix’s user base to find out. Our results, based on more than 1,000 responses, indicate that Netflix users would love offline viewing – and would use it quite often. View the full article
  14. Amendments have been passed by the Bulgarian Parliament requiring all software written for the government to be open source and developed in a public repository, making custom software procured by the government accessible to everyone. Article 58 of the Electronic Governance Act states that administrative authorities must include the following requirements: "When the subject of the contract includes the development of computer programs, computer programs must meet the criteria for open-source software; all copyright and related rights on the relevant computer programs, their source code, the design of interfaces, and databases which are subject to the order should arise for the principal in full, without limitations in the use, modification, and distribution; and development should be done in the repository maintained by the agency in accordance with Art 7c pt. 18." In a blog post, Bozhidar Bozhanov, advisor to the Bulgarian deputy prime minister, said the move is to prevent vulnerabilities in government websites being left unpatched when a contract expires, and to detect bad security practices earlier. View the full article
  15. Freedom of Expression on the Internet is taken for granted by many of us. Around the world, headlines are heralding the fact that the UN has passed a resolution which reaffirms Internet Access as a human right and condemns any country which blocks certain parts of the Internet for any reason. The non-binding resolution reaffirms each country’s commitment to “Address security concerns on the Internet in accordance with their obligations to protect freedom of expression, privacy and other human rights online.” While over 70 countries supported this resolution on the “promotion, protection, and enjoyment of human rights on the Internet,” it is important to note the 17 countries that campaigned for an amendment that would remove language protecting the freedom of expression. The 17 countries are: Bangladesh, Bolivia, Burundi, China, Cuba, Republic of Congo, Ecuador, India, Indonesia, Kenya, Qatar, Russian Federation, Saudi Arabia, South Africa, United Arab Emirates, Venezuela, and Vietnam. View the full article
  16. AMD and Intel released the first 64-bit CPUs for consumers back in 2003 and 2004. Now, more than a decade later, Linux distributions are looking at winding down support for 32-bit hardware. Google already took this leap back in 2015, dumping 32-bit versions of Chrome for Linux. Ubuntu’s Dimitri John Ledkov put forth a proposal to wind down 32-bit support on the Ubuntu mailing list recently. Hardware that can’t run 64-bit software is becoming much less common, while creating 32-bit images, testing them, and supporting them takes time and effort. (On Linux, the “i386” architecture is the standard 32-bit for Intel-compatible CPUs, while “amd64” is the 64-bit architecture originally made by AMD that Intel CPUs are compatible with.) View the full article
  17. People may joke that others spend too much time on the internet, but this intricate series of tubes has become an important part of everyday life—so much so that it’s become a human rights violation to take it away. That’s according to the United Nations Human Rights Council, which passed a non-binding resolution in June that condemns countries that intentionally take away or disrupt its citizens’ internet access. The resolution was passed last Friday, but was opposed by countries including Russia, China, Saudi Arabia, South Africa, and India. The issue was with the passage that “condemns unequivocally measures to intentionally prevent or disrupt access to our dissemination of information online.”More than 70 states supported the resolutions, according to a statement released by Article 19, a British organization that works to promote freedom of expression and information. Thomas Hughes, the executive director of Article 19, wrote: View the full article
  18. Microsoft just released yet another Win10 upgrade nag system, disguised as a "Recommended" patch for Windows 7 SP1 and Windows 8.1 systems. According to the KB 3173040 article, if you have Windows set to automatically install updates, and have the Windows Update "Check for updates but let me choose whether to download and install them" box checked, your machine will suddenly sprout a full-screen purple message that says: View the full article
  19. It has been six months since the company formerly known as Dice (DHI Group) sold off Slashdot Media—the business unit that runs Slashdot and SourceForge—to BIZX, LLC, a San Diego-based digital media company. Since then, the new management has been moving to erase some of the mistakes made under the previous regime—mistakes that led to the site becoming a bit of a pariah among open source and free software developers. In an e-mail to Ars, Logan Abbott—the new president of Slashdot and SourceForge—said, "SourceForge was in the media a lot last year due to several transgressions, which we have addressed since the acquisition. Unfortunately, the media has thus far elected not to cover the improvements (probably because bad press is more popular)." In the conversation that followed, Abbott emphasized the transformation underway at SourceForge. Abbott has an uphill climb, to be sure. The shifting nature of the software development world has made repositories such as GitHub a go-to for open source projects of all sorts, while the focus on application downloads has shifted heavily toward the mobile world. But Abbott said he believes SourceForge is still "a great distribution channel," and that developers will come back to host with the repository "when end users see us as a trusted destination once again." View the full article
  20. Microsoft has released a new update rollup for Windows 7 users that brings an important pack of improvements to computers still running this OS version - according to third-party stats, Windows 7 continues to be used on some 45 percent of the PCs out there. The June 2016 update rollup for Windows 7 SP1 and Windows Server 2008 R2 includes fixes and performance improvements, so it doesn’t bring any new security patches. These continue to be part of the Patch Tuesday rollout taking place on the second Tuesday of each month. Microsoft announced in May this year that it would start rolling out update packs for Windows 7 every month, thus making it easier for computers running this version to remain up to date and get the very latest improvements. “These fixes will be available through Windows Update, WSUS, and SCCM as well as the Microsoft Update catalog. We hope this monthly rollup update simplifies your process of keeping Windows 7, and 8.1 up-to-date,” Microsoft said when announcing its new update rollup plan. View the full article
  21. If you’ve ever tested your internet speeds, you’ve probably used Ookla’s Speed Test or maybe even Netflix’s new Fast.com. There’s also a good chance that you’ve simply Google searched “speed test” to get you to one of those websites. In hopes to court users away from Ookla and Netflix, it looks like Google is building its own internet speed test tool right into search results. First uncovered by Dr. Pete Meyers on Twitter, the speed test function can simply be activated by searching “check internet speed.” As you can see in the screenshot below, the test takes less than 30 seconds and is powered by Measurement Lab (M-Lab). Thanks to this tweet, a Google Support page has also been uncovered, detailing Google’s partnership with M-Lab and how exactly the test works. As of this moment we’re still not sure what the test looks like or how accurate it is. You can try the query for yourself, but it doesn’t appear to be live for most users. In the mean time, you can, however, try out M-Lab’s NDT test for yourself if you’re interested. M-Lab’s testing tool hasn’t been very accurate for me, though, at least not as accurate as Ookla or Netflix’s offerings. View the full article
  22. A few weeks ago we wrote about how Cable One CEO Thomas Might recently crowed that his company had implemented a system that managed to deliver worse customer service to customers with low credit scores. According to Might, the company had developed a "very rigorous FICI credit scoring process" on its video customers since 2013 that involves somehow flagging the accounts so that company support representatives don't spend as much time on support with those users as they otherwise would. "We don't turn people away," Might said, but he added that the cable company's support staff isn't going to "spend 15 minutes setting up an iPhone app" for a lower-value customer. Not too surprisingly, the idea that a cable company would discriminate and actively lower customer service quality based on credit score turned some heads at the FCC, which is busy contemplating new privacy rules to protect broadband customers from behavior just like this. As such, CableONE has apparently written to the FCC to try and explain Might's comments. View the full article
  23. A new program unveiled in Germany promises full, end-to-end encryption for emails sent by even the most technophobic internet users. Deutsche Telekom and the Fraunhofer research institute collaborated on the software. German telecommunications giant Deutsche Telekom unveiled on Wednesday a new internet security project it has developed with the Fraunhofer Institute for Secure Information Technology (SIT). The new program, available for Windows, is called Volksverschlüsselung, or "people's encryption." The program will allow a user's computer to send encrypted email with minimal set-up and technical know-how. Encryption gives digital communication a level of security that ensures only the sender and intended recipient are able to view the message. Even if a message passes through multiple servers between the sender and recipient, it cannot be read until it reaches the recipient. Communicating online with encrypted messages is becoming more widespread as hacker attacks are on the rise. View the full article
  24. Products from Symantec that are supposed to protect users have made them much more open to attack, according to Google. Researcher Tavis Ormandy has spotted numerous vulnerabilities in 25 Norton and Symantec products that are "as bad as it gets," he says. "Just emailing a file to a victim or sending them a link to an exploit is enough to trigger it -- the victim does not need to open the file or interact with it in any way." Symantec has already published fixes for the exploits, so users would do well to install them immediately. Google's Project Zero team searches for "zero-day" code flaws and gives companies 90 days (plus a two week grace period) to fix them. In this case, Ormandy published the blog post shortly after Symantec pushed the fixes, saying the antivirus company did resolve the bugs "quickly." However, he excoriated Symantec for the danger of the errors and its incompetence in allowing them. In one case, he found a buffer overflow flaw in the company's "unpacker," which searches for hidden trojans and worms. "Because no interaction is necessary to exploit it, this is a wormable vulnerability with potentially devastating consequences," he says. "An attacker could easily compromise an entire enterprise fleet." He added that the unpackers have kernel access, which is "maybe not the best idea." View the full article
  25. One week after a federal court upheld the Federal Communications Commission’s landmark net neutrality policy, emboldened FCC officials are moving to advance an ambitious set of reforms that are already generating static from the broadband industry and its political allies. The decade-long battle over net neutrality, the principle that all content on the internet should be equally accessible to consumers, is not over. Industry giant AT&T has said it plans to join an appeal of the DC Circuit’s decision to the Supreme Court, and net neutrality foes in Congress continue to pursue their relentless campaign aimed at knee-capping the FCC’s consumer protections. But now that the FCC’s regulatory authority is on the strongest legal footing in years, agency officials are well-positioned to address pressing policy issues without the albatross of net neutrality around their necks. Speaking to the National Press Club on Monday, FCC Chairman Tom Wheeler sounded a defiant note on the question of the agency’s legal power as he outlined new plans to promote 5G wireless spectrum. “Our networks are open and will remain open for innovators to use without permission, and for consumers to access any place they want to go on the web, without permission, without blocking, without throttling, and without paid prioritization,” Wheeler told reporters. View the full article
×
×
  • Create New...