Researcher To Release Web-Based Android Attack

Posted by on 07/11/2010 No comments

CWmike writes “A computer security researcher says he plans to release code Thursday that could be used to attack some versions of Google’s Android phones over the Internet. The attack targets the browser in older, Android 2.1-and-earlier versions of the phones. It is being disclosed Thursday at the HouSecCon conference by M.J. Keith, a security researcher with Alert Logic. Keith says he has written code that allows him to run a simple command line shell in Android (video) when the victim visits a website that contains his attack code. The bug used in Keith’s attack lies in the WebKit browser engine used by Android. Google said it knows about the vulnerability. ‘We’re aware of an issue in WebKit that could potentially impact only old versions of the Android browser,’ Google spokesman Jay Nancarrow confirmed in an e-mail. ‘The issue does not affect Android 2.2 or later versions.’ Version 2.2 runs on 36.2 percent of Android phones, Google says”

Read more of this story at Slashdot.

Link to the original site

Massive DDoS Cuts Myanmar Off From Net

Posted by on 07/11/2010 No comments

Trailrunner7 writes “The nation of Myanmar, formerly known as Burma, found its access to the Internet severed by a massive denial of service attack, according to a report by Arbor Networks. The source or motivation of the attack isn’t known, but it is believed that the distributed denial of service (DDoS) attacks have targeted the country’s Ministry of Post and Telecommunication (or PTT), the main conduit for Internet traffic in and out of the authoritarian nation.”

Read more of this story at Slashdot.

Link to the original site

5 Years of Linux Kernel Releases Benchmarked

Posted by on 07/11/2010 No comments

An anonymous reader writes “Phoronix has published benchmarks of the past five years worth of Linux kernel releases, from the Linux 2.6.12 through Linux 2.6.37 (dev) releases. The results from these benchmarks of 26 versions show that, for the most part, new features haven’t affected performance.”

Read more of this story at Slashdot.

Link to the original site

Schneier@TEDxPSU

Posted by on 07/11/2010 No comments

No Tubo: Reconceptualizing Security (20 min.)

Link to the original site

Former Student Gets 30 Months For Political DDoS Attacks

Posted by on 07/11/2010 No comments

wiredmikey writes “A former University of Akron student was sentenced Friday to 30 months in prison, followed by 3 years of supervised release for conducting denial of service attacks on the sites of several prominent conservative figures as well as infecting several systems with botnet software. Mitchell L. Frost, age 23, of Bellevue, Ohio admitted that between August 2006 and March 2007, he initiated denial of service attacks on web servers hosting the sites of political commentators, including Bill O’Reilly, Rudy Giuliani, Ann Coulter, and others.”

Read more of this story at Slashdot.

Link to the original site

DragonFly BSD 2.8.2 Released

Posted by on 03/11/2010 No comments

The 2.8.2 release of DragonFly BSD is now available, featuring significant advances in multi-processor performance based on DragonFly’s signature soft token locks. It also includes many feature advancements including: pf from OpenBSD 4.2, the Wifi stack from FreeBSD and DataMapper from NetBSD (with significant enhancements). This release also marks the return of the GUI image. See the release notes for full details.

Link to the original site

OpenBSD 4.8 Released

Posted by on 03/11/2010 No comments

OpenBSD 4.8 has been released. The main feature of this release is the ACPI suspend and resume for laptops with Intel or Ati graphic chipsets. If anyone is knowledgeable enough about OpenBSD to write a long item about it, feel free.

Link to the original site

Facebook User IDs were sold to data brokers, company admits

Posted by on 03/11/2010 No comments

By Ed Oswald, Betanews

In yet another black eye for social networking site Facebook, the site disclosed Friday that several developers were selling user data to a third-party. User IDs, or unique identifiers given to every registered member of the site, allow an application to look up a user’s public personal information.

As a result of the discovery the offending developers have been placed on a six-month suspension. While not identifying those at fault, the company did say at least one data broker — RapLeaf, Inc. — came forward to assist in the investigation. It was not immediately clear if RapLeaf was the purchasing broker, although it agreed to delete any user IDs in its possession.

“Facebook has never sold and will never sell user information,” engineer Mike Vernal wrote in a blog post on the site. “We also have zero tolerance for data brokers because they undermine the value that users have come to expect from Facebook.”

Less than a dozen developers will be suspended as a result of the company’s internal investigation, Vernal reported. These companies would also be subject to “audits” to ensure continuing compliance.

The issue was first disclosed in mid-October after the Wall Street Journal reported that tens of millions of these user IDs had been compromised. However, at that time Facebook did not say that developers may have been intentionally disclosing these identifiers for profit.

Regardless, the site again stressed that private information was not at risk, just the data that a user may have made publicly available. It also has spurred the company to launch a new way of identifying user IDs anonymously which all developers would be required to use by January 1. APIs to take advantage of this new functionality would be released next week.

“In taking these steps, we believe we are taking the appropriate measures to ensure people stay in control of their information, while providing developers the tools they need to create engaging social experiences,” Vernal said.

Copyright Betanews, Inc. 2010

Link to the original site

OpenBSD 4.8 Released

Posted by on 03/11/2010 No comments

Mortimer.CA writes “The release of OpenBSD 4.8 has been announced. Highlights include ACPI suspend/resume, better hardware support, OpenBGPD/OpenOSPFD/routing daemon improvements, inclusion of OpenSSH 5.5, etc. Nothing revolutionary, just the usual steady improving of the system. A detailed ChangeLog is available, as usual. Work, of course, has already started on the next release, which should be ready in May, according to the steady six-month release cycle.”

Read more of this story at Slashdot.

Link to the original site

iPhone Alarm Bug Leads To Mass European Sleep-in

Posted by on 03/11/2010 No comments

nk497 writes “A flaw in the alarm clock in iPhone 4s gave Europeans a bit of a lie-in this morning. While the Apple handsets automatically adjusted to daylight savings time, a bug in the alarm system meant many were woken up an hour later than they should have been, after clocks rolled back over the weekend. Annoyingly, Australia was hit by a similar problem last month, but Apple failed to fix the problem or even warn users. American Apple fans, consider yourselves warned. The iOS4 bug can apparently be avoided by using one-off alarms, rather than pre-set regular wake-up calls.”

Read more of this story at Slashdot.

Link to the original site