Tag: privacy-rights

Google shows the world its official Android 4.2.2 changelog

When Android 4.2.2 quietly debuted last week , most users were left guessing about what exactly had been included in the software update. Helpful community sites like AndroidPolice had put together a thorough listing of some of the new features in Android 4.2.2, but any official listing of updates had yet to be made. Today, Google published its official changelog for its Android 4.2.2 update, as well as everything else that comes as a part of the Jelly Bean package. Many of the bullet points marked as “new” actually identify features that have been included in Android 4.2 since its initial launch and have since been  thoroughly  discussed. However, the changelog does include some of the minor features not previously touched on, like networking changes that were made to improve Wi-Fi Direct support and faster captive portal detection. Updates also include minor features, like the fact that TalkBack can now be accessed right from the power menu. You can also view the entirety of the Google Cards updates that have been made in Android 4.2. If you’re curious, you can view the official changelog at Google’s official Android site, then try out some of the features you may not have known existed on your Android 4.2 device. Read on Ars Technica | Comments

See more here:
Google shows the world its official Android 4.2.2 changelog

Sexy scammers entice men into stripping on webcam, then blackmail them

Police in Singapore have issued an alert citing a dramatic rise in the number of “cyber blackmail” cases being reported. But unlike many cases that target women or teenagers , this latest rash of crimes targets men through social media sites. The Singapore Police Force reports that there have been more than 50 reported cases in the last year where “foreign” women have lured men through invitations on social networks, such as Facebook and Tagged.com, into video sex sessions that are recorded for blackmail purposes. The women “initiate cybersex” with the men over video chat, stripping for them and then encouraging them to do the same. The men are told to perform sex acts on camera for the women, and the video feeds are recorded. The men are then contacted later and told that the videos will be posted in public if the victims don’t wire money to the scammers. Read 4 remaining paragraphs | Comments

More:
Sexy scammers entice men into stripping on webcam, then blackmail them

Adobe ships new features, new apps, exclusively to cloud subscribers

Adobe today shipped the first public preview of Edge Reflow. First shown off last September , the new application for responsive Web design is designed to make it easier for developers to produce webpages that alter their layout in response to changes in screen size, enabling the same page to be used on both desktop and portable devices. The company is also shipping an update for three other tools. It’s adding direct support for using the free Edge Web Fonts to its Web development app Dreamweaver and its timeline-based animation software Edge Animate. Edge Animate is also picking up new support for CSS gradients. Finally, the Edge Code HTML editor, currently available as a preview, is being updated to support live previewing and a quick edit mode that allows scripts and styles to be edited where they’re used even when they’re stored in separate files. The new Edge Reflow app looks handy for those interested in responsive Web design, and the other improvements are pleasant if incremental. The most significant thing is not the updates themselves, however, but the fact that they’re being made exclusive to Creative Cloud subscribers. Buyers of the traditional perpetually licensed versions of Creative Suite are excluded. Read 3 remaining paragraphs | Comments

Excerpt from:
Adobe ships new features, new apps, exclusively to cloud subscribers

Spanish police bust alleged “ransomware” ring that took in $1.34M annually

Spanish authorities announced Wednesday that they had arrested 10 people who were allegedly involved in a massive “ransomware” ring. The European Cybercrime Centre estimated that the criminal operation “affected tens of thousands of computers worldwide, bringing in profits in excess of €1 million euros ($1.34 million) per year.” The Spanish Ministry of the Interior described (Google Translate) the lead suspect as a “a 27-year-old citizen of Russian origin who was arrested in December in the United Arab Emirates,” and now awaits extradition to Spain. The newly arrested 10 were  linked to the financial cell of the ransomware operation, and include six Russians, two Ukrainians, and two Georgians. The Ministry added that the operation remains “open,” suggesting that more arrests could be forthcoming. (Spanish authorities posted a video (RAR) of the new arrests and raid.) Madrid dubbed  the ransomware used by the ring a “police virus” because it throws up a notice that appears to come from law enforcement. The malware requires the user to pay €100 ($134) as a “fine” from a false accusation of accessing child pornography or file-sharing websites. When the victims submit their payment details, European authorities added , the “criminals then go on to steal data and information from the victim’s computer.” Read 7 remaining paragraphs | Comments

Read the original:
Spanish police bust alleged “ransomware” ring that took in $1.34M annually

Obama administration defends $222,000 file-sharing verdict

Credit: U.S. Embassy, Jakarta The Obama Administration has stepped into a long-running file-sharing lawsuit in Minnesota, urging the United States Supreme Court not to get involved in a six-figure verdict against a young mother from Northern Minnesota. The feds don’t buy the woman’s argument that the massive size of the award makes it unconstitutional. Jammie Thomas-Rasset has been fighting a recording industry lawsuit accusing her of sharing music using the now-defunct peer-to-peer network Kazaa for the better part of a decade. In 2007, a jury found Thomas-Rasset liable to the tune of $222,000 for sharing 24 songs. She appealed the verdict, resulting in two more trials that each produced even larger jury awards. These higher figures were thrown out by the courts, but last year, the Eighth Circuit Court of Appeals upheld the $222,000 award. Thomas-Rasset is now seeking review by the Supreme Court. In a December brief , her lawyer drew an analogy to a line of Supreme Court decisions regarding excessive punitive damages. In those cases, juries had awarded punitive damages that were more than 100 times larger than the actual damages suffered by the plaintiffs. The Supreme Court held that such disproportionate punitive damages violate the due process clause of the Constitution. Read 6 remaining paragraphs | Comments

More:
Obama administration defends $222,000 file-sharing verdict

Cause of Super Bowl blackout was installed to prevent Super Bowl blackout

Entergy New Orleans, the utility that provides power to the Mercedes SuperDome in New Orleans, announced today that its technicians had determined the cause of the partial blackout during the Super Bowl last Sunday: an electrical relay the company had installed to prevent blackouts. The relay was supposed to trip switches to redirect power in the event of a line fault over one of the cables connecting Entergy’s switching gear to the stadium. In a statement , the company said that “the relay functioned without issue during a number of high-profile events—including the New Orleans Bowl, the New Orleans Saints-Carolina Panthers game, and the Sugar Bowl.” But on Super Bowl Sunday, the device instead triggered when there was no fault, signaling a switch to open shortly after the second half began. The relay has now been pulled, and Entergy is evaluating other equipment. “While some further analysis remains,” said Entergy New Orleans President and CEO Charles Rice in the prepared statement, “we believe we have identified and remedied the cause of the power outage and regret the interruption that occurred during what was a showcase event for the city and state.” Read 1 remaining paragraphs | Comments

See the original article here:
Cause of Super Bowl blackout was installed to prevent Super Bowl blackout

Adobe issues emergency Flash update for attacks on Windows, Mac users

Adobe Systems has released a patch for two Flash player vulnerabilities that are being actively exploited online to surreptitiously install malware, one in attacks that target users of Apple’s Macintosh platform. While Flash versions for OS X and Windows are the only ones reported to be under attack, Thursday’s unscheduled release is available for Linux and Android devices as well. Users of all affected operating systems should install the update as soon as possible. The Mac exploits target users of the Safari browser included in Apple’s OS X, as well as those using Mozilla’s Firefox. That vulnerability, cataloged as CVE-2013-0634, is also being used in exploits that trick Windows users into opening booby-trapped Microsoft Word documents that contain malicious Flash content, Adobe said in an advisory . Adobe credited members of the Shadowserver Foundation , Lockheed Martin’s Computer Incident Response Team, and MITRE with discovery of the critical bug. Read 4 remaining paragraphs | Comments

Continue Reading:
Adobe issues emergency Flash update for attacks on Windows, Mac users

Data siphoned in Fed reserve hack a “bonanza” for spear phishers

Sensitive details on thousands of banking executives lifted from a hacking involving the Federal Reserve represent a potential “bonanza” for spear phishers looking to snare high-value targets in personalized scam e-mails, a security researcher said. The list is no longer readily available online, but according to Chris Wysopal, CTO of security firm Veracode, it contained details from a Federal Reserve-related database that Anonymous-affiliated hackers claimed to breach on Sunday. It included 31 fields, including home addresses, e-mail addresses, login IDs, and cryptographically hashed passwords. “As you can see, this is a spearphishing bonanza and even a password reuse bonanza for whoever can crack the password hashes,” he wrote in a blog post published on Wednesday. “It doesn’t look like any of these are internal Federal Reserve System accounts as those would have FRS AD UIDs associated with each account. Still, this is about the most valuable account dump by quality I have seen in a while.” Read 2 remaining paragraphs | Comments

View article:
Data siphoned in Fed reserve hack a “bonanza” for spear phishers

We’re going to blow up your boiler: Critical bug threatens hospital systems

A picture of a Tridium device running the Niagara AX framework. Tridium More than 21,000 Internet-connected devices sold by Honeywell are vulnerable to a hack that allows attackers to remotely seize control of building heating systems, elevators, and other industrial equipment and in some cases, causes them to malfunction. The hijacking vulnerability in Niagara AX-branded hardware and software sold by Honeywell’s Tridium division was demonstrated at this week’s Kaspersky Security Analyst Summit in San Juan, Puerto Rico. Billy Rios and Terry McCorkle, two security experts with a firm called Cylance , allowed an audience to watch as they executed a custom script that took about 25 seconds to take control of a default configuration of the industrial control software. When they were done they had unfettered control over the device, which is used to centralize control over alarm systems, garage doors, heating ventilation and cooling systems, and other equipment in large buildings. Taking advantage of the flaw would give attackers half a world away the same control on-site engineers have over connected systems. Extortionists, disgruntled or unstable employees, or even terrorists could potentially exploit vulnerabilities that allow them to bring about catastrophic effects, such as causing a large heating system to explode or catch fire or sabotaging large chillers used by hospitals and other facilities. Attackers could also exploit the bug to gain a toehold into networks, which could then be further penetrated using additional vulnerabilities that may be present. Read 12 remaining paragraphs | Comments

View the original here:
We’re going to blow up your boiler: Critical bug threatens hospital systems

Securing your website: A tough job, but someone’s got to do it

In 2006, members of a notorious crime gang cased the online storefronts belonging to 7-Eleven, Hannaford Brothers, and other retailers. Their objective: to find an opening that would allow their payment card fraud ring to gather enough data to pull off a major haul. In the waning days of that year they hit the mother lode, thanks to Russian hackers identified by federal investigators as Hacker 1 and Hacker 2. Located in the Netherlands and California, the hackers identified a garden-variety flaw on the website of Heartland Payment Systems, a payment card processor that handled some 100 million transactions per month for about 250,000 merchants. By exploiting the so-called SQL injection vulnerability, they were able to gain a toe-hold in the processor’s network , paving the way for a breach that cost Heartland more than $12.6 million. The hack was masterminded by the now-convicted Albert Gonzalez and it’s among the most graphic examples of the damage that can result from vulnerabilities that riddle just about any computer that serves up a webpage . Web application security experts have long cautioned such bugs can cost businesses dearly, yet those warnings largely fall on deaf ears. But in the wake of the Heartland breach there was no denying the damage they can cause. In addition to the millions of dollars the SQL injection flaw cost Heartland, the company also paid with its loss of reputation among customers and investors. Read 23 remaining paragraphs | Comments

See the original article here:
Securing your website: A tough job, but someone’s got to do it