reprints – Page 65

A flood of prank iMessage texts shows the app can be crashed easily

Human can’t be blamed for thinking this show of affection comes off as a little clingy. Adam Bell/The Next Web On Friday, The Next Web reported that a group of iOS developers were experiencing rapid-fire texts over iMessage, causing bothersome and repetitious messages and notifications. While the prank wasn’t serious on the level of, say, a full-scale DDoS of a bank website , and concern over spam via iMessage is not new either, the unwanted messages were fresh proof of some problems with the iMessage app, specifically in the lack of good spam-detection in iMessage, and in the lack of a way for users to block a message sender. One of the recipients of the spam, an iOS jailbreak tool and app developer who goes by the moniker iH8sn0w , informed The Next Web of the prank when it happened. iH8sn0w told Ars over Twitter that he simply disabled the handle that was getting flooded. “It’s just a bunch of kids bored playing with AppleScript,” he said. Another app and extension developer for iOS devices, Grant Paul, reported on Twitter that he was getting spammed on iMessage with very large messages, causing his iMessage app to crash. “The iMessage spammer has now completely locked me out of my iOS Messages app, by sending long strings of Unicode chars. Definitely a DoS,” Paul wrote on his Twitter account . Ars reached out to Paul but has not yet heard back from him. Read 3 remaining paragraphs | Comments

Visit site:
A flood of prank iMessage texts shows the app can be crashed easily

How the maker of TurboTax fought free, simple tax filing

This story was co-produced with NPR . Imagine filing your income taxes in five minutes—and for free. You’d open up a prefilled return, see what the government thinks you owe, make any needed changes and be done. The miserable annual IRS shuffle, gone. It’s already a reality in Denmark, Sweden, and Spain . The government-prepared return would estimate your taxes using information your employer and bank already send it. Advocates say tens of millions of taxpayers could use such a system each year, saving them a collective $2 billion and 225 million hours in prep costs and time, according to one estimate. Read 49 remaining paragraphs | Comments

Read the article:
How the maker of TurboTax fought free, simple tax filing

Jeff Bezos’ new patent envisions tablets without processors, batteries

Bezos’ “remote display” patent envisions tablets and e-readers that are just screens—power and processing is provided wirelessly by a central system. US Patent & Trademark Office It seems like everyone is trying to jump on the cloud computing bandwagon, but Amazon Chairman and CEO Jeff Bezos wants to take it to a whole new level. GeekWire reports that he and Gregory Hart have filed a patent for “remote displays” that would get data and power from a centrally located “primary station.” The tablets or e-readers would simply be screens, and the need for a large internal battery or significant local processing power would theoretically be obviated by the primary station. The patent sees processors and large internal batteries as the next major roadblocks in the pursuit of thinner and lighter devices. “The ability to continue to reduce the form factor of many of today’s devices is somewhat limited, however, as the devices typically include components such as processors and batteries that limit the minimum size and weight of the device. While the size of a battery is continuously getting smaller, the operational or functional time of these smaller batteries is often insufficient for many users.” The full patent is an interesting read, since it presents other potential use cases for these “remote displays” that wouldn’t necessarily need to wait on this theoretical fully wireless future-tablet to come to pass. For example: a camera or sensor could detect when a hand is passed over an e-reader display and respond by turning the page. A touch-sensitive casing could detect when a child is handling a display by measuring things like the length and width of their fingers and then disable purchasing of new content or the ability to access “inappropriate” content. Read 1 remaining paragraphs | Comments

Excerpt from:
Jeff Bezos’ new patent envisions tablets without processors, batteries

Solar power, white spaces bring 16Mbps broadband to towns without electricity

Microsoft White space networks haven’t exactly revolutionized Internet access in the US, but that doesn’t mean the technology can’t have a major impact in countries that lack consistent access to the Internet. The latest project showing the power of white spaces is unfolding in Kenya, where a solar-powered network is bringing the Internet to people who aren’t even connected to an electric grid. Microsoft deployed the network last month in conjunction with Kenyan government officials. It is serving a health care clinic in Burguret, a primary and secondary school in Male (that’s pronounced “mah-lay”), a secondary school in Gakawa, and a library in Laikipia. The network will be expanded to 20 locations in the coming months. “Down in the valley, nobody has electricity,” Paul Garnett, director of technology policy at Microsoft, told Ars. Garnett has been shuttling back and forth between the US and Kenya to get the white spaces network up and running, and he gave me an update on the project in a recent phone interview. Read 17 remaining paragraphs | Comments

One day after iOS 6.1.3, a new iPhone lock screen bug emerges

Just a day after Apple released iOS 6.1.3 , a new lock screen bug has been discovered that could give an attacker access to private information. The vulnerability is different from the passcode bug(s) addressed by Tuesday’s iOS update, but the end result is similar: access to iPhone’s contact list and photos. The new lock screen bug was first documented by YouTube user videosdebarraquito , who posted a video demoing the procedure. The basic gist, seen in the video below, is to eject the iPhone’s SIM card while using the built-in voice controls to make a phone call. Bypassing the iPhone passcode lock on iOS 6.1.3. There are a couple important things to keep in mind, though. For one, it seems like this bug applies to most modern iPhones, though apparently the procedure isn’t as easy as it looks. The YouTube video above shows the hack being executed on an iPhone 4, and iphoneincanada was able to replicate it on an iPhone 4. TheNextWeb was able to replicate it on an iPhone 4S but not an iPhone 5. But the iPhone 5 didn’t get away scot free, as German language site iPhoneblog.de appears to have been able to replicate the bug on that version of the phone. We have not yet seen a confirmed case of the bug existing on the iPhone 3GS, though it’s probably safe to assume that it does. Read 1 remaining paragraphs | Comments

Excerpt from:
One day after iOS 6.1.3, a new iPhone lock screen bug emerges

Guerilla researcher created epic botnet to scan billions of IP addresses

Aurich Lawson (after Aliens) In one of the more audacious and ethically questionable research projects in recent memory, an anonymous hacker built a botnet of more than 420,000 Internet-connected devices and used it to perform one of the most comprehensive surveys ever to measure the insecurity of the global network. In all, the nine-month scanning project found 420 million IPv4 addresses that responded to probes and 36 million more addresses that had one or more ports open. A large percentage of the unsecured devices bore the hallmarks of broadband modems, network routers, and other devices with embedded operating systems that typically aren’t intended to be exposed to the outside world. The researcher found a total of 1.3 billion addresses in use, including 141 million that were behind a firewall and 729 million that returned reverse domain name system records. There were no signs of life from the remaining 2.3 billion IPv4 addresses. Continually scanning almost 4 billion addresses for nine months is a big job. In true guerilla research fashion, the unknown hacker developed a small scanning program that scoured the Internet for devices that could be logged into using no account credentials at all or the usernames and passwords of either “root” or “admin.” When the program encountered unsecured devices, it installed itself on them and used them to conduct additional scans. The viral growth of the botnet allowed it to infect about 100,000 devices within a day of the program’s release. The critical mass allowed the hacker to scan the Internet quickly and cheaply. With about 4,000 clients, it could scan one port on all 3.6 billion addresses in a single day. Because the project ran 1,000 unique probes on 742 separate ports, and possibly because the binary was uninstalled each time an infected device was restarted, the hacker commandeered a total of 420,000 devices to perform the survey. Read 16 remaining paragraphs | Comments

Read the original post:
Guerilla researcher created epic botnet to scan billions of IP addresses

Finally, Feds say cops’ access to your e-mail shouldn’t be time-dependent

“When ECPA was enacted, e-mail was primarily a means of communicating information, not storing it,” said Sen. Mike Lee (R-UT) on Tuesday in a statement. Ed Yourdon On Tuesday, the Department of Justice acknowledged for the first time that the notion that e-mail more than 180 days old should require a different legal standard is outdated. This marked shift in legal theory, combined with new House subcommittee hearings and new Senate legislation, might just actually yield real, meaningful reform on the much-maligned Electronic Communications Privacy Act . It’s an act, by the way, that dates back to 1986. As Ars’ Tim Lee wrote in November 2012, “ECPA requires a warrant to obtain freshly sent e-mail before it’s been opened by the recipient. But once an e-mail has been opened, or once it has been sitting in the recipient’s e-mail box for 180 days, a lower standard applies. These rules simply don’t line up with the way modern e-mail systems work.” Read 14 remaining paragraphs | Comments

More:
Finally, Feds say cops’ access to your e-mail shouldn’t be time-dependent

US regulator: Bitcoin exchanges must comply with money-laundering laws

Zach Copley The federal agency charged with enforcing the nation’s laws against money laundering has issued new guidelines suggesting that several parties in the Bitcoin economy qualify as Money Services Businesses under US law. Money Services Businesses (MSBs) must register with the federal government, collect information about their customers, and take steps to combat money laundering by their customers. The new guidelines do not mention Bitcoin by name, but there’s little doubt which “de-centralized virtual currency” the Financial Crimes Enforcement Network (FinCEN) had in mind when it drafted the new guidelines. A FinCEN spokesman told Bank Technology News last year that “we are aware of Bitcoin and other similar operations, and we are studying the mechanism behind Bitcoin.” America’s anti-money-laundering laws require financial institutions to collect information on potentially suspicious transactions by their customers and report these to the federal government. Among the institutions subject to these regulatory requirements are “money services businesses,” including “money transmitters.” Until now, it wasn’t clear who in the Bitcoin network qualified as a money transmitter under the law. Read 7 remaining paragraphs | Comments

See original article:
US regulator: Bitcoin exchanges must comply with money-laundering laws

Cisco switches to weaker hashing scheme, passwords cracked wide open

Password cracking experts have reversed a secret cryptographic formula recently added to Cisco devices. Ironically, the encryption type 4 algorithm leaves users considerably more susceptible to password cracking than an older alternative, even though the new routine was intended to enhance protections already in place. It turns out that Cisco’s new method for converting passwords into one-way hashes uses a single iteration of the SHA256 function with no cryptographic salt. The revelation came as a shock to many security experts because the technique requires little time and computing resources. As a result, relatively inexpensive computers used by crackers can try a dizzying number of guesses when attempting to guess the corresponding plain-text password. For instance, a system outfitted with two AMD Radeon 6990 graphics cards that run a soon-to-be-released version of the Hashcat password cracking program can cycle through more than 2.8 billion candidate passwords each second. By contrast, the type 5 algorithm the new scheme was intended to replace used 1,000 iterations of the MD5 hash function. The large number of repetitions forces cracking programs to work more slowly and makes the process more costly to attackers. Even more important, the older function added randomly generated cryptographic “salt” to each password, preventing crackers from tackling large numbers of hashes at once. Read 7 remaining paragraphs | Comments

Continue reading here:
Cisco switches to weaker hashing scheme, passwords cracked wide open

Most PC security problems come from unpatched third-party Windows apps

If you’ve got 99 security problems, odds are Microsoft’s not one—or at least it’s just a minority of them. In its annual review of software vulnerabilities , security software firm Secunia found that 86 percent of vulnerabilities discovered on systems scanned by its software in the 50 most popular Windows software packages in 2012 were attributable to third-party developers and not to Microsoft’s Windows operating system or applications. And for most of these vulnerabilities, a patch was already available at the time they were discovered. Of the top 50 most used Windows packages—including the Windows 7 operating system itself, 18 were found to have end-point security vulnerabilities, a 98 percent increase over five years ago. Of those 18 packages, Google’s Chrome and the Mozilla Firefox browser were the biggest culprits, with 291 and 257 detected vulnerabilities respectively. Apple iTunes came in third, with 243 detected vulnerabilities. The remainder of the top ten offenders were: Adobe Flash Player: 67 Oracle Java JRE SE: 66 Adobe AIR: 56 Microsoft Windows 7: 50 Adobe Reader: 43 Microsoft Internet Explorer: 41 Apple Quicktime: 29 Of the vulnerabilities documented in Secunia’s database, 84 percent had already been patched by vendors when they were discovered on systems. “This means that it is possible to remediate the majority of vulnerabilities,” said Secunia Director of Product Management Morten R. Stengaard. “There is no excuse for not patching.” Read on Ars Technica | Comments

View original post here:
Most PC security problems come from unpatched third-party Windows apps

Ken May

Tag: reprints