Tag: yorker-vanity

Critical crypto bug exposes Yahoo Mail passwords Russian roulette-style

Mascamon at lb.wikipedia Lest readers think “catastrophic” is too exaggerated a description for the critical defect affecting an estimated two-thirds of the Internet’s Web servers , consider this: at the moment this article was being prepared, the so-called Heartbleed bug was exposing end-user passwords, the contents of confidential e-mails, and other sensitive data belonging to Yahoo Mail and almost certainly countless other services. The two-year-old bug is the result of a mundane coding error in OpenSSL , the world’s most popular code library for implementing HTTPS encryption in websites, e-mail servers, and applications. The result of a missing bounds check in the source code, Heartbleed allows attackers to recover large chunks of private computer memory that handle OpenSSL processes. The leak is the digital equivalent of a grab bag that hackers can blindly reach into over and over simply by sending a series of commands to vulnerable servers. The returned contents could include something as banal as a time stamp, or it could return far more valuable assets such as authentication credentials or even the private key at the heart of a website’s entire cryptographic certificate. Underscoring the urgency of the problem, a conservatively estimated two-thirds of the Internet’s Web servers use OpenSSL to cryptographically prove their legitimacy and to protect passwords and other sensitive data from eavesdropping. Many more e-mail servers and end-user computers rely on OpenSSL to encrypt passwords, e-mail, instant messages, and other sensitive data. OpenSSL developers have released version 1.0.1g that readers should install immediately on any vulnerable machines they maintain. But given the stakes and the time it takes to update millions of servers, the risks remain high. Read 6 remaining paragraphs | Comments

View article:
Critical crypto bug exposes Yahoo Mail passwords Russian roulette-style

Experian in hot seat after exposing millions of social security numbers [Update]

Ruddington Photos/Flickr Regulators from several states are investigating a data breach from a subsidiary of the credit-tracking behemoth Experian. The investigation by attorneys general in these states concerns whether the subsidiary adequately secured some 200 million social security numbers and whether victims were properly notified. The investigation, first disclosed by Reuters , comes as the Obama administration is pressing for legislation requiring companies to better secure customer data . A Vietnamese man who operated a website, called findget.me, offering social security numbers has pleaded guilty to charges that he obtained the data from the Experian subsidiary, Court Ventures. The firm, a court document retrieval service, also jointly maintains a database of some 200 million social security numbers with another firm. Read 5 remaining paragraphs | Comments

See the article here:
Experian in hot seat after exposing millions of social security numbers [Update]

Creepshots: Microsoft discovers an on-campus peeping tom

Microsoft’s lush RedWest campus. Microsoft On July 24, 2013, a Microsoft vendor employee working at the company’s RedWest campus in Redmond had a piece of good fortune—he found a Muvi USB video camera just lying in the footpath between buildings. He picked up the camera, only later taking a look at the footage on the device, which revealed that his good fortune was actually evidence of a crime. The Muvi camera contained “upskirt” video footage of women climbing stairs or escalators—or sometimes just standing in checkout lines—and some of it had been shot on Microsoft’s campus. The vendor employee reported the incident to Microsoft Global Security, who took possession of the camera on July 26. To find the camera’s owner, two Global Security investigators pulled up Microsoft’s internal security camera footage covering the RedWest footpath. They began by locating the moment when the vendor employee walked into the frame, paused, and bent down to retrieve the camera off the ground. Investigators then rewound the footage to see who had dropped it. At the 11:24am mark, they saw a man in a collared shirt and reddish pants walk out of a RedWest building and walk along the footpath. Then, at 11:25am, the vendor employee appeared and picked up the camera. At 11:26am, the man in the reddish pants suddenly returned to the picture. According to a later report from the Redmond Police Department, he was “rushing” back to the RedWest building he had just left and appeared “nervous, frantically looking around.” He eventually used a keycard to re-enter the RedWest building. Read 6 remaining paragraphs | Comments

Visit site:
Creepshots: Microsoft discovers an on-campus peeping tom

USB-IF posts first photos of new reversible Type-C connector

The new USB Type-C connector compared to current A and B plugs. USB-IF USB Type-A. USB Type-B. Mini-USB Type-A. Mini-USB Type-B. Micro-USB Type-A. Micro-USB Type-B. That special, ugly variant of micro-USB Type-B you need to use for phones with USB 3.0 support. These are the different types of connectors you have to be aware of to use your current USB-equipped computers, phones, tablets, printers, and whatever other accessories you might have. The USB Implementers Forum (USB-IF) wants to simplify this problem by rallying behind the new Type-C connector, a new specification designed to replace current Type-A and Type-B plugs of all sizes. While we already knew that the USB Type-C connector would be smaller than many existing connectors and that (like Apple’s Lightning cables) it would be reversible, we didn’t know exactly what it would look like before today. The renderings released by the USB-IF today are still subject to change, but they show a Type-C connector that looks pretty much like you’d expect. Current cables usually use different Type-A and Type-B plugs on either end out of necessity—most computers use standard-sized Type-A connectors, while phones and cameras need either mini- or micro-sized Type-B connectors on the other end. Type-C will eventually supersede all of them, providing the same type of connector on both computers and phones. Read 2 remaining paragraphs | Comments

View article:
USB-IF posts first photos of new reversible Type-C connector

One week before its end of life, 28 percent of Web users are still on Windows XP

Windows XP will receive its last ever security update on April 8th next week. After that, any flaws, no matter how severe, will not be patched by Microsoft, and one would be well advised to not let Windows XP machines anywhere near the public Internet as a result. In spite of this, 28 percent of Web users were still using the ancient operating system in March. This seems unlikely to end well. Net Market Share Net Market Share Chrome has come close to Firefox’s market share a number of times over the years. However, the market share tracker we use, Net Market Share, has never seen Google’s browser actually surpass Mozilla’s—until now. In March, Chrome finally overtook Firefox to claim the second spot. Internet Explorer dropped a quarter of a point, Firefox dropped 0.42 points, and Chrome reaped the reward, gaining 0.68 points. Safari was essentially unchanged, up 0.01 points; likewise Opera, dropping 0.03 points. Read 4 remaining paragraphs | Comments

More:
One week before its end of life, 28 percent of Web users are still on Windows XP

Reuters: Next iPhone will come with 4.7” or 5.5” screen

Satire – The iPhone 5S (Parody) Ad Reuters reports that Apple’s next iPhone will be available in both 4.7-inch and 5.5-inch screen versions —considerable increases over the current iPhone 5S and 5C models’ 4-inch displays. Reuters cites “supply chain sources” for the information, which could mean anything from a Foxconn vice president down to a factory janitor. According to Reuters, three separate suppliers have been tapped to produce the larger LCD panels: Japan Display, Sharp, and LG Display. The existence of the displays themselves isn’t necessarily the point of the Reuters report, though—according to Reuters, not only are the two unannounced display sizes planned, but the 5.5-inch version might already be facing production problems. The report speculates that the displays will contain the same in-cell touch sensor technology that Apple has been using since the iPhone 5’s debut . This kind of display incorporates touch sensors directly into the screen’s glass, making it considerably more complex to manufacture than displays with separate glass, panel, and sensor elements. Making in-cell displays in quantity at the larger 5.5-inch size is apparently difficult, which is why the screen manufacturers are said to be leading with 4.7-inch screens. Read 2 remaining paragraphs | Comments

Read the original:
Reuters: Next iPhone will come with 4.7” or 5.5” screen

Hack of Boxee.tv exposes password data, messages for 158,000 users

A screenshot of the Boxee.tv forums post leading to an 800 megabyte file of leaked user data, including cryptographically hashed passwords. riskbasedsecurity.com Hackers posted names, e-mail addresses, message histories, and partially protected login credentials for more than 158,000 forum users of Boxee.tv, the Web-based television service that was acquired by Samsung last year , researchers said. The breach occurred no later than last week, when a full copy of the purloined forum data became widely available, Scott A. McIntyre, a security researcher in Australia, told Ars. On Tuesday, officials from password management service LastPass began warning customers with e-mail addresses included in an 800 megabyte file that’s still circulating online. The file contains personal data associated with 158,128 user accounts, about 172,000 e-mail addresses, and the cryptographically scrambled passwords that corresponded to those Boxee accounts, LastPass said. The dump also included a wealth of other details, such as user birth dates, IP addresses, site activity, full message histories, and password changes. All user messages sent through the service were included as part of the leak. As Ars has explained before, even when passwords in hacked databases have been cryptographically hashed, most remain highly susceptible to cracking attacks that can reveal the plain-text characters required to access the account . The damage can be especially severe when people use the same or similar passwords to protect accounts on multiple sites, a practice that’s extremely common. Read 3 remaining paragraphs | Comments

Read more here:
Hack of Boxee.tv exposes password data, messages for 158,000 users

Faster, cheaper, smaller: The state of the system-on-a-chip in 2014

Aurich Lawson/Ars Technica If you’re reading this, the odds are pretty good that you have a smartphone. There’s also a better-than-average chance that you know a little something about the stuff inside that phone—who makes the chips inside and how those chips stack up to the ones in other phones. About a year ago,  we wrote a guide covering most of the major players making these chips, and now that this year’s Mobile World Congress is over and done with, we thought it was time to revisit the subject. What’s changed? What’s stayed the same? And what’s going to happen in the next year that you need to know about? We’ll begin by looking at emerging trends before moving on to a bird’s-eye view of where all the major chipmakers stand. This won’t give you an in-depth technical description of every detail, but it should help you understand where this tech is headed in 2014. Read 55 remaining paragraphs | Comments

More:
Faster, cheaper, smaller: The state of the system-on-a-chip in 2014

“Pirate Bay Bundle” shares 101 little-known indie games via BitTorrent

Since The Humble Bundle launched in 2010 to almost immediate success , the Internet has been absolutely flooded with similar pay-what-you-want bundles of various indie games. Even amid this flood, a new indie game bundle stands out, both for its selection of titles and its distribution method. The Pirate Bay Bundle is a free collection of 101 small indie titles that I can almost guarantee you’ve never heard of, let alone played. Curator Moshboy describes the collection as an extension of his Underrated Indie Games series of YouTube videos . “Some were made for game jams, others were made just because, some are made by celebrated game makers, many are made by folks that you won’t know,” Moshboy explains. “Many are usually only available to play in your browser, but I managed to convince these wonderful folks to provide me with offline versions.” As the name implies, this massive collection of games is being distributed via a BitTorrent link on The Pirate Bay , with the cooperation of all the creators involved. While other indie bundles have also shared their DRM-free games via BitTorrent, I’m not aware of any that have willingly offered their selections entirely free via the popular and perpetually legally pressured torrent-sharing site (though that hasn’t stopped some people from turning to piracy to save a penny on other bundles). Read 2 remaining paragraphs | Comments

Originally posted here:
“Pirate Bay Bundle” shares 101 little-known indie games via BitTorrent

BlackBerry still losing money, just 10 times less than it did last quarter

The BlackBerry Q10. Ars Technica On Friday, BlackBerry announced (PDF) its quarterly earnings. Compared to the previous quarter, the embattled Canadian handset maker seems to have slowed the bleeding. In just three months, it slashed its losses by a factor of 10. In its fourth fiscal quarter ending March 1, 2014, BlackBerry sustained a net loss of $423 million, down from a net loss of $4.4 billion the previous quarter . That harsh third fiscal quarter loss was a driver behind a terrible fiscal 2014 year overall for Blackberry: the company lost $5.8 billion from March 1, 2013 to March 1, 2014. “I am very pleased with our progress and execution in fiscal Q4 against the strategy we laid out three months ago. We have significantly streamlined operations, allowing us to reach our expense reduction target one quarter ahead of schedule,” said John Chen, the company’s CEO, in a statement. “BlackBerry is on sounder financial footing today with a path to returning to growth and profitability.” Read 5 remaining paragraphs | Comments

Read the article:
BlackBerry still losing money, just 10 times less than it did last quarter