João Saramago

Can Android Without Dalvik Avoid Oracle’s Wrath?

js — Wed, 07 Sep 2011 09:14:18 PDT

jfruhlinger writes “Despite the fact that Oracle is suing Google over claims that Android violates Java IP, Android is roaring ahead in the marketplace. Still, some groups are wondering if they can implement Android without incurring Oracle’s current or future …

DDoS Attack On Wikileaks Increasing

js — Mon, 13 Dec 2010 07:53:20 PST

tetrahedrassface writes “According to the Twitter feed for Wikileaks, the attack on the controversial site is increasing and is now at 10 Gigabits per second. In light of the recent release of highly sensitive documents and calls by many lawmakers …

Windows 7 Phone Gets Jailbreak Tool

js — Mon, 13 Dec 2010 07:51:03 PST

An anonymous reader writes “Developers have released a ‘jailbreak’ tool for Microsoft’s Windows Phone 7, allowing the handsets to run any application, not just those approved for distribution through Microsoft’s Marketplace. Although reminiscent of jailbreak tools for the iPhone, this …

The Golden Hour of Phishing Attacks

js — Mon, 13 Dec 2010 07:50:19 PST

Orome1 writes “Trusteer conducted research into the attack potency and time-to-infection of email phishing attacks. One of their findings was that 50 per cent of phishing victims’ credentials are harvested by cyber criminals within the first 60 minutes of phishing …

MorphOS 2.7 Released

js — Mon, 13 Dec 2010 07:50:03 PST

MorphOS 2.7 has been released, and it’s mostly a bug-fix release. The one thing that stood out to me is that some work has gone into fixing bugs for several PowerPC G4 chips – more specifically, models used in PowerBook …

A Third of World’s Spam From One Russian Man

js — Mon, 13 Dec 2010 07:49:22 PST

DaveNJ1987 writes “The FBI believes that one third of the world’s spam messages are being generated by one 23-year-old Russian man. Oleg Nikolaenko of Moscow is being blamed for operating the Mega D botnet that sent spam emails from over …

Ubuntu 11.04 (Natty Narwhal) Makes a First Appearance

js — Mon, 13 Dec 2010 07:44:21 PST

srimadman writes “The Alpha 1 Release of Ubuntu 11.04, often known as ‘Natty Narwhal,’ is intended as a developer snapshot of the next major Ubuntu version, which is due in April.” So, if you want to try Unity and Wayland …

Microsoft Builds JavaScript Malware Detection Tool

js — Mon, 13 Dec 2010 07:44:02 PST

Trailrunner7 writes “As browser-based exploits and specifically JavaScript malware have shouldered their way to the top of the list of threats, browser vendors have been scrambling to find effective defenses to protect users. Few have been forthcoming, but Microsoft Research …

Gentlemen Prefer Androids, Ladies iOS

js — Mon, 13 Dec 2010 07:43:39 PST

Ponca City writes “PC World reports that women are more likely to buy an iPhone for their next smartphone purchase, while men prefer Android devices. According to data collected in October 2010, 31 percent of women wanted to buy an …

Android Phones Get Virtualization

js — Mon, 13 Dec 2010 07:42:56 PST

bednarz writes “VMware is teaming with LG to sell Android smartphones that are virtualized, allowing a single phone to run two operating systems, one for business use and one for personal use. A user’s personal email and applications would run …

Verve: A Type Safe Operating System

js — Mon, 13 Dec 2010 07:42:33 PST

“The Singularity project (an OS written in managed code used for research purposes) has provided several very useful research results and opened new avenues for exploration in operating system design. Recently, MSR released a paper covering an operating system research …

Dutch Police Arrest MasterCard Attacker

js — Mon, 13 Dec 2010 07:42:17 PST

An arrest has been made in the case of the DDoS attacks against MasterCard, Visa, PayPal, and others. The Dutch police has arrested a Dutch guy [Dutch] who has already confessed to taking part in the attacks. Most likely, he …

Apple Quietly Drops iOS Jailbreak Detection API

js — Mon, 13 Dec 2010 07:26:54 PST

bednarz writes “Without explanation, Apple has disabled a jailbreak detection API in iOS, less than six months after introducing it. Device management vendors say the reasons for the decision are a mystery, but insist they can use alternatives to discover …

Apple, Google Diss the DoD Over Mobile Security

js — Mon, 13 Dec 2010 07:26:21 PST

Julie188 writes “The Defense Information Systems Agency (DISA) has long supported the use of BlackBerry smartphones for soldiers. It built a system called Go Mobile to provide secure communications, training, and collaboration applications to mobile soldiers. DISA recently decided to …

Has Progress Been Made In Fighting DDoS Attacks?

js — Mon, 13 Dec 2010 07:25:58 PST

alphadogg writes “As the distributed denial-of-service attacks spawned by this week’s WikiLeaks events continue, network operators are discussing what progress, if any, has been made over the past decade to detect and thwart DoS attacks. Participants in the North American …

New Windows Kernel Vulnerability Bypasses UAC

js — Mon, 29 Nov 2010 04:17:39 PST

xsee writes “A new vulnerability in the Windows kernel was disclosed Wednesday that could allow malware to attain administrative privileges by bypassing User Account Control (UAC). Combined with the unpatched Internet Explorer vulnerability in the wild this could be a …

China’s Politburo Behind Google Cyber-Attack?

js — Mon, 29 Nov 2010 04:15:57 PST

theodp writes “While Wikileaks itself is under a DoS attack, details about the US State Department cables obtained by WikiLeaks are starting to come out via the mainstream media. Among the most newsworthy, reports Techcrunch’s Erick Schonfeld, is one set …

WikiLeaks Under Denial of Service Attack

js — Mon, 29 Nov 2010 04:15:24 PST

wiredmikey writes “WikiLeaks has reported that its Web site is currently under a mass distributed denial of service attack. The attack comes around the time of an expected release of classified State Department documents, which the Obama administration says will …

Security Expert Warns of Android Browser Flaw

js — Mon, 29 Nov 2010 04:14:49 PST

justice4all writes “Google is working on a fix to a zero-day flaw discovered by British security expert Thomas Cannon that could lead to user data on a mobile phone or tablet device being exposed to attack. Cannon informed Google before …

USB3 Arrives for Mac OS X Thanks to LaCie

js — Sun, 07 Nov 2010 09:29:27 PST

Steve Jobs recently told a Mac user, enquiring about the probability of USB3 on Macs in the near feature, that the technology is not ready because Intel has yet to adopt the platform. A recent rumour slated Intel to integrate …

Researcher To Release Web-Based Android Attack

js — Sun, 07 Nov 2010 09:28:18 PST

CWmike writes “A computer security researcher says he plans to release code Thursday that could be used to attack some versions of Google’s Android phones over the Internet. The attack targets the browser in older, Android 2.1-and-earlier versions of the …

Massive DDoS Cuts Myanmar Off From Net

js — Sun, 07 Nov 2010 09:28:00 PST

Trailrunner7 writes “The nation of Myanmar, formerly known as Burma, found its access to the Internet severed by a massive denial of service attack, according to a report by Arbor Networks. The source or motivation of the attack isn’t known, …

5 Years of Linux Kernel Releases Benchmarked

js — Sun, 07 Nov 2010 09:27:46 PST

An anonymous reader writes “Phoronix has published benchmarks of the past five years worth of Linux kernel releases, from the Linux 2.6.12 through Linux 2.6.37 (dev) releases. The results from these benchmarks of 26 versions show that, for the most …

Schneier@TEDxPSU

js — Sun, 07 Nov 2010 09:26:22 PST

No Tubo: Reconceptualizing Security (20 min.) Link to the original site

Former Student Gets 30 Months For Political DDoS Attacks

js — Sun, 07 Nov 2010 09:26:10 PST

wiredmikey writes “A former University of Akron student was sentenced Friday to 30 months in prison, followed by 3 years of supervised release for conducting denial of service attacks on the sites of several prominent conservative figures as well as …

DragonFly BSD 2.8.2 Released

js — Wed, 03 Nov 2010 05:46:53 PDT

The 2.8.2 release of DragonFly BSD is now available, featuring significant advances in multi-processor performance based on DragonFly’s signature soft token locks. It also includes many feature advancements including: pf from OpenBSD 4.2, the Wifi stack from FreeBSD and DataMapper …

OpenBSD 4.8 Released

js — Wed, 03 Nov 2010 05:46:17 PDT

OpenBSD 4.8 has been released. The main feature of this release is the ACPI suspend and resume for laptops with Intel or Ati graphic chipsets. If anyone is knowledgeable enough about OpenBSD to write a long item about it, feel …

Facebook User IDs were sold to data brokers, company admits

js — Wed, 03 Nov 2010 05:46:08 PDT

By Ed Oswald, Betanews In yet another black eye for social networking site Facebook, the site disclosed Friday that several developers were selling user data to a third-party. User IDs, or unique identifiers given to every registered member of the …

OpenBSD 4.8 Released

js — Wed, 03 Nov 2010 05:45:37 PDT

Mortimer.CA writes “The release of OpenBSD 4.8 has been announced. Highlights include ACPI suspend/resume, better hardware support, OpenBGPD/OpenOSPFD/routing daemon improvements, inclusion of OpenSSH 5.5, etc. Nothing revolutionary, just the usual steady improving of the system. A detailed ChangeLog is available, …

iPhone Alarm Bug Leads To Mass European Sleep-in

js — Wed, 03 Nov 2010 05:45:17 PDT

nk497 writes “A flaw in the alarm clock in iPhone 4s gave Europeans a bit of a lie-in this morning. While the Apple handsets automatically adjusted to daylight savings time, a bug in the alarm system meant many were woken …

Serious Security Bugs Found In Android Kernel

js — Wed, 03 Nov 2010 05:43:59 PDT

geek4 writes with this excerpt from eWeek Europe: “An analysis of Google Android Froyo’s open source kernel has uncovered 88 critical flaws that could expose users’ personal information. An analysis of the kernel used in Google’s Android smartphone software has …

ReactOS 0.3.12 Released

js — Fri, 22 Oct 2010 03:54:30 PDT

“This is a huge release for the team, not just with regards to the number of improvements which this release holds but in terms of the leap forward architecturally, stability wise and in bringing some of the more modern aspects …

Why Facebook Won’t Stop Invading Your Privacy

js — Fri, 22 Oct 2010 03:54:05 PDT

GMGruman writes “Every few weeks, it seems, Facebook is caught again violating users’ privacy. A code error there, rogue business partners there. The truth, as InfoWorld’s Bill Snyder explains, is that Facebook will keep on violating your privacy, no matter …

Linux 2.6.36 Released

js — Fri, 22 Oct 2010 03:53:58 PDT

diegocg writes “Version 2.6.36 of the Linux kernel has been released. This version includes support for the Tilera architecture, a new filesystem notification interface called fanotify, CIFS local caching, support for Intel Intelligent Power Sharing in i3/5 systems, integration of …

Linux 2.6.36 Released

js — Fri, 22 Oct 2010 03:53:49 PDT

Linux 2.6.34 has been released. This version includes support for the Tilera architecture, a new filesystem notification interface called fanotify, a redesign of workqueues optimized for concurrency, CIFS local caching, support for Intel Intelligent Power Sharing in i3/5 systems, integration …

RDS Protocol Bug Creates a Linux Kernel Hole, Now Fixed

js — Fri, 22 Oct 2010 03:53:43 PDT

Trailrunner7 writes “The open-source Linux operating system contains a serious security flaw that can be exploited to gain superuser rights on a target system. The vulnerability, in the Linux implementation of the Reliable Datagram Sockets (RDS) protocol, affects unpatched versions …

Comcast Migrating Customers To DNSSEC Resolvers

js — Wed, 20 Oct 2010 10:23:26 PDT

ctg1701 passes along this quote from a Comcast announcement: “Starting today we will begin migrating customers who have opted out of our Domain Helper service over to our production DNSSEC-validating servers. This will happen first in a selected part of …

The Future of OpenSolaris Revealed

js — Wed, 20 Oct 2010 10:20:51 PDT

ywlke writes “A few hours ago, an internal Oracle memo was leaked to the osol-discuss mailing list at opensolaris.org. It details Oracle’s plans for Solaris and OpenSolaris; namely that OpenSolaris, the distribution, is dead. Solaris Express has come back from …

Happy 17th Birthday, Debian!

js — Wed, 20 Oct 2010 10:20:35 PDT

“Debian turns 17 today. Yes it has really come a long way from being Ian Murdock’s pet project back in 1993 to being the distribution on which the most popular Linux distribution, Ubuntu, is based on now.” Let’s go through …

Ubuntu 11.04 Codenamed ‘Natty Narwhal’

js — Wed, 20 Oct 2010 10:20:23 PDT

Mark Shuttleworth has just announced the codename of the next Ubuntu release after Maverick. Ubuntu 11.04 will be called Natty Narwhal. The name follows the usual Ubuntu naming tradition of the codename consisting of an adjective and a name of …

FreeBSD 8.1 Released, Like, Weeks Ago

js — Wed, 20 Oct 2010 10:20:07 PDT

While I was away from OSNews, FreeBSD 8.1 was released. Nobody posted it on OSNews, so here I am, a little late (my apologies). It’s got all sorts of improvements, like support for UltraSPARC IV/IV+ and SPARC64 V processors, SMP …

Ubuntu Gets Multitouch Support

js — Wed, 20 Oct 2010 10:19:53 PDT

In June 2009 we had some very good news about the integration of multitouch events support inside the Linux kernel. Since then, many multitouch device drivers were developed, mostly in collaboration with LII-ENAC, to take advantage from this. All the …

New Firefox iFrame Bug Bypasses URL Protections

js — Wed, 20 Oct 2010 10:19:25 PDT

Trailrunner7 writes “There is a newly discovered vulnerability in Mozilla’s flagship Firefox browser that could enable an attacker to trick a user into providing his login credentials for a given site by using an obfuscated URL. In most cases, Firefox …

Root Privileges Through Linux Kernel Bug

js — Wed, 20 Oct 2010 10:18:08 PDT

Lars T. writes “The H has a story about a Linux kernel bug that allows root level access. ‘According to a report written by Rafal Wojtczuk (PDF), a conceptual problem in the memory management area of Linux allows local attackers …

1978 Cryptosystem Resists Quantum Attack

js — Wed, 20 Oct 2010 10:17:41 PDT

KentuckyFC writes “In 1978, the CalTech mathematician Robert McEliece developed a cryptosystem based on the (then) new idea of using asymmetric mathematical functions to create different keys for encrypting and decrypting information. The security of these systems relies on mathematical …

Happy 17th Birthday, Debian!

js — Wed, 20 Oct 2010 10:17:10 PDT

An anonymous reader writes “Debian turns 17 today. Yes it has really come a long way from being Murdock’s pet project back in 1993 to being the distribution on which the most popular Linux distribution, Ubuntu, is now based.” Read …

The Hidden Security Risk of Geotags

js — Wed, 20 Oct 2010 10:16:50 PDT

pickens writes “The NY Times reports that security experts and privacy advocates have begun warning consumers about the potential dangers of geotags, which are embedded in photos and videos taken with GPS-equipped smartphones and digital cameras. By looking at geotags …

Trojan-Infected Computer Linked To 2008 Spanair Crash

js — Wed, 20 Oct 2010 10:16:23 PDT

An anonymous reader writes “Two years ago, Spanair flight JK-5022 crashed shortly after takeoff in Madrid, killing 154 of its 172 passengers and crew. El Pais online newspaper reports that the ground computer responsible for triggering an alarm after three …

Ubuntu Drops SPARC, IA64

js — Wed, 20 Oct 2010 10:16:05 PDT

“Maverick Meerkat is set to become the last version of Ubuntu that’ll run on Oracle’s Sparc, ending a four-year relationship. Also getting canned is Ubuntu running on Hewlett-Packard’s Itanic 64-bit challenger. Meerkat is currently in feature-freeze ahead of October’s official …

Windows 95 Turns 15

js — Wed, 20 Oct 2010 10:15:54 PDT

In what has surprised me greatly, nobody has submitted anything to us regarding this day in the history of computing. Sure, memories of her may not be fond, and with the magical unicorn power of hindsight you’d rather forget you …

Native ZFS Is Coming To Linux Next Month

js — Wed, 20 Oct 2010 10:13:32 PDT

An anonymous reader writes “Phoronix is reporting that an Indian technology company has been porting the ZFS filesystem to Linux and will be releasing it next month as a native kernel module without a dependence on FUSE. ‘In terms of …

A Conference For Malware Writers

js — Wed, 20 Oct 2010 10:13:02 PDT

tsu doh nimh writes “There is a security conference being held in Mumbai later this year called MalCon, and the organizers say it’s the first ever conference dedicated to the ‘malcoder community.’ Brian Krebs interviewed one of them and got …

Linux To Take Over Microsoft In Enterprises

js — Wed, 20 Oct 2010 10:12:34 PDT

shougyin writes “For years, Linux has enjoyed much of its success as a replacement for Unix. Companies turned to Linux to replace Unix servers, or for new deployments within a Unix-heavy environment. Linux is still king there, but it’s starting …

Home WiFi Network Security Failings Exposed

js — Wed, 20 Oct 2010 10:09:01 PDT

An anonymous reader writes “The shocking state of home wireless (Wi-Fi) network security in the UK has been revealed by a life assistance company study. CPP used an ‘ethical hacker,’ Jason Hart, to test thousands of Wi-Fi networks across six …

US Reigns As Most Bot-Infected Country

js — Wed, 20 Oct 2010 10:08:01 PDT

Trailrunner7 writes “The US has by far the highest number of bot-infected computers of any country in the world, with nearly four times as many infected PCs as the country in second place, Brazil, according to a new report by …

Windows DLL Vulnerability Exploit In the Wild

js — Wed, 20 Oct 2010 09:59:59 PDT

WrongSizeGlass writes “Exploit code for the DLL loading issue that reportedly affects hundreds of Windows applications made its appearance on Monday. HD Moore, the creator of the Metasploit open-source hacking toolkit, released the exploit code along with an auditing tool …

Viruses Tapped To Create Spray-On Batteries

js — Wed, 20 Oct 2010 09:59:14 PDT

disco_tracy writes “Two different viruses have been used to create the cathode and anode for a lithium-ion battery. If research pans out, the parts could be grown in and harvested from tobacco plants and then woven into or sprayed onto …

Windows 95 Turns 15

js — Wed, 20 Oct 2010 09:58:27 PDT

An anonymous reader writes “15 years ago on this day, Microsoft’s then new Windows 95 was released. Among other things it moved users away from the archaic file manager and program manager to Windows explorer and the start menu. Compared …

25% of Worms Spread Via USB

js — Wed, 20 Oct 2010 09:58:00 PDT

An anonymous reader writes “In 2010, 25 percent of new worms have been specifically designed to spread through USB storage devices connected to computers, according to PandaLabs. This distribution technique is highly effective. With survey responses from more than 10,470 …

New QuickTime Flaw Bypasses ASLR, DEP

js — Wed, 20 Oct 2010 09:57:41 PDT

Trailrunner7 writes “A Spanish security researcher has discovered a new vulnerability in Apple’s QuickTime software that can be used to bypass both ASLR and DEP on current versions of Windows and give an attacker control of a remote PC. The …

Teacher Asks Students To Plan a Terrorist Attack

js — Wed, 20 Oct 2010 09:57:29 PDT

Tired of looking at an endless parade of dioramas, an Australian teacher had her class plan a terrorist attack that would “kill as many innocent Australians as possible.” “The teacher, with every best intention, was attempting to have the students …

Making Ubuntu Look Like Windows 7

js — Wed, 20 Oct 2010 09:56:13 PDT

DeviceGuru writes “Although it won’t help Linux run Windows-specific software applications, this easy hack produces an Ubuntu desktop that looks and feels a lot like Windows 7. It’s particularly suitable for reviving older PCs or laptops on which the main …

Many Hackers Accidentally Send Their Code To Microsoft

js — Wed, 20 Oct 2010 09:55:55 PDT

joshgnosis writes “When hackers crash Windows in the course of developing malware, they’ll often accidentally agree to send the virus code straight to Microsoft, according to senior security architect Rocky Heckman. ‘It’s amazing how much stuff we get.’ Heckman also …

.Net On Android Is Safe, Says Microsoft

js — Wed, 20 Oct 2010 09:55:37 PDT

An anonymous reader writes “With Oracle suing Google over ‘unofficial’ support for Java in Android, Microsoft has come out and said it has no intention of taking action against the Mono implementation of C# on the Linux-based mobile OS. That’s …

Ubuntu 10.10 Beta Released

js — Wed, 15 Sep 2010 13:44:09 PDT

RandyDownes sends word that Canonical has released the beta version of Ubuntu 10.10 (Maverick Meerkat). The release announcement boasts faster boot times, GNOME 2.31, and a speedier version of Evolution. In addition, “The Ubuntu Software Center has an updated look …

New Malware Imitates Browser Warning Pages

js — Tue, 14 Sep 2010 16:42:07 PDT

Jake writes with this excerpt from Ars: “Microsoft is warning about a new piece of malware, Rogue:MSIL/Zeven, that auto-detects a user’s browser and then imitates the relevant malware warning pages from Internet Explorer, Firefox, or Chrome. The fake warning pages …

Finland To Legalize Use of Unsecured Wi-Fi

js — Fri, 13 Aug 2010 04:59:23 PDT

Apotekaren writes “The Finnish Ministry of Justice has started preparing changes to a current law that criminalizes using unsecured wireless hot spots (Google translation; Finnish original). The reasoning includes the impossibility of tracking unlawful use, the ease of securing networks, …

MorphOS 2.5 Released, Adds eMac Support

js — Fri, 13 Aug 2010 04:59:19 PDT

And the MorphOS team continues to expand their hardware support. They released MorphOS version 2.5 today, which adds support for Apple’s eMac computers (the 1.25Ghz models, the 1.42 models have not yet been tested). Of course, there’s also a whole …

Native ZFS Port for Linux

js — Fri, 13 Aug 2010 04:59:16 PDT

Employees of Lawrence Livermore National Laboratory have ported Sun’s/Oracle’s ZFS natively to Linux. Linux already had a ZFS port in userspace via FUSE, since license incompatibilities between the CDDL and GPL prevent ZFS from becoming part of the Linux kernel. …

Linux IRC Server Gets Trojan, Press Harps On Linux Security

js — Fri, 13 Aug 2010 04:59:03 PDT

Recently, the Linux version of UnrealIRCd was discovered to have had a Trojan worm its way into the source code. Even more embarrassing for the developers of Unreal is that the Trojan’s been holding open the backdoor in the source …

NetBSD 5.1 RC2 Released

js — Fri, 13 Aug 2010 04:58:38 PDT

NetBSD 5.1 RC2 has been announced. A complete list of changes between 5.0 and 5.1 is available in diff format here for the more technical individuals. Fire up those VMs and give it a test run. Link to the original …

A fina arte do phishing…

js — Fri, 13 Aug 2010 04:58:26 PDT

… num telefone perto de si : ) Link to the original site

Mass SQL Injection Attack Hits Sites Running IIS

js — Fri, 13 Aug 2010 04:58:21 PDT

Trailrunner7 writes “There’s a large-scale attack underway that is targeting Web servers running Microsoft’s IIS software, injecting the sites with a specific malicious script. The attack has compromised tens of thousands of sites already, experts say, and there’s no clear …

Backdoor Found In UnrealIRCd Source Archive

js — Fri, 13 Aug 2010 04:58:16 PDT

l_bratch writes “A malicious backdoor was added to the UnrealIRCd source archive some time around November 2009. It was not noticed for several months, so many IRC servers are likely to be compromised. A Metasploit exploit already exists.” Read more …

Is Cyberwarfare Fiction?

js — Fri, 13 Aug 2010 04:55:32 PDT

An anonymous reader writes “In response to calls by Russia and the UN for a ‘cyberwarfare arms limitation treaty,’ this article explains that ‘cyberwar’ and ‘cyberweapons’ are fiction. The conflicts between nation states in cyberspace are nothing like warfare, and …

Adobe Warns of Flash, PDF Zero-Day Attacks

js — Fri, 13 Aug 2010 04:55:13 PDT

InfosecWarrior writes “Adobe issued an alert late Friday night to warn about zero-day attacks against an unpatched vulnerability in its Reader and Flash Player software products. The vulnerability, described as critical, affects Adobe Flash Player 10.0.45.2 and earlier versions for …

Android Data Stealing App Downloaded By Millions

js — Fri, 13 Aug 2010 04:50:47 PDT

wisebabo writes “A wallpaper utility (that presents purloined copyrighted material) ‘quietly collects personal information such as SIM card numbers, text messages, subscriber identification, and voicemail passwords. The data is then sent to www.imnet.us, a site that hails from Shenzen, China.’” …

Android Rootkit Is Just a Phone Call Away

js — Fri, 13 Aug 2010 04:50:37 PDT

alphadogg writes “Hoping to understand what a new generation of mobile malware could resemble, security researchers will demonstrate a malicious ‘rootkit’ program they’ve written for Google’s Android phone next month at the Defcon hacking conference in Las Vegas. Once it’s …

Prosecuting DDoS Attacks?

js — Fri, 13 Aug 2010 04:50:31 PDT

dptalia writes “We all have heard of major DDoS attacks taking down countries, companies, and organizations. But how many of them are ever prosecuted? And how many prosecutions are even successful? I’ve done some research and it appears the answer …

ReCAPTCHA.net Now Vulnerable to Algorithmic Attack

js — Fri, 13 Aug 2010 04:49:50 PDT

n3ond4x writes “reCAPTCHA.net algorithms have been developed to solve the current CAPTCHA at an efficacy of 30%. The algorithms were disclosed at DEFCON 18 over the weekend and have since been made available online. Also available is a video demonstration …

Ubuntu: We Have No Plans to Fork GNOME

js — Fri, 13 Aug 2010 04:49:43 PDT

Ubuntu’s community manager Jono Bacon talks in an interview with derStandard.at about the relationship between Ubuntu and GNOME, GNOME Shell, Unity and why the netbook market is that important to Canonical. Link to the original site

Android growth spurs new mobile malware, SMS Trojan discovered

js — Fri, 13 Aug 2010 04:46:40 PDT

By Tim Conneally, Betanews Security researchers at Kaspersky Lab announced the first malware for the Android operating system to be classified as a Trojan-SMS, the most widespread type of malware on mobile phones. The malware is disguised as a media …

BBC Builds Smartphone Malware For Testing Purposes

js — Fri, 13 Aug 2010 04:46:06 PDT

siliconbits writes “BBC News has shown how straightforward it is to create a malicious application for a smartphone. Over a few weeks, the BBC put together a crude game for a smartphone that also spied on the owner of the …

SMS Trojan Steals From Android Owners

js — Fri, 13 Aug 2010 04:45:49 PDT

siliconbits writes “A Trojan posing as a media player for Android smartphones automatically sends text messages to premium rate numbers, according to Kaspersky Lab. Company officials say the Trojan, dubbed Trojan-SMS.AndroidOS.FakePlayer.a, is the first of its kind for the Android …

Oracle Details Solaris 11, OpenSolaris’ Future Shaky

js — Fri, 13 Aug 2010 04:45:40 PDT

Due to me not working for OSNews these past eight weeks, I’ve been a bit out of the loop, as I didn’t really follow technology news. I did notice that a lot is going on in OpenSolaris land, and today, …

Apple closes PDF flaw in iOS updates for iPhone, iPad

js — Fri, 13 Aug 2010 04:45:36 PDT

By Ed Oswald, Betanews Apple released iOS 4.0.2 for the iPhone and iPod touch, and iOS 3.2.2 for the iPad on Wednesday, effectively closing the PDF flaw which allowed hackers access to the internal code of those devices. The exploit …

Google’s Chrome OS to Launch In Fall

js — Thu, 05 Aug 2010 10:11:38 PDT

Kidfork writes “On Wednesday Google’s vice president of product management said that this fall Google will launch Chrome OS to compete with Microsoft Windows. More than 70 million users already use the Chrome Browser, and Google expects at least 1 …

Verizon Changing Users Router Passwords

js — Thu, 05 Aug 2010 10:11:10 PDT

Kohenkatz writes “I have Verizon FIOS at home and my Verizon-supplied Actiontec router had the password ‘password1′ that the tech assigned to it when he set it up three years ago. I received an email from Verizon that said ‘we …

Using XSS & Google To Find Physical Location

js — Thu, 05 Aug 2010 10:11:02 PDT

wiredmikey sends along a brief (and quite poorly written) report from Security Week on Samy Kamkar’s talk at Black Hat last week. In the video, which is amusing, he demonstrates how to obtain location information (within 30 feet, in the …

What’S New in Linux 2.6.35

js — Thu, 05 Aug 2010 10:10:46 PDT

Measures to support the power saving mechanisms of AMD graphics chips, network code optimizations for multi-core processors, features for de-fragmenting the working memory and an improved support of the power management and turbo features offered by modern processors are among …

iPhone Jailbreak Uses a PDF Display Vulnerability

js — Thu, 05 Aug 2010 10:10:25 PDT

adeelarshad82 writes “Latest reports indicate that the website that ‘jailbreaks’ iPhones, iPads, and iPod Touches does so by means of a PDF-based vulnerability in OS X. PDF parsing and rendering is a core feature of OS X, and there have …

Android Outsells iPhone In Last 6 Months

js — Thu, 05 Aug 2010 10:10:07 PDT

tomhudson writes “Despite all the hype about Apple’s latest iPhone, Android has sold more in the last 6 months (27% of all smartphone sales) than Apple (23%). The gains for Android are coming at the expense of RIM (still #1 …

‘Project Vigilant’ Recruits At Defcon To Track You

js — Thu, 05 Aug 2010 09:48:40 PDT

angry tapir writes “A secretive volunteer group that tries to track terrorists and criminals on the Internet went to the Defcon hacker conference in hopes of recruiting information security experts, but it will first have to overcome some skepticism. That’s …

Malicious Hardware Hacking May Be the Next Frontier

js — Thu, 05 Aug 2010 09:47:37 PDT

An anonymous reader writes “It’s a given that hackers will target software, and that’s enough for many people to worry about. But now there’s the possibility that hackers would hide malicious code in the hardware itself. A hardware hack could …

Death of Windows XP SP2 Support Is a Security Risk

js — Thu, 29 Jul 2010 10:04:20 PDT

With Windows XP SP2 support ending in three weeks, a new report highlights the security risks that come with running an unsupported service pack. Link to the original site

Fifth of Android Apps Expose Private Data

js — Thu, 29 Jul 2010 10:03:03 PDT

WrongSizeGlass writes “CNet is reporting that a fifth of Android apps expose private data. The Android market threat report details the security issues uncovered. Dozens of apps were found to have the same type of access to sensitive information as …

FBI Failed To Break Encryption of Hard Drives

js — Thu, 29 Jul 2010 10:01:55 PDT

benoliver writes to let us know that the FBI has failed to decrypt files of a Brazilian banker accused of financial crimes by Brazilian law enforcement, after a year of attempts. Five hard drives were seized by federal police at …

FTC Wants Browsers To Block Online Tracking

js — Thu, 29 Jul 2010 09:59:14 PDT

storagedude writes “The FTC wants a do-not-track mechanism that would allow Web users to opt out of online behavioral tracking, similar to the national do-not-call registry. The agency’s preferred method for accomplishing this would be a browser-based tool that would …

ATM Hack Gives Cash On Demand

js — Thu, 29 Jul 2010 09:59:03 PDT

angry tapir writes “Windows CE-based ATMs can easily be made to dole out cash, according to security researcher Barnaby Jack. Exploiting bugs in two different ATM machines at Black Hat, the researcher from IOActive was able to get them to …

YouTube Hit By HTML Injection Vulnerability

js — Thu, 29 Jul 2010 06:01:48 PDT

Virak writes “Several hours ago, someone found an HTML injection vulnerability in YouTube’s comment system, and since then sites such as 4chan have had a field day with popular videos. The bug is triggered by placing a <script> tag at …