Martijn's rants and raves.

New in Reader: a fresh design, and Google+ sharing

Unknown — Mon, 31 Oct 2011 15:19:17 PDT

Posted by Alan Green, Software Engineer

Today we're rolling out the new Reader design, and the Google+ features that we mentioned just over a week ago. Before the day's over, all Reader users will be able to enjoy the following improvements:

A new look and feel that's cleaner, faster, and nicer to look at.

The ability to +1 a feed item (replacing "Like"), with an option to then share it with your circles on Google+ (replacing "Share" and "Share with Note").

Integrating with Google+ also helps us streamline Reader overall. So starting today we'll be turning off friending, following, shared items and comments in favor of similar Google+ functionality.

We hope you'll like the new Reader (and Google+) as much as we do, but we understand that some of you may not. Retiring Reader's sharing features wasn't a decision that we made lightly, but in the end, it helps us focus on fewer areas, and build an even better experience across all of Google.

If you decide to stay, then please do send us your feedback on today's set of improvements. Google+ is still in its early days, after all, and we're constantly working on improvements. If, however, you decide that the product is no longer for you, then please do take advantage of Reader's subscription export feature. Regardless where you go, we want to make sure you can take your data with you.

Updates to Google Reader on the web are rolling out gradually and should reach all users by end of day. A new Android application will follow soon. If you have questions about today’s announcements, please check out our Help Center.

Blue Coat owns up to Syrian Web-blocking

(author unknown) — Sun, 30 Oct 2011 16:30:07 PDT

Shipment was meant for Iraq, claims company

Blue Coat Systems has fingered itself as one of a number of US companies whose Web filtering kit is being used by the Syrian government.…

Qatar royal family buys stake in Dexia bank's Luxembourg unit

(author unknown) — Mon, 10 Oct 2011 14:51:01 PDT

Euro Zone: The troubled European bank Dexia is getting help from Qatar's royal family and other investors, who are taking over the bank's Luxembourg unit.

Scientists break card that secures homes, offices, transit

(author unknown) — Sun, 09 Oct 2011 22:00:10 PDT

Does hack of Mifare DESFire Smartcard affect NASA, too?

Scientists have circumvented the encryption used to protect a smartcard that's widely used to restrict access in corporate and government buildings, and to process payments in public transit systems, a feat that makes it possible to clone perfect replicas of the digital keys and steal or modify their contents.…

Possible Governmental Backdoor Found ("Case R2D2")

(author unknown) — Sat, 08 Oct 2011 14:36:53 PDT

Chaos Computer Club from Germany has tonight announced that they have located a backdoor trojan used by the German Government.

The announcement was made public on ccc.de with a detailed 20-page analysis of the functionality of the malware.
Download the report in PDF (in German).

The malware in question is a Windows backdoor consisting of a DLL and a kernel driver.

The backdoor includes a keylogger that targets certain applications. These applications include Firefox, Skype, MSN Messenger, ICQ and others.

The backdoor also contains code intended to take screenshots and record audio, including recording Skype calls.

In addition, the backdoor can be remotely updated. Servers that it connects to include 83.236.140.90 and 207.158.22.134.

We do not know who created this backdoor and what it was used for.

We have no reason to suspect CCC's findings, but we can't confirm that this trojan was written by the German government. As far as we see, the only party that could confirm that would be the German government itself.

Our generic policy on detecting governmental backdoors or "lawful interception" police trojans can be read here.

We have never before analyzed a sample that has been suspected to be governmental backdoor. We have also never been asked by any government to avoid detecting their backdoors.

Having said that, we detect this backdoor as Backdoor:W32/R2D2.A

The name R2D2 comes from a string inside the trojan: "C3PO-r2d2-POE". This string is used internally by the trojan to initiate data transmission.

We are expecting this to become a major news story. It's likely there will be an official response from the German government.

MD5 hashes: 930712416770A8D5E6951F3E38548691 and D6791F5AA6239D143A22B2A15F627E72

On 08/10/11 At 08:42 PM

Deze gemeentewebsites zijn allemaal LEK!

(author unknown) — Sat, 08 Oct 2011 10:45:50 PDT

En dan bedoelen we niet een beetje lek. Maar echt gigantisch omfg niet te geloven wat een enorm gat daar passen moeiteloos vijf Boeing 747's naast elkaar in. Zo lek dus. Dat je denkt: hebben die lui dan helemaal...

SpyEye banking trojan: now with SMS hijacking capability

(author unknown) — Thu, 06 Oct 2011 12:45:56 PDT

One-time passwords zapped to fraudsters

The SpyEye banking trojan has acquired the ability to reroute one-time passwords sent to victims' cellphones, a measure that bypasses protections more and more financial institutions are adopting.…

Do E-Readers Make it Harder to Ban Books?

John Paul Titlow — Tue, 27 Sep 2011 18:08:45 PDT

As e-books continue to grow in popularity, there's a seemingly unwinnable debate over which is better: digital books or their paper-based counterparts. Both have their advantages and it'll likely be quite awhile before paper books come close to disappearing. In addition all of the benefits that e-books bring, is it possible that they may also make it more difficult for books to be banned in the future?

Out of the American Library Association's top 10 most-banned books of last year, all but three of them are available for purchase from Amazon's Kindle Store, notes a blog post from Beyond Black Friday.

Sponsor

Every year, the ALA publishes a list of the books that are most frequently "challenged" in public schools and libraries. Most of the objections are for sexual content or offensive language, while a few hundred are made simply for references to homosexuality or content considered by some groups to be "anti-family."

Last year's list includes mostly books that are readily available on Kindle and any platform for which there is a Kindle app, such as iOS or Android. The only ones that aren't are a children's story about gay penguins, an a "multicultural queer youth anthology" (which appears to be rare in paperback as well) and a controversial book about a Native American boy. A few of the books included on the list are actually best-sellers in the Kindle Store, including Twilight and The Hunger Games.

Of course, the banned book list applies primarily to public schools and libraries. Most books forbidden from these venues could always be purchased elsewhere in paper format, but their inclusion on the Kindle platform makes them even more widely available, often at a lower price than the paperback or hardcover version. Presumably, Amazon's new Kindle library book lending program won't necessarily make a huge difference by itself, since those e-books are chosen by the library itself.

Do you think banning books will become more rare as we move forward into the digital era? Let us know your thoughts in the comments.

Discuss

Facebook Timeline could help hackers steal your data, claims Sophos

(author unknown) — Mon, 26 Sep 2011 03:00:00 PDT

Social engineering attacks could be about to get a lot easier

Facebook's new Timeline will make it even easier for criminals and others to mine the social network for personal information they can use to launch malicious attacks and steal passwords, researchers said.

Belgians aim to be third neutral-net nation

(author unknown) — Tue, 13 Sep 2011 07:46:03 PDT

Obviously some doubts could be cast on their neutrality

Belgium could be the second European country after the Netherlands to adopt net neutrality for both fixed and mobile networks. Three political parties have joined forces to launch a proposed law (in Dutch), which they hope will be approved early next year.…

Nederland heeft duurste hotelkamers eurozone

(author unknown) — Tue, 13 Sep 2011 00:22:00 PDT

Met een gemiddelde prijsstijging van 4 procent voor hotelkamers in het eerste halfjaar is Nederland het duurste land van de eurozone, gevolgd door Italië. Dat blijkt uit de dinsdag gepubliceerde Hotel Price Index (HPI) van Hotels.com.

Apple criticised for not blocking stolen SSL certificates

(author unknown) — Fri, 09 Sep 2011 02:03:00 PDT

Security researcher says Apple 'dragging its feet'

Apple have been criticised for "foot dragging" over the DigiNotar certificate fiasco and have been urged to quickly update Mac OS X to protect users.

Firesheep addon updated to exploit Google info leak

(author unknown) — Thu, 08 Sep 2011 21:24:17 PDT

Your click history revealed

Researchers have released a Firefox extension that demonstrates the risks of using Google search services on Wi-Fi hotspots and other unsecured networks: With just a few clicks, attackers can view large chunks of your intimate browsing history, including websites you've already visited.…

GlobalSign pulls digital certificates

(author unknown) — Wed, 07 Sep 2011 05:03:00 PDT

Second company no longer issuing digital certificates following hacking claim

GlobalSign digital certificates have come under scrutiny after a hacker's claim that he broke into the company's computer systems. If true, it would be the second such compromise in the past few weeks.

"UPDATED DigiNotarSSL Incident Response Report: No Logging, Weak Password, No Protected Network"

Ira Victor — Tue, 06 Sep 2011 05:42:36 PDT

On Monday evening, as the host of CyberJungleRadio, I received a copy of the then just published report that appears to be from the security firm Fox-IT, the company hired by DigiNotar to investigate the massive SSL breach.On page nine of the thirteen page report, a shocking series of security omissions are revealed: No secure central network logging is in place. All CA [Certificate Authority] servers were members of one Windows domain, which made it possible to access them all using one obtained user/password combination. The [domain] password was not very strong and could easily be brute-forced. Strong indications that the CA-servers were accessible over the network from the management LAN. The software installed on the public web servers was outdated and not patched. No antivirus protection was ...

Cloud ATM Demo'd By Diebold

(author unknown) — Fri, 02 Sep 2011 08:20:37 PDT

Google might shun Dutch gov certificates from DigiNotar

(author unknown) — Fri, 02 Sep 2011 09:57:28 PDT

Chrome update prepared to kill 2 certs

Updated In the wake of hundreds of fraudulent secure sockets layer certificates issued by DigiNotar, Google developers are preparing a version of the Chrome browser that rejects some web credentials sanctioned by the Dutch government's official certificate authority.…

Poll: Will HTML5 Web Apps Eventually Dominate the Mobile Market?

Dan Rowinski — Fri, 26 Aug 2011 08:30:00 PDT

Within the next year or so, a flood of HTML5-based Web apps will be coming to mobile devices. It will likely start with games and dedicated applications like e-readers and move to more general use apps like news sites. Companies like Facebook and Amazon will be at the tip of the spear. The next wave will be sophisticated developers that see the power of HTML5 as an alternative to the native application model.

It is not a foregone conclusion, but the rise of Web app stores is a likely future. Facebook's so-called "Project Spartan" may be driving the shift but other outlets such as news companies may be looking for a way to skirt the strict rules of the Apple App Store or the chaos of the Android Market and create their own centralized hubs for magazine-like Web apps as digital newsstands. Looking ahead, will Web app stores become the dominant model? That is the question for this week's ReadWriteMobile poll.

Sponsor

As we noted earlier this week, game developers are starting to work on HTML5 Web app games, ostensibly because of Project Spartan. Amazon released its Kindle Cloud Reader a couple weeks ago and Firefox has been working to create a better mobile browser for Android that will allow developers to use data for applications offline.

The real key to Web app stores will be the evolution of the mobile browser. The consensus is that webOS has very good browser capability while iOS Safari has the best overall browser. Mobile Internet Explorer for Windows Phone is probably next followed by Firefox for Android and then the Android browser itself (feel free to disagree with those rankings in the comments).

There are many sides to look at the topic from. One of the developer side where HTML5 may be preferable from a creation and monetization standpoint. Another are the cellular carriers which might prefer to funnel their own content through native application stores specific to their brands and devices. Will Apple, Google and Microsoft ever let the native app ecosystem out of their clutches? The primary drivers are consumers, as always. The mass of consumers are still just getting used to the idea of a native application store. Would they actually see a Web-based app store any differently? How hard it is to change their habits?

What other sides to the conversation are there? Polls are a simple way to start a conversation, but the real conversation should be had with the community of developers and consumers that frequent ReadWriteMobile. Please share your thoughts in the comments.

Will Web Apps Eventually Dominate The Mobile Market?

Discuss

Windows XP

(author unknown) — Wed, 24 Aug 2011 01:42:24 PDT

Let's compare the major computer operating systems at the moment. We have Windows XP, Windows Vista and Windows 7. We have various Linux distributions. And we have Mac OS X.

Of these, obviously Windows XP has the weakest security, by far.

And Windows XP has the biggest market share, too. Globally close to half of all computers still run XP.

And today, Windows XP is ten years old.

Ten years is an eternity in this business. So it's no wonder XP's security architecture is not up to date.

As a result, attackers right now would be stupid to spend their time and money targeting any other operating system. That makes no sense as long as they have this huge, easy low-hanging fruit.

Obviously XP is going away. As we can see from this chart, Windows 7 will pass in XP in the near future and will become the most common operating system.

And when XP's market share drops low enough, attackers need to start looking around. Some will focus on Windows 7. Others will look at OS X, Android, iOS and so on.

The attackers have never had it so good. The easiest target is also the most common target. This can't change quick enough.

Do a good deed today. Uninstall an XP.

On 24/08/11 At 06:48 AM

Windows XP is tien jaar

Security.NL — Wed, 24 Aug 2011 00:21:58 PDT

Precies tien jaar geleden verscheen Windows XP en volgens beveiligingsexperts is het nu de hoogste tijd om het besturingssysteem te deinstalleren.