- TRUSTe to offer badge for mobile sites, apps
I may sound cynical for saying so, but does anyone look for verification badge on existing web sites any more? The details at the New York Times are encouraging but I really am curious if TRUSTe’s brand still has cache in this space. Questions of trust and privacy for mobile apps and sites are certainly becoming more and more pressing, both with Apple’s heavy handed curation model and Android’s more liberal one. I just am not sure what stock users will put into the badges.
- StatusNet releases iPhone client
I am happy to see Evan and crew thriving. Audrey Watters at ReadWriteWeb has some details of the new app as well as an update on the company’s recent funding. I installed the app on my iPod Touch, it is pretty consistent with the portable desktop application they released earlier. One thing I would like is push support. I am also curious to see how the Android version stacks up once I get a replacement for my iPod.
- New tablet from RIM reveals what they did with the acquisition of the QNX OS, The Register
- Mapping the brain on a massive scale, Technology Review
- Rewiring a damaged brain, Slashdot
- Meego port for other Android devices
Make had a story yesterday about a Nexus 1 running Meego, another Linux based OS designed for mobile devices. It makes sense that an Android capable gadget would easily run what could be thought of as a sibling OS. No big surprise, then, that the H expands the story today to point out that Dell’s Streak and HTC’s desire have also been made to run Meego. Sadly, as the H goes on to explain, there are issues with Android’s binary only accelerated graphics drivers for these three devices, so the Meego port is little more than a not very usable proof of concept.
- DuckDuckGo search engine errects Tor hidden service
Slashdot shares news that DuckDuckGo has made it easier to use their search engine without leaving the privacy preserving penumbra of the Tor network. Previously, the search engine set up a dedicated exit node which actually allowed searchers to keep their search traffic encrypted. Tor’s hidden services eliminate the need to start on the regular, unencrypted network at all before switching over to access services via encrypted traffic.
- Competition produces vandalism detection for Wikis, Slashdot
- An open response to the USPTO, Groklaw
- Samuelson’s latest call for copyright reform
Groklaw, among others, also linked to this short article at the SFGate to which Cory linked in his discussion of Boyle’s and Jenkin’s new copyright comic book. It is a very accessible explanation of why reform is needed, prompted by the disruptions digital copying has wrought and the ensuing norms. It concludes with a brief recap of suggested areas for change that Samuelson has explored more fully in her academic writing.
- Meego on Android hardware, Make
- Ubuntu 9.04 approaches end of life, The H
- Pew Research Center report on trends in technology journalism, ReadWriteWeb
- Censored maps hard-wired into Chinese iPhones, ReadWriteWeb
- Behind the scenes and inside workings of a CERT, Slashdot
- Microsoft investigates IE CSS XSS flaw, Ars Technica
- Safari, Firefox updates close critical holes, The Register
- The long term effects of snake oil security products, Slashdot
- Apple plugs drive by flaws in Safari, Zero Day
- Mozilla fixes DLL vulnerability in Firefox on Windows, Zero Day
- Firefox 3.6 update fixes click-jacking vulnerability, The H
- How Firefox 3.6 protects against click-jacking, Mozilla
- Adobe Reader zero day flaw under active attack, The Register
- PDF exploit bypasses protective measures, Zero Day
- DHS cybersecurity group misses over a thousand holes in its own network, Wired
- Django update fixes XSS flaw, The H
- New German ID card turns out to be hackable, Schneier on Security
- Apple patches FaceTime redirect security hole, Zero Day
- Security flaws persist in Cisco’s wireless LAN controller, Zero Day
- Microsoft advises of 13 vulnerabilities, patches 9, Zero Day
- What you need to know about malvertising, ReadWriteWeb
- New email worm in the wild, Slashdot
- Another Android SMS trojan, The Register
- Broadband access becomes a voting issue in Australia
Nate Anderson at Ars Technica has the details of how the issue shaped the new coalition government. Where majorities are more contentious and often require this sort of alignment, the story makes sense. Here in the US, I still doubt that broadband access or similar tech policy concerns will ever have this kind of impact.
- Android, Linux kernel fight continues
- CERN looking to leverage patents where it hasn’t in the past
I am kind of saddened by this New Scientist article to which Groklaw linked. It mentions MIT actively managing a considerable portfolio, what I would consider a positive example of a regarded research institute balancing the drive to reap the benefits of its efforts directly. The idea of the web being bound up in patents, had CERN taken this approach from much earlier, is troubling to say the least.
- More details on yesterday’s police raids in Europe
TorrentFreak has more on the coordinate efforts by police, of which outages at the Pirate Bay may have been incidental. It is tough to judge as they’ve withheld or redacted some information to protect their sources. Claims are still being made by others, not by TorrentFreak, that the Pirate Bay and WikiLeaks were being targeted.
- Single atom setup acts as transistor for photons, Scientific American
- Civic Commons code sharing initiative looks to lower government IT costs, O’Reilly Radar
- Brazil undertaking all digital census, using smartphones, Slashdot
- Contribute to SETI@home from your browser
Via Hacker News.
- Re-targeting ads stalk surfers for weeks after they shop
Slashdot links to a story at NYT that I find fascinating for its potential to drive home the point about widespread behavioral advertising. If more users notice these sorts of creepy practices, the more fuel we’ll have for debate around better practices around transparency and affording the ability to opt out.
- Cyanogen, after market mod for Android smart phones, now supports FroYo, ReadWriteWeb
- GPU assisted sorting algorithm breaks giga-sort barrier, Slashdot
- iPhone app in approval limbo goes open source, Slashdot
- New model developed to help organize, keep private massive amounts of online data, Science Daily
- Some California schools decide to track students with RFIDs, EFF
I should have posted these yesterday, going by my usual schedule. Being on hiatus from the podcast is disrupting my usual force of habit though.
- phpMyAdmin updates close vulnerabilities
- Anti-virus products struggling against more recent styles of exploits
- More details on DLL load hijacking
- Microsoft confirms DLL load hijacking flaw
- ATM makers patch flaws demonstrated at Black Hat
- OpenSSH 5.6 arrives
- A convention for those who author malware
- Private info of 126K students exposed online
- Windows DLL vulnerability exploit in the wild
- Testing Android anti-malware apps
- Apple patches 13 OS X vulnerabilities
- Critical security holes in Adobe Shockwave
- Single botnet responsible for 40% of spam on the net
- Many hackers inadvertently send malware code to Microsoft
- Researchers cripple botnet
- VLC 1.1.4 fixes Windows DLL vulnerability
- Firefox adds support for HTTP strict transport security
The Register has the details, driven by the hackers among Android’s larger community, of Dell’s failure to fully honor their GPL obligations with their new gadget. The Streak is an early entrant into a promising field of Android powered mobile devices, tablets. Well, it isn’t quite a tablet as the consensus seems to consider tablets in the range of seven inch screens and up. And it isn’t quite a true MID, usually coming in at four inch or so. (MID stands for mobile internet device and is a bland and worthless descriptor that seems most commonly applied to handy non-tablet devices like the iPod Touch.) The most frequent attempt at describing the Streak I’ve seen is to characterize it as an oversized phone, with all the appropriate hardware and available with a service place but clumsy to hold up to the ear.
This is one of the devices I am following with interest to potentially purchase as a successor to my aging and increasingly decrepit first generation iPod Touch. Hopefully Dell will come into compliance sooner, rather than later. Especially as the sources in question could mean the difference between having or not having the option of an after market, manually upgrade to FroYo, the latest version of Android.
Dell Streak snub enrages Android fans, The Register
- 3rd zombie cookie suit filed
Ryan Singel at Wired shares the details of this case as well as the two previous. Hopefully this draws the right kind of scrutiny to curb the practice of using Flash to resuscitate standard browser cookies after users delete them. I hope this stays in the courts rather than being addressed in any future privacy legislation as I don’t think the technology is the problem but the factors in advertisers calculus that would lead them to using a trick that so defies the users’ express wishes.
- Digitizing your own books becoming popular in Japan
- New optical technique may accelerate development of practical spintronics
- Paper on defeating common attempts at obscuring network protocols
- Google responds to Android DRM crack explaining developers are using it wrong
- Low energy super computing
- Airport scanner technology leaves the terminal – There are a couple of key points in Mike Masnick’s post at Techdirt to emphasize. The news is that the technology has been sold outside of where it was first deployed, airports, and may be spreading beyond military use through these sales. He does mention the critical legal theory that would ordinarily curb using these scanners without the blessing of a warrant. We have no idea where and how the scanners are being used, whether we are likely to see a test case arise about them. He’s just hopeful, as am I, that we have solid precedent to help minimize abuse.
- Federal circuit rules GPS tracking without a warrant is legal
- Virgin media to warn malware-infected customers
- Network solutions sites hacked by widget
- Network solutions pulls widget that tainted so many web sites
- Dislike button scam hits Facebook
- Short passwords hopelessly inadequate
- ColdFusion bug more serious than Adobe claims
- Android app may be secretly uploading GPS data
- Clickjacking could affect mobile devices too
- Data loss bug in CouchDB fixed
- Adobe to patch Black Hat bugs this week
- Facebook clickjacking scam
- Critical Xorg vulnerability quietly patched
- Facebook login page still leaks sensitive info
- Reintroducing a malware hash registry
- Researcher finds common flaws in 40 Windows apps
- Adobe issues fixes for critical Acrobat, Reader flaws
- Google closes critical vulnerabilities in Chrome 5
- Google makes good on its bug bounties
- Foxit fix for iPhone PDF flaw
- Apple to patch iPhone PDF flaw this week
- Apple releases fix for iOS PDF exploit
- Cars hacked through wireless tire sensors
- Critical updates to Windows, Flash Player
- Dissecting a click fraud botnet
- Adobe warns of critical Flash player flaws
- New undetectable trojan empties bank accounts
Via Hacker News.
- Opera fixes high severity vulnerability
- Chrome beta addresses autofill vulnerability
- Server based botnet drives massive SSH brute force attack
- Facebook bug could expose users’ names, photos
- Nagging security flaws in Windows auth protocol
- Critical QuickTime flaw hits Windows
- Security bug may enable snooping on Android, Palm Pre
- Blackhole your malware