Yahoo Mail bugs may be behind Android ‘botnet’ spam, says researcher
Accusations that an Android-based botnet is spewing spam may, in fact, be no such thing, but instead a sign that criminals are exploiting bugs in the Yahoo Mail app for Google's mobile operating system, a security firm said today.
"There's no smoking gun, but my guess is that it's not malware," said Kevin Mahaffrey, co-founder and CTO of San Francisco-based Lookout Security, essentially dismissing the botnet possibility. "It's more likely an issue with the Yahoo Mail app."
Lookout has discovered what Mahaffrey called "potential security issues" in Yahoo's Android app, and reported its findings to the California search company's security team. Read more...
Windows 8 and OS X Mountain Lion by the numbers
Like 2009, this year is one of dueling operating system upgrades, when the two biggest OS rivals face off with new editions.
We've covered both the Windows 8 and OS X Mountain Lion upgrades, and spelled out what's known so far about their prices, release dates, delivery methods, upgrade paths and more.
Now it's the turn of the numbers to tell their story.
0 -- The price of an upgrade to OS X Mountain Lion for buyers of new Macs who purchased their Lion-powered systems starting June 11. The program, called "Up-To-Date" by Apple, continues as long as either Apple or its authorized resellers sell Lion-equipped Macs. The free upgrade will be available from the Mac App Store after buyers fill out a form to be posted on this page of the Apple website. Read more...
Dell’s partners fear divorce after firm beds new squeeze
CommVault and Symantec will be getting the jitters now that Dell is buying Quest, having acquired AppAssure and its continuous data protection technology just a few months back. Now it looks like the hardware giant is plumping up its portfolio of software with its latest acquisition... which might make its partnerships with the software firms redundant.
New acquisition Quest bought BakBone for $55m in November, 2010, gaining the NetVault product line and customer base. It joined Quest's application-specific LiteSpeed products, which cover databases like SQL Server and Oracle, its vRanger virtual server protection software and its Recovery Manager product line. These four products are being unified under a common NetVault XA architecture and management interface, which offers service-oriented data protection reporting, monitoring, alerting and control across an enterprise's multiple sites. This is usable by general line of business managers and IT people as well as specialised storage admin staff. Read more...
Internet will vanish Monday for 300,000 infected computers
As many as 300,000 PCs and Macs will drop off the Internet in about 65 hours unless their owners heed last-minute calls to scrub their machines of malware.
According to a group of security experts formed to combat DNSChanger, between a quarter of a million and 300,000 computers, perhaps many more, were still infected as of July 2.
DNSChanger hijacked users' clicks by modifying their computers' domain name system (DNS) settings to send URL requests to the criminals' own servers, a tactic that shunted victims to hacker-created sites that resembled real domains.
At one point, as many as 4 million PCs and Macs were infected with the malware, which earned its makers $14 million, U.S. federal authorities have said.
Infected machines will lose their link to the Internet at 12:01 a.m. ET Monday, July 9, when replacement DNS servers go dark. Read more...
Shuttleworth: Why Windows 8 made us ditch GPL Linux loader
Ubuntu daddy Mark Shuttleworth has defended Canonical’s decision to play ball with Microsoft's Windows 8 security policy that could stop “unauthorised” Linux builds from booting on new PCs and tablets.
Manufacturers must enable a feature called Secure Boot in their products' UEFI firmware in order to be officially labelled Windows 8 compatible. This mechanism will only start operating systems that have been signed with a digital key recognised by the motherboard's firmware.
Modifying the computer's start up process, such as installing a completely new operating system or updating the existing kernel core, will invalidate this signature and cause the firmware to reject the software until it is signed again by a trusted secret key.
The idea is to block viruses from tampering with the boot process and injecting themselves into a system before they can be detected. However difficulties arise when convincing the firmware that your custom Linux build, BSD kernel or whatever else you want to run on your own hardware is legit. Read more...
Informatica caught flat-footed by revenue shortfall
June was not a particularly fun month for data-integration software specialist Informatica, which has just put out preliminary financial figures for its second quarter ended last week.
Those numbers show that companies in the EMEA slammed on the spending brakes, and that American companies with a presence in Europe or which were directly affected by the European economy also got jumpy and started kicking sales proposals from Informatica upstairs for higher approval.
That's the story from Sohaib Abbasi, chairman and CEO at Informatica, who hosted a call with Wall Street analysts to tell them that the company was not going to make its earlier quarterly projections, which sent Informatica's shares a-tumbling. Read more...
Mozilla shoots down Thunderbird, hatches new release model
Mozilla has announced a new plan for the ongoing development of its Thunderbird email client that it says will provide for a stable product and continued opportunity for innovation.
That's all well and good, but the contents of a leaked internal Mozilla memo suggest that the full picture may be less rosy than it seems.
The announcement, which was made in a blog post by Mozilla Foundation chair Mitchell Baker on Friday afternoon, suggests a major restructuring of the release and governance model of the Thunderbird project:
Once again we've been asking the question: is Thunderbird a likely source of innovation and of leadership in today's Internet life? Or is Thunderbird already pretty much what its users want and mostly needs some on-going maintenance? Read more...
Google, Apple remove malware application from official app stores
Google and Apple removed a mobile app named Find and Call from their respective app stores on Thursday following reports that it was stealing people's phone book data and using the information to spam their contacts.
The app had been available on Google Play since at least May 21 and on Apple's App Store since at least June 13. Those dates are when the app's Android and iOS versions were last updated, said Denis Maslennikov, a senior malware analyst at security firm Kaspersky Lab.
Security researchers from Kaspersky flagged Find and Call as malware after being notified about its suspicious behavior by MegaFon, one of the largest mobile carriers in Russia. Read more...
Cisco apologizes for privacy ‘confusion,’ makes cloud service an opt-in feature
Cisco Systems has taken a step back from its Cisco Connect Cloud service, removing it as the default setting for management of its Linksys EA Series Wi-Fi routers after a firestorm of complaints from customers about automatic firmware updates and the service's terms of service.
The default method for managing the high-end Linksys routers has been changed to traditional setup and management over the local network, Cisco said in a blog entry posted on Thursday. When the company brought Cisco Connect Cloud online last week, it made the Internet-based administration service into the default tool for the routers. Read more...
Yahoo, Facebook settle patent dispute
Yahoo and Facebook announced Friday they have settled a high-profile patent dispute with a deal that analysts said would likely be good for both sides.
As part of the agreement, Yahoo and Facebook have signed a cross-licensing deal granting access to each others' patent portfolios, they said in a joint statement. They've also forged an advertising partnership and will expand an existing content distribution agreement.
Yahoo sued Facebook in March under the leadership of former CEO Scott Thompson. It accused Facebook of infringing patents covering technologies related to social networking, advertising, privacy, site customization, and communications. Facebook's News Feed and the way it handles privacy were both in violation of Yahoo's patents, Yahoo contended. Read more...