NSA’s lax ban on USB drives may have contributed to PRISM leaks
News about the NSA and FBI's surveillance programs doesn't just have privacy advocates wringing their hands in consternation; IT security analysts have raised the critical question as to how a 29-year-old government contractor was able to surreptitiously abscond with sensitive classified documents, share them with two media outlets, and escape the country unmolested.
It turns out Edward Snowden didn't need to employ any clever hacking tricks to carry out the data heist. He didn't have to lower himself into a secured server room via the air ducts, deftly avoiding infrared beams, to snag a disc containing the files. He simply plugged in a USB thumb drive, snagged the files off a server, and smuggled the device out of the NSA office in Hawaii, an unnamed investigator told the Los Angeles Times. Read more...
Oracle to ship 40 security fixes for Java SE
Oracle is set to release a patch set for Java SE that targets 40 security vulnerabilities.
Thirty-seven of the weaknesses can be exploited over a network without requiring an attacker to have a username or password, Oracle said.
Affected products covered in the patch batch, which is set for release Tuesday, include Java SE as well as a number of version of JDK (Java Development Kit), JRE (Java Runtime Environment) and the JavaFX rich-client development platform, according to Oracle's announcement. Read more...
Microsoft launches new Embedded OS to harness the data of devices
"It's now essential for businesses to tap into the vast potential of data if they want to compete," says Kevin Dallas, general manager for Windows Embedded at Microsoft.
"With Windows Embedded powering industry devices, that data is made readily available to drive real, actionable operational intelligence for industries. Windows Embedded Compact 2013 is a powerful, flexible platform for extending that capability to some of the smallest industry devices," Dallas says.
Windows Embedded CE is a modular, real-time OS with a specialized kernel that can run in less than 1 MB of memory. It first hit the market in 1996 as a solution for powering very small computers and embedded devices-for instance industrial devices and consumer electronics devices such as set-top boxes and game consoles. Read more...
NSA, FBI collecting content from Google, Facebook, other services
The U.S. National Security Agency and Federal Bureau of Investigation have access to servers at Google, Facebook, and other major Internet services, collecting audio, video, email, and other content for surveillance, the Washington Post and the Guardian reported on Thursday.
The surveillance is taking place in real time under a classified program called PRISM, which was begun in 2007 to investigate foreign threats to the U.S., the reports said. Most of the major Internet services, including Microsoft, Yahoo, Skype, Apple, and AOL as well as Google and Facebook, knowingly participate in PRISM, according to the Post and the Guardian. But all the companies denied the Post's claims that the NSA had "direct access" to their servers,ma Liam the Post dropped in later versions of its story. Read more...
Google slides its soft finger-fondling into any willing Android doodad
Google's own on-screen keyboard software for touch-driven Android gadgets is now available as a freebie for all.
The advertising giant's "soft" keyboard comes preinstalled onto its own devices, and offers the joy of sliding one's finger between letters to spell out words rather than tapping them out like a pecking hen. Now Google is giving its keyboard away to anyone who wants it.
That's assuming one has at least Android 4.0, and hasn't already gone for one of the alternatives such as Swype or Swiftkey. Google's keyboard will happily coexist with those, but on first glance it's not quite as good, though some users will no-doubt disagree. Read more...
IT departments won’t exist in five years
Consumerization of IT and self-service trends will lead to a restructuring of the today's IT shop, leaving behind a hybrid model consisting of tech consultants and integrators.
"The business itself will be the IT department. [Technologists] will simply be the enabler," said Brandon Porco, chief technologist & solutions architect at Northrop Grumman.
Porco was part of a four-person panel of technologists who answered audience questions during a town hall-style meeting at the CITE Conference and Expo here this week.
Among concerns raised is whether IT is losing control as consumer technology becomes part and parcel of everyone's work in the enterprise, and the data center is left behind. Read more...
Peak Facebook: British users lose their Liking for Zuck’s ad empire
Facebook's popularity is slumping in the UK as users become fed up with being bombarded with advertising, a YouGov survey has revealed.
In a report examining social media use among web-savvy Brits, the market research firm found a 9 per cent drop in Facebook usage since April 2012.
Among the people who had quit Facebook, 23 per cent said they'd done so because they were "fed up with social marketing promotions", up 18 per cent from April 2012. Exactly one-fifth ditched the social network because they were nervous their personal info would be handed over to third parties. Read more...
Internet advertising giant (Google) ‘mulls’ map app Waze gobble
Ad giant Google is also considering snapping up mapping software firm Waze, which could spark a bidding war with Facebook over the business.
Sources whispered to Bloomberg that Google was interested in the navigation firm - which is, of course, seeking a price tag of more than $1bn. What kind of tech company are you these days if you don't ask other tech companies to fork out at least $1bn for you?
Google told The Register that it doesn't comment on rumours or speculation.
Earlier this month, other sources claimed that Facebook was also interested in snaffling Waze and was unfazed by the billion-dollar price tag. Since Facebook was outed as an interested party, Google and other tech firms have approached the firm about a possible deal. Read more...
Chinese hackers resume attacks on U.S. targets
For the last three months or so, the U.S. government and some of its defense contractors have engaged in a war of shame on China to pressure it to cool its cyber attacks on U.S. targets. The campaign appeared to be yielding results, but it seems that Chinese hackers were only catching their breath.
The notorious Unit 61398, also known as the "Comment Crew," -- an elite cyber unit linked by U.S. security firms to the China's People's Liberation Army (PLA) -- has renewed its raids on U.S. entities using different techniques, the New York Times has reported.
Cyber security firm Mandiant told the Times that the attacks had been renewed, but would not identify the targets -- although it did acknowledge that many of them were the same ones assaulted earlier by the Chinese cyber unit.
Mandiant did not respond to a request for comment for this story. Read more...
Microsoft conceals job ad in Bing homepage
Microsoft are looking for a new Bing developer - but you'll need to be pretty smart to apply. Oh, and you can only use Internet Explorer, which rules a fair number of applicants out.
Visitors to the Bing homepage are currently greeted with a weird blue environment of some sort as the background to the search bar. But rich rewards are on offer for the searcher who looks beyond the surface of the blue-and-grey floatyness.
If you're using Internet Explorer and have enabled the browser debug settings*, a small message pops up containing the words: "Do you want to debug this webpage?" Read more...
Mozilla postpones default blocking of third-party cookies in Firefox
Mozilla has postponed blocking third-party cookies by default in Firefox 22, "to collect and analyze data on the effect of blocking some third-party cookies."
The nonprofit organization is, however, not softening its stand on protecting privacy and putting users first, Brendan Eich, Mozilla's CTO and senior vice president of engineering, wrote in a blog post Thursday.
Mozilla has been testing a patch from Jonathan Mayer, a graduate student at Stanford University in computer science and law and online privacy activist, which like Apple's Safari browser allows cookies from websites already visited, but blocks cookies from sites not visited yet. Read more...
How to keep the feds from snooping on your cloud data
A cottage industry is growing up around virtual padlocks that consumers can place on cloud services so that the vendors themselves can't get to the information -- even if the government requests access.
And in recent years there have been a lot of those government requests for access from storage-as-a-service providers.
For example, Google regularly receives requests from governments and courts around the world to hand over user data. Last year, it received 21,389 government requests for information affecting 33,634 user accounts. Sixty-six percent of the time, Google said it provided at least some data in response. Read more...
China’s internet security giant Qihoo planning global domination
Controversial Chinese software vendor Qihoo 360 has its eyes on world domination after controversial founder Zhou Hongyi told the local press he wants to turn the firm into the planet’s biggest web security biz.
Qihoo made its name flogging free AV to bargain-seeking Chinese punters and has since gone on to build a successful business around products in several related areas including web browsing, search and internet portals.
Never one to resist an opportunity to engage in some blatant self promotion, Zhou was quoted in the Changjiang Daily News late last week arguing that just as products made in China are now sold throughout the world, so his firm should take the freemium web security model global. Read more...
Microsoft admits zero-day bug in IE8, pledges patch
Microsoft late Friday confirmed that a "zero-day," or unpatched, vulnerability exists in Internet Explorer 8 (IE8), the company's most popular browser.
According to multiple security firms, the vulnerability has been used in active exploits, including "watering hole"-style attacks against the U.S. Department of Labor and U.S. Department of Energy, targeting workers at the latter agency involved in nuclear weapons research.
On Friday, Microsoft published a security advisory that acknowledged the bug. In the advisory, the company also said that other versions of Internet Explorer, including the newer IE9 and IE10, are not affected, and that the firm is working on an update to patch the problem. Read more...