Step could affect web advertising
Mozilla is delaying plans to start blocking third-party tracking cookies in Firefox by default, according to an announcement. The company states that more work is needed for the anti-tracking feature. "The idea is that if you have not visited a site (including the one to which you are navigating currently) and it wants to put a cookie on your computer, the site is likely not one you have heard of or have any relationship with," explains Mozilla's Brendan Eich. "But this is only likely, not always true."
FIPS 14-2 certification, STIG approval opening DoD doors
Apple's iPhones, iPads and other devices running iOS 6 or higher are officially cleared for use on the US government's secure networks, the Department of Defence announced on Friday. The final approval, which we first reported on in March, also grants Samsung Android devices that are running the Korean company's Knox security lockdown, as well as BlackBerry devices running BB10 the ability to be used on secure networks. The move is expected to further hurt BlackBerry, as it faces competition in the military space for the first time.
Agency preps developers for changes to important act
The US Federal Trade Commission has started sending out two letters to app developers, preparing them for changes to the Children's Online Privacy Protection Act taking effect July 1st, according to an announcement. The letters warn developers that restrictions on the collection of personal data from kids under 13 have been expanded, and now cover things like audio or video bearing a child's likeness. Previously, rules only covered the gathering of names, addresses, and phone numbers.
App dumps screenshots into a folder, command and control servers inactive
A new semi-functional malware has been found for OSX. Discovered on a computer at the Oslo Freedom Forum by researcher Jacob Appelbaum, the OSX/KitM.A is a backdoor application which launches on boot and captures screenshots on a regular basis, which are then dumped in a folder.
Adds album artwork to Songs, supports multi-disc albums, more
On Thursday, Apple updated its flagship program iTunes to version 11.0.3, which brings some new features as well as addresses a number of minor bugs and improves security and performance for those running and sorting large collections. The main new features include a redesigned MiniPlayer that now features artwork and a progress bar, and some changes to the Songs view that also adds album artwork. Importantly, multi-disc albums are now seen and counted as one album rather than individual discs.
Drives developers to freemium model, hurts platform
New research from F-Secure Labs on the prevalence of malware on smartphones, along with developer data on game app piracy rates paints a pretty clear -- and damning -- portrait of Android compared to other mobile platforms. The growth in mobile malware on Google's platform is increasing at such a pace that the malware threat is approaching the relative level of compromised Windows systems, while the rampant piracy is driving developers away and making paid apps scarce in favour of the "freemium" model.
Reasoning for court ordered shutdown unclear
According to OKCupid founder Chris Coyne, Bitcoin exchange site Mt. Gox has seen its access to payment service Dwolla shut down by the Department of Homeland Security (DHS). Coyne posted the email he received from Dwolla, stating that due to the order by the arm of the US Government, Dwolla cannot complete the ordered transfer to the exchange.
Would perform the same as current mechanical button, report says
Rumors that Apple was going to incorporate a fingerprint sensor in the home button of the next iPhone still have no evidence to support them behind Apple's acquisition of Authentec in 2012. A new rumor has thus appeared, saying that Apple plans to do away with the physical push-style home button entirely in the next iPhone release, replacing it with a capacitive touch area that would perform the same functions. The new "button" will be covered in sapphire glass to prevent scratches.
Points to violent assaults over iPhones
New York Attorney General Eric Schneiderman has sent letters to several smartphone makers asking them to explain what they're doing to deter thefts, Bloomberg reports. Apple, Google, Microsoft, and Samsung are said to have been contacted on May 10th. "I seek to understand why companies that can develop sophisticated handheld electronics, such as the products manufactured by Apple, cannot also create technology to render stolen devices inoperable and thereby eliminate the expanding black market on which they are sold," reads Schneiderman's letter to Apple CEO Tim Cook.
Twitter client gets Readability, Droplr support
Two iOS apps, Twitterific and 1Password, have today received significant updates. Twitterific 5.2.2 adds support for bookmarking service Readability and image service Droplr. A number of smaller improvements have also been made, such as automatic flipping of the read/unread state of tweets as users scroll, and similar updating of indicators in timeline tabs. Yfrog images should appear in the in-app browser instead of the photo viewer.
BlackBerry likely to suffer due to loss of monopoly on secure devices
A spokesperson for the Pentagon has told Bloomberg that mobile devices using Apple's iOS 6 as well as Samsung devices supplemented with the company's Knox security lockdown as well as BlackBerry devices running BB10 are expected to be allowed onto the Defense Department's high-security data networks early next week, barring final approvals. The news comes on the heels of iOS's FIPS 140-2 certification for the CoreCrypto kernel module, which was added in the iOS 6 release.
Agencies stymied by locked-down operating system
Apple is receiving so many requests from police agencies looking to decrypt seized iPhones that the company has started a waiting list, CNET reports. In an example exposed by court documents, the ATF is said to have wanted to break through the encryption of an iPhone 4S owned by a Kentucky man accused of distributing crack cocaine. The agency "contacted Apple to obtain assistance in unlocking the device," according to US District Judge Karen Caldwell, but was "placed on a waiting list by the company."
Unlocking Technology Act of 2013 to allow DRM circumvention
The Digital Millennium Copyright Act (DMCA) has come under attack by a newly-proposed legislation. The Unlocking Technology Act of 2013 seeks to legalize the unlocking of cellphones, as well as clarifying that the DMCA should only apply in cases where circumventing digital rights management or other copyright systems will aid in copyright infringement itself.
Option will appear automatically in account details
Apple is extending its two-step verification option for Apple IDs to a wider range of countries, users say. When the feature first launched in late March, it was restricted to the US, UK, Australia, Ireland, and New Zealand. Now though people in Canada, Argentina, and Pakistan are reporting getting the feature, and other countries may be following suit.
Founder Ren Zhengfei claims Huawei not connected to US security issues
The founder and president of Huawei has made a rare appearance in front of reporters to defend his company. Ren Zhengfei spoke out against claims made by the US government that it is a national security risk, due to apparent close ties with the Chinese government, and allegations that Huawei equipment could have allowed sensitive details to be passed to Chinese agencies.
Service first of its kind for corporate and government
Electronic device security and management solutions provider Absolute Software has announced the launch of Computrace Mobile Theft Management, the first iOS loss mitigation and theft recovery service on the market for business. Computrace MTM provides both loss prevention and theft recovery for a company's entire iOS deployment.
Google transparency report among first to report disconnection
Following yesterday's unexpected disappearance of Syria from the Internet, service to the war-torn country seems to be completely restored with no feared large-scale attack by the Syrian government against the rebels. Both the state-run Syrian Arab News Agency and Google's real-time reporting have demonstrated that traffic is increasing in the country.
Weak security resulted in DRM-free MP3 file downloads
A vulnerability found in Spotify's web player has been exploited, allowing users to download permanent copies of songs from the service. A Chrome extension by the name of Downloadify used the exploit to download MP3 files that were free of DRM, rather than just stream them, something which Spotify has been quick to rectify.
First transfer with new protocol requires only an email to unlock
File-sharing network BitTorrent has revealed a "direct-to-fan" collaboration with music label Ultra. Using a new protocol called the BitTorrent Bundle, an interaction by the downloader -- such as providing information or even paying for the content -- is required before unlocking restricted content. The mechanism for secure distribution is embedded within the protocol, and compatible with existing BitTorrent clients.
A cryptographic component in iOS 6 has received FIPS (Federal Information Processing Standard) 140-2 Level 1 security certification from the US National Institute of Standards and Technology, says TUAW. In particular, the NIST says that when running in FIPS mode, iOS 6's CoreCrypto Kernel Module 3.0 "generates cryptographic keys whose strengths are modified by available entropy." The module is identified as "a software cryptographic module running on a multi-chip standalone mobile device and provides services intended to protect data in transit and at rest."
Apple can't ask for 'global consent' for data use, court finds
Trojan horse points to non-functional webpage, part of sound file
A bit of malware -- a Trojan horse file that tries to redirect to a website -- has been found inside an iOS app, but the code has turned out to be harmless. The app in question is called Simply Find It ($2) and comes from a legitimate developer that has produced a number of legitimate games -- suggesting that the malware was probably inserted into the app accidentally. The bigger issue (since there is no direct threat posed by the bad code) is how Apple's testing procedure missed it -- and how two well-known anti-malware scanners couldn't pick up on it either.
Attack targeted nuclear weapons workers accessing health information
A US Department of Labor website tailored for nuclear weapons researchers has been compromised, redirecting visitors to a series of alternative websites. If the accessor was using Windows XP and Internet Explorer 8, the culmination of the attack inserted the "Poison Ivy" malware onto the computer, giving access to the user's data by "DeepPanda", a group of hackers believed to be located in China.
Cellphones accounting for large percentages of thefts in major US cities
The cellphone industry -- including both carriers and phone makers -- is turning a blind eye toward the problem of smartphone theft, to its own benefit, a New York Times piece claims. The paper, for instance, quotes District of Columbia Police Chief Cathy Lanier as saying that "the carriers are not innocent in this whole game. They are making profit off [smartphone theft]." In 2012, the DC area witnessed a record 1,829 phones being stolen.
Facebook has announced plans to roll out a new security feature for accounts, dubbed Trusted Contacts. Under the scheme, an account owner will be able to pick three to five people to whom they can give special PINs. Should the owner have trouble getting into their account, three PIN holders will be able to help them log back in. It's not clear how quickly Trusted Contacts will become available to Facebook users.
Targeted sites narrowed down to Houston IP address
The people responsible for a new Apple ID phishing scam have compromised 110 websites, says security firm Trend Micro. All of the sites are hosted on a specific IP address, 18.104.22.168, which is registered with an ISP based in Houston, Texas. "Almost all of these sites have not been cleaned," Trend Micro remarks.
Report scores tech companies on protecting user data from the government
An annual report by the Electronic Frontier Foundation (EFF) has declared that Twitter and Sonic.net are the best tech companies for protecting its users from government snooping and requests from courts and law enforcement. Out of the 18 companies examined in the report, MySpace and Verizon were judged the worst, failing to score a single star in any category, while Apple, AT&T, and Yahoo managed to attain at least one star out of a possible six.
Twitter account intrusions could rise as hackers crave press coverage
Twitter has written to news organizations in order to help prevent their highly-followed accounts being hijacked. The memo comes in the wake of a number of high-profile attacks on media Twitter accounts, with the micro-blogging service expecting the compromising of high-profile accounts to continue in the future.
San Francisco pursues 'fear and distrust' strategy
The San Francisco Police Department is pursuing a "fear and distrust" strategy in an attempt to wreck the city's black market for mobile devices, particularly iPhones, the Huffington Post writes. Sting operations are targeting both the buyers and sellers of stolen devices, the idea being to deter people from going the illegal route. The SFPD has reportedly had help from Apple, which loaned a collection of iPhones that were then sold by undercover police officers.
LivingSocial issues warning for users in all countries
Daily deals coupon site LivingSocial has issued a warning to its customers that their user data may have been breached in a recent cyberattack. The company last week reported an attack on its systems that gave malicious parties access to as many as 50 million users' names, email addresses, dates of birth, and "encrypted passwords," according to Reuters. The company says it is working with law enforcement to investigate the issue.
Rooting of Google headset could allow local file storage options
The Google Glass headset has been rooted, shortly after it has started being issued by the search giant to developers. Jay Freeman, a hacker that goes by "Saurik" and creator of the Cydia app store for jailbroken iPhones and iPads, gained access to a level that he could theoretically prevent the device from being affected by Google's own restrictions.
Stolen iPhone used in Boston Bomber tracking
According to several recent news reports, an iPhone's GPS chip was used to help track the Boston Bombers to Watertown. Time, the New York Times, and Boston.com all have reported that after the bombing the two suspects stole a Mercedes and proceeded to flee the crime. However, what the thieves didn't realize is that the car itself was equipped with an mbrace tracking system and that an active iPhone had been left inside. None of the sources directly mention Find My iPhone, but it is likely that the device finding service played a part in the location of the stolen car.
Policy change to affect Facebook, other independently-updated apps
Google has updated its Play store with a small change to its developer program policies, to prevent malicious code appearing on devices. The small change now forbids applications supplied through the Google Play store from receiving updates using another process, in an effort to improve the overall security of apps provided to Android users.
New $10 billion by 2017 estimate may still be too optimistic
Citing a new "deeper understanding of the market," telecommunications equipment manufacturer Huawei has cut its previous estimate of $15 billion in annual sales by 2017 to $10 billion. As part of the reduction of expectations, Huawei CEO Eric Xu said that "we are not interested in the U.S. market anymore" in response to questions about the US House Intelligence Committee report calling the state-supported manufacturer a threat to US national security.
Over 130 points lost, regained after false attack on White House
The Twitter account of the Associated Press news agency falsely declared an attack on the White House, after hackers took control of the account. The message, appearing on the AP's main Twitter feed, has since been confirmed as "bogus" by the agency, but not before it negatively-affected the Dow Jones for a short period of time.
Street View Wi-Fi data collection issue strikes again
Google has been fined 145,000 euros ($189,230) by a government regulator in Germany for collecting data from Wi-Fi connections in the country. The fine stems from when the company's Street View cars were in operation between 2008 and 2010, inadvertently collecting data packets from individuals and businesses as the fleet drove around the country.
Apple claims data anonymized, used to improve technology
All the requests people have made through Siri are being stored on Apple servers for a period of up to two years, says Apple spokeswoman Trudy Muller. The statement comes in response to Wired inquiries about ambiguity in Siri's privacy policies, initially pointed out by American Civil Liberties Union lawyer Nicole Ozer. Muller insists that Apple is anonymizing the request data, and only collecting voice clips in order to improve Siri.
Microsoft enables two-step verification to Microsoft Accounts
Microsoft has enabled two-factor authentication for Microsoft Accounts. Leaked earlier this month, users will see the option to add the extra security measure through the account management menu over the next few days, and can download an authenticator app from the Windows Phone store or use third-party apps on other platforms, according to a company blog post. Apps and devices that will not work with the new security measure directly can have application-specific passwords created in order to function.
Restores more user control to Java web plug-in
Apple on Tuesday updated both Java and its web browser Safari for users of OS X 10.6.8 (Snow Leopard) and higher. The updates now allow users to enable the Java web plug-in on a site-by-site basis, as opposed to the "active" or "inactive" options it had previously. Following a spate of serious issues, Apple forcibly disabled the Java plug-in because of malicious, in-use threats -- though users could reactivate Java once they updated.
Microsoft has identified problem, posted an OS repair procedure
Microsoft declared that it has revised the "patch Tuesday" package from April 9, removing a fix that was causing some PCs to fail to blue screen, and not boot thereafter. The problem is being blamed on incompatibility with some third-party security software, and Microsoft is recommending that affected users uninstall the patch. All editions of Windows 7 and Windows Server 2008 are affected.
High bills generated by children using freemium games under scrutiny
A United Kingdom government department has launched an investigation into in-app purchases aimed at children. The Office of Fair Trading (OFT) is attempting to find out if the methods used by developers to encourage children into performing the purchases are "misleading, commercially aggressive, or otherwise unfair."
Statement by NSC claims revisions made to bill insufficient
The White House has responded to the 2013 version of the Cyber Intelligence Sharing and Protection Act (CISPA) bill heading to the House floor for a vote. National Security Council (NSC) spokesperson Caitlin Hayden issued a statement saying that "[the White House believes] the adopted committee amendments reflect a good-faith effort to incorporate some of the Administration's important substantive concerns, but we do not believe these changes have addressed some outstanding fundamental priorities" and intimated that the President would veto the bill as it stands.
Changes to bill limited to personal information restrictions
A slightly modified version of last year's failed Cyber Intelligence Sharing and Protection Act (CISPA) has been voted through the House Intelligence Committee, with an 18-2 victory. The new revision of the bill, left mostly unaltered by the committee, will likely reach the House for a general vote by April 19 along with a number of other cybersecurity bills.
All passwords reset, company offering a year of identity protection
According to Vudu, unknown perpetrators broke into the video streamer's office on March 24 and stole a number of items, including hard drives that contained customer information with names, email addresses, postal addresses, phone numbers, account activity, dates of birth, and the last four digits of some credit card numbers. The company has since reset all passwords, and noted that the password database was encrypted.
Microsoft accounts can be linked to Authenticator Windows Phone app
Microsoft is preparing to add a two-factor system for account authentication, according to a report. The new system, aimed at improving account security overall by adding a number-based token to the Microsoft Account log-in system, has reached a point where the company is close to turning it on for all users, though it is not clear when this will be.
Update gives developers just three weeks to update their apps
Google has finally released an update for its AdMob advertising SDK for iOS developers that leaves those reliant on it just three weeks to update affected apps before Apple's hard deadline for rejecting apps that still use Unique Device Identification (UDIDs) to track app usage and advertising effectiveness. The new version, 6.4.0, retires the UDID scheme (which had emerged as a potential security and privacy risk that could compromise personal information) and adds support for test ads, along with some bug fixes.
Anti-Kim Jong Un photos posted, Anonymous demands reiterated
In the latest phase of hacker collective Anonymous' attack against the bellicose North Korean regime, the Twitter and Flickr accounts associated with a North Korean propaganda site have been seized. The accounts taken over belonged to Uriminzokkiri, a web site which had 14,000 users' records stolen earlier this week by the same hacker group.
iMessages sent via SMS still vulnerable, agency says
The US Drug Enforcement Administration is complaining that it can't intercept content on Apple's iMessage service, even with a warrant, according to an internal note obtained by CNet. "On February 21, 2013, the DEA San Jose Resident Office (SJRO) learned that text messages sent via iMessages between Apple products (iPhone, iPad, iPod touch, and iMac) are not captured by pen register, trap and trace devices, or Title III interceptions," the DEA writes. "iMessages between two Apple devices are considered encrypted communication and cannot be intercepted, regardless of the cell phone service provider."
Tweaked in response to growing need for parental awareness
Possibly in response to a growing number of stories of inept or naive parents who have inadvertently allowed their children to run up huge bills through in-app purchases (IAPs), Apple's App Store now puts the age recommendation of a given app directly below the title and author credit. The move effectively relocates the age recommendation to the first thing a buyer will likely see after the title. The change may also help parents who fail to activate parental controls to ferret out more adult apps that are not appropriate for a given child.
Companies could be forced to hand over data
The California State Assembly is set to consider a new bill, the "Right to Know Act of 2013," that may force companies to disclose personal data. Supported by the Electronic Frontier Foundation and the American Civil Liberties Union of Northern California, the proposal (PDF) would require companies to provide copies of all data collected on its customers, including a list of third parties with which the personal data has been shared.