Concern about rebuilding surface, users likely to get near nothing
Bankrupt bitcoin exchange Mt. Gox has apparently abandoned its goal of rebuilding itself, and now is asking a Japan court to allow complete liqudation. Should the Japanese court approve of the move, it will appoint a trustee which will assume control of all Mt. Gox assets from CEO Mark Karpeles. Additionally, US courts overseeing the Chapter 15 bankruptcy have been informed that regardless of judicial decree, Karpeles will not appear in court to answer questions as ordered by bankruptcy Judge Stacey Jernigan.
French hardware company reveals its year-long malware security breach
LaCie, a major retailer and tech company from France, has confirmed that its website has experienced a security breach for over a one-year period. Informed about the security violation on March 19 by the FBI, transactions between March 27, 2013 and March 10, 2014 are thought to have been affected. Customer names, addresses, email addresses, and payment card numbers with their expiration dates are at risk, in addition to usernames and passwords. LaCie began notifying affected customers on April 11, and its digital store is currently closed while fixes to its secure payment infrastructure are under way.
New paragraph specifically advises of content scanning on Google services
Google has updated its terms of service, adding an explanation for its content scanning efforts. The new paragraph, one of relatively few changes to the document, specifically notes that Google scans e-mails in order to provide "personally relevant product features," including "customized search results, tailored advertising, and spam and malware detection."
900 taxpayers lose social insurance numbers to OpenSSL flaw
Canada's tax administration has reported that around 900 people have had personal data stolen, with the miscreants making off with the data using the Heartbleed bug. Taken by the hackers are social insurance numbers (similar to Social Security numbers in the US), and potentially other data. The breach is the first directly pointing at the Heartbleed bug as the main vector of attack.
BlackBerry will update iOS, Android BBM apps over Heartbleed security flaw
BlackBerry has added itself to the list of companies working to fix issues caused by the 'Heartbleed' OpenSSL security flaw. Senior vice president Scott Totzke told Reuters that, though the majority of BlackBerry products are unaffected, by not using OpenSSL, it will still need to issue updates to Secure Work Space corporate e-mail and the BlackBerry Messenger clients for iOS and Android.
Flaw mandates TLS 1.2 support, not found in older Windows Server versions
Microsoft has stopped the downloads of the new Windows 8.1 update to enterprise customers after it was found to destroy the ability to recieve future updates, including security patches. The flaw affects businesses that use Windows Server Update Services 3.0 (WSUS) Service Pack 2.
Agency claims it didn't know of flaw until public disclosure
As reports of the severity of the Heartbleed OpenSSL bug has spread, so have the rumors. A report from Bloomberg has claimed that the US National Security Agency exploited the flaw for years. In its own defense, the NSA issued an unusually specific statement saying that not only did it not use the exploit, but it didn't even know about it until news of it went public a few days ago.
US continues to ask for most user data, India most censorious
Facebook has updated its global government transparency report for the second time, covering the second half of 2013. Aside from revealing that it had 28147 requests for user data from 81 countries, up from between 25,607 and 26,607 requests from 71 countries in the previous report, Facebook is also revealing which countries are restricting or removing content from view.
Case filed in wrong state, Appeals court says
The 3rd US Circuit Court of Appeals has unanimously tossed the conviction of Andrew Auernheimer, an Arkansas man accused of stealing the personal data of about 120,000 iPad users, says Reuters. Auernheimer was convicted of the crimes in November 2012 and sentenced to 41 months in prison. The case was filed in New Jersey however, and the appeals court has ruled that he was prosecuted in the wrong state, since his crimes weren't committed there.
SSL bug could still be found in Mac servers running PostgreSQL, MacPorts, other add-ons
Apple has confirmed on Thursday that all of its operating systems and key web services, as well as its website and iCloud service, are not affected by the "Heartbleed" SSL flaw that is threatening much of the web. The "Heartbleed" bug, a flaw in the implementation of later versions of OpenSSL -- which is used by many but not all websites to handle secure log-ins and other transactions -- has put as much as two-thirds of the World Wide Web at risk.
WhatsApp must continue existing policy of not collecting user data
Social network giant Facebook said earlier today that the US Federal Trade Commission (FTC) has approved the multi-billion-dollar acquisition of messaging service WhatsApp. As part of the deal, both companies must adhere to existing user privacy agreements, including a WhatsApp promise made while independent to not collect user personal data for targeted advertising.
Verify Apps updated to check for Android malware regularly after installation
Google is attempting to improve the security of Android, by changing the way it monitors apps on mobile devices. The Verify Apps service, which protects smartphones and tablets by checking the apps for malware at the time of installation and warning over potentially harmful software, will be updated to provide constant on-device monitoring of apps after the installation.
An Ontario, Canada class-action suit now underway alleges that Facebook has been scanning user's private messages without permission from users. Allegedly, the social network was using the data to grow advertising revenue, and was stopped in 2012 when an investigation found that the practice was widespread.
Android 4.1.1 vulnerable, device manufacturers informed
In the wake of the disclosure of the OpenSSL "Heartbleed" bug, search engine Google has patched its systems to counter the day-zero flaw. While noting that Google Chrome and ChromeOS aren't affected, the search engine behemoth has fixed any issues with Search, Gmail, YouTube, Wallet, Play, Apps, and App Engine.
Security flaw in OpenSSL encryption library dates back to early 2012
A major security flaw has been discovered in the OpenSSL cryptographic software library, jeopardizing security for a large number of SSL/TLS-based transmissions. The fault, named the "Heartbleed Bug," has apparently existed since March last year but only recently uncovered, and puts at risk not only the contents of encrypted online communications, but also the SSL keys used in the transmission.
Rapid adoption means iOS more secure, easier to develop for
On Monday, Apple updated its iOS adoption statistics for developers to show that 87 percent of active iOS devices are now running iOS 7, with only 11 percent still on iOS 6 and a mere two percent (presumably devices that cannot upgrade, such as the original iPad) stuck on earlier versions. The figure was achieved less than seven months after the original release of the upgrade in mid-September. By comparison, only about 5.3 percent of Android users have or have been allowed to upgrade to last year's KitKat , which was announced around the same time as iOS 7 and debuted a month later.
Apps get simplified interfaces
Intego has released VirusBarrier X8 and NetBarrier X8, updates of its Mac security apps. Both titles have been revised with new, streamlined interfaces. VirusBarrier specifically also has a new low-priority scanning mode, designed to ease the processing burden on a Mac.
Can encrypt and hide files and folders with 256-bit AES protection
While at the Macworld Expo last weekend in San Francisco, MacNN got a chance to talk with members of the MacPaw software team, best known for their duplicates finder Gemini II and their utility app Clean My Mac. The company released its latest upgrade, file-and-folder encryption tool Hider 2 (formerly MacHider), for OS X 10.8 and higher on Wednesday. The program is designed to allow users to hide, encrypt and password-protect sensitive files, whether they are confidential business documents or those pictures of an ex.
Questioning limited to Chapter 15 bankruptcy-relevant information only
US Bankruptcy Judge Stacey Jernigan has ordered shuttered Bitcoin exchange Mt. Gox's CEO Mark Karpeles to present himself in Texas, at his lawyer's office. The judge demanded that if Karpeles "avails himself of this court, my God, he is going to get himself over here" to answer allegations of theft and other improprieties before the company recieves Chapter 15 bankruptcy protection in the US.
Includes direct support for new top-level domains for Mavericks, Mountain Lion
Alongside updates for the iWork apps for iCloud, OS X and iOS, Apple on Tuesday released version 7.0.3 (for Mavericks) and 6.1.3 (for Mountain Lion) of its Safari browser. The new release, which only had two betas released to developers before going final, adds enhanced push notification settings and direct support for some new top-level domains (which could previously only be accessed through a search). The update also addresses a few credit card autofill and security issues.
Consumers could save on phone replacements, insurance costs if kill switches are mandatory
Owners of smartphones could collectively save an estimated $2.6 billion annually if "kill switches" are made available for all mobile devices, a new study claims. The system, which would in theory make a smartphone unusable once triggered, could lead to lower sales of insurance policies, and potentially a rise in the sales of more basic insurance schemes.
CEO Mark Karpeles questioned by six employees about expenses, cash flow
The problems with shuttered and bankrupt Bitcoin exchange Mt. Gox may have been evident to employees as early as two years before its well-publicized meltdown. Six employees reportedly confronted CEO Mark Karpeles over money-handling in the organization, with the group alleging that customer funds were being diverted improperly to other expenses, such as a 3D printer, and a modified car imported from the UK for the CEO.
Former media event lives on as accessory, app showcase
The Macworld Expo (now called Macworld/iWorld) certainly isn't the show it was five years ago, the last year Apple attended. Its a much smaller show -- maybe 25,000 attendees at best -- but with a more sustainable focus: a showcase for computer and mobile peripherals, accessories and gadgets, as well as a gathering of app developers. Because Apple doesn't make big announcements timed to the conference anymore -- and the one company that did, Microsoft, chose not to have its Office for iPad event there -- the Macworld/iWorld show doesn't make the news as often as it used to.
Interception of Turkish traffic to Google DNS could be continued censorship attempt
Google's Public DNS service is being intercepted by Internet service providers in Turkey, the company has alleged. Servers have apparently been set up by each ISP to "masquerade as Google's DNS service," in what could be considered an attempt by those responsible to monitor or censor critics of the country's government while elections are underway.
Successful crowd-funded projects a fresh source of innovation
Macworld/iWorld 2014, currently going on at the Moscone Center in San Francisco, handed out its Best of Show awards on Friday, including a mix of hardware devices and software apps, many of which started life as successful Kickstarter or similar crowd-funded ideas, both from established companies and novice entrepreneurs. Winners included a portable RAID drive, a thermal camera for the iPhone, an app to get kids to do their chores, and new Thunderbolt adapters, among other useful apps and gadgets.
Sync and backups kept separate, optionally encrypted
Online backup storage service IDrive has revamped its plans to offer more space, and a new separate sync service -- and to celebrate, it will give current and new users the same amount of sync space as they use for backups at no additional charge. The new service allows users to sync files in real time across all linked devices (on Macs, PCs or mobile devices) as well as their separate IDrive account. The sync feature can optionally be protected with private-key encryption if desired.
URLs, lack of HTTPS key ways of spotting scam
US tops list of countries requesting user data from Google
Requests for user information received by Google from government agencies have increased 120 percent since 2009, according to the search company's latest transparency report. The quantity of requests in the second half of 2013 reached an all-time high of 27,477, up from 25,879 for the first half of the year, while the percentage of requests where some data is provided has reached its lowest point since the report began, with 64 percent.
CasinoCoin, Dogecoin, Litecoin variants all spotted on 'hundreds' of devices
New Android malware is making the rounds, with the latest threat being a piece of software that when installed, maxes out the device's processor mining for crypto-currencies. The "CoinKrypt" malware has three known variants, processing for CasinoCoin, Dogecoin, and Litecoin.
Security verified by US regulators, new management software certified for use
BlackBerry announced earlier today that is has received US Government Federal Information Processing Standard (FIPS) 140-2 certification, which allows employees to use its enterprise software on Apple's iPads and the predominantly Samsung-provided mobile equipment. The certification applies to Secure Work Space, which isolates management-installed apps and files from personal content.
New tool forces encryption on device, monitors transfers across network
Security solutions provider CoSoSys has released Endpoint Protector 4, the first digital loss prevention tool that provides enforced encryption on removable storage devices. The new app suite aims to secure sensitive data and prevent data loss on computers in a "bring your own computer" environment using OS X.
Data protection specialist, former Senate staffer picked for top jobs
A former Senate staffer will take on the role of Apple's new top US government lobbyist in Washington DC, while a certified privacy professional with a background in healthcare, national security and social network privacy issues has been named to a new "privacy counsel" position within the company. Amber Cottle served as a staff director for an influential congressional committee, while Sabrina Ross as already begun her job overseeing the protection of customer data.
No patch currently available, but mitigation of the problem possible
Microsoft has issued an advisory to users of its Microsoft Word application. In the note, the company says that remote code execution is possible if users open a maliciously crafted rich-text format (RTF) file, or open the same maliciously-crafted file in Outlook while using Microsoft Word as the email viewer. Outlook 2010 through 2013 default to using Microsoft Word as the email viewer, making users more vulnerable to attack.
Huawei servers allegedly penetrated by NSA, possibility of hardware compromise
In an interesting reversal, Snowden-leaked documents are pointing to a pervasive infiltration of Chinese electronics manufacturer Huawei's servers. The NSA's "Operation Shotgiant" allegedly probed connections between Huawei and the Chinese army, but also aimed to attack technology manufactured by the company and use the compromised technology for worldwide surveillance.
DNS ban thwarts Turkish citizen workaround of Twitter blockade
Turkey is actively blocking access to Google's DNS service, in order to keep Twitter and allegations of corruption blocked off from the country's citizens. Following its ban of the micro-blogging platform a few days ago, the move is an attempt to thwart efforts by Twitter users from accessing the service via a workaround, though this too may soon be temporarily thwarted.
Telegram updates mobile apps, adds voice notes, new security options
Messaging app Telegram been updated for both iOS and Android devices, featuring voice notes and new security options. Telegram users can now send audio recordings to one another, with the option depicted by a microphone to the right of the message field. In respects to security, individual messages within its Secret Chats section can now be deleted, offering greater privacy and control over message histories. Free to download, Telegram can be found through the iTunes Store and Google Play.
Transparency report from TWC offers graphs instead of figures
Following in the footsteps of many other technology companies, including Verizon and Comcast, Time Warner Cable is issuing its first ever transparency report to the public. The report gives an indication as to the amount of requests by law enforcement for subscriber data and messaging information, covering the entirety of the year 2013.
Move comes as company struggles to keep up with mobile landscape
The anti-virus software maker Symantec fired its CEO this week, adding to the list of troubles for the ailing firm, which has seen revenues decline as the PC market cools and more competitors enter the fray. The termination of Steve Bennett marks the most recent high-profile exit for Symantec, which has seen five other senior executives part ways with the company since July.
Sysadmins, with the keys to networks, lynchpin of NSA plans
More Snowden document leaks have shed light on the US National Security Agency's initiative to compromise system administrators in its quest to gather intelligence on American citizens and potential enemies both foreign and domestic. The documents lay out the NSA's plan to build a network of system administrators, personnel associated with access to networks that the agency wants to implant spyware and other malware.
Meeting scheduled for 4PM, no specific attendees known
President Obama is slated to meet with Facebook CEO Mark Zuckerberg and undisclosed tech company executives later today, according to the White House schedule. On the agenda are further discussions with the executives about recent NSA revelations, and a continuation of the president's "dialogue with them on the issues of privacy, technology, and intelligence."
First Comcast transparency report details government requests for customer data
Comcast received a total of 24,698 requests for customer data from law enforcement officials in 2013, the company has revealed in its first transparency report. The telecommunications provider is joining a number of other technology companies, including competitor Verizon, in providing summary figures to reveal how much data the US government is requesting about its subscribers.
Discovery casts doubts on loss claims, accounting standards
The recently-shuttered and allegedly bankrupted Mt. Gox Bitcoin exchange has now said it has "found" nearly a quarter of the total "stolen" Bitcoins stored in a "wallet" -- the term for a digital file used to store the virtual currency -- that the company was no longer using. The 200,000 coins found represent some $115 million of the $470 million (in current trade value) lost by customers when the exchange closed down.
Could President Obama finally jump ship to Android, iPhone?
Adding insult to injury over BlackBerry's ongoing slide into oblivion, a US Department of Defense spokesperson has confirmed that "the White House Communications Agency, consistent with the rest of the Department of Defense, is piloting and using a variety of mobile devices" as a possible replacement for BlackBerry devices. Initial reports suggest Android devices are currently being tested, but not iPhones at this time.
Media attention succeeds where developer reports failed
Thanks to media attention, Apple has now pulled an adware- and malware-laced fake "Tor browser" app from the App Store, months after it was first reported to be a fraud. The Tor project team has repeatedly complained about the fake app since December, as it was neither submitted by the team nor in any way official, but only when iOS news sites like this one picked up on the story did Apple take action.
Encryption of data between Google data centers implemented
In response to recent leaks of harvested data being sent to the NSA from big providers, Google is now always using an encrypted HTTPS connection when users check or send mail. Additionally, Google claims that 100 percent of users' emails are encrypted when moving between Google's data centers, something the company calls "a top priority after last summer's revelations."
Alex Kibkalo accused of stealing, leaking Windows code to unnamed French blogger
A former employee of Microsoft has been arrested for allegedly stealing trade secrets and software relating to Windows. Alex Kibkalo, a Russian national based in Lebanon that formerly worked as a senior architect at the company, stands accused of passing pre-release software and Windows 8 trade secrets to an unnamed French technology blogger.
Vulnerability shut down, but fooled visitors into providing info
Late Wednesday afternoon, Electronic Arts reported that it had finally closed a serious vulnerability on its web servers that allowed hackers to host a fake "Apple ID" page -- part of a phishing scam that attempted to trick users into visiting the fake page and supplying personal information and credit card details that Electronista reported on earlier today. Netcraft, which originally spotted the compromised pages, reported the problem to EA on Tuesday night.
Users who haven't upgraded to 10.9.2 get reminder notice
In an unusual move, Apple is sending out "critical security update" reminders to users running OS X 10.9.x if they haven't yet updated to 10.9.2, which fixes an SSL/VPN vulnerability. The reminder, which can appear as a notification on the user's desktop or as an update in Software Update (handled through the Mac App Store), emphasizes the importance of the 10.9.2 update, which also brought new features and other improvements on board. Apple may choose to similarly warn iOS 7 users who haven't updated yet, even though adoption has -- as is typical for both platforms -- been strong.
Allegedly reported in December, app is still available
A Tor client on the App Store, Tor Browser, is actually a fake app saturated with adware and spyware, according to complaints. The app is said to have been reported to Apple in December; at one point the company suggested that the app's creator, Ronen, would be allowed to respond, but no news has emerged since, and the app remains on sale for $1.
Judge Lucy Koh, of Apple versus Samsung fame, denies suit combination
US District Judge Lucy Koh has handed a partial victory to Google in a privacy suit against the search engine. In a Tuesday decision, the judge rued that a handful of lawsuits the company is facing may not be combined into a class-action suit, as the suits lack sufficient commonality. Based on the ruling, the myriad of filers must be heard individually or in smaller groups, escalating costs to the complainants.