Forgot your password?
typodupeerror

Become a fan of Slashdot on Facebook

Android

Old Apache Code At Root of Android FakeID Mess 80

Posted by Soulskill
from the write-once-run-anywhere dept.
chicksdaddy writes: A four-year-old vulnerability in an open source component that is a critical part of Android leaves hundreds of millions of mobile devices susceptible to silent malware infections. The vulnerability affects devices running Android versions 2.1 to 4.4 ("KitKat"), according to a statement released by Bluebox. The vulnerability was found in a package installer in affected versions of Android. The installer doesn't attempt to determine the authenticity of certificate chains that are used to vouch for new digital identity certificates. In short, Bluebox writes, "an identity can claim to be issued by another identity, and the Android cryptographic code will not verify the claim."

The security implications of this are vast. Malicious actors could create a malicious mobile application with a digital identity certificate that claims to be issued by Adobe Systems. Once installed, vulnerable versions of Android will treat the application as if it was actually signed by Adobe and give it access to local resources, like the special webview plugin privilege, that can be used to sidestep security controls and virtual 'sandbox' environments that keep malicious programs from accessing sensitive data and other applications running on the Android device. The flaw appears to have been introduced to Android through an open source component, Apache Harmony. Google turned to Harmony as an alternative means of supporting Java in the absence of a deal with Oracle to license Java directly.

Work on Harmony was discontinued in November, 2011. However, Google has continued using native Android libraries that are based on Harmony code. The vulnerability concerning certificate validation in the package installer module persisted even as the two codebases diverged.
Bitcoin

US States Edge Toward Cryptocoin Regulation 155

Posted by timothy
from the hey-these-still-smell-like-dollars dept.
SonicSpike points out an article from the Pew Charitable Trusts' Research & Analysis department on the legislation and regulation schemes emerging in at least a few states in reaction to the increasing use of digital currencies like Bitcoin. A working group called the Conference of State Bank Supervisors’ Emerging Payments Task Force has been surveying the current landscape of state rules and approaches to digital currencies, a topic on which state laws are typically silent. In April, the task force presented a model consumer guidance to help states provide consumers with information about digital currencies. A number of states, including California, Massachusetts and Texas, have issued warnings to consumers that virtual currencies are not subject to “traditional regulation or monetary policy,” including insurance, bonding and other security measures, and that values can fluctuate dramatically. ... The article focuses on the high-population, big-economy states of New York, California and Texas, with a touch of Kansas -- but other states are sure to follow. Whether you live in the U.S. or not, are there government regulations that you think would actually make sense for digital currencies?
Books

Apple Acquires "Pandora For Books" Booklamp For $15 Million 26

Posted by timothy
from the we-know-why-you're-reading-it dept.
Nate the greatest (2261802) writes with news made public Friday that Apple has acquired a little known ebook company called Booklamp, a small Idaho-based ebook startup which is best known for the Book Genome Project. First shown off to the world in 2008, this project was conceived by Booklamp founder and CEO Aaron Stanton as a way of analyzing a book's pacing, dialog, perspective, genre, and other details in order to identify a book's unique DNA. Booklamp has been using the tech to sell various services to publishers, tech companies, and the like, but Booklamps's existing contracts were apparently cancelled earlier this year.

According to one industry insider the deal happened in April, but Apple managed to keep the news under wraps until just last night. No one knows for sure how Apple will use booklamp but there is speculation that Apple could launch an ebook subscription service similar to the week-old Kindle Unlimited, or they could just use Booklamp to drive ebook recommendations in what some are speculating is the world's second largest ebookstore.
EU

Switching From Microsoft Office To LibreOffice Saves Toulouse 1 Million Euros 283

Posted by Soulskill
from the all-about-the-napoleans dept.
jrepin sends this EU report: The French city of Toulouse saved 1 million euro by migrating all its desktops from Microsoft Office to LibreOffice. This project was rooted in a global digital policy which positions free software as a driver of local economic development and employment. Former IT policy-maker Erwane Monthubert said, "Software licenses for productivity suites cost Toulouse 1.8 million euro every three years. Migration cost us about 800,000 euro, due partly to some developments. One million euro has actually been saved in the first three years. It is a compelling proof in the actual context of local public finance. ... France has a high value in free software at the international level. Every decision-maker should know this."
Encryption

New SSL Server Rules Go Into Effect Nov. 1 90

Posted by Soulskill
from the encrypt-your-calendars dept.
alphadogg writes: Public certificate authorities (CAs) are warning that as of Nov. 1 they will reject requests for internal SSL server certificates that don't conform to new internal domain naming and IP address conventions designed to safeguard networks. The concern is that SSL server digital certificates issued by CAs at present for internal corporate e-mail servers, Web servers and databases are not unique and can potentially be used in man-in-the-middle attacks involving the setup of rogue servers inside the targeted network, say representatives for the Certification Authority/Browser Forum (CA/B Forum), the industry group that sets security and operational guidelines for digital certificates. Members include the overwhelming bulk of public CAs around the globe, plus browser makers such as Microsoft and Apple. The problem today is that network managers often give their servers names like 'Server1' and allocate internal IP addresses so that SSL certificates issued for them through the public CAs are not necessarily globally unique, notes Trend Micro's Chris Bailey.
Education

Chromebooks Are Outselling iPads In Schools 223

Posted by Unknown Lamer
from the keyboards-still-useful dept.
Nate the greatest (2261802) writes Apple thrilled investors earlier this week when they revealed that they had sold 13 million iPads to schools and claimed 85% of the educational tablet market, but that wasn't the whole story. It turns out that Apple has only sold 5 million iPads to schools since February 2013, or an average of less than a million tablets a quarter over 6 quarters. It turns out that instead of buying iPads, schools are buying Chromebooks. Google reported that a million Chromebooks were sold to schools last quarter, well over half of the 1.8 million units sold in the second quarter. With Android tablets getting better, Apple is losing market share in the consumer tablet market, and now it looks Apple is also losing the educational market to Google. Analysts are predicting that 5 million Chromebooks will be sold by the end of the year; how many of those will be sold to schools, do you think?
Privacy

A New Form of Online Tracking: Canvas Fingerprinting 194

Posted by Unknown Lamer
from the subverting-features-for-evil-and-profit dept.
New submitter bnortman (922608) was the first to write in with word of "a new research paper discussing a new form of user fingerprinting and tracking for the web using the HTML 5 <canvas> ." globaljustin adds more from an article at Pro Publica: Canvas fingerprinting works by instructing the visitor's Web browser to draw a hidden image. Because each computer draws the image slightly differently, the images can be used to assign each user's device a number that uniquely identifies it. ... The researchers found canvas fingerprinting computer code ... on 5 percent of the top 100,000 websites. Most of the code was on websites that use the AddThis social media sharing tools. Other fingerprinters include the German digital marketer Ligatus and the Canadian dating site Plentyoffish. ... Rich Harris, chief executive of AddThis, said that the company began testing canvas fingerprinting earlier this year as a possible way to replace cookies ...
The Media

Print Isn't Dead: How Linux Voice Crowdfunded a New Magazine 56

Posted by Unknown Lamer
from the something-about-paper dept.
M-Saunders (706738) writes The death of print has been predicted for years, and many magazines and publishers have taken a big hit with the rise of eBooks and tablets. But not everyone has given up. Four geeks quit their job at an old Linux magazine to start Linux Voice, an independent GNU/Linux print and digital mag with a different publishing model: giving profits and content back to the community. Six months after a successful crowdfunding campaign, the magazine is going well, so here is the full story.
The Almighty Buck

New Digital Currency Bases Value On Reputation 100

Posted by Soulskill
from the for-everyone-who-wanted-to-rep-grind-in-real-life dept.
An anonymous reader writes: If digital currencies are fundamentally different than physical ones, why do they work in the same way? That's a question being asked by Couchbase co-founder J. Chris Anderson, who's building a currency and transaction system where reputation is the fundamental unit of value. "Unlike with bitcoin—which keeps its currency scarce by rewarding it only to those who participate in what amounts to a race to solve complex cryptographic puzzles—anyone will be able to create a new Document Coin anytime they want. The value of each coin will be completely subjective, depending on who creates the coin and why. 'For example, the coin my disco singer friend created and gave me at my barbeque might be what gets me past the rope at the club,' Anderson says. A coin minted by tech pundit Tim O'Reilly might be highly prized in Silicon Valley circles, but of little interest to musicians. 'It's a bit like a combination of a social network with baseball trading.'" Anderson isn't aiming to supplant Bitcoin, or even challenge the money-exchange model that drives society. But he's hoping it will change the way people think about currency, and open up new possibilities for how we interact with each other.
Patents

Appeals Court Affirms Old Polaroid Patent Invalid 45

Posted by Unknown Lamer
from the bite-the-dust dept.
mpicpp (3454017) writes with news of a notoriously abused (basically "method of displaying images on a machine") software patent being declared invalid. From the article: The ruling from last week is one of the first to apply new Supreme Court guidance about when ideas are too "abstract" to be patented. ... The patents in this case describe a type of "device profile" that allows digital images to be accurately displayed on different devices. US Patent No. 6,128,415 was originally filed by Polaroid in 1996. After a series of transfers, in 2012 the patent was sold to Digitech Image Technologies, a branch of Acacia Research Corporation, the largest publicly traded patent assertion company. ... In the opinion, a three-judge panel found that the device profile described in the patent is a "collection of intangible color and spatial information," not a machine or manufactured object. "Data in its ethereal, non-physical form is simply information that does not fall under any of the categories of eligible subject matter under section 101," wrote Circuit Judge Jimmie Reyna on behalf of the panel.
AI

Interviews: Ask Dr. Andy Chun About Artificial Intelligence 69

Posted by samzenpus
from the go-ahead-and-ask dept.
samzenpus (5) writes "Dr. Andy Chun is the CIO for the City University of Hong Kong, and is instrumental in transforming the school to be one of the most technology-progressive in the region. He serves as an adviser on many government boards including the Digital 21 Strategy Advisory Committee, which oversees Hong Kong's long-term information technology strategies. His research work on the use of Artificial Intelligence has been honored with numerous awards, and his AI system keeps the subway in Hong Kong running and repaired with an amazing 99.9% uptime. Dr. Chun has agreed to give us some of his time in order to answer your questions. As usual, ask as many as you'd like, but please, one question per post."
Open Source

Open Hardware and Digital Communications Conference On Free Video, If You Help 15

Posted by samzenpus
from the put-some-money-in-the-box dept.
Bruce Perens writes The TAPR Digital Communications Conference has been covered twice here and is a great meeting on leading-edge wireless technology, mostly done as Open Hardware and Open Source software. Free videos of the September 2014 presentations will be made available if you help via Kickstarter. For an idea of what's in them, see the Dayton Hamvention interviews covering Whitebox, our Open Hardware handheld software-defined radio transceiver, and Michael Ossman's HackRF, a programmable Open Hardware transceiver for wireless security exploration and other wireless research. Last year's TAPR DCC presentations are at the Ham Radio Now channel on Youtube.
Books

Amazon Is Testing a $10-Per-Month Ebook Service 87

Posted by Unknown Lamer
from the what-is-a-library dept.
Nate the greatest (2261802) writes "Details are still scarce but it looks like Amazon is going to be launching a competitor to Scribd and Oyster. Earlier today new pages leaked on the Amazon website which mentioned Kindle Unlimited, a new subscription ebook service. The pages were quickly removed, but not before we got some screenshots. If the screenshots are to be believed Kindle Unlimited is going to offer a catalog of over 600,000 titles for $9.99 a month. The news hasn't been confirmed by Amazon but those pages were seen by a number of authors and bloggers, including indie authors who confirmed that the new service is mentioned in their sales reports."
Security

German NSA Committee May Turn To Typewriters To Stop Leaks 244

Posted by Unknown Lamer
from the how-to-tell-wikileaks-is-winning dept.
mpicpp (3454017) writes with news that Germany may be joining Russia in a paranoid switch from computers to typewriters for sensitive documents. From the article: Patrick Sensburg, chairman of the German parliament's National Security Agency investigative committee, now says he's considering expanding the use of manual typewriters to carry out his group's work. ... Sensburg said that the committee is taking its operational security very seriously. "In fact, we already have [a typewriter], and it's even a non-electronic typewriter," he said. If Sensburg's suggestion takes flight, the country would be taking a page out of the Russian playbook. Last year, the agency in charge of securing communications from the Kremlin announced that it wanted to spend 486,000 rubles (about $14,800) to buy 20 electric typewriters as a way to avoid digital leaks.
Entertainment

Three-Year Deal Nets Hulu Exclusive Rights To South Park 138

Posted by samzenpus
from the you've-sold-Kenny! dept.
First time accepted submitter gunner_von_diamond writes with news about a deal between the creators of South Park and Hulu. If you're a fan of South Park, you better be a fan of Hulu as well. Specifically, Hulu Plus. The creators of the funny, foul-mouthed animated TV show have signed a deal with the online streaming service. Valued at more than $80 million, the three-year deal grants Hulu exclusive rights to stream the 240+ episode back catalog of South Park in addition to all new episodes (as soon as they've aired on Comedy Central). "This is a natural partnership for us. We are excited that the entire library will be available on Hulu and that the best technology around will power South Park Digital Studios," said creators Trey Parker and Matt Stone, in a statement.
Books

The Least They Could Do: Amazon Charges 1 Cent To Meet French Free Shipping Ban 309

Posted by timothy
from the not-a-sou-more dept.
Last year, we mentioned that the French government was unhappy with Amazon for offering better prices than the French competition, and strongly limited the amount by which retailers can discount books. Last month, the French parliament also passed a law banning free delivery of books. Ars Technica reports that Amazon has responded with a one-penny shipping rate on the orders that would previously have shipped free. Says the article: This is by no means the first time France has tried to put a damper on major US tech companies dabbling in books or other reading materials. In 2011, the country updated an old law related to printed books that then allowed publishers to impose set e-book pricing on Apple and others. And in 2012, there was the very public dispute between French lawmakers and Google over the country's desire to see French media outlets paid for having their content pop up in search results. At least for now with this most recent situation, an online giant has found a relatively quick and easy way to regain the upperhand.
Bitcoin

Finnish National TV Broadcaster Starts Sending Bitcoin Blockchain 73

Posted by timothy
from the in-the-air dept.
New submitter Joel Lehtonen (3743763) writes "The Finnish national digital TV broadcaster Digita is co-operating with startup company Koodilehto to start transmission of Bitcoin blockchain and transactions in Terrestrial Digital TV (DVB-T) signal that covers almost the entire Finnish population of 5 million people. The pilot broadcasting starts September 1st and lasts two months. The broadcast can be received by a computer with any DVB-T adapter (like this $20 dongle). A commercial production phase is planned to begin later this year."
Movies

"Internet's Own Boy" Briefly Knocked Off YouTube With Bogus DMCA Claim 157

Posted by timothy
from the until-proven-innocent dept.
An anonymous reader writes "In a bitter irony, a documentary celebrating Aaron Swartz, the late Internet activist who helped create the Creative Commons, has been taken down from YouTube by a misguided copyright claim." From the article: [O]ne of the dark sides of how copyright is enforced on the Internet is that sites that don't actually infringe are sometimes mistakenly swept up in rightsholders' takedown notices, which are frequently automated. Visitors who tried to watch The Internet's Own Boy on YouTube Friday were greeted by the message, "This video is no longer available due to a copyright claim by Remove Your Media LLC," a reference to a company that specializes in sending copyright takedowns in accordance with the law that governs them, the Digital Millenium Copyright Act (DMCA). It's not clear who made the claim, but that's not the point—as activists are all too aware, false copyright claims can can knock legitimate content offline.
Government

FTC Files Suit Against Amazon For In-App Purchases 47

Posted by samzenpus
from the a-fool-his-kids-and-his-money dept.
Charliemopps writes The Federal Trade Commission has filed suit against Amazon for illegally billing parents for in-app purchases of digital goods prior to requiring a password for making purchases. "The FTC's complaint, filed Thursday, asks the court to force Amazon to refund the money to those customers. In-app purchases typically involve virtual goods bought within an app, like extra coins or energy in a game, according to the FTC. Some bills totaled hundreds of dollars, and some virtual goods cost as much as $99.99." We recently told you about Amazon's refusal to reach a settlement over these FTC complaints.
Security

India's National Informatics Centre Forged Google SSL Certificates 107

Posted by timothy
from the who-can-you-trust? dept.
NotInHere (3654617) writes As Google writes on its Online Security Blog, the National Informatics Centre of India (NIC) used its intermediate CA certificate, issued by Indian CCA, to issue several unauthorized certificates for Google domains, allowing it to do Man in the middle attacks. Possible impact however is limited, as, according to Google, the root certificates for the CA were only installed on Windows, which Firefox doesn't use — and for the Chrom{e,ium} browser, the CA for important Google domains is pinned to the Google CA. According to its website, the NIC CA has suspended certificate issuance, and according to Google, its root certificates were revoked by Indian CCA.

Thufir's a Harkonnen now.

Working...