China

What Federal Employees Really Need To Worry About After the Chinese Hack 111 111

HughPickens.com writes: Lisa Rein writes in the Washington Post that a new government review of what the Chinese hack of sensitive security clearance files of 21 million people means for national security is in — and some of the implications are quite grave. According to the Congressional Research Service, covert intelligence officers and their operations could be exposed and high-resolution fingerprints could be copied by criminals. Some suspect that the Chinese government may build a database of U.S. government employees that could help identify U.S. officials and their roles or that could help target individuals to gain access to additional systems or information. National security concerns include whether hackers could have obtained information that could help them identify clandestine and covert officers and operations (PDF).

CRS says that if the fingerprints in the background investigation files are of high enough quality, "depending on whose hands the fingerprints come into, they could be used for criminal or counterintelligence purposes." Fingerprints also could be trafficked on the black market for profit — or used to blow the covers of spies and other covert and clandestine officers, the research service found. And if they're compromised, fingerprints can't be reissued like a new credit card, the report says, making "recovery from the breach more challenging for some."
vivaoporto Also points out that these same hackers are believed to be responsible for hacking United Airlines.
Software

Why Your Software Project Is Failing 116 116

An anonymous reader writes: At OSCON this year, Red Hat's Tom Callaway gave a talk entitled "This is Why You Fail: The Avoidable Mistakes Open Source Projects STILL Make." In 2009, Callaway was starting to work on the Chromium project—and to say it wasn't a pleasant experience was the biggest understatement Callaway made in his talk. Callaway said he likes challenges, but he felt buried by the project, and reached a point where he thought he should just quit his work. (Callaway said it's important to note that Chromium's code is not bad code; it's just a lot of code and a lot of code that Google didn't write.) This was making Callaway really frustrated, and people wanted to know what was upsetting him. Callaway wanted to be able to better explain his frustration, so he crafted this list which he called his "Points of Fail."
Chrome

Chrome Extension Thwarts User Profiling Based On Typing Behavior 60 60

An anonymous reader writes: Per Thorsheim, the founder of PasswordsCon, created and trained a biometric profile of his keystroke dynamics using the Tor browser at a demo site. He then switched over to Google Chrome and not using the Tor network, and the demo site correctly identified him when logging in and completing a demo financial transaction. Infosec consultant Paul Moore came up with a working solution to thwart this type of behavioral profiling. The result is a Chrome extension called Keyboard Privacy, which prevents profiling of users by the way they type by randomizing the rate at which characters reach the DOM. A Firefox version of the plugin is in the works.
Android

950 Million Android Phones Can Be Hijacked By Malicious Text Messages 120 120

techtech writes: According to security firm Zimperium a flaw called "Stagefright" in Google's Android operating system can allow hackers take over a phone with a message even if the user doesn't open it. The vulnerability affects about 950 million Android devices. In a blog post Zimperium researchers wrote: "A fully weaponized successful attack could even delete the message before you see it. You will only see the notification. These vulnerabilities are extremely dangerous because they do not require that the victim take any action to be exploited. Unlike spear-phishing, where the victim needs to open a PDF file or a link sent by the attacker, this vulnerability can be triggered while you sleep. Before you wake up, the attacker will remove any signs of the device being compromised and you will continue your day as usual—with a trojaned phone."
Google

Google Is Dropping Its Google+ Requirement Across All Products Including YouTube 167 167

An anonymous reader writes: After years of plugging Google+ into all of its services, today Google announced that your Google+ profile will no longer be your identity in all its products. The company says it will take a few months for all the changes to happen, but the first product to be uncoupled will be YouTube. Bradley Horowitz, Google's vice president of streams, photos, and sharing, says the changes are a response to user feedback: "We've also heard that it doesn't make sense for your Google+ profile to be your identity in all the other Google products you use."
Android

'Stagefright' Flaw: Compromise Android With Just a Text 201 201

An anonymous reader writes: Up to 950 million Android phones may be vulnerable to a new exploit involving the Stagefright component of Android, which lets attackers compromise a device through a simple multimedia text — even before the recipient sees it. Researchers from Zimperium zLabs reported the related bugs to Google in April. Google quickly accepted a patch and distributed it to manufacturers, but the researchers say they don't think the manufacturers have yet passed it on to most consumers.

"The weaknesses reside in Stagefright, a media playback tool in Android. They are all "remote code execution" bugs, allowing malicious hackers to infiltrate devices and exfiltrate private data. All attackers would need to send out exploits would be mobile phone numbers, Drake noted. From there, they could send an exploit packaged in a Stagefright multimedia message (MMS), which would let them write code to the device and steal data from sections of the phone that can be reached with Stagefright's permissions. That would allow for recording of audio and video, and snooping on photos stored in SD cards. Bluetooth would also be hackable via Stagefright."
Advertising

Google Studies How Bad Interstitials Are On Mobile 253 253

An anonymous reader writes: A Google study of their own Google+ site and app found that 69% of visitors abandoned the page when presented with the app interstitial. Google said it was getting rid of them and asked others to do the same. TechCrunch reports: "It's worth noting that Google's study was small scale, since the company was only looking at how an interstitial promoting the Google+ social service native app performed (and we don't know how many people it surveyed). It may very well be the case that visitors really didn't want the Google+ app specifically — and that Google+ itself is skewing the data. (Sadly Google is not offering comparative stats with, say, the Gmail app interstitial, so we can but speculate.)"
Google

Gmail Messages Can Now Self-Destruct 198 198

New submitter Amarjeet Singh writes: Dmail is a Chrome extension developed by the people behind Delicious, the social bookmarking app/extension. This extension allows you to set a self-destruct timer on your emails. You can use Dmail to send emails from Gmail as usual, but you will now have a button which can set an self destruct timer of an hour, a day or a week. Dmail claims it will also unlock a feature that won't allow forwarding, meaning only the person you sent your message to will be able to see it.
Google

Plan To Run Anti-Google Smear Campaign Revealed In MPAA Emails 251 251

vivaoporto writes: Techdirt reports on a plan to run an anti-Google smear campaign via the Today Show and the WSJ discovered in MPAA emails. Despite the resistance of the Hollywood studios to comply with the subpoenas obtained by Google concerning their relationship with Mississippi Attorney General Jim Hood (whose investigation of the company appeared to actually be run by the MPAA and the studios themselves) one of the few emails that Google have been able to get access to so far was revealed this Thursday in a filling. It's an email between the MPAA and two of Jim Hood's top lawyers in the Mississippi AG's office, discussing the big plan to "hurt" Google.

The lawyers from Hood's office flat out admit that they're expecting the MPAA and the major studios to have its media arms run a coordinated propaganda campaign of bogus anti-Google stories. One email reads: "Media: We want to make sure that the media is at the NAAG meeting. We propose working with MPAA (Vans), Comcast, and NewsCorp (Bill Guidera) to see about working with a PR firm to create an attack on Google (and others who are resisting AG efforts to address online piracy). This PR firm can be funded through a nonprofit dedicated to IP issues. The "live buys" should be available for the media to see, followed by a segment the next day on the Today Show (David green can help with this). After the Today Show segment, you want to have a large investor of Google (George can help us determine that) come forward and say that Google needs to change its behavior/demand reform. Next, you want NewsCorp to develop and place an editorial in the WSJ emphasizing that Google's stock will lose value in the face of a sustained attack by AGs and noting some of the possible causes of action we have developed."

As Google notes in its legal filing about this email, the "plan" states that if this effort fails, then the next step will be to file the subpoena (technically a CID or "civil investigatory demand") on Google, written by the MPAA but signed by Hood. This makes it pretty clear that the MPAA, studios and Hood were working hand in hand in all of this and that the subpoena had no legitimate purpose behind it, but rather was the final step in a coordinated media campaign to pressure Google to change the way its search engine works.
Education

Senate Passes 'No Microsoft National Talent Strategy Goal Left Behind Act' 132 132

theodp writes: Microsoft is applauding the Senate's passage of the Every Child Achieves Act, a rewrite of the No Child Left Behind Act, saying the move will improve access to K-12 STEM learning nationwide. The legislation elevates Computer Science to a "core academic subject", opening the door to a number of funding opportunities. The major overhaul of the U.S. K-12 education system, adds Microsoft on the Issues, also "advances some of the goals outlined in Microsoft's National Talent Strategy," its "two-pronged" plan to increase K-12 CS education and tech immigration. Perhaps Microsoft is tackling the latter goal in under-the-radar White House visits with the leaders of Mark Zuckerberg's FWD.us PAC, like this one, attended by Microsoft's William "It's Our Way Or the Canadian Highway" Kamela and FWD.us President Joe "Save Us From Just-Sort-of-OK US Workers" Green.
Japan

Olympic Organizer Wants To Feed Athletes Fukushima Produce 124 124

New submitter Grady Martin writes: Toshiaki Endo, Japan's government-appointed parliament member in charge of planning for the 2020 Tokyo Olympics, has expressed hopes of supplying the Olympic/Paralympic village with foods grown in Fukushima [Google's autotranslation], stating, 'Using foods from Fukushima in the village is another possibility. I wish to strengthen ties with ground zero in numerous ways.' Would you eat it?
Google

Google Will Block Access To Its Autocomplete API On August 10 59 59

An anonymous reader writes with news reported by VentureBeat that Google will be discontinuing developer access to its unofficial Autocomplete API, as of August 10 of this year. A snippet from the article: Google currently supports more than 80 APIs that developers can use to integrate Google services and data into their applications. The company also has unsupported and unpublished APIs which people outside the company have discovered and leveraged. One of those is the Autocomplete API. The company says it is making this move "in the interest of maintaining the integrity of autocomplete as part of Search," that it wants to "ensure that users experience autocomplete as it was designed to be used," and finally that "this provides the best user experience for both services." I'm sure many will disagree.
The Internet

Gigabit Internet Access Now Supported By 84 US ISPs 118 118

An anonymous reader writes: According to Michael Render, principal analyst at market researcher RVA LLC, 83 Internet access providers have joined Google to offer gigabit Internet access service (all priced in the $50-$150 per month range).Render's data shows that new subscribers are signing up at an annualized growth rate of 480 percent each year. That "annualized" is an important thing to note, though; this is early days, and adding a few households, relatively speaking, means an impressive percentage change.
Android

The Android L Update For Nvidia Shield Portable Removes Features 115 115

An anonymous reader writes: For those of us who still remember the Hobson's choice with the 3.21 update of the PS3 firmware, the most recent update to the Nvidia Shield Portable is eerily similar. The update, which is necessary to run recent games and apps that require Android 5.0 APIs, removes some features from the device, and removes the games that were bundled with the device, Sonic 4 Episode II and The Expendables: ReArmed. Nvidia has stressed that it is an optional update, but how many users have been told for months that the update was coming, some of whom may have bought the device after the update was announced, only to find out now they won't receive all the functionality they paid for? How is it still legal for these companies to advertise and sell a whole product but only deliver part of it?
Youtube

YouTube Is Adding VR Video Support To Streaming Videos 22 22

An anonymous reader writes: While YouTube's streaming platform currently supports 3D videos OR 360 degree videos, the combination of the two is essential for properly immersive virtual reality video. Fortunately, the company has announced that they'll soon enable support for 3D + 360 degree videos, bringing more immersive VR video capability to the platform. Currently, 360 degree YouTube videos can be viewed through desktop web browsers and on the YouTube Android and iOS apps, with the Android app being the only one of the bunch currently providing a side-by-side view for VR viewers like Google's Cardboard.
Firefox

Firefox Will Soon Show You Which Tabs Are Making Noise, and Let You Mute Them 151 151

An anonymous reader writes: Mozilla is working on identifying Firefox tabs that are currently playing audio. The feature will show an icon if a tab is making sounds and let the user mute the playback. It's worth noting that while Chrome has had audio indicators for more than a year now, it still doesn't let you easily mute tabs. The option is available in Google's browser, but it's not enabled by default (you have to turn on the #enable-tab-audio-muting flag in chrome://flags/).
Google

Google Staffers Share Salary Info With Each Other; Management Freaks 428 428

Nerval's Lobster writes: Imagine a couple of employees at your company create a spreadsheet that lists their salaries. They place the spreadsheet on an internal network, where other employees soon add their own financial information. Within a day, the project has caught on like wildfire, with people not only listing their salaries but also their bonuses and other compensation-related info. While that might sound a little far-fetched, that's exactly the scenario that recently played out at Google, according to an employee, Erica Baker, who detailed the whole incident on Twitter. While management frowned upon employees sharing salary data, she wrote, "the world didn't end everything didn't go up in flames because salaries got shared." For years, employees and employers have debated the merits (and drawbacks) of revealing salaries. While most workplaces keep employee pay a tightly guarded secret, others have begun fiddling with varying degrees of transparency, taking inspiration from studies that have shown a higher degree of salary-related openness translates into happier workers. (Other studies (PDF) haven't suggested the same effect.) Baker claims the spreadsheet compelled more Google employees to ask and receive "equitable pay based on data in the sheet."
Security

What Non-Experts Can Learn From Experts About Real Online Security 112 112

An anonymous reader writes: Google researchers have asked 231 security experts and 294 web-users who aren't security experts about their security best practices, and the list of top ones for each group differs considerably. Experts recognize the benefits of updates, while non-experts are concerned about the potential risks of software updates. Non-experts are less likely to use password managers: some find them difficult to use, some don't realize how helpful they can be, and others are simply reluctant to (as they see it) "write" passwords down. Another interesting thing to point out is that non-experts love and use antivirus software.
Censorship

Universal Pictures Wants To Remove Localhost and IMDB Pages From Google Results 188 188

Artem Tashkinov writes: We've all known for a very long time that DCMA takedown requests are often dubious and even more often outright wrong but in a new turn of events a Universal Pictures contractor which does web censorship has requested a takedown of an IMDB page and the 127.0.0.1 address. I myself has seen numerous times that pages which barely include the title of an infringing work of art get removed from search engines.
Facebook

New York Judge Rules Against Facebook In Search Warrant Case 157 157

itwbennett writes: Last year, Facebook appealed a court decision requiring it to hand over data, including photos and private messages, relating to 381 user accounts. (Google, Microsoft, and Twitter, among other companies backed Facebook in the dispute). On Tuesday, Judge Dianne Renwick of the New York State Supreme Court ruled against Facebook, saying that Facebook has no legal standing to challenge the constitutionality of search warrants served on its users.