HolidayBuyer's Guide

Spyware, Viruses, & Security forum

Alert

NEWS - October 11, 2013

by Carol~ Forum moderator / October 11, 2013 12:26 AM PDT
Google offers "leet" cash prizes for updates to Linux and other OS software

Google is offering rewards as high as $3,133.70 for software updates that improve the security of OpenSSL, OpenSSH, BIND, and several other open-source packages that are critical to the stability of the Internet.

The program announced Wednesday expands on Google's current bug-bounty program, which pays from $500 to $3,133.70 to people who privately report bugs found in the company's software and Web properties. Security researchers inside the company considered modifying the program to reward bug reports in open-source software, but eventually decided against that approach. The reason: bug bounty programs often invite a flood of reports of varying quality that can overwhelm the finite resources of open-source developers. What's more, it's frequently much harder to patch a vulnerability than merely to find it.

"So we decided to try something new: provide financial incentives for down-to-earth, proactive improvements that go beyond merely fixing a known security bug," Michael Zalewski, a member of the Google security team, wrote in a blog post. "Whether you want to switch to a more secure allocator, to add privilege separation, to clean up a bunch of sketchy calls to strcat(), or even just enable ASLR—we want to help."

Continued: http://arstechnica.com/security/2013/10/google-offers-leet-cash-prizes-for-updates-to-linux-and-other-os-software/

Related:
Google to Pay Rewards For Patches to Open Source Projects
Google offers rewards for code improvements to open source programs
Google Offers Money To Open Source Patch Developers
Discussion is locked
You are posting a reply to: NEWS - October 11, 2013
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: NEWS - October 11, 2013
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Facebook makes every user discoverable by name
by Carol~ Forum moderator / October 11, 2013 12:48 AM PDT

Once again, Facebook is doing away with a feature that many users didn't even know they could use, but a small, privacy-conscious minority is glad to have (had).

Almost a year ago, along with scrapping Facebook user voting on privacy policies, Facebook announced the removal of the "Who can look up your Timeline by name?" setting, and now the move is imminent.

As Facebook Chief Privacy Officer Michael Richter noted in a blog post, everyone used to have the aforementioned setting - which controlled whether you could be found when people typed your name into the Facebook search bar - but not a lot of people used it.

Continued: http://www.net-security.org/secworld.php?id=15762

Also:
Facebook Privacy Feature Gone for Good
Facebook zaps privacy setting, declares: NO MORE HIDING

Collapse -
Tech Support Scams: Coming to a Mac near you
by Carol~ Forum moderator / October 11, 2013 12:49 AM PDT

From the "Malwarebytes Unpacked" Blog:

You may be familiar with cold calls where someone pretending to be from Microsoft is telling you that your computer is infected and needs to be repaired ASAP.

In most cases, if you said you were running a Mac instead of Windows, the scammers would hang up and move on to the next victim.

This might change soon.

We came across a company called Speak Support that advertised its Mac technical support on Bing: [Screenshot]

Their website states that they have an "elite band of tech support experts" and that "Apple Consultants are online" waiting for your call: [Screenshot]

We decided to pick up the phone to see what level of service they did provide: [VIDEO]

Continued: http://blog.malwarebytes.org/intelligence/2013/10/tech-support-scams-coming-to-a-mac-near-you/

Collapse -
ScareMail plugin will flag all your email to the NSA
by Carol~ Forum moderator / October 11, 2013 12:49 AM PDT

An Illinois-based digital artist has created a Gmail plugin that automatically adds blacklisted words to every email in an attempt to protest against online surveillance.

Ben Grosser has designed the ScareMail plugin in a way that, he says, will be ensure that even benign emails are picked up by the security filters of America's National Security Agency.

Grosser's idea takes the opposite tack to encryption tools including PGP and Silent Text, and to the IP-masking service Tor, which are designed to hide the contents of messages or the sender.

"One of the strategies used by the US National Security Agency's (NSA) email surveillance programs is the detection of predetermined keywords. These "selectors", as they refer to them internally, are used to identify communications by presumed terrorists," said Grosser.

Continued: http://www.theguardian.com/technology/2013/oct/10/nsa-filter-scaremail-email-blacklist-plugin

Collapse -
Phony Order Faxed to Registrar Leads to Metasploit Defacemen
by Carol~ Forum moderator / October 11, 2013 2:16 AM PDT

A pro-Palestine hacker collective went old-school in its takedown of the Metasploit and Rapid7 websites today.

Metasploit creator and HD Moore confirmed via Twitter that Metasploit.com was hacked via a spoofed DNS change request sent via fax to its registrar, Register.com.

"Hacking like it's 1964," Moore tweeted a short time ago.

The hacking group known as KDMS hijacked DNS records and replaced the two sites' respective homepages with a note claiming responsibility for this attack and similar hacks against other security companies.

"You are one of our targets," the group wrote. "Therefore, we are here." The group also left a politically charged statement regarding Palestine liberation.

The DNS hijacking attack was resolved within an hour, Moore said.

Continued: http://threatpost.com/phony-order-faxed-to-registrar-leads-to-metasploit-defacement/102576

Related:
Metasploit website hijacked by pro-Palestinian hackers... via fax
Metasploit.com, Rapid7.com "Hacked" by Palestinian Hackers of KDMS Team

Collapse -
Google Sets Plan to Sell Users' Endorsements
by Carol~ Forum moderator / October 11, 2013 3:31 AM PDT

Google, following in Facebook's footsteps, wants to sell users' endorsements to marketers to help them hawk their wares.

On Friday, Google announced an update to its terms of service that allows the company to include adult users' names, photos and comments in ads shown across the Web, based on ratings, reviews and posts they have made on Google Plus and other Google services like YouTube.

When the new ad policy goes live Nov. 11, Google will be able to show what the company calls shared endorsements on Google sites and across the Web, on the more than two million sites in Google's display advertising network, which are viewed by an estimated one billion people.

If a user follows a bakery on Google Plus or gives an album four stars on the Google Play music service, for instance, that person's name, photo and endorsement could show up in ads for that bakery or album.

Continued: http://www.nytimes.com/2013/10/12/technology/google-sets-plan-to-sell-users-endorsements.html

Popular Forums
icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

The Samsung RF23M8090SG

One of the best French door fridges we've tested

A good-looking fridge with useful features like an auto-filling water pitcher and a temperature-adjustable "FlexZone" drawer. It was a near-flawless performer in our cooling tests.