Sponsoer by :

Sunday, December 19, 2010

Gawker hack underscores flaws with passwords (AP) : Technet

Sponsored

Gawker hack underscores flaws with passwords (AP) : Technet

Gawker hack underscores flaws with passwords (AP)

Posted: 19 Dec 2010 11:55 AM PST

By JORDAN ROBERTSON, AP Technology Writer Jordan Robertson, Ap Technology Writer – Sun Dec 19, 2:55 pm ET

SAN FRANCISCO – The fallout from a hacking attack on Gawker Media Inc. a week ago underscores a basic security risk of living more of our lives online: Using the same username and password for multiple sites is convenient, but costly.

After the attack on the publisher of such blogs as Gawker, Gizmodo and Jezebel exposed account information on as many as 1.4 million people, several unrelated companies had to freeze their accounts and force users to reset passwords.

Gawker Media itself didn't have all that much sensitive information about its users. But the usernames and passwords obtained there could open doors to more valuable accounts elsewhere, including e-mail and banking.

Twitter, Google Inc. and Yahoo Inc., among others, saw the potential damage and began resetting their passwords en masse, disrupting users as they tried to check their e-mail or post a tweet.

"It shows one of the fundamental problems with passwords — they get reused and shared across multiple sites," said Jeff Burstein, a senior product manager with the Symantec Corp. security firm.

Despite repeated warnings from security companies not to do so, users tend to reuse passwords anyway because they can be hard to remember and manage. Users may have dozens, perhaps hundreds, of accounts — for e-mail, Facebook, Twitter, e-retailers, banks and the growing number of news websites and blogs requiring registration.

Although account information gets compromised all the time, the infiltration of Gawker's servers is noteworthy because the hacked data were posted online, for free. In most other breaches, the stolen data are never made public, but sold underground to criminals.

Because the databases were freely available, other sites were able to score the data and look for matches with their users.

Twitter acknowledged resetting some passwords for its 175 million users after hackers used the Gawker data to break into Twitter accounts and pump out links to a site selling acai berry drinks.

At least two of the biggest web e-mail providers, Yahoo and Google, also reset some passwords. Neither would say how many of its users were affected. Google described it as a "small subset" of its users.

Job-networking service LinkedIn also changed a small number of its 85 million users' passwords.

Some websites said the breach didn't affect them because they don't rely solely on passwords.

JPMorgan Chase & Co. said it didn't have to change any passwords because the bank has "multiple layers of security."

Banks typically require security questions and other challenges beyond just usernames and passwords to get into their sites, particularly when someone logs on from a specific computer for the first time.

So what can be done to better protect consumers? Security experts say the Gawker breach shows that it's time to move beyond passwords.

But people are used to needing only usernames and passwords to log onto accounts, and piling on more layers of security can be a hassle.

Many sites are trying to do the best with what they've got and what they think their users will accept. They require strong passwords that are tough to break with "brute force" attacks — using computers to keep trying commonly used passwords against an account until one works.

But those requirements have made it harder for people to remember their passwords, and that increases the likelihood that they'll be used across multiple sites.

Security tools that take advantage of smart phones can make it harder for strangers to break into your accounts. You're given a code through your phone to enter on the website with your password. That way, the website knows it's not a hacker, who wouldn't have access to your phone.

Burstein said imposing additional layers of security on users can backfire if the measures are too cumbersome, but added that the push for mobile phone security applications has been well received.

‘Big App’ is watching you, with iPhone worse offender than Android (Appolicious)

Posted: 19 Dec 2010 05:25 PM PST

Vikings punter tweets safety fears over frozen field (AFP)

Posted: 19 Dec 2010 01:33 PM PST

– Sun Dec 19, 4:33 pm ET

MINNEAPOLIS, Minnesota (AFP) – Minnesota Vikings punter Chris Kluwe called the field the Vikings and Chicago Bears will play on Monday night "unplayable" and "hard as concrete" in Twitter messages after practice Sunday.

The messages on the social network came after workouts at the University of Minnesota's gridiron stadium, where efforts have been made to thaw the frozen outdoor field to serve as a temporary site for an NFL game.

The Bears are set to play Minnesota at the college venue rather than the Vikings' usual domed stadium, which is still out of commission after heavy snow collapsed the inflatable roof last week, forcing a game to be moved to Detroit.

"It's unplayable," Kluwe said in the first of a series of Twitter postings.

"The field is as hard as concrete an hour and a half after they took the tarp off and anyone that hits their head is getting a concussion.

"I find it interesting that the NFL can claim an emphasis on player safety and then tell us the field is fine. It's beyond hypocritical.

"I can only hope, however unlikely, that no one gets catastrophically injured at the trainwreck that's about to take place tomorrow night.

"It's like walking on concrete."

Kluwe later tweeted, "I've been asked not to tweet anymore about the field so as not to distract teammates (who were there) and I will honor that."

NFL, team and college officials have approved the plan after workers cleared snow drifts of more than two feet to produce acceptable conditions.

Former Yahoo Exec: "Delicious Is in Peril," Sale Unlikely (Mashable)

Posted: 19 Dec 2010 03:37 PM PST

Jolie O'Dell Jolie O'dell – Sun Dec 19, 6:37 pm ET

While rumors and responses about bookmarking service Delicious swirl around the web, one former Yahoo and Delicious employee who maintains close ties with relevant teams says the service's future is most certainly in jeopardy -- in fact, he speculates that while the data may end up stored somewhere, the service itself has a slim chance of survival.

During the past week, a slide from a Yahoo all-hands meeting was leaked; the slide showed that Yahoo was calling "sunset" on Delicious.

Yahoo retorted the following day that it wasn't killing off Delicious; rather, it planned to sell the service. Internally, we wondered who would want to buy the easily replicable, none-too-profitable site.

Now, Stephen Hood, who has held senior and director-level project management positions at Yahoo and Delicious since 2005, has added his voice to the mix "as someone who was on the inside for a while and who wants very much to see Delicious live on."

In a blog post today, Hood states the obvious -- that Yahoo has already laid off much of the Delicious team and doesn't plan to maintain the service itself -- and the not-so-obvious, including some tidbits about Delicious's technology that indicate it might not be a good buy for another company.

"During my time at Delicious," Hood writes, "we rebuilt the entire infrastructure to deeply leverage a number of internal Yahoo technologies. It's all great stuff but not exactly easy to remove or replace. Yahoo may have to license some of this technology to the buyer."

For the same reason, Hood states that open-sourcing the service doesn't make a lot of sense.

Ultimately, Hood believes Delicious's best bet is to survive as an archive of " the collective online journeys of millions of users during a time when the Web was evolving dramatically," perhaps through an entity such as the Library of Congress. In that case, Delicious would cease to operate as a service with users and features; only the data would remain as a sort of digital scrapbook.

In a best-case scenario, Yahoo itself would facilitate and manage the exporting of public Delicious data. And of course, users and developers are already working on exporting tools in a grass-roots way.

In the meantime, we're holding our breath to see if Delicious will find a buyer. We hope for the sake of the site's founder that his product has a future -- and we hope that future is brighter than Delicious's recent past with Yahoo.

Apple's Plans: Mapping Apps (PC World)

Posted: 19 Dec 2010 05:31 AM PST

Paul Suarez Paul Suarez – Sun Dec 19, 8:31 am ET

Apple may be looking to release its own mapping and navigation software with future products, according to a few new job listings on its website.

The listings say the company is looking to hire four (or more) developers for its iOS team who have experience developing navigation software. New hires will "seize this ground floor opportunity to help us build the world's best hosted platforms at massive scale," at the Santa Clara Valley location to help "deliver the next generation of Apple products."

Apple is looking for people with more than three years of experience "developing high quality, robust software systems." It's a plus if they have "deep knowledge of Computational Geometry or Graph Theory."

strong contender in the mobile operating system world, it stands to reason that Apple would look to minimize its reliance on the search giant's services.

The new listings aren't the first hint that Apple is moving into the mapping arena.

Apple ditched relying on location information from Skyhook and Google with the launch of iOS 3.2 on the iPad, in favor of using its own database. The company also bought mapping software company Poly9 in July and Placebase in July 2009.

Placebase stayed competitive with Google Maps by offering customizations, including an easy way for companies to add layered data sets to its maps.

Back in November 2009, Apple posted a job for someone that could help "take Maps to the next level, rethink how users use Maps and change the way people find things."

Looks like that coder could use a little help.

Firefox backs "Do Not Track" with online stealth (AFP)

Posted: 18 Dec 2010 11:31 PM PST

by Glenn Chapman Glenn Chapman – Sun Dec 19, 2:31 am ET

MOUNTAIN VIEW, California (AFP) – As concern about online privacy grows, Mozilla is promising to let people cloak Internet activity in free Firefox Web browsing software being released early next year.

"Technology that supports something like a 'Do Not Track' button is needed and we will deliver in the first part of next year," Mozilla chief executive Gary Kovacs said while providing a glimpse at Firefox 4 at the Mozilla's headquarters in Mountain View, California.

"The user needs to be in control," he added.

There is a disturbing imbalance between what websites need to know about visitors to personalize advertisements or services and the amount of data collected, according to Kovacs.

"It is not that ads are bad," he said. "It is what they do with my tracked behavior.

"Where I go on the Internet is how I live my life; that is a lot of data to hold just for someone to serve me ads."

Microsoft this month unveiled increased privacy options for the upcoming version of its popular Web browser Internet Explorer 9 (IE9) including a feature "to help keep third-party websites from tracking your Web behavior."

Microsoft said "Tracking Protection" will be built into a test version of IE9 being released early next year.

IE9 users will have to be savvy enough to activate the feature and create lists of the third-party websites that they do not want to track their behavior.

Internet Explorer is the most widely used Web browser in the United States followed by Mozilla's Firefox, Google's Chrome and Apple's Safari.

Google, which beefed up Chrome in recent weeks and is testing a notebook computer that operates on the Web browser software, cautioned that the mechanics and ramifications of stealth browsing need to be figured out.

"The idea of 'Do Not Track' is interesting, but there doesn't seem to be consensus on what 'tracking' really means, nor how new proposals could be implemented in a way that respects people's current privacy controls," said the company, also based in Mountain View.

"We look forward to ongoing dialogue about what 'Do Not Track' could look like, and in the meantime we are always looking into new tools to give people more transparency and control over their online privacy."

Kovacs agreed that the issue is complicated, with vested interests that include advertisers paying for services or content offered free online.

Supporters of targeted online ads argue that Internet users benefit from getting pitches tailored to their interests.

Firefox believes perils to privacy online are urgent enough to warrant building stealth into the coming version of its browser software, which has 400 million users around the world.

"I fundamentally believe that the balance is tipped too far," Kovacs said of tracking Web users.

"You can't tell me the delivery of a piece of content is going to be that much better if you know everything about my life; it's all about moderation."

Firefox debuted in 2004 as an innovative, communally crafted open-source browser released as an option to Internet Explorer.

Mozilla touts itself as the people's alternative; only now the battlefield includes Google as both a supporter and a rival.

"Google is a great partner; it is one of those things where we cooperate and compete," Kovacs said. "When we get together we are either hugging or hitting, it depends on the day."

Mozilla doesn't believe that Chrome is truly an open browser despite being free nor is it convinced that the colossus will sacrifice its business interests when it comes to money to be made off user data.

"We believe that (Chrome) is tied to their commercial purposes," Kovacs said.

"As the Web grows in importance in our lives, having all that data sit with one vendor that is not truly cross platform and not truly cross device is an alarming thing."

A US Federal Trade Commission staff report released this month proposes safeguards including "Do Not Track" features in browsers for people who want their online activities unrecorded by websites they visit.

The report said industry efforts to address privacy through self-regulation "have been too slow, and up to now have failed to provide adequate and meaningful protection."

"The report confirms that many companies -- both online and offline -- don't do enough to protect consumer privacy," said Democratic Senator John Kerry.

10 Last-Minute Gift Ideas For Linux Geeks (PC World)

Posted: 19 Dec 2010 10:45 AM PST

Katherine Noyes Katherine Noyes – Sun Dec 19, 1:45 pm ET

It may be better to give than it is to receive, but that doesn't mean geeks the world over don't have virtual sugarplums dancing through their heads.

Of course, if it's a Linux geek you're trying to please, no i-gadget or Thing 7 is likely to do the trick. Fans of free and open-source software (FOSS) are a breed apart, so you'll have to choose carefully to win their hearts.

If there's an open source aficionado on your Christmas shopping list, then read on for a hand-picked assortment of ideas.

1. The Tux Mug

The Linux.com store is a great place to start your FOSS-filled shopping travels, not least because of its elegant Tux Mug, around $9.

"Perfect for those quiet nights when you are sitting in your robe and watching 'The Code'," as the store's description notes.

2. The Linux Cheat Shirt

It's hard to go wrong at ThinkGeek, where there's a virtual treasure trove of ideas for geeks of every variety.

One of my favorites is the Linux Cheat Shirt, which not only features assorted Linux commands, but it displays them *upside-down* for easy viewing by the wearer. Handy for job interviews and any other occasion where the Linux geek's knowledge might be put to the test, the shirt starts at $15.

3. Snarky Linux Button

Linux fans are often an opinionated lot, so why not help the one in your life express their true feelings? Nothing will make friends at the office better than this gem that reads, "The box said 'Requires Windows Vista or better.' So I installed LINUX." Priced at $4.

4. Customized Christmas Stocking

CafePress offers another winning array of Linux-related gifts, including a customized Christmas stocking. Guaranteed to befuddle all but those in the mathematical know, this 19-by-9-inch, $12 beauty reads: "There are 10 kinds of people: Those who understand binary, and those who don't."

If you're in the latter group, you'll need to ask your Linux-head friend to explain.

5. Linux-based Wi-Fi Photo Frame

If you've got a shopping budget that's a bit bigger, then why not consider the iGala Linux-based, Wi-Fi-enabled photo frame? It can be hooked up to Gmail, Flickr or even your private albums. It's on sale from the elves at ThinkGeek, starting at $200.

6. Samsung Galaxy Tab

OK, now that we're talking big budgets, you can splurge for what countless Linux geeks secretly yearn for. That's right, it's the Galaxy Tab--the Android-powered (and thus superior) alternative to Apple's iPad. Pricing varies with the carrier.

7. Plush Android Doll

Speaking of Android, if your FOSS friend is a fan--and what open-minded person isn't?--why not present them with this adorable Android robot doll? It's available on Etsy for $20.

8. "Android FTW" T-Shirt

Those on the open side of the fence will also no doubt appreciate the subtlety of this clever, $19 T-shirt, which depicts the Android robot taking a bite of an apple. Apple, get it? Ha. Your friend will ROTFL.

9. Computer Engineer Barbie

It may not be an appropriate choice for every Linux lover on your shopping list, but the new Computer Engineer Barbie is too good not to mention. You go girl, Barbie! Bang out that code! She's even wearing "a funky tee with binary code design." Pricing is $13.

10. Android-connected concept watch

Shopping almost done now? Then let's start thinking ahead to next year, when we can only hope Fossil's drool-worthy Android-connected watch will be available. Cue the sugarplums for 2011!

Follow Katherine Noyes on Twitter: @Noyesk.

Online holiday spending up 12 percent (Reuters)

Posted: 19 Dec 2010 12:22 PM PST
at 9:14 PM

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

My Blog List