Category : Software News

Voting runs through Dec. 10, but it’s not clear whether enough users will weigh in

With voting open on Facebook’s proposed privacy policy changes, more than 110,000 users have weighed in — and so far, the vote is heavily in favor of not making the change at all.

Facebook historically had a rule that any proposed policy changes that attracted 7,000 “substantive” comments would be put to a vote. That will no longer be the case.

Facebook recently announced that it is moving to amend how it pushes through changes to its privacy policy. Noting a lack of quality comments on past votes, the social network no longer wants to allow users to vote on proposed changes.

According to its standing rules, however, users still have a chance to vote on giving away their right to vote.

“I would be very surprised if they see anywhere near the 30% voting rate they need in order for this election to count,” he said. “Given Facebook’s 1 billion or so users, the folks who want to force Facebook to back down on their privacy policy changes would need 300 million users to weigh in. I think the voting exercise will turn out to probably spell the end of voting on Facebook policies.”

Olds also doesn’t think that the policy change would rattle most users. “I think the overwhelmingly vast majority of Facebook users don’t think about privacy and don’t have any idea that there are any changes in the works,” he said.

However, there have been some high-level concerns about the proposal.

The Data Protection Commissioner in Ireland, where Facebook has its European Union headquarters, quickly contacted the social network for a clarification of its position. And the Electronic Privacy Information Center and the Center for Digital Democracy teamed up to ask Facebook to withdraw the proposed changes, noting that users have a right to participate in Facebook’s governance.

for more information where Total Soft Tech Solutions Inc. gets its news.

visit link below:

www.computerworld.com

Most Twitter SMS users are protected from spoofing attacks by default, but others need to set PIN

Twitter has restricted the ability of attackers to post tweets and perform other actions on behalf of many users who have phone numbers associated with their accounts, but some users need to enable a PIN option in order to be protected.

On Monday, a developer and security researcher named Jonathan Rudenberg reported that attackers can abuse the Twitter accounts of users who added their phone numbers to their profiles in order to use the service via SMS (Short Message Service).

Twitter allows users to control their accounts by sending commands via text messages to phone numbers set up by the company. The supported commands include following and unfollowing users, tweeting, retweeting, sending direct messages, modifying profile information such as name, bio or URL, and more.

The problem is that the origin of text messages can be spoofed and there are services that allow users to do this easily.

“Like email, the originating address of a SMS cannot be trusted. Many SMS gateways allow the originating address of a message to be set to an arbitrary identifier, including someone else’s number,” Rudenberg said.

This means that if an attacker knows the phone number of a Twitter user and that user associated his phone number with his account, the attacker can issue SMS commands on behalf of the user without actually having access to his phone.

“Users that use the long codes are vulnerable to spoofing, but can enable the PIN code feature,” Rudenberg said Tuesday via email.

Twitter offers an option for every SMS command to be authenticated with a PIN. The option can be turned on and the PIN can be configured in the mobile section of the account settings on the Twitter website.

Rudenberg believes that hundreds of thousands of early Twitter users might have used the SMS feature, but never removed their phone numbers from their accounts when they later bought smartphones and started using Twitter’s mobile apps.

“I also know a few people who use this feature for various reasons,” he said. “I think that there are countries where smartphones don’t have very high penetration that have users of this feature.”

for more information where Total Soft Tech Solutions Inc. gets its news.

visit link below:

www.computerworld.com

Yahoo’s YQL console is open to cross-site abuse, a security researcher says.

Attackers can read emails, contacts and other private data from the accounts of Yahoo users who visit a malicious page by abusing a feature present on Yahoo’s Developer Network website, says an independent security researcher.

YQL is a programming language similar to SQL (Structured Query Language) that was created by Yahoo. It can be used to query, filter and combine data stored in databases.

The Yahoo developer website provides access to a Web-based console that developers can use to learn and test YQL by running YQL queries against Yahoo’s own databases.

Non-authenticated users can only run YQL queries against tables containing publicly visible Yahoo information, such as information from Yahoo Answers, Yahoo Weather and other services. However, when they are authenticated, users also gain access to tables containing their own Yahoo account data, including emails, contacts and private profile information.

When a query is entered in the console’s “YQL statement” field and the “TEST” button is pressed, a user-session-specific authorization code called the “crumb” is also submitted along with the request. The crumb is generated when the user visits the YQL console page and is inserted into the form requests automatically.

During his presentation, Bogdan presented a proof-of-concept (PoC) attack page that loaded a specific developer.yahoo.com URL inside an iframe. When the attack page was visited by an authenticated Yahoo user — a test account was used — the iframe returned the visitor’s crumb code.

However, security mechanisms built into browsers don’t allow code running in the context of one domain name to read content from a page hosted on a different domain that was loaded inside an iframe. This means that while the visitor himself can see the crumb code on the attack page, thanks to the iframe being loaded in his browser, the attack page itself can’t read the code or automatically use it to make authenticated YQL queries using the victim’s Yahoo session.

In this case, the attacker needs to trick the user into giving him the secret code displayed on the page. Since the crumb is actually a string of random numbers and letters — for example “y5XAjn1fKIQ” — Bogdan built a fake CAPTCHA test on the attack page and made it appear as if the crumb displayed in the iframe was actually the CAPTCHA challenge string that the user had to input in order to solve the test. By solving the fake CAPTCHA, the user was actually authorizing a YQL query to be made in his name.

Using fake CAPTCHAs is not a new attack method. It has been documented as a technique to bypass cross-domain restrictions before, and there are known cases of this method being used successfully by attackers to steal security tokens. Symantec reported last year that spammers were using a very similar technique to steal anti-CSRF (cross-site request forgery) codes from Facebook users, which allowed them to post spam links on their behalf.

In his PoC attack, Bogdan used a YQL command to change the user’s Yahoo profile status in Yahoo’s database, but the same method can be used to run a YQL query that returns a number of emails from the user’s Yahoo email account, or other private information.

Google, Mozilla, Facebook and PayPal run bug bounty programs through which they pay researchers who responsibly disclose vulnerabilities found in their websites. Other companies, such as Microsoft, don’t hand out monetary rewards but recognize the help received from researchers by publishing their names on special thank-you pages on their websites.

for more information where Total Soft Tech Solutions Inc. gets its news.

visit link below:

http://www.computerworld.com

Network vendors continue to shed units as it wants to concentrate on mobile networks.

Nokia Siemens Networks is selling its optical networking business unit to private investment firm Marlin Equity Partners, the latest in a series of sell-offs as the vendor concentrates on mobile broadband networks.

The two companies didn’t announce any financial details of the deal, but the deal will result in the Optical Networks business unit becoming an independent company, according to a statement from Nokia Siemens published on Monday.

Earlier this year the company closed the sale of its IPTV assets to Belgacom and Accenture; its microwave transport business to DragonWave, and the fixed line Broadband Access business unit, associated professional services and network management solutions, to Adtran.

The focus on mobile broadband seems to have helped Nokia Siemens turn a corner.

Helped by operators commercializing LTE in Japan, it passed Alcatel-Lucent to become the number-two LTE vendor during the third quarter by revenue from radio access networks, according to market research company Dell’Oro Group.

Nokia Siemens’ optical networking unit mainly sells DWDM (dense wavelength-division multiplexing) equipment, which is used in operator backbone networks. Its competition includes the likes of Alcatel-Lucent, Ciena, Cisco Systems and Huawei Technologies.

The new optical networking company will be headquartered in Munich, Germany. The transaction is expected to close in the first quarter of 2013.

for more information where Total Soft Tech Solutions Inc. gets its news.

visit link below:

www.computerworld.com

Voice recognition

Since speech and voice input technology is skyrocketing the software industry via mobile and other devices, it hasn’t made any changes to company workplaces.

every time you go to your workplace it would be considered a distraction for you to issue voice commands to your PC, or reciting an email, or dictating a memo to your boss, you start typing and clicking. In the environs of the office, where speech technology could save us time and make us more productive, most of us are still stuck with keyboards and mice.

Yet once we’re away from the office, many of us don’t think twice about issuing voice commands to our smartphones — whether that means voice-dialing the phone, speaking a search term to Google or asking Siri what today’s weather will be like.

The main advancement is that the speech tools are now closer to the user — on our phones and tablets as we go about our day — and many run in the cloud, which provides immediate processing and a constantly expanding language database. Unlike older desktop-based software, these new tools do not require speech training, thanks to improvements in the algorithms. “We can be pretty imprecise in what we say,” Miller says.

for more information where Total Soft Tech Solutions Inc. gets its news.

visit link below:

www.computerworld.com

Windows 8 similar to Vista?

Recent news show windows 8 being remotely similar to vista, windows 8 said being a poor performer for Microsoft than of windows 7, relating to a web measurement company statement.

Recent online news survey says that 1.2% of all Windows PCs ran windows 8 during November, doubled its share the month before.

Since Windows 8 rate edged Vista’s first full month, the OS (Operating System) ended February 2007 with a 1% share of all Windows system, the new edition actually jumped less than the problem- and perception-plagued Vista. From January to February 2007, Vista increased its share more than five times, compared to the doubling of Windows 8.

Difference vary from two operating systems more likely to do with economics and choice: The global economy was significantly more robust in early 2007 than it is now, and five years ago consumers had few alternatives to a PC, since smartphones and tablets were then just a gleam in engineers’ eyes.

Net Applications’ statistics corroborate other data that showed Windows 8 has not prompted consumers or businesses to buy new PCs. Last week, the NPD Group said that in the four weeks since Windows 8’s Oct. 26 debut, U.S. consumer PC sales had dropped 21% compared to the same period in 2011.

Windows XP lost eight-tenths of a percentage point last month to fall under 40% for the first time since its early years. XP, which is slated for retirement in less than 500 days, accounted for 39.8% of all personal computers in November, or 44.5% of all Windows machines. Vista also slipped by one-tenth of a percentage point as its share continued to slip toward zero.

And Windows 7 remained flat, ending the month with a 44.7% share of all PCs and 48.9% of all Windows PCs. November was the first month since March that Windows 7’s share did not add gain at least half a percentage point.

for more information where Total Soft Tech Solutions Inc. gets its news.

visit link below:

www.computerworld.com