Week in Geek: FTC Asked to Investigate Wireless Carriers over Lack of Android Security Updates

This week’s edition of WIG is filled with news link coverage on topics such as Microsoft has released an ISO image to repair Windows systems affected by security update 2823324, U.S. Windows computers are among most vulnerable in the world, a former Hostgator employee has been arrested & charged with rooting 2,700 servers, and more.

Weekly News Links

• Mozilla parks TowTruck to help browsers collaborate
  TowTruck is a new Mozilla Labs experiment for collaboration on the web. Implemented entirely in JavaScript, the proof-of-concept service is designed to give real-time chat and voice communications and let two users work together on a web page. You can visit the official TowTruck website here.
• Adobe says it will contribute to Google’s Blink
  Adobe’s director of engineering for the Web Platform, Vincent Hardy, has confirmed that the company is not taking sides in the WebKit/Blink web rendering engine fork and will be contributing to both WebKit and Blink as they are open source.
• Microsoft’s Windows 8 Plan B(lue): Bring back the Start button, boot to desktop
  Microsoft may be moving toward bringing back the Start Button and allowing users to boot straight to the desktop with its coming Windows 8.1 release later this year.
• Microsoft KB2823324 Update Fix Officially Released
  Microsoft broke down lots of Windows 7 computers earlier this month with a buggy Patch Tuesday update that pushed all machines into a continuous reboot loop that, in many cases, ended up with the infamous Blue Screen of Death. They have rolled out a new fix, this time in the form of an ISO image that can be easily burned onto a blank disk and then used to repair your computer.
• Microsoft rolling out two-factor authentication across its product line
  Microsoft is joining the two-factor authentication ranks, adding support for this security mechanism across its products and services accessible via a Microsoft Account.
• Microsoft adds alias sign-in, international domains to Outlook.com
  More new features are coming to Microsoft’s Outlook.com Web mail service, including support for alias sign-in, as well as for new international domain-specific email addresses. You can read the official Microsoft blog post regarding this link and the one directly above here.
• Microsoft Research adds new functionality to Outlook
  Most of the focus these days seems to be around Outlook.com, as Microsoft anxiously endeavours to move its apps online and turn software into a service. But Microsoft Research also wants to bring new functionality to the desktop version of Outlook and is announcing the release of Manana Mail to do just that.
• Fuduntu Distro Bites the Dust, End of Life Scheduled for September
  Fuduntu 2013.2, a lighthearted and fun Linux distribution that fits somewhere in-between Fedora and Ubuntu, will take its last gasp of air on September 30.
• Mac OS X Lions get native Ext file system access
  Paragon has updated its Linux file system driver for Mac OS X to support Lion and Mountain Lion. ExtFS for Mac OS X 9.0 provides complete read and write access for Ext2, Ext3 and Ext4 filesystems.
• Firefox Mobile OS to launch in five countries this summer
  Mozilla CEO says that the Firefox Mobile OS will be available this summer in Venezuela, Poland, Brazil, Portugal, and Spain.
• Motorola developing Android phones with stock software, ‘just right’ size
  The dream of a stock Android phone that isn’t too big to use with one hand was almost realized by the HTC First, but we may see some other options on the market in the near future, as well. According to a report from PC Mag, Motorola is working on new smartphones that will run ‘stock’ Android and will be smaller than the giant Android devices that have been dominating the market for the past couple of years.
• Outlook.com updates Android app
  Another day, another updated app coming from Microsoft. This could get exciting if it keeps up! This time, it’s a newly updated Android app for Outlook.com, an app that Program Manager Steve Kafka admits “has been behind” in his blog post on the Outlook blog detailing the new app.
• Yahoo forecasts weather app for iOS
  Marissa Meyer is bringing big changes to Yahoo and one of them is apparently getting the old search site back into the public focus with new mobile apps. That process began this past week in the world of both Apple and meteorology.
• Yahoo launches Mail app for iPad, Android tablets
  The Yahoo Mail app extends its reach to the iPad and Android tablets, while a new Yahoo Weather app showers down upon the iPhone.
• TweetDeck mobile and AIR apps to go dark on May 7
  Twitter is laying to rest several versions of the power-user-friendly tool.
• Yahoo tries to freshen up, kills a bunch of products
  Yahoo is doing some spring cleaning. The company announced its plans this past Friday to shut down several products, including Yahoo Deals, Yahoo SMS Alerts, and the Yahoo Mail and Messenger apps used on feature phones.
• Yahoo’s Marissa Mayer tries to trigger chain reaction
  For CEO Mayer, the chain reaction starts with great people and products to spur user growth and engagement, leading to higher ad spending and more revenue.
• Evernote CEO: We want to build hardware
  The CEO of archiving service Evernote said his company will soon release branded hardware with partners, as it moves toward creating its own devices.
• Netflix plans to dump Silverlight for HTML5 streaming
  Movie-rental service plans to switch its streaming over to the emerging video format as soon as three WC3 initiatives are complete.
• Apple will replace faulty Apple TVs for free
  If you have an Apple TV that is experiencing Wi-Fi connectivity problems, it may be eligible for a free replacement.

Security News

• ACLU asks feds to probe wireless carriers over Android security updates
  Civil liberties advocates have asked the US Federal Trade Commission to take action against the nation’s four major wireless carriers for selling millions of Android smartphones that never, or only rarely, receive updates to patch dangerous security vulnerabilities.
• US Windows Computers Among the Most Vulnerable in the World
  Microsoft’s Security Intelligence Report Volume 14 has revealed that Windows computers in the United States are among the most vulnerable in the entire world. It appears that local users do not seem to care much about anti-malware software solutions.
• WordPress attack highlights 30 million targets
  The recent botnet attack on websites running WordPress hasn’t had much impact — yet. But with millions of vulnerable sites and a knowledge gap at the low end of the market, things could get much, much worse.
• Family of “BadNews” malware in Google Play downloaded up to 9 million times
  Security researchers have unearthed a family of malware for Android-based smartphones that’s been downloaded as many as 9 million times from Google Play, the official distribution platform hosted on Google servers.
• Yes, “design flaw” in 1Password is a problem, just not for end users
  This past week Internet security forums have buzzed with news about a newly discovered technique that allows crackers to make an impressive 3 million guesses per second when trying to find the passcode that unlocks the contents of the widely used 1Password password manager.
• ColdFusion hack used to steal hosting provider’s customer data
  A vulnerability in the ColdFusion Web server platform, reported by Adobe less than a week ago, has apparently been in the wild for almost a month and has allowed the hacking of at least one company website, exposing customer data.
• Attackers gain access to Linode customer data
  Hosting company Linode has published details on an attack on their servers that saw unknown hackers penetrate the company’s network and access customer information including credit card data.
• Former Hostgator employee arrested, charged with rooting 2,700 servers
  A former employee of Hostgator has been arrested and charged with installing a backdoor that gave him almost unfettered control over more than 2,700 servers belonging to the widely used Web hosting provider.
• New trojan downloader capable of deleting its downloaded component files – Microsoft
  Of all the discovered Trojans and malware suppliers, this find is special in its own way. Discovered as TrojanDownloader:Win32/Nemim.gen!A, this Trojan downloader has the capability of deleting its downloaded components in a way that prevents them from being discovered later on. You can read the official Microsoft bulletin here.
• Top Wi-Fi routers easy to hack, says study
  The most popular home wireless routers are easily hacked and there’s little you can do to stop it, says a new study by research firm Independent Security Evaluators.
• Old tricks are new again: Dangerous copy & paste
  Copying and pasting something does not necessarily mean the user will get what they think they are getting. With a little bit of HTML magic, one can even trick unwitting web site visitors into executing shell commands without their knowledge.
• Fueled by super botnets, DDoS attacks grow meaner and ever-more powerful
  Coordinated attacks used to knock websites offline grew meaner and more powerful in the past three months, with an eight-fold increase in the average amount of junk traffic used to take sites down, according to a company that helps customers weather the so-called distributed denial-of-service campaigns.
• Targeted cyberattacks jump 42 percent in 2012, Symantec says
  The security company’s latest Threats Report shows a small decline in spam and a huge rise in the number of targeted attacks.
• Lost+Found: Android memories and real-time cuckoos
  Too small for news, but too good to lose, Lost+Found is a compilation of the other stories that have been on The H’s radar over the last seven days: Android memory dump analysis, OCSP performance, 1Password security, Python crypto cracking, real-time cuckoo, Hack In The Box slides, Certificate Pinning, and the reason Linode was hacked.
• Even More VLC Media Player for Windows 8 Clones Now Available for Download
  VideoLAN is still working on the official Windows 8 port of the famous VLC multimedia player, but several other developers are trying to take advantage of VLC’s popularity with the help of clones that could trick people into believing they’re actually downloading the real stuff.
• It’s about time: RuneScape dumps Java for HTML5
  A widely used online game and longtime Java ally is ditching Oracle’s security-plagued programming technology. Your move, Minecraft.
• Facebook’s Android app can now retrieve data about what apps you use
  Facebook recently released its Android launcher called Home. The company also updated its Facebook app, adding in new permissions to allow it to collect data about the apps you are running, as pointed out on Hacker News.
• Apple remembers where you wanted to get drunk for up to 2 years
  Remember that time when you asked Siri about the nearest place to find hookers? Or perhaps the time you wanted to know where to find the best burritos at 3am? Whatever you’ve been asking Siri since its launch in late 2011 is likely still on record with Apple, as revealed by a report by Wired this past Friday.
• Oracle takes a leaf out of Microsoft’s book, prioritizes Java security
  The release of Java 8, originally due in September this year, has been pushed back. The new version’s headline feature—Project Lambda, which brings anonymous functions to Java—isn’t yet finished. The reason for this delay is, in part, security.
• Mozilla takes hard stance on protecting Web site certificates
  After telecom giant TeliaSonera allegedly allowed authoritarian governments to snoop on their citizens, Mozilla contemplates whether or not to issue it a new root certificate.

TinyHacker Links

Screenshot courtesy of Akemi Iwaya.

• Debate – Microsoft’s Windows 8 Approach: Bold, Arrogant, or Both?
  A very interesting debate, started by ZDNet columnist Ed Bott, with valid arguments for both sides of the coin.
• Why Windows 8 themes don’t work in Windows 7
  A very detailed look at Windows 8 themes and what’s new and different about them when compared to Windows 7 themes.
• From WordPress to a Windows 8 App
  A very interesting application that allows WordPress site owners to create a Windows 8 app for their blog without writing any code.
• Set a Sound Alarm to Warn When Your Battery is Low
  You can set Windows 7 and Windows 8 to play an annoying alarm when your battery is critically low, but it does help to have an audio reminder so that you don’t forget to plug in your laptop or tablet.
• This Reply All Button Should Be Baked Into Outlook
  Courtesy of Kurt Shintaku’s Blog, this ounce of prevention is worth more than a pound of face palms. Safe sex, seat belts and this.
• A Powerful Android Anti-theft App
  Probably the most powerful and feature-rich Android anti-theft app.
• AnandTech’s Brilliant HTC One Review
  HTC One is arguably the best Android phone ever. And AnandTech’s extraordinarily descriptive review does full justice to it.
• Transfer Contacts From Android to iPhone or iOS to Android
  An easy guide to transferring contacts from Android to iPhone or iPhone to Android.
• TIME Magazine Reviews Facebook Home
  A review of the new Facebook Home by TIME magazine.
• Get Instagram Back in Twitter
  Missing the Instagram photos in your Twitter stream? Well, Twitter blocked them but with this Chrome extension you can get them back easily.
• How Microsoft’s Applied Sciences Group Develops New Hardware
  A fun discussion with Stevie Bathiche, Distinguished Scientist of Windows Hardware at Microsoft.

How-To Geek Weekly Article Recap

• Microsoft is Ending Support for Windows XP in 2014: What You Need to Know
• HTG Explains: Why Is Smartphone Battery Life So Bad?
• How to Instantly Find Files on Flash Drives, Network Shares, DVDs, and More
• How and Why All Devices in Your Home Share One IP Address
• Why You Don’t Need to Run Manual Antivirus Scans (And When You Do)
• How to Extend Your Office 2013/365 Trial to 180 Days
• How to Print to PDF in Windows: 4 Tips and Tricks
• How to Get Music Onto Your Android Phone Without iTunes
• How to Create a Test Lab So That You Can Follow the Geek School (Without Breaking Your PC)
• Why Do Computers Count From Zero?

Geeky Goodness from the ETC Side

• Windows 8.1 Rumored to Have Significant, Highly Desired UI Changes in Store for Users
• New Java Update to be Available for Download later Today (Updated)
• What Would Happen if a Super Villain Used a Giant Space Straw as a Doomsday Weapon?
• City Lights Wallpaper Collection for Your iPad
• How to Restore the Default Libraries in Windows
• How to Fix When a Built-In Windows Library isn’t Working
• How Big Can a Person Get?
• Evernote is Looking to Get into the Hardware Business Eventually Too
• How to Disable Desktop Notifications in Outlook 2013

Daily App Downloads

• Noble Nutlings is an Awesome Physics-Based Racing Game
• Help Put Springfield Back on the Map in The Simpsons: Tapped Out

How-To Geek Weekly Trivia Roundup

• In The 1950s The Soviets Proposed What To Warm The Pacific Ocean?
• Which Component of Modern Cars Owes Its Name To Horses?
• Sales Of What 20th Century Staple Have Been On The Rise For Twenty Years?
• Who Graces The Most Valuable Baseball Card In The World?
• Where Do Venomous Snakes Outnumber Non-venomous Snakes?
• Heroin Was Originally Marketed As What?
• The Lava Lamp Was Invented By Whom?

One Year Ago on How-To Geek

• How to Own Your Own Website (Even If You Can’t Build One) Pt 2
• How to Own Your Own Website (Even If You Can’t Build One) Pt 3
• Make A Seamless Tiling Background for Webpages In About Ten Seconds
• How to Tweak the New Multi-Monitor Taskbar in Windows 8
• Use Classic Shell to Get a Classic Start Menu & Explorer Toolbar in Windows 8