Week in Geek: Steam Users at Risk from Potential New Security Vulnerability

Our latest edition of WIG is filled with news link coverage on topics such as 10 things to do after installing Ubuntu 12.10, the FTC’s offer of a $50,000 cash bounty for technology to help eliminate robocalls, the new malware variant spreading across Skype, and more.

Weekly News Links

• Firefox Marketplace launched on Android
  Mozilla has launched a preview version of its integrated Firefox Marketplace in Firefox for Android. The feature is now available in the Aurora development version of Firefox for Android and includes a number of what Mozilla calls “showcase apps” that users can install and test.
• Microsoft commits to a new preview test build of IE10 for Windows 7 in November
  Internet Explorer 10 for Windows 7 is still alive, Microsoft officials confirmed. And another test build is coming in November.
• 10 Things To Do After Installing Ubuntu 12.10
  After the thrill of downloading it, and the jagged nerves from installing it, you may be wondering what to do next with your freshly installed copy of Ubuntu. That question is especially true if you’re new to Ubuntu or haven’t used it for a while. So, to help get you settled, OMG! Ubuntu! has listed their top 10 post-install must-dos…
• Shuttleworth: Secret development of 13.04’s “Tada” features
  In the wake of the release of Ubuntu 12.10, Mark Shuttleworth has announced a new style of development for Ubuntu 13.04, the next major version of the Linux distribution. Referring to “a few items with high ‘tada!’ value that would be great candidates for folk who want to work on something that will get attention when unveiled,” Shuttleworth said that there will be a new process where the new features will not be talked about “until we think they are ready to celebrate”.
• Ubuntu Tweak Stops Development, Claims No Longer Free
  Popular Ubuntu configuration utility Ubuntu Tweak has officially ended support for its long-running project. Ubuntu Tweak has been a mainstay application on newbie machines since the days of Dapper Drake, and between then and now has gain a lot of respect within the community regardless of being merely a front-end for already trivial tasks.
• Google offers low-budget ARM-based Chromebook
  The browser-based laptop, weighing 2.5 pounds with an 11.6-inch screen, is “the best computer that’s ever been designed” for a price of $249, Google says.
• Even Microsoft’s closest allies are nervous about Windows 8
  Intel says PC makers are being cautious about building Windows 8 machines, which means this holiday season may not be so merry for Microsoft.
• Mouse input temporarily freezing after updating OS X
  Tackling third-party launch agents and daemons may help odd system pauses after an OS update.
• Apple updates Java for older Mac OS X – kills browser plugin
  Following Oracle’s CPU patch day, in which a large number of Java vulnerabilities were fixed, Apple has released an update for Java 6 on Mac OS X 10.6.8, 10.7 and 10.8. The timely update brings Apple’s Java 6 in line with Oracle’s Java 6 Update 37 but also removes the Apple-provided Java applet plugin from all web browsers.
• iOS, Android apps are porking up, research firm says
  According to a new study, the average size of iOS and Android apps is on the rise, something to consider when buying a smartphone.
• Mozilla adds sweetener to JavaScript
  A Mozilla project, Sweet.js, is setting out to sweeten JavaScript development by giving users hygienic macros to work with. Hygienic macros are macros that will not expand into anything that will interfere with the other code in a program, for example, by not capturing variables.
• Pigs fly: AOL’s new e-mail client makes inboxes a happy place
  With Alto, the much-maligned AOL is attempting to give users an entirely new way of organizing their e-mail. It has the potential to make people’s inboxes much more useful.
• Yahoo to shutter South Korea business at the end of the year
  The company says that the move is part of its “efforts to streamline operations.”
• Facebook said to let some companies see pages you like
  The social network allows select marketers to look at their fans’ other interests to help plan advertising efforts, Adweek reports.
• EU regulators tell Google to amend privacy policy
  But European Union officials stop short of calling for massive changes to the new policy.
• Google threatens to omit French media from search
  If a proposed French law passes that would require search engines to pay for news articles, the Web giant says it would simply stop linking to the country’s media sites.
• FTC said to be ‘strongly considering’ paid listings probe
  The federal agency is mulling whether to review how search engines are complying with 2002 guidelines regarding how paid listings in search results are disclosed to consumers, an industry group says.
• Kill the bots: FTC puts a bounty on the heads of robo-telemarketers
  The race against robots is on: the Federal Trade Commission is offering $50,000 cash to anyone that can come up with a way to eliminate the insidious telemarketing robocall, it announced this past Thursday. While it may take a sizable workload, a good kill-switch for the spammy pre-recorded messages could put an end to the annoying overtures on the phone to enter a new sweepstakes, qualify for a new credit card, or get a new energy provider.
• AT&T Starts Six-Strikes Anti-Piracy Plan Next Month, Will Block Websites
  A set of leaked internal AT&T training documents obtained by TorrentFreak reveal that the Internet provider will start sending out anti-piracy warning notices to its subscribers on November 28. Customers whose accounts are repeatedly flagged for alleged copyright infringements will have their access to frequently visited websites blocked, until they complete an online copyright course. It’s expected that most other participating ISPs will start their versions of the anti-piracy plan on the same date.
• Man hires woman to slap him every time he’s on Facebook
  Maneesh Sethi goes on Craigslist to find a woman who will hit him and therefore make him more productive. Includes video of the two of them working together (with slap).

Security News

• Steam vulnerability can lead to remote insertion of malicious code
  Millions of Steam users are potentially vulnerable to a newly disclosed attack method that exploits a hole in the way Steam commands interact with certain games, Web browsers, e-mail clients, and other software.
• Localized Darkbot malware variant spreading across Skype
  Security researchers from Avast have intercepted a currently spreading Darkbot malware campaign, that’s affecting millions of Skype users.
• Microsoft and Secunia warn of FFMpeg vulnerabilities
  Microsoft has provided details of several critical vulnerabilities in older versions of FFmpeg’s open source video codec tools and libraries; these could allow an attacker to execute arbitrary code on a system by getting users to open a specially crafted media file.
• Newly IDed ‘MiniFlame’ malware targets individuals for attack
  A new malware variant related to the state-sponsored Flame and Gauss cyber-espionage tools can work on its own or team up with its brethren to conduct targeted surveillance, say researchers at Kaspersky Lab.
• Verizon draws fire for monitoring app usage, browsing habits
  “We’re able to view just everything that they do,” Verizon Wireless exec has boasted. Privacy groups say initiative — including linking databases showing whether customers own pets — may violate wiretap law.
• Microsoft Names “Congratulations, you’ve won!” the Most Spread Online Scam
  It’s no secret that Microsoft is one of the companies most often mentioned in online scams, as hackers across the Internet try to use the Redmond-based firm’s reputation to trick users into various malicious activities.
• Encryption found insufficient in many Android apps
  Researchers have discovered catastrophic conditions when analysing Android applications that use encryption: more than 1,000 of the 13,500 most popular Android apps showed signs of a flawed and insecure implementation of the SSL/TLS encryption protocol.
• Hospitals’ computer hardware also suffers from infection
  Drug-resistant bacteria aren’t the only pernicious bugs that hospitals need to worry about. MIT’s Technology Review reports that hospitals’ computerized equipment—such as patient monitoring systems, MRI scanners, and nuclear medicine systems—is dangerously vulnerable to malware, and many systems are in fact heavily infected with viruses.
• Hacked terminals capable of causing pacemaker deaths
  Security holes enable attackers to switch off pacemakers, rewrite firmware from 30 feet away.
• Dutch proposal to search and destroy foreign computers
  On 15 October, the Dutch ministry of Justice and Security proposed powers for the police to break into computers, install spyware, search computers and destroy data. These powers would extend to computers located outside the Netherlands. Dutch digital rights movement Bits of Freedom warns for the unacceptable risks to cybersecurity and calls on other countries to strongly oppose the proposal.
• Internet architects mull changes to fight SSL-busting CRIME attack
  Engineers who help oversee Internet standards are proposing changes to long-standing website practices in order to guard against a new attack that exposes user login credentials even when they are transmitted through encrypted channels.
• Zero-day attacks are meaner, more rampant than we ever though
  Computer attacks that target undisclosed vulnerabilities are more common and last longer than many security researchers previously thought. The finding comes from a new study that tracked the number and duration of so-called zero-day exploits over three years. (Study finds average zero-day attack lasts 312 days. Some last two years-plus.)
• The Scrap Value of a Hacked PC, Revisited
  From Brian: A few years back, when I was a reporter at The Washington Post, I put together a chart listing the various ways that miscreants can monetize hacked PCs. The project was designed to explain simply and visually to the sort of computer user who can’t begin to fathom why miscreants would want to hack into his PC. I recently updated the graphic to include some of the increasingly prevalent malicious uses for hacked PCs, including hostage attacks — such as ransomware — and reputation hijacking on social networking forums. This post is well worth sharing with people you know.
• Some Computer Manufacturers May Disable Windows 8’s Windows Defender – ESET
  While Windows 8 comes with the refreshed version of Windows Defender, the one that provides full anti-malware protection, some new PC buyers won’t get to use it, says Aryeh Goretsky, researcher at antivirus software firm ESET. The reason is as simple as it could be: computer manufacturers usually install a trial of a third-party security software on every sold PC and whenever a consumer purchases the full product, they also get a commission for the sale.
• Kaspersky Labs builds new OS to combat Stuxnet, major exploits
  Ending the rumor mill, Kaspersky Labs has confirmed plans to create a new operating system to combat major industrial exploits.
• Google building malware scanner for Google Play: report
  Search giant Google is to integrate a malware scanner in its online Android application store in a bid to stave off an impending malware ‘pandemic’ on the mobile platform.
• Facebook pushing malware security even harder
  The social network wants its users to trust the Internet, not fear it. So it’s adding new antivirus partners and mobile offerings to the free downloads in its online marketplace.
• Facebook moves to keep phone numbers for two-factor protection private
  Facebook engineers have modified a controversial feature to prevent it from exposing the phone numbers users must provide to receive an additional level of security against account takeovers. (Numbers used for additional security are no longer in a new reverse lookup database.)
• How to improve your Android security
  The risks to Android phones and tablets from malware — or software written with ‘malicious intent’ — are rising rapidly. These threats are multiplying faster than gremlins in a swimming pool, so how do you protect your device from evildoers’ dirty deeds?
• Ars asks: Is using Java on a desktop worth the security risks?
  Java has been in the news a lot lately, and not for good reasons. Critical security flaws have allowed hackers to take complete control of PCs, and in-the-wild attacks exposed a problem Oracle went months without fixing.

TinyHacker Links

• Windows 8 Step by Step – Book Review & Giveaway
  If you are looking for a good book about Windows 8, the Windows Club recommends Windows 8 Step by Step, from Microsoft Press. They published a pretty good review about it and are also giving away 5 digital copies of the book.
• AVG Internet Security 2013 – Is it worth buying?
  AVG launched their 2013 version of Internet Security and it features a new interface and support for Windows 8. But what about the quality of their products, do they provide a good experience and good protection? Learn more from this review.
• Internet Explorer 10 (preview) Comes to Windows 7 in November
  More details in this blog post from Microsoft…

How-To Geek Weekly Article Recap

• What To Do If You Get a Virus on Your Computer
• The Difference Between .com, .net, .org and Why We’re About To See Many More Top-Level Domains
• How To Log Into Multiple Accounts On the Same Website At Once
• Can Dust Actually Damage My Computer?
• Why Enabling “Do Not Track” Doesn’t Stop You From Being Tracked
• The Best Websites for Downloading Cool Wallpapers
• How To Enable Do Not Track In Every Web Browser
• Desktop Fun: Auroras Wallpaper Collection Series 2
• HTG Explains: What Does “Bricking” a Device Mean?
• Why Are Dial-up Modems so Noisy?

Geeky Goodness from the ETC Side

• The Most Ridiculous Computer Cameos of All Time
• Starship Collage and Size Comparison Chart [Wallpaper]
• The Importance of Pet Names in the Internet Age
• Retro Ad – 10 MB Hard-Drive for $3398 [Image]
• Raspberry Pi Now Shipping with 512MB RAM; Still Only $35
• What Those Website Pop-Ups Really Mean [Comic]
• Take a Tour of Google’s Data Centers
• This New Laptop certainly Inspires Confidence in its Abilities [Humorous Image]
• Felix Baumgartner Skydives from the Edge of Space [Video]
• Zombie Survival Gear and Critical Survival Skills Chart

One Year Ago on How-To Geek

• How To Make Ghosts In Photoshop or GIMP
• How to Turn Your Friends into Zombies for Halloween (In Photoshop)
• 3 Easy Tips to Fix Ugly Edges When Removing Backgrounds
• How to Encrypt and Hide Your Personal Files Inside of a Photo
• How to Burn Data Across Multiple DVD or CD Discs

How-To Geek Comics Weekly Roundup

• A Smart and Persistent Sheriff
• Tin Foil Hats
• Tablets and Patents
• He Has the Answers
• Universal Healthcare
• Was Working at Home a Good Idea?
• Contagious is Right!

How-To Geek Weekly Trivia Roundup

• Sagans, An Informal Unit Of Measurement, Signify What?
• Who Is The Patron Saint of Computers?
• What Was The Internet Originally Called?
• Which Common Computer Symbol Is Based Off The Binary System?
• Microchips Are Mostly Composed Of What?
• In 1949 Popular Mechanics Predicted The Computers Of Today Would Weigh What?
• Braille, The Tactile Writing System For The Blind, Is Derived From What?