Sloppy Programming Results in Millions of Passwords Getting Leaked from YouPorn

YouPorn is one of the most popular pornographic websites on the Internet, and constantly features among the top 100 websites, worldwide. However, what concerns many netizen at present, is that YouPorn had a glitch in their matrix, allowing people to see the user information of millions of registered users.

The leak has allegedly come from the chat system on YouPorn, and the misbehaving server has been taken down already. Eset, the Original source on this, says,

The exposed information contains e-mail addresses and passwords. This information can be used to identify porn consumers, but for some users more than a reputation is at stake. It is common knowledge that even today a surprisingly large portion of Internet users use the same passwords for many (or all) of the services they use on the Internet, whether it is e-mail accounts, Facebook, PayPal, or other services.

The hack was a result of debug logging being turned on one of the pages, which has been present from November 2007. This points many angry fingers at the developers of YouPorn. A sample dump of the user info including their user IDs and passwords is given below.

youporn-password

Hackers have already started checking for reuse of passwords, and have made some hits too. This is embarrassing for those who still use the same passwords online, even after all the hacking attempts taking place over the last year.  This incident should serve as an eye-opener for those people.

Google’s Android-powered Heads-up Display Glasses Coming This Year’s End

Google has some amazing futuristic projects going on at its Google X office, and heads-up display (HUD) is just one of them. Heads-up display aims to create Android-based terminator-style glasses, taking augmented reality to a new level. We absolutely loved the concept when 9to5Google reported it for the first time. Now, the concept has moved a step closer to reality. The latest buzzword is that the HUD glasses will go on sale by the end of this year.
google-hud-glasses-mock

Sergey Brin himself and Latitude creator Steve Lee are leading the HUD project jointly. Latitude never took off as a product, though these HUD glasses are perhaps the most ambitious and most awaited experimental product from Google this year. There will definitely be a user acceptance testing (UAT) before the formal production/launch. Therefore, some lucky users might get to test this product even before it launches by the end of 2012.

While giving updates on the pricing details, the New York Times also explained where the HUD glasses would be better than current Android smartphones.

One Google employee said the glasses would tap into a number of Google software products that are currently available and in use today, but will display the information in an augmented reality view, rather than as a Web browser page like those that people see on smartphones.

At the end of this year, Google will probably move the glasses into production, based on the UAT results. The glasses are expected to cost the same as smartphones, in the range of $250 to $600.

Google already has (a part of) the technology in place with Google Goggles, and this device will be a lifesaver for those who have to reach into their pockets every few minutes, to get their phone out. However, the HUD glasses will also alert privacy watchdogs, with people recording each other constantly and on the fly.

Canonical to Reveal Its Ambitious Plan of Ubuntu for Android at MWC Next Week

Canonical has been aggressive about Ubuntu lately, and wants to push it to every upcoming platform. Currently, Ubuntu can be found on desktops, servers and as recently showcased Ubuntu TV. However, Ubuntu can reach out to a potentially unexplored customer base as a true Linux experience provider in a new avenue. The mobile space has been untouched by Ubuntu, and it is finally planning to step in to this platform.
canonical-ubuntu-android
Canonical teases us with this message on the Ubuntu for Android page.

In every dual-core
phone, there’s
a PC trying
to get out.

From the page, it looks you can simply put your Android phone in a dock, and connect it to a television. Certified business apps from Adobe and Cirtix make this product ready for the enterprise sector too. Moreover, Android and Ubuntu share the same Linux kernel, allowing users to switch between the world’s most popular Linux distro, and the world’s most popular open mobile platform. Canonical has worked extensively with ARM support and this integration of Android and Ubuntu will result in a wonderful synergy.

Mark Shuttleworth announces the plan on his blog writing,

We’ll show Ubuntu neatly integrated into Android at Mobile World Congress next week. Carry just the phone, and connect it to any monitor to get a full Ubuntu desktop with all the native apps you want, running on the same device at the same time as Android. Magic. Everything important is shared across the desktop and the phone in real time.

This product is targeted at high-end mobiles HDMI and USB support. Ubuntu One allows for synchronization across devices and all these great features might create what Canonical calls a “new peripheral ecosystem”.

Oracle Takes Another Blow in the Android Patent Infringement Case

Oracle sued Google back in August 2010, expecting to walk away with big spoils of war. Instead, Google wrote to the patent and trademark office asking them to re-examine all patents in connection with the case, and this has caused Oracle to lose many patents it acquired from Sun Microsystems. Clearly, this case costed Oracle considerably in monetary and reputation damages. However, it continues pursuing the case hoping to have a positive turnout.

google-oracle

In December last year, the Patent and Trademark Office (PTO), on request for a re-examination by Google, invalidated a major Oracle patent. A few days back, Oracle received another blow in this case, when the PTO voided one more of its patents. Finally, Oracle regained some sense and decided to withdraw the claim 14 on the patent ‘467, but we can see that the damage has been done! This makes the entire ‘467 patent out of the scope of this lawsuit.

Moreover, for the third time in a row, Oracle has come up with inflated damage reports claiming more than the applicable reasonable amount. The initial claim from Oracle was a ridiculous 6 billion USD, which has come down to 52.4 – 169 million USD. Google is still not satisfied with these estimates, and has filed a motion to cut this damage list and hence the claim amount, shorter.

Groklaw mocks this whole case with this interesting argument.

Oracle bought Sun, everything Sun had, for what Oracle said was a transaction valued at “approximately $7.4 billion, or $5.6 billion net of Sun’s cash and debt”. That’s hardware, MySQL, Solaris, many things beyond just Java. So how could just six, now five, Java patents out of Sun’s more than 500 Java patents alone, add up to $6 billion? Why did anyone ever think this was a realistic figure instead of just hype?

At present, the PTO has confirmed only four of twenty-six Oracle claims. Oracle walked into the case without proper preparation, and is facing the consequences now. I just have one advice for Oracle. Stop already, and leave with the patents you can still call yours.

Saudi Journalist Tweets Against Prophet Muhammad, Gets Death Sentence

With its rising popularity, Twitter has given a new meaning to free speech and highly engaging global communications. However, this popularity has come for a price. The opinions and sentiments that people tweet are being used as evidence against them, increasingly. This threatens the aura around Twitter, and the recent censorship attempts by various governments taint its image further.
null
Recently, A Saudi Journalist, Hamza Kashgari, was extradited from Malaysia, for making seemingly blasphemous remarks on Prophet Muhammad. To make matters worse, Interpol was forced to hand over Kashgari. This same Interpol is supposed to remain politically neutral, and not intervene on cases of military, religious or racial nature. Article 3 of the Interpol’s constitution clearly states that

It is strictly forbidden for the Organization to undertake any intervention or activities of a political, military, religious or racial character.

The Guardian reports this incident, saying,

Kashgari, a newspaper columnist, fled Saudi Arabia after posting a tweet on the prophet’s birthday that sparked more than 30,000 responses and several death threats. The posting, which was later deleted, read: “I have loved things about you, I have hated things about you, and there is a lot I don’t understand about you … I will not pray for you.”

Kasgari is a 23-year-old journalist and faces the death penalty for this deed. This matter proves once again that regional laws govern the use of Twitter. It is only time before someone points a finger at the things we tweet.

Anonymous Takes Down CIA Website with Playful Updates on Twitter

The online hacker collective Anonymous declared a major hit yesterday, when the @YourAnonNews Twitter account announced the takedown of the CIA website. The successful takedown was announced with a “CIA tango down” message in a typical Anonymous style. The website was restored shortly afterwards, and there was no operation associated with the takedown. In short, this takedown was uncalled for and had no motive.

Last month, Anonymous took down the websites of the FBI and the Justice Department using the DDoS technique. It was their largest DDoS ever, and saw over 5000 participants. However, this takedown of CIA was motiveless, and has not been tagged with any ongoing operation so far. Apart from the CIA, the Alabama government website was also taken down, to protest against its harsh immigration laws.

anonymous

However, the confusing news is that although YourAnonNews reported the takedown, they came back to give another message saying, “We’d remind media that if we report a hack or ddos attack, it doesn’t necessarily mean we did it…FYI”.

Last year around June, the Anonymous splinter group LulzSec took down CIA website and claimed responsibility for it. It was their claim to fame in the notorious hacktivism world.

Anonymous is being taken seriously by law enforcement agencies across the world, and they are attempting to join hands against Anonymous. A few days ago, FBI set up a conference call with the Scotland Yard to discuss this matter. However, Anonymous leaked both the email setting up the call, and a voice transcript of the entire seventeen-minute call.

This should serve as a point of reflection for the FBI. Anonymous is a merry band of hackers. However, if Anonymous can drop in on your conversations, how safe are they from other governments? This raises serious security concerns.

Symantec Discards Code Stolen by Anonymous as Harmless

Earlier this month, Symantec released patches for its PCAnywhere program, saying the patches would protect its users from hackers who have gotten control of PCAnywhere source codes. These were critical patches for Windows versions of PCAnywhere. With these patches, Symantec also admitted that some of its source code was stolen back in 2006, and it was being contacted by the Lords of Dharmaraja (a hacker group) over these stolen codes.
anonymous

Symantec PCAnywhere 12.5 is the world’s leading remote access software solution. It lets you manage computers efficiently, resolve helpdesk issues quickly, and connect to remote devices simply and securely.

While the patches released by Symantec fixed known vulnerabilities, there could still be some unknown vulnerabilities, which were unpatched.

Symantec claims that the Anonymous interacted with the FBI in its negotiations, but it is unclear whom they really contacted. Some speculate it is Symantec, and they are using the FBI story as a cover up. On the other hand, the hackers have released 1.27 GB of data this Monday, and claim that there is more.

An interesting part of the conversation between Symantec and hackers reads,

We cannot pay you $50,000 at once for the reasons we discussed previously.  We can pay you $2,500 per month for the first three months.  In exchange, you will make a public statement on behalf of your group that you lied about the hack (as you previously stated).   Once that’s done, we will pay the rest of the $50,000 to your account and you can take it all out at once.  That should solve your problem. Obviously you still have our code so if we don’t follow through you still have the upper hand.

When Symantec tried to play the hacker Yama Tough, who claims to have the code, he got impatient and released the code online on 6 February. After analyzing the leaked code, Symantec has declared that it is a five-year-old code and its patches are enough to keep users safe. However, these source code leaks are unacceptable from a company that deals in security.

The list of email conversations can be found on this paste from PasteBin.

German Government Recommends Google Chrome for Windows 7 Users

The German Government is relying on Google Chrome for the safety of its users online. It has recommended all Windows 7 users to move to Google Chrome, which offers a better sandbox protection and automatic update features. This recommendation has been put up as part of a security best practices guideline.The Germany’s Federal Office for Information Security declared Chrome to be the best browser, from a security perspective.
google-chrome
Google Chrome is indeed secure, and we have seen it claim wins in multiple Pwn2Own contests. It has remained unbeaten for a long time, and this is owing to the extremely secure sandbox.

In computer security, a sandbox is a security mechanism for separating running programs. The sandbox typically provides a tightly controlled set of resources for guest programs to run in, such as scratch space on disk and memory.

The Germany’s Federal Office for Information Security, known as BSI in Germany, said,

Your internet browser is the key component for the use of services on the Web and thus represents the main target for cyber-attacks. By using Google Chrome in conjunction with the other measures outlined above, you can significantly reduce the risk of a successful IT attack.

Overall, this is an excellent move by the German Government to make its users secure. Germany sees a market dominated by Firefox at 51% and IE at 24%, and there are only 14.3% Google Chrome users, currently. However, this recommendation has some practical issues. Google Chrome has had issues with the Flash Player, its rapid release cycle poses problems for developers and most importantly, it puts too much of data in the hands of Google. This can raise serious privacy concerns.

The guidelines laid down by the BSI can be found here.

Mozilla is Working on a Push Notification System for Firefox

If you are a Google Chrome user, you must have seen how notifications work for Gmail. Google created the Desktop Notification system based on HTML5, and proposed its inclusion in the W3C web standard. The draft for the notification can be seen on this page at W3C.
firefox-logo

Notifications is designed to allow brief messages to be sent to a user however they are connected. Somewhere between email and IM lies Notifications.

Push notifications are a way for websites to send small messages to users when the user is not on the site. iOS and Android devices already support their own push notification services.

Recently, Mozilla has brought out a similar notification system called Push Notification, using a JavaScript API. However, it has also improved on Google’s implementation, and will push notifications for all websites, irrespective of whether they are open in a tab or not. Currently, Chrome shows notifications only for websites that are open in a tab.

With this feature, Mozilla wants to bring the web-application closer to the desktop application. A similar experience on a desktop browser is a good start. Native mobile clients on Android have used push-notifications successfully, for a long time. However, the Push Notification system will also help developers send notifications to their mobile users, without investing in a separate mobile client.

You can visit the Mozilla Wiki for more technical information on notifications, or the Push Notification API in particular.

Craigslist Charitable Fund Donates $100,000 to the Perl Foundation

The Perl Foundation has received its seemingly largest donation of $100,000 from the Craigslist Charitable Fund. This donation will be used towards the maintenance of Perl 5. Craigslist is built mostly using Perl, and it uses many other open-source technologies.

perl-foundation

Craigslist is so popular in its niche that it was mentioned on this episode of The Big Bang Theory, where Sheldon wants to buy Uranium, online.

The President of the Perl Foundation, Karen Pauley, expressed his gratitude to the Craigslist Charitable Fund, saying,

This generous donation will allow us to improve the Perl 5 Core and the work done with the Core Maintenance Fund, as well as sponsor a range of Perl 5 related activities through grants and initiatives already in existence and in the community.

The Perl Foundation has received heft donations earlier. Booking.com donated $50,000 to the Perl Foundation in 2008, and Liquid Web, a web hosting company donated $10,000 to the Perl Foundation in September last year. However, development of Perl has slowed down considerably over the last decade, with new versions primarily resolving bug fixes, and including minor syntax changes. This donation should be a boost for the Perl Foundation, and should help it revamp the development of the “duct tape of the Internet”.

Perl is released under the GNU GPL and the Artistic License. It is an extremely dynamic, flexible and (perhaps the most) powerful programming language. It truly deserves these donations, and much more love.