Our last edition of WIG for August is filled with news link goodness covering topics such as Firefox 17 will make add-ons more secure, password hints are easily extracted from Windows 7 and 8, the latest stable release of ChromeOS adds a new apps list feature, and more.

Weekly News Links

Original unaltered image courtesy of Martin Brinkmann (BetaNews).

• Dropbox offers 2-step verification
  Users of the Dropbox file synchronization service up until now did not have an option to add this second layer of security to their account. A new experimental build that was posted this past Wednesday on the official forum of the service changes that. The build enables 2-step verification in the Dropbox client that users install on their system to synchronize files between the local system and the online storage. Access links are embedded in the 3rd and 4th paragraphs of the post.
• Firefox 17 to make add-ons more secure
  As suggested by some of its developers back in 2010, the Firefox browser will introduce enhanced separation between add-ons and the rest of the browser. With the change, which is planned to take effect with the release of Firefox 17, scripts on web pages will only be able to access the data belonging to add-ons if they are included in a whitelist.
• Mozilla: IonMonkey Firefox Faster Than Chrome
  More than two years ago, Mozilla promised that it would catch up with Google’s Chrome performance in JavaScript. Today, JavaScript is not as much as a problem anymore as it was in 2010, but Mozilla has not forgotten its promise. IonMonkey is breathing down Chrome’s neck.
• Google adds Octane to JavaScript benchmark mix
  There are many benchmark suites for JavaScript which all give different perspectives on how a particular implementation of JavaScript is running on a browser. Google has now launched the Octane JavaScript benchmark suite to add to those perspectives with what it feels is a realistic selection of regularly used JavaScript-implemented web applications.
• Apache OpenOffice 3.4.1 adds languages, stability and performance
  Apache OpenOffice, while still incubating at the Apache Software Foundation, has been updated by the developers to add new languages, improve stability and enhance performance.
• LibreOffice team to focus on hard bugs
  In a new initiative, “LibreOffice HardHacks”, the LibreOffice developers are being called on to take on the harder bugs in the LibreOffice code.
• A new apps list on Chrome OS
  With this past week’s stable release of Chrome OS, Google redesigned the apps list experience to make it easier to access your favorite apps and websites. Notably, they made the apps list much more compact, so you can access your apps without interrupting your browsing experience.
• Canonical releases Ubuntu 12.04.1 LTS
  Four months after Ubuntu 12.04 “Precise Pangolin” arrived, Canonical and the Ubuntu developers have announced the release of version 12.04.1 of the Long Term Support (LTS) edition of the Ubuntu Linux distribution.
• Microsoft opens registration for Windows 8 upgrade
  Customers who purchased a Windows 7 PC after June 2 can now register for the upgrade to Windows 8 for $14.99.
• Windows 8: Lingering questions and (a few more) answers
  Will there be downgrade rights in Windows 8? Will line-of-business apps be able to be sideloaded on Windows RT? Slowly but surely, we’re getting some answers.
• Expert on Windows 8 Interface: Confusing, Burden on User’s Memory
  The Modern UI (formerly known as Metro) implemented by Microsoft in Windows 8 is certainly eye candy for many users. But what happens when it comes down to how practical it is?
• SkyDrive content restrictions among the toughest in the cloud
  Ambiguous policies and cross-service lockouts create a recipe for customer dissatisfaction with Microsoft’s cloud storage service.
• Google to retire Postini, migrate features to Google Apps
  Web giant has built the e-mail security and archiving features into two Google Apps products, which it will transition to customers next year.
• Twitter API rules force Tumblr to change people finder options
  Tumblr removes Twitter from its friend-finder option in response to Twitter’s API feeds crackdown.
• Amazon Glacier: a new name in data ‘cold storage’
  This past Tuesday Amazon Web Services announced Glacier, a new cloud storage service specifically aimed at data archival, backups, and other long-term storage projects where data is accessed only infrequently.
• Google seeks recruits for privacy ‘red team’
  The Web titan is building a group dedicated to finding and solving “subtle, unusual, and emergent” problems with its products.
• Marissa Mayer snags another ex-Googler for Yahoo
  Web pioneer’s new chief has hired at least two former co-workers from her former employer since being named CEO last month.
• Invite-only strategy stirs demand, but could backfire
  Having user registration based on invitation creates exclusivity and demand for service, but it could also put off users to turn to rival platforms as alternatives.
• Bitcoin-based credit card reportedly due in two months
  BitInstant is close to introducing an international credit/debit card based on the peer-to-peer currency, according to an alleged interview with the exchange service’s co-founder.
• NASA plans mission to study hidden interior of Mars
  NASA aims at answering basic questions about the enigmatic interior of Mars with a relatively low-cost lander in 2016 that will probe the red planet’s core and look for signs of tectonic activity.

Security News

Image courtesy of Spider Labs.

• Password hints easily extracted from Windows 7, 8
  Ars Technica’s recent feature on the growing vulnerability of passwords chronicled the myriad ways crackers extract clues used to guess other people’s login credentials. Add to that list a password reminder feature built into recent versions of Microsoft’s Windows operating system.
• Crisis malware targets virtual machines
  Researchers have found that malware rootkit Crisis can spread via virtual machines, Windows mobile phones, Mac OS and Windows. Crisis, also known as Morcut, is a rootkit which infects both Windows and Mac OS X machines using a fake Adobe Flash Player installer.
• Beware of “Micro-Soft Sweepstakes Promotion” Scam
  Cybercriminals are once again relying on the fame and reputation of Microsoft in an attempt to trick unsuspecting internet users into handing over sensitive information and various amounts of money.
• AMD blog taken offline amid hacking claims
  AMD has removed its blog after hackers claimed to have hacked and dumped its user database.
• McAfee comes unstuck over signature updates
  As a result of two bug-ridden signature updates to McAfee’s anti-virus software, some customers have found themselves unable to access the internet. The updates can either disable anti-virus monitoring or result in an unresponsive program console.
• Private crypto key in mission-critical hardware menaces electric grids
  Another weakness has been found in RuggedCom devices used by power utilities. A private encryption key embedded into widely used mission-critical routers could be exploited by hackers to attack electric substations, railroad switches, and other critical infrastructure, security researchers have warned.
• Apple Remote Desktop update fixes VNC security problem
  Apple has released version 3.6.1 of its Apple Remote Desktop (ARD) application for remotely managing Mac OS X systems to fix an information disclosure vulnerability. According to Apple, the security update addresses a serious problem when connecting to third-party VNC servers that may result in data not being encrypted when the “Encrypt all network data” setting is enabled.
• New BIOS guidelines aim to keep malware out of computer’s nether regions
  The new guidelines are intended to make the Basic Input/Output System more resistant to malware attacks that target the system firmware. Over the past few years, at least two trojans, one called Mebromi and another proof-of-concept demonstration, have been able to survive operating-system reinstalls and evade antivirus protection by burrowing deep inside an infected computer.
• Microsoft’s security software modifies HOSTS file
  Windows 8, set for release on 26 October, automatically deletes entries in the HOSTS file for specific domains. Try, for example, to prevent attempts to access Facebook.com, Twitter.com or ad servers such as ad.doubleclick.net by rerouting them to 127.0.0.1 by adding entries to the HOSTS file and the relevant entries will soon disappear from the HOSTS file as if by magic, leaving nothing but an empty line.
• McDonald’s, General Mills accused of collecting kids’ data
  Children’s advocacy groups this week reportedly file complaints with the FTC against large corporations over brand-related online games that ask kids for friends’ e-mail addresses without parental consent.
• Why passwords have never been weaker—and crackers have never been stronger
  Thanks to real-world data, the keys to your digital kingdom are under assault.
• Lessons learned from the recent Find My Mac remote-wipe attack
  The recent remote wipe attack through Apple’s Find My … service on a Wired reporter’s Mac, iPhone and iPad shows that local backups, system clones and strong passwords are more important than ever.
• Mystery malware that targeted energy group contains amateur coding goof
  The mystery malware that recently wreaked havoc on energy sector computers contains an amateur programming error that’s not typical of state-sponsored attacks, security researchers said.
• Pirated mobile Android and Apple apps getting hacked, cracked and smacked
  Those popular mobile apps that everyone’s buying from the official Android and Apple apps stores for business and fun are being torn apart by hackers who turn around and post these abused apps filled with malware, their content pirated or otherwise tampered with.
• Android App Websites Seized in the U.S. for Alleged Copyright Violations
  U.S. law enforcement officials said this past Tuesday that three websites that were allegedly distributing illegal copies of copyrighted Android cell phone apps had been seized in what is described as the first such operation against cellphone apps marketplaces.

Random TinyHacker Links

• Log In and Go Straight to the Desktop in Windows 8
  Here are a few solutions that work in the final version of Windows 8, with no side effects or issues, and without installing third party software.
• Infographic – Do People Really Work When Working from Home?
  An infographic that focuses on statistics related to those who telecommute and/or work from home.
• Anonymity is Overrated Anyway
  An infographic that looks at how easily your personal information gets sold or shared online by companies.
• Ten Years After: The Internet in 2012
  An animated infographic that looks at the differences in the Internet between 2002 and 2012. (Note: Infographic may make the page slow or slightly unresponsive)

How-To Geek Weekly Article Recap

• What Happened to Solitaire and Minesweeper in Windows 8?
• HTG Explains: I Have a Router, Do I Need a Firewall?
• Beginner: 5 Mouse Tricks in Windows that You Might Not Know
• The Best Websites for Backing Up and Sharing Your Data in the Cloud for Free
• How to Quickly Forward Ports on Your Router from a Desktop Application
• How Do The CPU and GPU Interact to Render Computer Graphics?
• Automatically Clean Out and Remove Empty Files and Folders
• Desktop Fun: Pirates Wallpaper Collection Series 2
• HTG Explains: Is UPnP a Security Risk?
• HTG Explains: Microsoft Accounts vs. Local Accounts in Windows 8

Geeky Goodness from the ETC Side

• The Most Difficult Security Questions You Will Ever See [Humorous Image]
• Is it a Virus? [Comic]
• The Most Advanced Social Network Ever Made [Humorous Image]
• The Power of Router Lights at Night [Humorous Image]
• All the Planets to Scale [Infographic]
• Your Passwords Are Weak and Crackers Are Increasingly Well Equipped
• Video Game Companies Reimagined As Friends
• Social Networking Distribution – The Facebook Friends Edition [Humorous Chart]
• Jedi in the Future [Wallpaper]
• DIY Movie Screen Is Lightweight, Inexpensive, and Acoustically Transparent

One Year Ago on How-To Geek

• How to Convert PDF Files for Easy Ebook Reading
• Beginner Geek: How to Customize the Date Format in the Windows Taskbar
• Stupid Geek Tricks: Add Apps to the Windows 7 Explorer Favorites List
• How to Get a Blazing Fast, Powerful, XP-Style Search in Windows 7
• When Should You Properly “Eject” Your Thumb Drive?

How-To Geek Comics Weekly Roundup

• Life Insurance in Video Games
• Wiretapping versus Tracking
• Less Buffering, More Cleaning!
• Browsing in Privacy Mode
• Classic Gags and New Technology
• What is Leonard Nimoy in Search of this Time?
• An Honest Promo Code

How-To Geek Weekly Trivia Roundup

• What Is The First (And Only) Art Installation On The Moon Called?
• Which Animal Is Frequently Used To Pull Cables In Tight Spaces?
• Explaining Your Code To An Inanimate Object Is A Programming Trick Known As What?
• What Was The First Book Sold On Amazon.com?
• Apple’s Original Logo Featured Which Famous Inventor?
• Which Space Mission Was Guided Home Safely With A Wristwatch And Grease Pencil?
• The Web Site For Which 1996 Movie Has Remained Online And Untouched?