Our first edition of WIG for February is filled with news link coverage on topics such as Mozilla will be pulling the plug on auto-running nearly all plugins, booting Linux using UEFI can brick Samsung laptops, Dropbox has launched quick file previews for photos & documents, and more.

Weekly News Links

• Microsoft’s Office 365 Home Premium: What happens when subscriptions expire?
  Microsoft is encouraging users to subscribe to its new Office, rather than buy it outright. But what happens once users’ subscriptions expire?
• PowerPoint 2013 to Sport a Widescreen Aspect Ratio as Default
  Office 2013 went on sale on January 29 and together with it, Microsoft will also introduce a new version of its PowerPoint app comprising a wide array of changes. The new PowerPoint 2013 will come with a widescreen aspect ratio as default, the company revealed in a blog post, mostly because “PowerPoint and widescreen were made for each other.”
• Bing rolls out five apps for Office 365 and Office 2013
  Looking to combine desktop productivity with search, Microsoft adds new apps to its Office suite.
• Boilerplate App kickstarts Firefox OS development
  Mozilla developer Robert Nyman has created a tool to get developers started writing their first application for Firefox OS or porting an existing web application to the platform. The tool is called the Firefox OS Boilerplate App and it provides a number of basic features many applications have in common, while using minimal dependencies.
• Richer Google Now notification system arriving in Chrome
  New changes mean a key Android feature for general-purpose alerts is closer to reality. Google’s browser is getting a mechanism for more elaborate notifications.
• Chrome for Android beta adds experimental SPDY/3 and WebGL
  The latest beta version of Chrome 25 for Android includes support for the chrome://flags settings page which gives users the opportunity to test experimental features of the browser. These features include WebGL acceleration, experimental Webkit options, CSS Shaders and an implementation of the third draft of the SPDY protocol.
• Booting Linux using UEFI can brick Samsung laptops
  Booting Linux using UEFI just once on various Samsung laptops is enough to permanently stop them working. Several reports have been posted on the Ubuntu bug tracker, but the problem is likely to also be present in other Linux distributions, as it appears to be caused by a kernel driver for Samsung laptops.
• Linux Foundation’s Secure Boot bootloader restructured
  James Bottomley has substantially restructured the mini bootloader to allow any Linux version to be launched on PCs with UEFI Secure Boot. The boot loader’s development has been sponsored by the Linux Foundation.
• KDE plans to merge Plasma desktops
  Developers at KDE are planning to merge the code for their Plasma Desktop, Plasma Netbook and Plasma Active user interfaces in the not-too-distant future, according to a blog post by Aaron Seigo.
• Ubuntu phones to come with a terminal—prepare your command line skill
  The Ubuntu phone operating system will come with a terminal application. That’s right: experienced users will have access to the full power of the Linux system running underneath the phone’s shiny graphical user interface.
• Dropbox launches quick file previews for photos, documents
  The storage company says it’s making a move away from files to content. The challenge it faces will be retaining its signature simplicity as it revamps the service for a mobile world.
• Google+ moves up to second place in social networks
  Facebook still has a massive lead, but Google+, with 343-million active users, is now the second most popular social network.
• Pinterest tests new look with bigger pins, restructured navigation
  The addicting social-networking site is mixing things up a bit to make its pins even more gripping.
• Spec sheet shows HP entering Chromebook market
  Showing how much things are changing in the computing world, the PC giant is following rivals with a laptop running Google’s browser-based Chrome OS.
• How Newegg crushed the “shopping cart” patent and saved online retail
  It’s game over for a patent troll that sued nearly 50 big retailers. – Anyone who visited Soverain Software’s website could be forgiven for believing it’s a real company. There are separate pages for “products,” “services,” and “solutions.” There’s the “About Us” page. There are phone numbers and e-mail addresses for sales and tech support. There’s even a login page for customers. It’s all a sham.

Security News

• Twitter detects and shuts down password data hack in progres
  Twitter engineers shut down what they described as an “extremely sophisticated” hack attack on its network that exposed the cryptographically protected password data and login tokens for 250,000 users.
• Mozilla pulling plug on auto-running nearly all plugins
  By default, Firefox will, in the future, only automatically run the content of the most recent version of Flash – all other plugins will default to “Click to Play”. The changes, announced on Mozilla’s security blog as a way to put users back in control of plugins, will increase the security and stability of Firefox.
• For second time in a month, Apple blacklists Java Web plugin
  For the second time in a month, Apple has effectively blacklisted the current version of the Java Web plugin on OS X. The block comes just days after it was discovered that the latest version of the plugin, which had been rushed out to patch a critical vulnerability, can still be exploited despite its heightened security mechanisms.
• Oracle releases emergency patches for Java
  Oracle has released a large package of security updates for Java which addresses 50 vulnerabilities in Java both in the browser and in the server. The “Critical Patch Update February 2013″ (CPU) for Java had been scheduled, says Oracle, for 19 February, but due to one of the vulnerabilities being exploited in the wild, the company brought the release forward.
• Millions of devices vulnerable via UPnP – Updated
  During an IP scan of all possible IPv4 addresses, Rapid7, the security firm that is known for the Metasploit attack framework, has discovered 40 to 50 million network devices that can potentially be compromised remotely with a single data packet. The link to an easy-to-use online vulnerability scanner is embedded in the last paragraph.
• Latest VLC version has dangerous hole
  The developers of the VLC video player have warned of a crashing bug in the latest 2.0.5 version of the application, which might be exploited to execute arbitrary code. The issue is a problem in the ASF demuxer (libasf_plugin.*), which can be tricked into overflowing a buffer with a specially crafted ASF movie.
• Path promises fix for grabbing geolocation data from photo
  Just as Path was trying to put its privacy woes behind it, a security researcher has caught the social network taking new liberties with personal information stored on iPhones and iPads. Path’s iOS app was found copying geographic locations embedded in photos and pasting them into user posts—even when location services have been disabled.
• WhatsApp privacy practices under scrutiny
  The popular cross-platform mobile instant messenger contravened Canadian and Dutch data and privacy laws over the requirement to upload users’ phone numbers.
• Eight-month WordPress flaw responsible for Yahoo mail breach: Bitdefender
  A cross-site scripting flaw that saw some Yahoo email users lose control of their accounts has now been traced back to a WordPress installation that was not patched for at least eight months.
• Ubuntu 13.04 Online Search to Send the User’s Geographical Location
  Canonical will try to make Ubuntu 13.04 its best release so far and one of the ways to do that is by improving the Dash functionality and its online features.
• Malvertising campaigns at multiple ad networks lead to Black Hole Exploit Kit
  Security researchers from Trusteer have detected several malvertising campaigns, affecting multiple ad networks, which attempt to serve client-side exploits, ultimately dropping malware through the Black Hole Exploit Kit.
• Anatomy of a phish – how crooks hack legitimate websites to steal your details
  Old-school phishing is where cybercrooks lure you into logging in to your bank account on one of their websites. When you enter your personally identifiable information (PII), as you would on the bank’s real site, it gets uploaded to the crooks instead of to your bank. The idea, of course, is that they then use the credentials they just stole to start draining your account.
• Big Bank Mules Target Small Bank Businesses
  A $170,000 cyberheist last month against an Illinois nursing home provider starkly illustrates how large financial institutions are being leveraged to target security weaknesses at small to regional banks and credit unions.
• Enterprises using new tech to deceive hackers
  While honeypots are still the widely used tactic to mislead and “bait” hackers, organizations are moving toward the use of newer technologies that can trace and deceive cybercriminals.
• Lost+Found: Demonic daemons, a bag of crap and Bill Shocker
  Too small for news, but too good to lose, Lost+Found is a compilation of the other stories that have been on The H’s radar this week. In this edition: a demonic SSH daemon, Woot.com sends out a bag of crap in the nicest possible way, the Bill Shocker malware, iOS 6.1 jailbreak, and The Onion decides to be proactive.

How-To Geek Weekly Article Recap

• HTG Explains: Why You Don’t Need an Antivirus On Linux (and When You Do)
• HTG Explains: Why You Can’t Get Infected Just By Opening an Email (and When You Can)
• HTG Explains: What’s the Difference Between Jailbreaking, Rooting, and Unlocking?
• How to Update Your Graphics Drivers for Maximum Gaming Performance
• New Security Hole Found in Wi-Fi Routers: Disable UPnP to Protect Yourself
• Desktop Fun: Steampunk Wallpaper Collection Series 2
• How to Troubleshoot Google Chrome Crashes
• What Should I Set the Allocation Unit Size to When Formatting?
• How to Connect to a VPN on Android
• How to Add Desktop Shortcuts for Removable Drives Automatically

Geeky Goodness from the ETC Side

• Find a Better Place to Hide Your Xbox Next Time! [Humorous Image]
• The Seductive Nature of the Internet [Comic]
• Surfing the ‘Web’ like Bosses [Humorous Image]
• Emergency Cleanup Measures Before Starting a Video Chat [Comic]
• What Astronauts Really Eat In Space
• A Look Inside a Microchip [Video]
• The Castle in the Mountains [Wallpaper]
• Super Mario World – The Hardest Level Ever [Video]
• The Era of Suffering is Over [Humorous Image]
• One Moment of Forgetfulness… [Comic]

One Year Ago on How-To Geek

• Win Over Your Geek Love With More Hilarious Geek Valentines
• 3 Simple Ways to Improve Low Resolution Images (and Typography)
• How To Remove JPG Artifacts and Ugly Image Distortion From Photographs
• Beginner Photoshop: How To Make Convincing Fake Tattoos
• Why Old School Photographers Think You’re Just a Spoiled Hipster
• How to Easily Synchronize Music, Videos & Photos with Your Android

How-To Geek Weekly Trivia Roundup

• What Was the First Networked Computer Game?
• What Are The Most Influential Sci-Fi Writers Of The 20th Century Called?
• Which Intergalatic Race Serves As Doctor Who’s Archnemeses?
• Which Sci-Film Was The First Nominated For A Best Picture Oscar?