Week in Geek: New Attack on Apache Web Servers is ‘Invisible’, needs Special Forensic Methods to Detect It
Our first edition of WIG for May is filled with news link coverage on topics such as Adobe has confirmed a ‘leaky PDF’ flaw, Lotus Notes is suffering from a huge Java security hole, iOS 7 will possibly have a visually different (flat) look, and more.
Fractured glass photo effect courtesy of PhotoFunia.
Weekly News Links
- Microsoft now at 400 million active Outlook.com accounts
Microsoft has completed its Hotmail.com to Outlook.com migration and now is claiming 400 million active Outlook.com Web mail accounts. You can read the official announcement about the completion of the Hotmail upgrade and more here.
- Microsoft frames Skype in Outlook.com inboxes
The integration of the video chat and messaging service with Microsoft’s free e-mail service is rolling out to U.K. users now and will be available in the U.S. “in the coming weeks.” Learn more about the latest Skype feature in the official announcement here.
- Digg to release Google Reader replacement beta in June
Digg continues to survey people on what they want in a RSS reader. So far, it looks like the service won’t be social or free when it launches.
- Mozilla: Look ma, no plug-in for video, apps
The makers of Firefox team up with the 3D graphics gurus at OTOY to show off a new codec that can run high-end video and desktop apps in the browser.
- Chrome caching to smooth out rough patches in network
“Offline cache mode” lets Google’s browser load a saved version of a previously visited Web page. The cached version might be out of date, though.
- Google Keep note-taking comes to Chrome
Google Keep debuts as a Chrome Web app, bringing its simple note-taking features to Chrome browsers and Chromebooks.
- Packaged Apps Added to Chrome Webstore for Windows & Chrome OS Dev Users
Google has announced that Packaged Apps are available to install from the Chrome Web Store – but only for Dev Channel users on Chrome OS or Windows.
- Java 8 is now due in Spring 2014
What has been hinted at over the last week is now official – the next version of Java will not be released until next year. Mark Reinhold, the engineer in charge of Java at the platform’s owner Oracle, has confirmed that the new release date for JDK 8 will be 18 March 2014.
- Firefox OS Simulator 3.0 now available
The Mozilla developers have now released the latest version of the Firefox OS simulator. It is designed to allow developers to create and test applications for Firefox OS without having to try and get their hands on the limited supply of application-creator-oriented Geeksphone developer preview phones.
- Apple’s iOS 7 said to be visually different, flat
A new report says Apple’s next version of its iOS will look very different from previous iterations, though stay largely the same.
- Google Now ‘talks’ its way onto iOS
The mashup of personal assistant and predictive search known as Google Now gets approved for iOS. But will it take attention away from Siri?
- Google smacks down reports that Now for iOS drains batteries
The Web giant says the allegations that its Google Now iOS app drinks down battery juice are “incorrect.”
- Yahoo acquires to-do app Astrid
The company will continue to support the task management app for the next 90 days, but some users can expect refunds on paid subscriptions.
- Google Glass’s Android code now available
Ready to start programming for Google Glass? The tools are out there. While only a handful of Google Glasses are out, Google quietly released its Android-based core kernel code.
- A taste of Rust
Rust, the new programming language being developed by the Mozilla project, has a number of interesting features. One that stands out is the focus on safety. There are clear attempts to increase the range of errors that the compiler can detect and prevent, and thereby reduce the number of errors that end up in production code.
Fractured glass photo effect courtesy of PhotoFunia.
- Admin beware: Attack hitting Apache websites is invisible to the naked eye
Ongoing exploits infecting tens of thousands of reputable sites running the Apache Web server have only grown more powerful and stealthy since Ars first reported on them four weeks ago. Researchers have now documented highly sophisticated features that make these exploits invisible without the use of special forensic detection methods.
- Huge Java hole in Lotus Notes
IBM’s Notes/Domino, an email and workgroup system that is especially popular in large companies, has a huge security problem that should be fixed soon with an update. Even just opening an email could launch the installation of spyware on a Notes user’s computer.
- Adobe confirms ‘leaky PDF’ flaw, fix due on 14 May
- Thank you for not viewing: “Hidden” display ads hurt Web ad networks
There’s more than one way to fleece people using Web advertising. Botnets have been harnessed to generate fake clicks by injecting fake links into search results and to click randomly on webpages the infected computer’s user never sees. But fraudsters are starting to get more sophisticated in their efforts to get rich off Web advertising.
- Good Morning, Captain: open IP ports let anyone track ships on Internet
While digging through the data unearthed in an unprecedented census of nearly the entire Internet, Researchers at Rapid7 Labs have discovered a lot of things they didn’t expect to find openly responding to port scans. One of the biggest surprises they discovered was the availability of data that allowed them to track the movements of more than 34,000 ships at sea.
- Defense contractor pwned for years by Chinese hackers
QinetiQ, a UK-based defense contractor, has its fingers all over some of the US Defense Department’s most sensitive systems. And for at least three years, QinetiQ was apparently unintentionally supplying its expertise to another customer: China.
- For anyone who has ever forgotten a password, Facebook has help
If you’ve ever forgotten an important password, Facebook has an innovative solution for you. On Thursday, engineers with the social network rolled out a new(ish) feature that helps users regain control of an account after being locked out of it. You can view the official Facebook announcement here.
- Why your password can’t have symbols—or be longer than 16 characters
The password creation process on different websites can be a bit like visiting foreign countries with unfamiliar social customs. This one requires eight characters; that one lets you have up to 64. This one allows letters and numbers only; that one allows hyphens.
- Why you should take hacked sites’ password assurances with a grain of salt
Reputation.com, a service that helps people and companies manage negative search results, has suffered a security breach that has exposed user names, e-mail and physical addresses, and in some cases, password data.
- Lost+Found: accessible pentesting and non-web Persona
Too small for news, but too good to lose, Lost+Found is a compilation of the other stories that have been on The H’s radar over the last seven days: non-web Persona use proposed, how to report a DDoS, laptops filled with porn, tracking ships, counting fake callers, PDF receipts, mainframe intrusion, and accessible pentesting.
- Android virus scanners are easily fooled
Researchers at Northwestern University and North Carolina State University have discovered that anti-virus programs for Android can usually be bypassed using trivial means.
- Mozilla sends cease and desist to surveillance software maker
Mozilla has sent a cease and desist letter to the maker of surveillance software that identifies itself as Firefox when running on a victim’s system.
- Twitter warns of more hacks, threats to come; issues media memo
The microblogging giant has warned news outlets that “these attacks will continue,” particularly against high profile media organizations.
- Google’s self-driving cars gather nearly 1GB of sensor data every second — would you trust them?
While all the press attention is focused on Google Glass, there’s another even more life-changing invention continuing to be developed and refined at Google. The company’s self-driving cars have already driven more than 400,000 miles without an accident.
- Leaked doc shows Foursquare’s big plans for your check-in data
Ads centered on location data seem like a no-brainer — so long as members keep checking in.
- Windows 8: The First Six Months
Paul Thurrott wrote an interesting overview of Windows 8′s performance in the first six months since its worldwide launch.
- F-Secure Internet Security 2013 – A detailed review
If you are interested to know more about what F-Secure offers nowadays in terms of security products, you should read this thorough review as it reveals some interesting insights.
- Best Tools For Students
Some very useful online services for students. Even if you are not one, it’s worth taking a look at these.
- The Interesting Story of AMD
An interesting Ars Technica feature on AMD.
- Become a Citizen Journalist Through Guardian Witness
Share your stories, photos and videos on Guardian.
- The Future of Marketing – As Predicted by McKinsey
Creepy or awesome, what do you think? More can be found in this report. Post contains an infographic showing an example of what the article is discussing.
How-To Geek Weekly Article Recap
- 6 Games Banned From iOS That You Can Play on Android or the Web
- Microsoft Could Have Been On Top: 10 Product Opportunities Microsoft Missed
- Living With a Chromebook: Can You Live With Just a Chrome Browser?
- Why You Can’t Undo Sending an Email (and When You Can)
- What Is The Difference Between a Fob and a Dongle?
- How DNSSEC Will Help Secure the Internet and How SOPA Almost Made It Illegal
- HTG Explains: How the Great Firewall of China Works
- HTG Explains: What is DNS Cache Poisoning?
- Why Don’t All File Search Tools Use the Master File Table for Instant Results?
- How to Take Pinhole Photos with a Digital Camera
Geeky Goodness from the ETC Side
- Visualizing a DDoS Attack in Progress with Logstalgia, The April 23rd Attack against VideoLAN
- The Pain of Creating and Managing Passwords in Today’s Online Environment
- Ferrofluid – The Magnetic Liquid!
- Shelves Wallpaper Collection for Your iPhone
- Packaged Apps Now Available in the Chrome Store for Dev Channel Users (Windows and Chrome OS)
- Solar Rain of Fire – The Coronal Mass Ejection Event of 2012
- How to Import Playlists Into The Modern (Xbox) Music App
- How to Manually Match Music in Xbox Music on Windows 8
Daily App Downloads
- Leap into High-Flying Fun with ‘Fish Out Of Water!’
- Go on a Geeky ‘Machine Building’ Spree with Fantastic Contraption
- Become the Ultimate Bridge Builder with Bridge Constructor
How-To Geek Weekly Trivia Roundup
- What Is the Best Selling Video Game Console Of All Time?
- What Is The Official Operating System Of North Korea?
- What Is The Most Abundant Metal In The Human Body?
- What Accounts For One Third Of America’s Evening Internet Traffic?
- What Led To Newton’s Development Of Infinitesimal Calculus?
- What Was The Easter Egg Inside Microsoft Excel 95?
- The First Smartphone-Powered Satellites Contained What Phone?
One Year Ago on How-To Geek
- Improve a Lackluster Photo by Selectively Softening the Background
- How To Use Camera Raw Tools to Develop Digital Photographs
- How To Remove The Background From a Drawing or Lineart
- How To Make Line Tone Art (Like on Money) With Photoshop and No Filters
- How To Animate Your Own Custom GIF with Photoshop
How-To Geek Comics Weekly Roundup