Week in Geek: Dropbox Rolls Out 2-Step Authentication Feature in Experimental Desktop Client Build

By Akemi Iwaya on August 26th, 2012

Our last edition of WIG for August is filled with news link goodness covering topics such as Firefox 17 will make add-ons more secure, password hints are easily extracted from Windows 7 and 8, the latest stable release of ChromeOS adds a new apps list feature, and more.

Weekly News Links

Original unaltered image courtesy of Martin Brinkmann (BetaNews).

  • Dropbox offers 2-step verification
    Users of the Dropbox file synchronization service up until now did not have an option to add this second layer of security to their account. A new experimental build that was posted this past Wednesday on the official forum of the service changes that. The build enables 2-step verification in the Dropbox client that users install on their system to synchronize files between the local system and the online storage. Access links are embedded in the 3rd and 4th paragraphs of the post.
  • Firefox 17 to make add-ons more secure
    As suggested by some of its developers back in 2010, the Firefox browser will introduce enhanced separation between add-ons and the rest of the browser. With the change, which is planned to take effect with the release of Firefox 17, scripts on web pages will only be able to access the data belonging to add-ons if they are included in a whitelist.
  • Mozilla: IonMonkey Firefox Faster Than Chrome
    More than two years ago, Mozilla promised that it would catch up with Google’s Chrome performance in JavaScript. Today, JavaScript is not as much as a problem anymore as it was in 2010, but Mozilla has not forgotten its promise. IonMonkey is breathing down Chrome’s neck.
  • Google adds Octane to JavaScript benchmark mix
    There are many benchmark suites for JavaScript which all give different perspectives on how a particular implementation of JavaScript is running on a browser. Google has now launched the Octane JavaScript benchmark suite to add to those perspectives with what it feels is a realistic selection of regularly used JavaScript-implemented web applications.
  • Apache OpenOffice 3.4.1 adds languages, stability and performance
    Apache OpenOffice, while still incubating at the Apache Software Foundation, has been updated by the developers to add new languages, improve stability and enhance performance.
  • LibreOffice team to focus on hard bugs
    In a new initiative, “LibreOffice HardHacks”, the LibreOffice developers are being called on to take on the harder bugs in the LibreOffice code.
  • A new apps list on Chrome OS
    With this past week’s stable release of Chrome OS, Google redesigned the apps list experience to make it easier to access your favorite apps and websites. Notably, they made the apps list much more compact, so you can access your apps without interrupting your browsing experience.
  • Canonical releases Ubuntu 12.04.1 LTS
    Four months after Ubuntu 12.04 “Precise Pangolin” arrived, Canonical and the Ubuntu developers have announced the release of version 12.04.1 of the Long Term Support (LTS) edition of the Ubuntu Linux distribution.
  • Microsoft opens registration for Windows 8 upgrade
    Customers who purchased a Windows 7 PC after June 2 can now register for the upgrade to Windows 8 for $14.99.
  • Windows 8: Lingering questions and (a few more) answers
    Will there be downgrade rights in Windows 8? Will line-of-business apps be able to be sideloaded on Windows RT? Slowly but surely, we’re getting some answers.
  • Expert on Windows 8 Interface: Confusing, Burden on User’s Memory
    The Modern UI (formerly known as Metro) implemented by Microsoft in Windows 8 is certainly eye candy for many users. But what happens when it comes down to how practical it is?
  • SkyDrive content restrictions among the toughest in the cloud
    Ambiguous policies and cross-service lockouts create a recipe for customer dissatisfaction with Microsoft’s cloud storage service.
  • Google to retire Postini, migrate features to Google Apps
    Web giant has built the e-mail security and archiving features into two Google Apps products, which it will transition to customers next year.
  • Twitter API rules force Tumblr to change people finder options
    Tumblr removes Twitter from its friend-finder option in response to Twitter’s API feeds crackdown.
  • Amazon Glacier: a new name in data ‘cold storage’
    This past Tuesday Amazon Web Services announced Glacier, a new cloud storage service specifically aimed at data archival, backups, and other long-term storage projects where data is accessed only infrequently.
  • Google seeks recruits for privacy ‘red team’
    The Web titan is building a group dedicated to finding and solving “subtle, unusual, and emergent” problems with its products.
  • Marissa Mayer snags another ex-Googler for Yahoo
    Web pioneer’s new chief has hired at least two former co-workers from her former employer since being named CEO last month.
  • Invite-only strategy stirs demand, but could backfire
    Having user registration based on invitation creates exclusivity and demand for service, but it could also put off users to turn to rival platforms as alternatives.
  • Bitcoin-based credit card reportedly due in two months
    BitInstant is close to introducing an international credit/debit card based on the peer-to-peer currency, according to an alleged interview with the exchange service’s co-founder.
  • NASA plans mission to study hidden interior of Mars
    NASA aims at answering basic questions about the enigmatic interior of Mars with a relatively low-cost lander in 2016 that will probe the red planet’s core and look for signs of tectonic activity.

Security News

Image courtesy of Spider Labs.

  • Password hints easily extracted from Windows 7, 8
    Ars Technica’s recent feature on the growing vulnerability of passwords chronicled the myriad ways crackers extract clues used to guess other people’s login credentials. Add to that list a password reminder feature built into recent versions of Microsoft’s Windows operating system.
  • Crisis malware targets virtual machines
    Researchers have found that malware rootkit Crisis can spread via virtual machines, Windows mobile phones, Mac OS and Windows. Crisis, also known as Morcut, is a rootkit which infects both Windows and Mac OS X machines using a fake Adobe Flash Player installer.
  • Beware of “Micro-Soft Sweepstakes Promotion” Scam
    Cybercriminals are once again relying on the fame and reputation of Microsoft in an attempt to trick unsuspecting internet users into handing over sensitive information and various amounts of money.
  • AMD blog taken offline amid hacking claims
    AMD has removed its blog after hackers claimed to have hacked and dumped its user database.
  • McAfee comes unstuck over signature updates
    As a result of two bug-ridden signature updates to McAfee’s anti-virus software, some customers have found themselves unable to access the internet. The updates can either disable anti-virus monitoring or result in an unresponsive program console.
  • Private crypto key in mission-critical hardware menaces electric grids
    Another weakness has been found in RuggedCom devices used by power utilities. A private encryption key embedded into widely used mission-critical routers could be exploited by hackers to attack electric substations, railroad switches, and other critical infrastructure, security researchers have warned.
  • Apple Remote Desktop update fixes VNC security problem
    Apple has released version 3.6.1 of its Apple Remote Desktop (ARD) application for remotely managing Mac OS X systems to fix an information disclosure vulnerability. According to Apple, the security update addresses a serious problem when connecting to third-party VNC servers that may result in data not being encrypted when the “Encrypt all network data” setting is enabled.
  • New BIOS guidelines aim to keep malware out of computer’s nether regions
    The new guidelines are intended to make the Basic Input/Output System more resistant to malware attacks that target the system firmware. Over the past few years, at least two trojans, one called Mebromi and another proof-of-concept demonstration, have been able to survive operating-system reinstalls and evade antivirus protection by burrowing deep inside an infected computer.
  • Microsoft’s security software modifies HOSTS file
    Windows 8, set for release on 26 October, automatically deletes entries in the HOSTS file for specific domains. Try, for example, to prevent attempts to access Facebook.com, Twitter.com or ad servers such as ad.doubleclick.net by rerouting them to by adding entries to the HOSTS file and the relevant entries will soon disappear from the HOSTS file as if by magic, leaving nothing but an empty line.
  • McDonald’s, General Mills accused of collecting kids’ data
    Children’s advocacy groups this week reportedly file complaints with the FTC against large corporations over brand-related online games that ask kids for friends’ e-mail addresses without parental consent.
  • Why passwords have never been weaker—and crackers have never been stronger
    Thanks to real-world data, the keys to your digital kingdom are under assault.
  • Lessons learned from the recent Find My Mac remote-wipe attack
    The recent remote wipe attack through Apple’s Find My … service on a Wired reporter’s Mac, iPhone and iPad shows that local backups, system clones and strong passwords are more important than ever.
  • Mystery malware that targeted energy group contains amateur coding goof
    The mystery malware that recently wreaked havoc on energy sector computers contains an amateur programming error that’s not typical of state-sponsored attacks, security researchers said.
  • Pirated mobile Android and Apple apps getting hacked, cracked and smacked
    Those popular mobile apps that everyone’s buying from the official Android and Apple apps stores for business and fun are being torn apart by hackers who turn around and post these abused apps filled with malware, their content pirated or otherwise tampered with.
  • Android App Websites Seized in the U.S. for Alleged Copyright Violations
    U.S. law enforcement officials said this past Tuesday that three websites that were allegedly distributing illegal copies of copyrighted Android cell phone apps had been seized in what is described as the first such operation against cellphone apps marketplaces.

Random TinyHacker Links

How-To Geek Weekly Article Recap

Geeky Goodness from the ETC Side

One Year Ago on How-To Geek

How-To Geek Comics Weekly Roundup

How-To Geek Weekly Trivia Roundup

Akemi Iwaya is a devoted Mozilla Firefox user who enjoys working with multiple browsers and occasionally dabbling with Linux. She also loves reading fantasy and sci-fi stories as well as playing "old school" role-playing games. You can visit her on Twitter and .

  • Published 08/26/12
More Articles You Might Like

Enter Your Email Here to Get Access for Free:

Go check your email!