Week in Geek: Skype is Leaking Users’ Locations, Allows for ‘Tracking and Harassment’

Note: This article is part of our archive and is likely out of date.
(Links may not work, downloads have not been recently tested for safety)

By Akemi Iwaya on March 24th, 2013

Our latest edition of WIG is filled with news link coverage on topics such as Mozilla is pondering stripping customization options from Firefox, a botnet has been stealing millions from advertisers with fake mouse clicks, the next Xbox may require an “always on” internet connection, and more.

Weekly News Links

  • Mozilla ponders stripping customization options from Firefox
    Firefox users have always appreciated how customizable the browser is, but lately Mozilla is wondering if it’s time to clean things up a bit. There are hundreds of millions of Firefox users, and not all of them find the numerous checkboxes on its preferences screen useful. In fact, one Mozilla study found that fewer than 2% of Firefox users bother fiddling with those settings.
  • Microsoft to push Windows 7 Service Pack 1 to users starting March 19
    Microsoft is starting to push Windows 7 SP1 to Windows 7 users via Windows Update, ahead of the early April end-of-support date for the RTM version of the product.
  • Ubuntu to halve support length for non-LTS releases
    In a meeting of the Ubuntu Technical Board this past week, the technical leadership of Canonical’s Linux distribution decided to halve the support time for non-LTS releases to nine months.
  • Goodbye Windows: China to create home-grown OS based on Ubuntu
    Ubuntu maker Canonical has signed a deal with the Chinese government to create a new version of Ubuntu. For China, this is widely seen as an attempt “to wean its IT sector off Western software in favour of more home-grown alternatives”.
  • Windows Phone’s 18 month support means it’s being updated, not abandoned
    There was a spate of Windows Phone scaremongering this past weekend, after speculation that the platform would be discontinued in mid-2014. This came about after it was noticed that Microsoft had published Windows Phone’s support life cycle, just as the company does with almost all its other software.
  • Google looks to unify chat services under ‘Babble’
    Google’s messaging platforms might all be rolled into one new platform, according to a recent report. The search giant is planning to combine its many messaging platforms, including Google Talk, Hangout, Voice, and Messenger, into one service it’ll call Babble.
  • Google Launch ‘Keep’ – New Note-Taking Service
    Google has unveiled their latest online service – a new note-taking app called Keep. Under the slogan “save what’s on your mind“, the Google Drive-powered lets users create, store and access notes, lists, images and more from either their Android devices or via the web interface.
  • Google Keep? It’ll probably be with us until March 2017 – on average
    The closure of Google Reader has got early adopters and developers worried that Google services or APIs they adopt will just get shut off. An analysis of 39 shuttered offerings says how long they get.
  • Adobe reminds Photoshop.com users to move or lose their content
    Back in February Adobe announced plans to kill the storage portion of its seemingly popular Photoshop.com web service and migrating users’ content to Adobe Revel. The move seems painless on the surface — all of your images will be exported to Revel automatically. Except, that is not entirely the case. In fact, all of the JPEG images will be moved. Only. Other formats, including video, PSD, RAW, ACR, PNG, TIFF, must be archived by the customer or they will be lost.
  • eBay lowers seller fees, in bid to swipe business from Amazon
    For the first time in years, e-commerce marketplace eBay is cutting its listing fees and lowering its rates in a major way.
  • Feedly adds 500K new users on Google’s move to kill Reader
    New users flock to the RSS reader app in the two days after Google announced it would retire its own RSS service.
  • Open-Xchange to launch open-source, browser-based office suite
    Collaboration software vendor Open-Xchange plans to launch an open-source, browser-based productivity suite called OX Documents. The first application for the suite is OX Text, an in-browser word processing tool with editing capabilities for Microsoft Word .docx files and OpenOffice.org and LibreOffice .odt files.
  • EA lists free games as apology for SimCity launch mess
    EA has detailed the list of Origin games it will offer to customers affected by the disastrous launch of SimCity. All copies of SimCity registered on Origin before March 25 will give applicable customers a chance to pick one free game from the following list: Battlefield 3; Bejeweled 3; Dead Space 3; Mass Effect 3; Medal of Honor: Warfighter; Need for Speed: Most Wanted; Plants vs. Zombies; and SimCity 4: Deluxe Edition.
  • RapidShare scraps unlimited storage with short notice
    Even customers who paid in advance for long-term unlimited storage at RapidShare will see it disappear on March 20. The company says its terms of service permit such abrupt changes.
  • Leak points to “always on” ’Net connection, one-time installs for next Xbox
    Newly leaked documentation accompanying the developer’s kit for the successor to the Xbox 360, codenamed Durango, is rekindling rumors that the new system will require disc-based games to be installed to a hard drive before being played.
  • Don’t Glass and drive — lawmakers seek to ban Google Glass on the road
    West Virginia lawmakers are already pouncing on the existence of Google Glass and introducing a bill that would prohibit drivers from making a spectacle of themselves.

Security News

  • Privacy 101: Skype Leaks Your Location
    Voice-over-IP telephony service Skype constantly exposes your Internet address to the entire world, and there are now numerous free and commercial tools that can be used to link Skype user account names to numeric Internet addresses.
  • Microsoft’s Hotmail and Outlook.com Are Wide Open to Hackers
    Both Hotmail and Outlook.com email services are vulnerable to session fixation attacks that could allow cybercriminals to get full control of an account due to what seems to be an issue affecting the management of cookies and sessions.
  • Apple launches two-factor authentication for Apple IDs
    Apple has started to introduce two-factor authentication for its centralised Apple ID, which controls access to iCloud, iTunes and Apple’s online store and is used by FaceTime and iMessage. You can view the official Apple FAQ and setup instructions for two-step verification here.
  • Apple blocks ad-injecting Mac trojan, Yontoo
    A day after Russian anti-virus firm Doctor Web highlighted an adware Mac trojan called “Yontoo,” Apple has moved to block it. Confirmed by Intego, Apple has updated the definitions included in OS X’s Xprotect.plist in order to detect the adware, meaning users don’t need to run anything special in order to be protected.
  • Fake MSN Messenger Installers Show Up on Google
    Microsoft has already announced its plans to discontinue MSN Messenger and move all users to Skype, so cybercriminals have moved quickly to try to exploit this decision.
  • Cisco switches to weaker hashing scheme, passwords cracked wide open
    Password cracking experts have reversed a secret cryptographic formula recently added to Cisco devices. Ironically, the encryption type 4 algorithm leaves users considerably more susceptible to password cracking than an older alternative, even though the new routine was intended to enhance protections already in place.
  • Passcode lock can be bypassed in iOS 6.1.3 as well
    It appears that iOS 6.1.3 presents yet another opportunity for attackers to bypass the passcode lock and access the telephone app – which includes information such as the user’s call history and address book data and allows intruders to open the photo gallery and send emails.
  • New Samsung flaw allows ‘total bypass’ of Android lock screen
    Another day, another lock screen flaw. Some Samsung devices running Android 4.1.2 can allow a ‘total bypass’ of the device’s lock screen.
  • Apple sets deadline for retiring old device ID system
    In an effort to boost user privacy, starting May 1 the tech giant will no longer accept new apps that access UDIDs. All new apps also must support iPhone 5 and Retina display.
  • Decade-old espionage malware found targeting government computers
    Researchers have unearthed a decade-long espionage operation that used the popular TeamViewer remote-access program and proprietary malware to target high-level political and industrial figures in Eastern Europe.
  • Symantec finds Linux wiper malware used in S. Korean attacks
    Security vendors analyzing the code used in the cyberattacks against South Korea are finding nasty components designed to wreck infected computers. Tucked inside a piece of Windows malware used in the attacks is a component that erases Linux machines, an analysis from Symantec has found. The malware, which it called Jokra, is unusual, Symantec said.
  • Stealing photos and spying: backdoors to networked cameras
    Cameras with Wi-Fi connectivity and a web server are supposed to make it easier to take pictures and upload photo files, but they aren’t very secure against attackers.
  • Professional videoconferencing system as a spy
    Over a period of two months, Moritz Jodeit from German IT security specialists n.runs discovered various vulnerabilities in Polycom’s HDX series. The researcher presented the results of his work at the Black Hat Europe security conference.
  • Facebook lets advertisers target people with same traits as customers
    The social network is providing advertisers with a more scientific way to reach potential customers.
  • Chameleon botnet steals millions from advertisers with fake mouseclicks
    Security researchers have discovered a botnet that is stealing millions of dollars per month from advertisers. The botnet does so by simulating click-throughs on display ads hosted on at least 202 websites. The botnet is the first found to use display advertisements to generate fraudulent income for its masters.
  • How whitehats stopped the DDoS attack that knocked Spamhaus offline
    As an international organization that disrupts spam operators, the Spamhaus Project has made its share of enemies. Many of those enemies possess the Internet equivalent of millions of water cannons that can be turned on in an instant to flood targets with more traffic than they can possibly stand.

TinyHacker Links

How-To Geek Weekly Article Recap

Geeky Goodness from the ETC Side

How-To Geek Weekly Trivia Roundup

One Year Ago on How-To Geek

Akemi Iwaya is a devoted Mozilla Firefox user who enjoys working with multiple browsers and occasionally dabbling with Linux. She also loves reading fantasy and sci-fi stories as well as playing "old school" role-playing games. You can visit her on Twitter and .

  • Published 03/24/13
More Articles You Might Like

Enter Your Email Here to Get Access for Free:

Go check your email!