TechBlog

h-online: A data leak at the meetOne dating site allowed anyone to access private data including the plaintext passwords, email addresses and real names of the site’s approximately 900,000 members. To obtain the data, an attacker simply needed to increment a URL parameter. After they were informed by The H‘s associates at heise Security, the operators soon closed the hole. When news of a data leak in one of the dating portal’s custom APIs was disclosed to heise Security, the editors managed to reproduce the problem and access the data of a specially created test profile. The API disclosed information including the email address and password of the test user, which allowed access to the user’s profile. ...

h-Online: Citizenlab has released a detailed analysis of the activities of a trojan in which the experts conclude that the malware is most likely closely related to FinFisher, a commercial spyware tool developed by a company called Gamma International. The trojan targeted political activists in Bahrain and included sender names such as that of an Al Jazeera correspondent and subject lines like “Torture reports on Rabil Najaab”. The attached .exe file, disguised as an image, disabled anti-virus software and installed a complete set of spyware programs on the recipient’s PC. The spyware proceeded to monitor, among other things, the victim’s Skype communications including conversations and file transfers. An analysis of the infected systems’ working memory repeatedly produced the “finspy” character string. This name is used by Gamma to advertise FinFisher modules. ...

iol scitech: London – A British computer hacker accused by the United States of breaking into top secret military and space agency networks will learn the result of his six-year fight against extradition within three months, a court heard on Tuesday. Gary McKinnon faces up to 60 years in jail if convicted in American courts for what one US prosecutor has described as the “biggest military computer hack of all time”. ...

h-Online: The developers of the VirusTotal online virus scanner service are currently testing a new sandbox feature to provide users with more meaningful scan results. In a post on the company’s blog, software architect and developer Emiliano Martinez says that, for this purpose, samples uploaded to the service are executed in a controlled sandbox environment where their actions can be “recorded in order to give the analyst a high level overview of what the sample is doing”. ...

Computer World: Security software vendor Symantec said Wednesday that Enrique Salem, its president and chief executive officer, had stepped down with immediate affect, after the company reported that its revenue for the quarter ended June 29 grew 1% year-over-year to $1.7 billion. Symantec said its board of directors has appointed Steve Bennett, the current chairman of the board, to also hold the posts of president and chief executive officer. The board’s decision to make a leadership change was not based on any particular event or impropriety but was instead made after ongoing consideration and a deliberative process, said Dan Schulman, Symantec’s newly-appointed lead director, in a statement. Bennett however said that in his view “Symantec’s assets are strong and yet the company is underperforming against the opportunity.”

TechChurch wrote: “Computer pornography has given new meaning to the words ‘home invasion,’” Romney said at a 2007 Values Voter summit, “If I am President, I will work to make sure that every computer sold into the home has an easy to engage pornography filter so that every parent can protect their child from unwanted filth.” Federal obscenity laws used to prosecute porn moguls, such as Hustler’s Larry Flynt_, have largely been limited to child pornography since the rise of the Internet, but there’s an open debate as to whether they could be reactivated. ...

FoxNews: International hacking group Anonymous took at least 10 Australian government websites offline briefly Tuesday in a series of escalating attacks over proposed changes to privacy laws. The Australian arm of the group has warned it will continue the attacks on “.gov.au” sites until plans to force ISPs to store user data and make it further available to security services are shelved. The attacks started after Prime Minister Julia Gillard answered policy questions via webcam in an online Google+ Hangout session on Saturday but the sites targeted so far are all run by the Queensland State Government. ...

h-Online: A file with 11 million password hashes belonging to users of the online games platform Gamigo has been circulated on the internet. According to an analysis by ZDNet, 8.2 million different email addresses are also part of the 478MB file. Around 3 million of these belong to users from the US, 2.4 million are German addresses and 1.3 million are supposed to originate in France. The list also includes corporate email addresses from companies such as IBM, Siemens, Deutsche Bank and the German insurance company Allianz. ...

Time Techland wrote: When I learned this morning, via Twitter, that the small company behind Mac/iOS e-mail app Sparrow was being bought by Google, I almost didn’t need to read the startup’s announcement to know the upshot. Google and Facebook buy itty-bitty web companies all the time. And the acquired businesses typically convey what’s happening in an eerily consistent five-step ritual: Announcement of thrilling acquisition Reiteration of startup’s wildly ambitious founding notion Explanation that either Google or Facebook is the best place to change the world Acknowledgement (or sometimes non-acknowledgement) that the startup’s product is being discontinued or is going into limbo Expression of heartfelt gratitude to various supporters, usually including the consumers who are losing their something they liked So it seems to be going with Sparrow: Its five-person team will be working on Gmail henceforth; the existing Sparrow apps aren’t being discontinued, but they apparently won’t get any updates, either. ...

h-online: The TeamViewer developers have released updates for a potential security vulnerability discovered in the remote access tool. The company recommends that users install the security updates immediately. Versions 5 to 7 of the Windows, Mac OS X and Linux editions of TeamViewer Full and TeamViewer QuickSupport are affected. The flaw does not appear to have been discovered in TeamViewer Host. The company has not offered any details of the vulnerability, but updated editions of the software can be obtained from the TeamViewer Download page. The new version can simply be installed over the previous installation. ...