hypnosec writes with report of the possible theft of up to 22 million user IDs revealed by Yahoo! Japan. That scale is massive, but, he writes, “According to Yahoo, the information that was stolen didn’t have passwords or any other information that would allow unauthorized users to carry out user identity verification.” A story at the Japan Times adds a bit more detail.
Back in January, XBMC for Android trotted out what it called the first End User Friendly build of its mobile media center — a release designed with compatibility in mind. Half a million downloads later, the team is ready for the custom build’s first major update, releasing XBMC for Android’s first stable End User Friendly version today. “This is the first and only truly End User Friendly release of XBMC available on the internet,” writes the team on its official blog. “We’re hoping that it will in time bring XBMC to a whole new mainstream level.” For the uninitiated, the release page gives new users a brief rundown of what XBMC is, explaining how the software snags streaming content from all over the web and serves it to the user in a single, easy to access place. Installation is a little more complicated than simply hitting up Google Play, but folks who tried the team’s last release should be familiar with the process: sideload two APKs, and jump in. Check out the release for yourself at the source.
The Electronic Frontier Foundation has released its annual “Who Has Your Back?” report, ranking 18 companies by how well they protect user information from government eyes. Twitter and Sonic.net get high scores from the EFF, as they meet all six of the organization’s privacy guidelines, which include requiring a warrant for sharing content and telling users about government data requests. On the other end of the spectrum are MySpace and Verizon, both of which score zero out of six stars. Meanwhile, Apple and AT&T get one gold star each, and Google, Dropbox and LinkedIn are tied for second place. You’ll find the complete breakdown in the EFF ‘s comprehensive infographic (partially displayed above), and the full report is available via the source link.
The team behind mobile video app Socialcam just keeps on trucking. The company, which is now part of Autodesk, is releasing a new version of its app today, adding a bunch of features that users have asked for, like expanded profile pages, as well as the ability to switch back and forth between front- and rear-facing cameras and hashtags and @ mentions that actually do stuff. It’s been nearly a year since Socialcam was acquired in a deal that was worth about $ 60 million. Since then, the team has added a few members, boosting its ranks from four to seven. And that team continues to iterate on the app, posting eight updates across its iOS and Android apps since acquisition, some bigger than others. That said, Socialcam co-founder Michael Seibel wants to increase the rate at which the company puts out updates, getting it back to its pre-acquisition pace of an update every three weeks or so. With that in mind, the company just issued a pretty major update today which answer some of the demands its users had from previous version. That includes better support for hashtags and @mentions of other users. See, people were hashtagging their stuff all the time in Socialcam, but being able to search or follow or click through those hashtags wasn’t as fully built out as some would like. So users can now search via hashtag, and hashtags are now clickable. Socialcam has also added autocomplete for hashtags and @mentions, so users can get at what they want sooner. And if what they want to get at is another user page, Socialcam has given them a little more to look at. According to Seibel, the company found that its users weren’t just leveraging the app to share their videos with other social networks, but were actually using it as its own little social network, following and interacting with the other folks there. One of the requests the team got was to expand user profiles. So it did that, giving them more that they could do to express themselves and tell strangers on the platform who they are and why they should be followed. Socialcam also has added the ability to switch between front- and rear-facing cameras on its iOS app, allowing users to shoot a video intro with the front-facing cam, and then switch to the other one to show people what’s going on TechCrunch
On April Fools’ Day, the folks behind the popular Android ROM CyanogenMod updated its CM Stats feature and removed the opt-out option for users, which wasn’t an April Fools’ joke. CM Stats collects a few details about users’ devices, but with the opt-out feature removed, a handful of CyanogenMod users have complained. A day later,
Subtlety can’t always avert controversy. That leaked build of Windows Blue is a case in point: it suggests a relatively incremental update to Windows 8, yet some of its revelations are already causing quite a stir. Neowin now reports that Internet Explorer 11, as contained within the leaked build, identifies itself to host websites as “Mozilla… like Gecko.” Confusing, right? Perhaps, but it’s not really as underhand as it sounds, as you can see from the full line of code in the picture above.
The program still identifies itself (in brackets) as IE 11, but it forgoes Microsoft’s older identifier (“MSIE”) and simply describes itself as being a browser that renders HTML in a similar way to Firefox’s Gecko layout engine. Neowin speculates that the reason for this could be to start afresh: by confusing host websites with a new identifier, IE 11 might avoid having legacy CSS code thrown at it, dating back to the bad old days when web designers had to give Internet Explorer special treatment. It’s also been suggested that this could cause problems for business apps that genuinely rely on legacy CSS code — although it’s worth remembering that we’re not looking at a final release here, and none of us (ahem) are even meant to be using it.
Billly Gates writes “With the new leaked videos and screenshots of Windows Blue released, IE 11 is also included. IE 10 just came out weeks ago for Windows 7 users and Microsoft is more determined than ever to prevent IE from becoming irrelevant as Firefox and Chrome scream past it by also including a faster release schedule. A few beta testers reported that IE 11 changed its user agent string from MSIE to IE with the ‘like gecko’ command included. Microsoft may be doing this to stop web developers stop feeding broken IE 6-8 code and refusing to serve HTML 5/CSS 3 whenever it detects MSIE in its user agent string. Unfortunately this will break many business apps that are tied to ancient and specific version of IE. Will this cause more hours of work for web developers? Or does IE10+ really act like Chrome or Firefox and this will finally end the hell of custom CSS tricks?”
As the first edition so foretold, so too is there a second piece of this puzzle: Google’s Project Glass appears to have been shown at South by Southwest this past week in at least one well-attended keynote. While we’d seen some relatively blurry looks at this particular showing late last week, this week we’re seeing
Those who love the tiny, inexpensive, and all-around awesome little set-top box called Roku will be happy to know that the latest edition has just been unveiled, Roku 3. The set-top box features a sleek black design with rounded, slightly tapered edges and the same signature remote that users have come to love. Check out
Apple hasn’t done much to change the way iOS works at its core, in terms of navigating within and between apps and the home screen. In fact, iOS is maybe the mobile OS that has remained the most fundamentally the same since its introduction, at least among those that are still in active use.
But while Apple hasn’t been making huge changes to the basic iOS user interface, third-party developers have been pushing the boundaries and creating great examples of how things could be better for a next-generation version of Apple’s mobile OS. TechCrunch
Y Combinator-backed Vimessa launched in late 2011 with a free video voicemail app for the iPhone that allowed users to send high-def video messages to any cell number or email address. The idea was to make video messaging work on any mobile device or desktop. But, despite the early buzz around the product, rules are rules: 90 percent of startups fail. TechCrunch
It’s not if, but when. Between crooks, hackers, and foreign governments, Facebook probably can’t avoid a serious user data breach forever. When it happens, Facebook may never be able to quiet fears that “personal data isn’t safe there”. That could cause a chilling effect on sharing, jeopardize its future in commerce, and cut its lifetime short. TechCrunch
Trailrunner7 writes “Laptops belonging to several Facebook employees were compromised recently and infected with malware that the company said was installed through the use of a Java zero-day exploit that bypassed the software’s sandbox. Facebook claims that no user data was affected by the attack and says that it has been working with law enforcement to investigate the attack, which also affected other unnamed companies. Facebook officials did not identify the specific kind of malware that the attackers installed on the compromised laptops, but said that the employee’s machines were infected when they visited a mobile developer Web site that was hosting the Java exploit. When the employees visited the site, the exploit attacked a zero-day vulnerability in Java that was able to bypass the software’s sandbox and enable the attackers to install malware. The company said it reported the vulnerability to Oracle, which then patched the Java bug on Feb. 1.”
Several readers have passed on news of a privacy hole in the Google app store. Reader Strudelkugel writes with the news.com.au version, excerpting: “Every time you purchase an app on Google Play, your name, address and email is passed on to the developer, it has been revealed today. The ‘flaw’ — which appears to be by design — was discovered this morning by Sydney app developer Dan Nolan who told news.com.au that he was uncomfortable being the custodian of this information and that there was no reason for any developer to have this information at their finger tips.”
Twitter has released new numbers showing that the social network complied with government data requests 69% of the time in the U.S., as government requests for user information worldwide continue to rise. Computerworld News
The hits keep coming for the crowd in Cupertino, as the company just informed the world on its earnings call today that its iCloud platform now boasts a quarter of a billion users. This time last year, Apple’s cloud storage service had but a mere 85 million customers, but 2013 has seen that number triple to 250 million. How? We’re guessing that all those iPads and iPhones it’s sold in the last year probably have something to do with it.
Nintendo’s Wii U-based Miiverse social network is also getting a big update later this year, including user-created communities, more than one community per title, updated usability, and a more advanced filtering system. That’s in addition to a mobile phone-based application, all arriving in 2013. Nintendo president Satoru Iwata announced as much during a Nintendo Direct video presentation this morning, though he didn’t give a concrete date for the Miiverse updates or the mobile app. He did say that you’ll sign into the mobile app using your Nintendo Network ID, and be able to access (and interact) with the Miiverse on-the-go.
If you’ve been waiting to try out XBMC on your Android, it appears now is the time. While beta and nightly builds were already available, the team behind it has finally readied a release it says is “end user friendly,” ready to run on most any device. It achieves that feat by offloading video player duties to another app, in this case MX Player, in order to get around XBMC’s lack of hardware support for many devices. After sideloading the two necessary APKs we were able to get it up and running without any trouble, tossing in add-ins and playing back locally stored media without a problem. There’s a video to go along with the release (embedded after the break) but installing it yourself is probably the best way to get a feel for its video, picture and audio playback abilities.
judgecorp writes “Nokia has admitted that it routinely decrypts user’s HTTPS traffic, but says it is only doing it so it can compress it to improve speed. That doesn’t convince security researcher Gaurang Pandya, who accuses the company of spying on customers.” From the article, Nokia says: “‘Importantly, the proxy servers do not store the content of web pages visited by our users or any information they enter into them. When temporary decryption of HTTPS connections is required on our proxy servers, to transform and deliver users’ content, it is done in a secure manner. … Nokia has implemented appropriate organisational and technical measures to prevent access to private information. Claims that we would access complete unencrypted information are inaccurate.’”
Facebook keeps user counts for its mobile apps hidden, but researcher Benedict Evans found a way to uncover them and they provide critical insight into the direction and performance of Facebook’s mobile efforts. Most interestingly, Facebook’s Android user count is growing much faster than its iPhone user base, but is found on a lower percentage of Android devices. Let’s take a closer look. TechCrunch
Fond of your family name? Good — it’s about to get a bit more visible. Foursquare is planning to display full user names on profile pages, explaining in a recent community email that the old policy has become confusing. “If you search for a friend on Foursquare, we show their full name in the results, but when you click through to their profile page you don’t see their last name.” The team says these abbreviations made sense in Foursquare’s early days, but recently users have been asking for change. “We get emails every day saying that it’s now confusing.” The social network hopes that displaying users’ full surnames will help mitigate confusion between the John Smiths and John Smythes of the world.
Malware in the Google Play store is nothing new, and Google does their best to sift out most of the crap that makes its way in, but sometimes some of it sneaks through. A Google Play developer account by the name of “apkdeveloper” has released a ton of fake apps and games that are essentially
Yesterday, we ran a story with the headline “Free Software Foundation Campaigning To Stop UEFI SecureBoot.” It’s more complicated than that, though, writes gnujoshua: “We want computer manufacturers to implement Secure Boot in a way that is secure. If a user can’t disable Secure Boot and they are unable to sign their own software (e.g., bootloader, OS, etc), then we call that particular implementation ‘Restricted Boot.’ We don’t want computer makers to implement Restricted Boot. We want them to implement Secure Boot and to provide a way for individuals to install a fully free OS on their computers. Many computer makers are implementing UEFI Secure Boot in this way, and we want to continue encouraging them to do so.” The complete text of the statement they’d like people to sign reads: “We, the undersigned, urge all computer makers implementing UEFI’s so-called “Secure Boot” to do it in a way that allows free software operating systems to be installed. To respect user freedom and truly protect user security, manufacturers must either allow computer owners to disable the boot restrictions, or provide a sure-fire way for them to install and run a free software operating system of their choice. We commit that we will neither purchase nor recommend computers that strip users of this critical freedom, and we will actively urge people in our communities to avoid such jailed systems.”
Suit claims that not only is Instagram making a “grab for customer property rights” with tweaks to its terms of service, it’s also attempting to cover its tail by prohibiting users from seeking legal relief. [Read more]
If you felt a disturbance in the force earlier today, it was probably the Internet losing its collective cool over Instagram‘s new Terms of Service, which go into effect on January 16, 2013. We picked apart the new Terms in the latest installment of SlashGear 101, and while there are a few questionable Terms you’ll
Were you among the many put off or freaked out by Instagram’s changes to its Terms of Service announced yesterday? You’re not alone, as many informed the Facebook photo sharing platform that they weren’t pleased by the new language — they mistook it as a means for their photos to be monetized in unscrupulous ways. Good news is, Instagram heard these complaints and has responded, explaining the changes and pledging to nix parts that caused unnecessary confusion.
In a blog post today, co-founder Kevin Systrom made clear that the ToS tweaks were meant to inform Instagrammers that the company wants “to experiment with innovative advertising.” What kind of advertising? Say a company wants more folks following its Instagram account. According to Systrom, the changes allow Instagram to see which of the people you follow also follow that business and can use that information to better promote said company.
Basically, the changes were made so Instagram can find ways to increase ad revenue without spoiling the UX with banner ads. Additionally, Systrom made clear that users own their content and Instagram will not be selling user photos to advertisers. And, he has pledged that updated language to that effect is in the works. Still uneasy about using Instagram for your filtered photography needs? Head on over to the source for the full explanation straight from Systrom himself.
It’s been a while since we checked in with WAYN, (Where Are You Now), but the super early player in travel/lifestyle social media has quietly clocked up over 21 million members, in part by sticking to its travel niche religiously. Today its announced a “multi-million dollar” (terms were not disclosed) strategic partnership with India Today Group (ITG), one of the biggest media conglomerates in India, which has access to almost 100 million of India’s educated population, via 38 magazines, four Television channels, seven radio stations, 12 web portals and 56 apps across mobile and tablets. According to some estimates, India has around 137 million users online, so this is not an insignificant deal by any means. TechCrunch
Looking towards Mountain View to provide a suite of digital tools for your new business? Make sure to pen per-user costs into your ledger — Google Apps isn’t free anymore. According to Google’s enterprise blog, the basic Google Apps package is being abandoned to streamline the service, offering businesses a single, $ 50 per user option that promises 24/7 phone support, 25GB inboxes and a 99.9% uptime guarantee. Pre-existing free customers can still hum along unmolested, of course, and the standard pricing doesn’t apply to schools or universities, either. Personal Google accounts are still free too, doling out gratis Gmail and Drive access to anyone with a unique user name. The team hopes that streamlining the Apps will allow it to provide better service, possibly offering enterprise users new features on a faster timetable.
Attackers can read emails, contacts and other private data from the accounts of Yahoo users who visit a malicious page by abusing a feature present on Yahoo’s Developer Network website, says an independent security researcher. Computerworld News
Microsoft is targeting the growing mobile workforce with a 15% hike in license fees directed primarily at companies that have employees who use smartphone and other mobile devices in their work. TechCrunch
zacharye writes “Copyright enforcement might be getting out of hand in Scandinavia. As anti-piracy groups and copyright owners continue to work with authorities to curtail piracy in the region, police this week raided the home of a 9-year-old suspect and confiscated her “Winnie the Pooh” laptop. TorrentFreak reports that the girl’s home was raided after local anti-piracy group CIAPC determined copyrighted files had been downloaded illegally at her residence. Her father, the Internet service account holder, was contacted by CIAPC, which demanded that he pay a 600 euro fine and sign a non-disclosure agreement to settle the matter. When the man did not comply, authorities raided his home and collected evidence, including his 9-year-old daughter’s notebook computer.”
concealment sends this quote from MIT’s Technology Review: “AT&T screwed up in 2010, serving up the e-mail addresses of over 110,000 of its iPad 3G customers online for anyone to find. But Andrew Auernheimer, an online activist who pointed out AT&T’s blunder to Gawker Media, which went on to publicize the breach of private information, is the one in federal court this week. Groups like the Electronic Frontier Foundation worry that should that charge succeed it will become easy to criminalize many online activities, including work by well-intentioned activists looking for leaks of private information or other online security holes. [Auernheimer's] case hasn’t received much attention so far, but should he be found guilty this week it will likely become well known, fast.”
The case highlights a troubling disconnect between online life and the rule of the law.
AT&T screwed up in 2010, serving up the e-mail addresses of over 110,000 of its iPad 3G customers online for anyone to find. But today Andrew Auernheimer, an online activist who pointed out AT&T’s blunder to Gawker Media, which went on to publicize the breach of private information, is the one in federal court this week.
CowboyRobot writes “Adobe today confirmed that one of its databases has been breached by a hacker and that it had temporarily taken offline the affected Connectusers.com website. The hacker, who also goes by Adam Hima, told Dark Reading that the server he attacked was the Connectusers.com Web server, and that he exploited a SQL injection flaw to execute the attack. ‘It was an SQL Injection vulnerability, somehow I was able to dump the database in less requests than normal people do,’ he says. Users passwords for the Adobe Connectusers site were stored and hashed with MD5, he says, which made them ‘easy to crack’ with freely available tools. And Adobe wasn’t using WAFs on the servers, he notes. Tal Beery, a security researcher at Imperva, analyzed the data dump in the Connectusers Pastebin post and found that the list appears to be valid and that the hacked database was relatively old.”
What seemed a panacea has merely proved quite useful.
When I first got a hand-me-down iPad in September, I blogged about my first week as an iPad user, after long declaring I personally didn’t see the point of my owning a tablet (see “My First Week as an iPad User”). My usage quickly followed something like that critical buzz curve, where anticipation climaxes into enthusiasm and then settles into a backlash, before moving into a backlash-to-the-backlash phase. In a word, I was a bit confused about how to use my iPad–though I knew I liked it.
SAP now says it will proceed with two major user conferences set for Madrid next month, after saying earlier this week that it was weighing its options following concerns over labor strikes planned for the same time as the shows. Computerworld News
An anonymous reader writes “A web analytics company has agreed to settle Federal Trade Commission charges that it violated federal law by using its web-tracking software that collected personal data without disclosing the extent of the information that it was collecting. The company, Compete Inc., also allegedly failed to honor promises it made to protect the personal data it collected. KISSmetrics, the developer and seller of the homonymous tool, has agreed to pay up to make the suit go away, but the the two plaintiffs will get only $ 5,000 each, while the rest of the money — more than half a million dollars — will go to their lawyers for legal fees.”