Info World: AT&T won’t stop Black Hat demo of cell phone eavesdropping "The operator denies rumors it will try to block a hacker’s demonstration of cell phone call interception at the Black Hat conference"

c|net: Black Hat shines light on security (roundup)

CFP NcN 2010

[security bulletin] HPSBUX02556 SSRT100014 rev.2 – HP-UX Running rpc.ttdbserver, Remote Execution of Arbitrary Code

SimplyMEPIS is a simply wonderful distribution. It was the first to offer a complete out of the box experience all tied up in a pretty package. It would be fair to say that it was probably the inspiration for many of the easy-to-use distributions available today.

Web Traffic Analysis with httpry

httpry is a tool specialized for the analysis of web traffic. The tool itself can be used to capture …(more)…

With the debut of Groupon personalization, I have little doubt that the daily deal site will double the number of deals (and double its revenue run rate) in just a few months.

According to CEO Andrew Mason, the service is churning out 75,000 transactions per day. Through personalization, Groupon will be able to offer 20, 30 or more deals per city per day. Assuming the current growth rate in subscribers — in the last four months the site has more than doubled to 12 million registered users— 2x is likely a prudish estimate.

It’s hard to fault a company that is making money hand over fist; however, as a user, I do have one piece of advice: loosen that death grip on the daily deal mantra.

According to Mason, the personalization system will give a user one deal a day based on their preferences, their purchase history and their profile. Although there will be several, simultaneous deals in any given area, a user will only be able to access one main deal from his/her account. However, if the user finds a link to a different deal from a friend, a blog, or a daily deal aggregator, that link can be used by anyone. (In the early stage of the personalization program, Mason says, Groupon users may see multiple deals but eventually Groupon will turn that off.)

Thus, all the local deals are theoretically open to every subscriber but Groupon is playing air traffic controller in order to maximize the number of deals they can offer (aka cha-ching) and to ensure a nice distribution of users for their advertisers.  It’s easy understand Mason’s rationale here, at just one deal a day their hands were somewhat tied, unable to fully absorb the number of interested advertisers. In turn, Groupon’s limited inventory has directly benefited the “army of clones,” who have swooped in and picked up impatient retailers.

“We believe in the deal a day model, but we were running into a problem where the demand for merchants to be featured has been absolutely overwhelming,” Mason says. “We have something like 35,000 businesses lined up that want to be featured, 97% of the businesses that we feature want to be featured again, so the problem is only getting worse. And what it means is for every business we’re featuring, we have to turn away 7.” (See video above.)

Understandably, Groupon is trying to optimize the bottom line and enhance the consumer experience with personalized deals, but this structure also potentially creates a frustrating user experience. Under this system, a user knows that there could be 20, 30 deals floating around but s/he can only automatically access one. Thus, if a user doesn’t want their preselected deal of the day, she will have to scour the web and ping friends in a cyber goose chase. Of course, this search will be eased by the plethora of daily deal aggregators— but that doesn’t seem like an ideal solution for Groupon either. Why encourage users to jump off your website and spend more time on independent aggregators, where their wallets will be exposed to competitors’ deals.

From the launch of Groupon, Mason has adamantly defended the model of one deal a day, a structure that has obviously served his company well (and its army of clones) and catapulted Groupon to a billion-dollar-plus valuation. However, I believe the massive demand in the market indicates that there’s some flexibility in the business model. The data suggests that consumers can stomach several deals a day— maybe not hundreds— but certainly more than one.  From the vantage point of a user, I would like to see Groupon send just one personalized deal a day to my inbox because I think there is real value in that spotlight. However, on Groupon’s website, I also want the option to log-in and access all (or at least several) of my local deals in one simple repository, perhaps ranked according to my tastes and profile.

Groupon, consider this my 700-word comment card. However, regardless of how you tackle the challenge of personalization, I get the feeling you’ll probably do just fine.

Mason dropped by TechCrunch TV on Wednesday and we got a chance to discuss the new personalization campaign (above) and Groupon’s early days. In the second video (below), he discusses the key moment when Groupon kicked into second gear.

Despite their clear commitment to the hardware version of the Kindle, Amazon continues to make the Kindle apps that run on the iPad and iPhone better. Today, version 2.2 of the app brings a full dictionary with it. This matches the functionality of Apple’s own iBooks app, but the Kindle implementation is even a little better.

Now in the Kindle app when you highlight a word, a definition will automatically appears at the bottom of the screen. And that’s not all — there you’ll also find links to further investigate the word on Google or Wikipedia. Though this dumps you out of the app and into the iPhone/iPad web browser, it’s a pretty nice feature.

The feature also includes a link for the “Full Definition” of the word. Clicking on this will take you to the new Oxford American Dictionary that is automatically downloaded with this 2.2 version of the app. This dictionary contains some 250,000 entries, Amazon says.

As I said, this dictionary functionality matches that of Apple’s own iBooks app. But those definitions are an extra click away (you highlight a word then select “Dictionary” which bring up the definition in a pop-up).

The latest iPad version of the Kindle app also allows you to search inside a book for the first time. This too matches iBooks functionality. (The in-book search for the iPhone has also been improved with 2.2.)

Other small improvements include better line spacing on the iPad version, and fast-app switching for iOS 4 devices.

[HITB-Ann] Reminder: HITB2010 Malaysia Call for Papers Closing August 9th

We’ve just received official word from Google confirming that they are not currently blocked in China and that a server issue was most likely the cause of their dashboard misread. One month ago, Google put up their watered-down engine to avoid being shut down completely in Mainland China. Because the Chinese government did not like the auto redirect to Google Hong Kong previously in place, the new degraded version at the center of all today’s confusion simply links to Google Hong Kong.

From Google, in an email today:

Because of the way we measure accessibility in China, it’s possible that our machines could overestimate the level of blockage. That seems to be what happened last night when there was a relatively small blockage. It appears now that users in China are accessing our properties normally.

Please also note that the dashboard is not a real time tool.

The email also suggests that an error in measuring what turned out to be a small amount of blockage was responsible for the false alarm. The fact that the dashboard does not update in realtime is probably what lead to today’s mixed reports as to whether or not the service was working. When asked what specific issue caused the blockage, Google responded that they had nothing more to add.

Image: Bramus!

Technology is a part of your sex life, whether you like it or not. Here are some things to keep in mind if you want to protect your privacy.

Information Security Investigator: BlackHat 2010 Video! The ATM Hack and Jackpot

The Register: UK population to be guaranteed mobile 768Kb/sec service

Wired: Exclusive – Google, CIA Invest in Future of Web Monitoring

(Posted 29 Jul 2010 by falko)

(Posted 29 Jul 2010 by solrac)

[SECURITY] [DSA 2077-1] New openldap packages fix potential code execution

Richard Stallman answers the top 25 questions from reddit readers.

A fascinating interview …

Former Yelp VP of Finance/Administration Vlado Herman takes a step up the ladder and becomes, as of today, Yelp’s Chief Financial Officer.  The Yelp Blog introduces his promotion with an adorable poem:

Faster than BP’s falling share price.
More powerful than a bull market on steroids.
Able to leap across the Atlantic in a single bound.

Look! Up in the sky!

It’s a bird. It’s a plane. It’s our new CFO!

Founded by former PayPal employees Jeremy Stoppelman and Russel Simmons in 2004, Yelp has recently tried to cash in on the GroupOn craze by offering local deals, while Google is attempting to take the wind out of Yelp’s sails with its new Places application.

Photo: Yelp Blog

Just a couple hours ago, news broke of the $99 Copia Wave5 e-reader, or tablet, or whatever you want to call a 5″ LCD-based device focused on reading. That isn’t the extent of the lineup, however: Copia has two more LCD-based tablets coming out soon, as well as two E-ink-based readers with Kindle-esque designs.

As they’ve said since their CES debut, the draw is supposed to be their unique social platform, which allows a community of readers to exchange reviews, recommendations, and so on — and although it will start as an exclusive to Copia-branded devices, they’re trying to go OEM and make the Copia service the premier social layer for e-books.

Continue reading…

Oracle Java SE and Java for Business ‘XNewPtr()’ Remote Code Execution Vulnerability

Oracle Java SE and Java for Business Sound Component MIDI Stream Remote Code Execution Vulnerability

As you’re undoubtedly aware, location is one of the hottest fields out there right now. Startups, services, devices, and advertisers are all hovering around it. As you’re also likely well aware, Apple likes to be in control of their own devices. So it should come as no surprise to hear that Apple is moving to be in complete of their own location database.

Back in June, Apple changed its privacy policy to reflect some of the newer things they were doing with regard to location. This worried some people — including two U.S. Congressmen who sent a letter to Apple asking about the change. A couple weeks ago, Apple responded to that inquiry with a letter from Apple’s general counsel, Bruce Sewell. The overall main points of that letter have already been covered quite a bit (basically, none of the data Apple collects is linked to a specific user or device and no data is shared without consent). But buried on page 5 of the 13-page letter is a bit of information that’s rather interesting.

Here’s the passage (highlights are mine):

To provide the high quality products and services that its customers demand, Apple must have access to comprehensive location-based information. For devices running iPhone OS versions 1.1.3 to 3.1, Apple relied on (and still relies on) databases maintained by Google and Skyhook Wireless (“Skyhook”) to provide location-based services. Beginning with the iPhone OS version 3.2 released in April 2010, Apple relies on its own databases to provide location-based services and for diagnostic purposes. These databases must be updated continuously to account for, among other things, the ever-changing physical landscape, more innovative uses of mobile technology, and the increasing number of Apple’s customers. Apple has always taken great care to protect the privacy of its customers.

In other words, since iPhone OS 3.2 (since renamed “iOS”) which shipped on the iPad, and continuing with the new iOS 4, Apple is now in complete control of the location services on the iPhone (and iPad/iPod touch). Previously, Apple relied on the location information from Skyhook and Google. But now they have built their own databases to be able to drop those guys going forward (though, as they note, the older iOSes still use that outside data).

As I said, this continues Apple’s long tradition of wanting to have complete control over their products by developing everything they need in-house. They didn’t have the capabilities to do that with location services when the iPhone launched. Now, apparently, they do.

When reached for comment, Skyhook wouldn’t specifically talk about their relationship with Apple, but they did say that “everyone who has a platform wants to own as much of the location stack as possible. Location data is going the be huge and owning it is going to be the next big war in mobile.“

It has to be particularly nice for Apple to be able to ditch Google in this regard. While Google helped Apple build the Maps application on the iPhone, the relationship between the two has obviously changed over the years. With Apple now making its move into mobile advertising with iAds, clearly they didn’t want to be sending or receiving all the location information for all of their millions of devices from what is now a chief rival. And Google is making fast moves to beef up its mobile location-based ads, as well.

It will also be interesting to see what, if anything, this means for the Maps application on the iPhone and iPad. Earlier this month, Apple bought Poly9, makers of a 3D mapping software. And last year, they bought Placebase, another map-maker. Both of those purchases were likely for their talent, rather than the products — it would seem as if Apple is moving in the direction of having its own mapping products. If they do that, clearly they’re going to want their own location databases as well. And now they have just that.

One thing a lot of services such as Google have been working on recently is building up their place databases. It’s not clear if Apple will be building their own one of those as well — but I wouldn’t bet against it.

This also may signal Apple eventually baking in location to some of their other apps — like Contacts. While I suspect they wouldn’t do this in a way that would directly compete with all the third-party location startups out there, it could be something along the lines of being able to tell where family members are at all times (provided they opt-in, of course).

And, of course, Apple likes to tout their “Find My iPhone” feature, which is all about location. It’s perhaps the perfect example of how Apple is able to tell where any iPhone (or iPad) is at anytime, anywhere. It makes sense to try to fully control that information, and all the data surrounding it.

The Economist has a great article, “Rough Justice in America.” Go and read the whole thing.
This jumped out at me:
“You’re (probably) a federal criminal,” declares Alex Kozinski, an appeals-court judge, in a provocative essay of that title. Making a false statement to a federal official is an offence. So is lying to someone who then [...]

This tutorial shows how you can set up an OpenSUSE 11.3 desktop that is a full-fledged replacement for a Windows desktop, i.e. that has all the software that people need to do the things they do on their Windows desktops. The advantages are clear: you get a secure system without DRM restrictions that works even on old hardware, and the best thing is: all software comes free of charge.

This is absolutely the best campaign platform ever: