WhatsApp threatens legal action against API developers

Posted on by

However, the popular texting alternative WhatsApp still has a major security problem. Attackers can compromise other users’ accounts with relative ease, and send and receive messages from another user’s account. In this respect nothing has changed – heise Security was able to successfully repeat its test this morning (Tuesday).

via WhatsApp threatens legal action against API developers – The H Security: News and Features.

WhatsApp Inc. has, however, been in touch with the developers behind the GitHub project WhatsAPI, an open source implementation of the WhatsApp protocol written in PHP and Python. The company has threatened to take legal action against the developers if they do not take the project offline. heise Security has been told by one of the developers that they have decided to acquiesce to this request and to cease working on the API.

Trade group exposes 100,000 passwords for Google, Apple engineers

Posted on by

“It is certainly unfortunate this information was leaked out, and who knows who got it before it got fixed,” Dragusin wrote. Elsewhere in the post he said: “If leaving an FTP directory containing 100GB worth of logs publicly open could be a simple mistake in setting access permissions, keeping both usernames and passwords in plaintext is much more troublesome.”

via Trade group exposes 100,000 passwords for Google, Apple engineers | Ars Technica.

Update: An IEEE spokeswoman emailed the following statement: “IEEE has become aware of an incident regarding inadvertent access to unencrypted log files containing user IDs and passwords. We have conducted a thorough investigation and the issue has been addressed and resolved.

Of all groups that have membership websites which store passwords, IEEE would be the last on a list I would suspect to have something like this happen.

phpMyAdmin Back Door

Posted on by

On September 25th, SourceForge became aware of a corrupted copy of phpMyAdmin being served from the ‘cdnetworks-kr-1′ mirror in Korea. This mirror was immediately removed from rotation.

The mirror provider has confirmed the attack vector has been identified and is limited to their mirror; with exploit having occurred on or around September 22nd.

via phpMyAdmin Back Door | SourceForge Community Blog.

This corrupted copy of phpMyAdmin included a backdoor which permitted execution of arbitrary commands by the web server user. The notice from phpMyAdmin may be seen at:
http://www.phpmyadmin.net/home_page/security/PMASA-2012-5.php

Simplify the Home, Protect Fiber’s Value

Posted on by

“We need to collaborate as a group to help create a simple and seamless experience in the home,” Mudge said. In a conversation after the presentation, he added that this could include routers or residential gateways that enable a consistent experience and stability for the home technology user over a period of years, not months.

via Light Reading – Cable – Verizon: Simplify the Home, Protect Fiber’s Value – Telecom News Analysis.

A failure to continue to deliver on integration of in-home devices and technologies into the broadband service will cause customers to “lose faith” in their service providers, Mudge said

These service providers will hold a monopoly over FTTH so why would they care about a customer’s “faith?”

ARM Information Center

Posted on by

Welcome to the ARM Infocenter. The Infocenter contains all ARM non-confidential Technical Publications, including:

Via ARM Information Center.

Huawei’s High Hopes for Handsets

Posted on by

Wan Biao, CEO of Huawei Device, has told Reuters he expects the company’s consumer device business to achieve revenue growth of 30 percent next year, while smartphone revenues are expected to grow by at least 40 percent.

That would put the Huawei Device unit’s 2013 revenue target at about US$11.7 billion, as the Chinese vendor has forecast its device sales to hit $9 billion this year. In 2011, Huawei’s device unit generated $6.9 billion in sales, about 22 percent of the company’s total revenues. (See Huawei, ZTE Look to Handsets for Growth.)

via Light Reading Mobile – Wireless Bits – Huawei’s High Hopes for Handsets.

Trace the Process and See What It is Doing with strace

Posted on by

strace is a useful diagnostic, instructional, and debugging tool. It can save lots of headache. System administrators, diagnosticians and trouble-shooters will find it invaluable for solving problems with programs for which the source is not readily available since they do not need to be recompiled in order to trace them. This is also useful to submit bug reports to open source developers.

via Debugging Tip: Trace the Process and See What It is Doing with strace.

Run strace against /bin/foo and capture its output to a text file in output.txt:
$ strace -o output.txt /bin/foo

Connect Two Wireless Router Wirelessly

Posted on by

You can setup a wireless connection between two routers only so that it will link a wireless network to a wired network allowing you to bridge two networks with different infrastructure. You can find wireless access points products that offer either a “bridge” mode or a “repeater” mode. In this post I’m going to explain three popular open source choices that can be used for setting up a wireless bridge.

via HowTo: Connect Two Wireless Router Wirelessly ( Bridge ).