Desktops (Apple)

Htop 2.0 Released, Runs Natively On BSDs and Mac OSX 11

An anonymous reader writes: The popular Linux process viewer htop got a new major revision, and now runs natively on FreeBSD, OpenBSD and Mac OS X. The author discussed the process of making the tool cross-platform earlier this year at FOSDEM. Htop also got some new features, including mouse wheel support via ncurses 6 and listing process environment variables.
Desktops (Apple)

Scareware Signed With Apple Cert Targets OS X Machines (threatpost.com) 39

msm1267 writes: A unique scareware campaign targeting Mac OS X machines has been discovered, and it's likely the developer behind the malware has been at it a while since the installer that drops the scareware is signed with a legitimate Apple developer certificate.

"Sadly, this particular developer certificate (assigned to a Maksim Noskov) has been used for probably two years in similar attacks," said Johannes Ullrich, dean of research of the SANS Institute's Internet Storm Center, which on Thursday publicly disclosed the campaign. "So far, it apparently hasn't been revoked by Apple."

Firefox

Firefox 44 Arrives With Push Notifications (mozilla.org) 182

An anonymous reader writes: Mozilla today launched Firefox 44 for Windows, Mac, Linux, and Android. Notable additions to the browser include push notifications, the removal of RC4 encryption, and new powerful developer tools. Mozilla made three promises for push notifications: "1. To prevent cross-site correlations, every website receives a different, anonymous Web Push identifier for your browser. 2. To thwart eavesdropping, payloads are encrypted to a public / private keypair held only by your browser. 3. Firefox only connects to the Push Service if you have an active Web Push subscription. This could be to a website, or to a browser feature like Firefox Hello or Firefox Sync." Here are the full changelogs: Desktop and Android.
Networking

Tracking Protection In Wi-Fi Networks Coming Soon To Linux 112

prisoninmate writes: Fedora contributor and NetworkManager developer Lubomir Rintel explains how your devices are being identified on a network by a unique number that most of us know by the name of MAC address. Same goes for mobile networking, as your laptop's or mobile phone's MAC address is, in most cases, broadcasted everywhere you go before you even attempt a connection to a wireless network. And that's a problem for your privacy. The solution? Randomization of the MAC address while scanning for Wi-Fi networks. Apple is already using this method on iOS 8 and later mobile operating systems, and so is Microsoft in Windows 10, so Linux users will ["likely"] get it in the upcoming NetworkManager 1.2 release.
Businesses

Trump Says He'd Make Apple Build Computers In the US (businessinsider.com) 875

mrspoonsi writes with Business Insider's report that presidential candidate Donald Trump says he'd like to make Apple "start building their damn computers and things in this country instead of other countries." From the article: Trump's ultimatum to the most valuable company in the world was made towards the end of a 45-minute speech he gave at Liberty University in Virginia on Monday. The most popular candidate in the Republican party said he would impose a 35% business tax on American businesses manufacturing outside of the United States. Apple has manufactured its Mac Pro at a factory in Texas since 2013, but the vast majority of its products (including the iPhone) are largely made and assembled in China. How Trump would force Apple's supply chain, which relies heavily on a vast network of suppliers and large factories throughout Asia, to be brought stateside remains unknown. Apple CEO Tim Cook recently called the U.S. tax code "awful for America." If Trump (or anyone) thinks this is a good idea, why start or stop with Apple?
Bug

Zero-Day Vulnerability Discovered In FFmpeg Lets Attackers Steal Files Remotely 72

prisoninmate writes: A zero-day vulnerability in the FFmpeg open-source multimedia framework, which is currently used in numerous Linux kernel-based operating systems and software applications, also for the Mac OS X and Windows platforms, has been discovered recently by Russian programmer Maxim Andreev in the current stable builds of the software. It appears to let anyone with the necessary skills hack a computer to read local files on a remote machine and send them over the network using a specially crafted video file. Arch Linux devs already rebuilt their FFmpeg packages without the AppleHTTP and HLS demuxers.
Security

First Node.js-Powered Ransomware Discovered (softpedia.com) 69

An anonymous reader writes: A security researcher from Emsisoft has discovered a new ransomware family coded via NW.js (formerly Node-WebKit). Why is it unique? Because it is the first of its kind to use JavaScript for the ransomware's source code, it provides cross-OS support (we may see the first universal Windows-Linux-Mac ransomware in the future), and because the security researcher describes it as "successor of CryptoLocker" when it comes to encryption quality. The ransomware, Ransom32, is offered as a RaaS service on the Dark Web, only targets Windows machines in its first version, and is currently undecryptable.
Software

Windows, OS X, and iOS Top 2015's List of Software With the Most Vulnerabilities (venturebeat.com) 111

An anonymous reader writes: Which software had the most publicly disclosed vulnerabilities in 2015? According to a site called CVE Details, which organizes data provided by the National Vulnerability Database, Apple's Mac OS X was near the top, with 384 vulnerabilities. iOS followed closely, with 375 vulnerabilities. The list splits out Windows into its separate versions, so it's hard to get an accurate count — simply adding them all together yields a total of over 1,000, but there are likely many duplicates. Other top spots went to Adobe's Flash Player, with 314 vulnerabilities; Adobe's AIR SDK, with 246 vulnerabilities; and Adobe AIR itself, also with 246 vulnerabilities. The four major web browsers also ranked quite highly.
Graphics

Super Mario Inspired SuperTux Issues Its First Official Release In 10 Years (phoronix.com) 116

An anonymous reader writes: SuperTux, the free software game inspired by Nintendo's Super Mario Brothers, has put out its first stable release in a decade. SuperTux 0.4 rewrites the game engine to make use of OpenGL, SDL2, and other modern open-source game tech. SuperTux 0.4 additionally features a lot of new in-game content, an in-game download manager, and support for translations. SuperTux 0.4 can be downloaded for Linux, Windows and Mac via GitHub.
The Almighty Buck

Comcast Typo Penalizes Wrong Customer For Data Usage (arstechnica.com) 124

ShaunC writes: Soon after Comcast implemented its data caps in Tennessee, one customer began getting calls warning that he was approaching his monthly usage limit. The company's data cap meter was ticking up rapidly, even attributing 120GB of use — almost half of the monthly cap — to a period of time when he was out of the country. After months of back and forth and troubleshooting by the customer, Comcast finally admitted that a typo in a MAC address was causing another customer's usage to appear on his account. With data caps like Comcast's carrying a real financial cost in terms of overage fees, how can we trust providers to accurately track customers' bandwidth usage?
Security

Over 650 TB of Data Up For Grabs From Publicly Exposed MongoDB Database (csoonline.com) 96

itwbennett writes: A scan performed over the past few days by John Matherly, the creator of the Shodan search engine, has found that there are at least 35,000 publicly accessible and insecure MongoDB databases on the Internet, and their number appears to be growing. Combined they expose 684.8 terabytes of data to potential theft. Matherly originally sounded the alarm about this issue back in July, when he found nearly 30,000 unauthenticated MongoDB instances. He decided to revisit the issue after a security researcher named Chris Vickery recently found information exposed in such databases that was associated with 25 million user accounts from various apps and services, including 13 million users of the controversial OS X optimization program MacKeeper, as reported on Slashdot on Wednesday.
Security

MacKeeper Discloses 13 Million Mac Users' Details With Poor Hash Protection (mackeeper.com) 72

An anonymous reader writes: Mac security software suite MacKeeper is recovering after a hack leaked millions of users' personal information. Kromtech, the software developer, confirmed that it had received notice of the hack yesterday, discovering a hole in its security which was exposing customer usernames, email addresses and other personal data for as much as 13 million users. The hole was patched within a matter of hours after security researcher Chris Vickery had published details of the error over the weekend. Vickery, who had been unfamiliar with both MacKeeper and Kromtech, explained that he had discovered the security fault by browsing the connected devices search engine Shodan.io.
Firefox

Firefox 43 Arrives With 64-bit Version For Windows, Android Tab Audio Indicators (venturebeat.com) 188

An anonymous reader writes: Mozilla today launched Firefox 43 for Windows, Mac, Linux, and Android. Notable additions to the browser include a 64-bit version for Windows (finally!), a new strict blocklist for the browser's tracking protection feature, and tab audio indicators on Android. "There is, however, a bit of a caveat. Firefox 64-bit for Windows has limited support for plugins. Certain sites that require plugins and work in Firefox 32-bit might not work in this 64-bit version. But Mozilla doesn’t see this as a big problem, and says it is by design. After all, the company plans to drop support for NPAPI plugins in Firefox by the end of the year (though it will keep Flash around). Mozilla has just over two weeks to deliver on that promise." Here are the changelogs: desktop and Android.
Privacy

Comcast Xfinity Wi-Fi Discloses Customer Names and Addresses (csoonline.com) 49

itwbennett writes: Despite assurances that only business listings and not customer names and home addresses would appear in the public search results when someone searches for an Xfinity Wi-Fi hotspot, that is exactly what's happened when the service was initiated 2 years ago — and is still happening now, writes CSO's Steve Ragan. And that isn't the only security issue with the service. Another level of exposure centers on accountability. Ken Smith, senior security architect with K Logix in Brookline, Ma., discovered that Comcast is relying on the device's MAC address as a key component of authentication.
Python

Python Is On the Rise, While PHP Falls (dice.com) 232

Nerval's Lobster writes: While this month's lists of the top programming languages uniformly put Java in the top spot, that's not the only detail of interest to developers. Which language has gained the most users over the past five years? And which are tottering on the edge of obsolescence? According to PYPL, which pulls its raw data for analysis from Google Trends, Python has grown the most over the past five years—up 5 percent since roughly 2010. Over the same period, PHP also declined by 5 percent. Since PYPL looks at how often language tutorials are searched on Google, its data is a good indicator of how many developers are (or aren't) learning a language, presumably because they see it as valuable to their careers. Just because PYPL shows PHP losing market-share over the long term doesn't mean that language is in danger of imminent collapse; over the past year or so, the PHP community has concentrated on making the language more pleasant to use, whether by improving features such as package management, or boosting overall performance. Plus, PHP is still used on hundreds of millions of websites, according to data from Netcraft. Indeed, if there's any language on these analysts' lists that risks doom, it's Objective-C, the primary language used for programming iOS and Mac OS X apps, and its growing obsolescence is by design.
IOS

Tim Cook: Apple Won't Create 'Converged' MacBook and iPad (independent.ie) 337

LichtSpektren writes: In an interview with Independent.ie, Apple CEO Tim Cook has stated that Apple is currently not looking to create an iPad that runs Mac OS X. "We feel strongly that customers are not really looking for a converged Mac and iPad, because what that would wind up doing, or what we're worried would happen, is that neither experience would be as good as the customer wants. So we want to make the best tablet in the world and the best Mac in the world. And putting those two together would not achieve either. You'd begin to compromise in different ways." Cook also commented that he does not travel with a Mac anymore, only his iPad Pro and iPhone.
Security

Mac App Store Apps 'Damaged' Following Security Certificate Bug (thestack.com) 66

An anonymous reader writes: A slew of complaints are emerging against Apple after users were forced to delete and re-install Mac App Store apps in the wake of a major security management error. The problem manifested with the apparent expiry of security certificates which validated the apps, but even after the certificates were updated yesterday to expire in 2035, the problems were not resolved; some users were unable to verify the new certificates, and others could not even connect to the internet. In some cases the programs had to be reinstalled from scratch, deleting the user's existing settings.
OS X

Proof-of-Concept Ransomware Affects Macs (vice.com) 163

sarahnaomi writes: Ransomware, the devilish family of malware that locks down a victim's files until he or she coughs up a hefty bounty, may soon be coming to Mac. Last week, a Brazilian security researcher produced a proof-of-concept for what appears to be the first ransomware to target Mac operating systems (Mac OS X). On Monday, cybersecurity company Symantec verified the researcher's findings. "Mabouia is the first case of file-based crypto ransomware for OS X, albeit a proof-of-concept," Symantec wrote in a blog post. "It's simple code, I did it in two days," [said] the creator of the malware.

Slashdot Top Deals