In a victory for engineers and techies everywhere, Judge Lucy Koh has rejected the settlement proposed in the High-Tech Employee Antitrust Litigation case. The settlement was originally drawn up by the plaintiffs' legal counsel, Lieff Cabraser Heimann & Bernstein, a process which ordinarily would involve the participation and approval of the plaintiffs. Because the suit was class-action, however, the law firm allegedly moved forward on behalf of the plaintiffs without the approval of the class representatives, and informed them only after a settlement agreement had already been reached.

One of the plaintiffs, Michael Devine, asked the judge to reject the settlement based on the inequality of the proposed value to the amount of damage done, and it appears that Judge Koh agreed. Apple, Google, Intel, et al, and the plaintiffs' attorneys, will be required to either submit a higher offer or take the case to trial, a possibility that might lead to billions in damages considering the amount of evidence the plaintiffs have compiled.

Even if it does not go to trial, however, the judge's decision is a heads-up to businesses that this sort of behavior has consequences.

Hold Security: the security company responsible for the disclosure that some Russian hackers have collected 1.2 billion email/password combinations. When the news came out, Hold Security promised to check their database on an individual level rather than just publishing the passwords. They posted a form by which one could enter a name and email address, and told visitors to wait to hear from them.

Days later, emails were sent out that looked something like this:

Dear <Name you entered>,

This is a message from Hold Security regarding your recent Hold Identity enquiry.

We can confirm that your online credentials have been compromised. However, don't panic just yet. It is possible that the compromised password(s) associated with this email address are not critical, for example, a password might be very old or assigned to you by default by a service provider.

If you would like to know which one of your passwords has been compromised, follow the link to our website and enter your ticket number, which can be found in the subject field of this email. You can submit up to 15 passwords that will be encrypted using a very secure algorithm and sent to us for running a comparison check in our database. Please note that if you try to send us your passwords unencrypted, we will not respond and disregard your enquiry completely.

Once we check our database, we will let you know which, if any, of your (encrypted) passwords have been breached.

Thank you for your interest in our Hold Identity service and taking the time to submit your enquiry.

The email link leads to a form which invites the user to enter up to 15 of their passwords, plus their ticket number, in complete violation of all IT training and quite possibly sanity itself. It may very well be that this is the only way that the database can be logically searched, however. (Though I'm intensely wary of anything that claims to do real encryption via Javascript.)

Yeah, Betteridge's law of headlines would say "No" to this - but Brian Krebs seems to think they're real. Anyone got any experience with these people?

John McAfee, eccentric security pioneer turned Belize wanted criminal, made an appearance at Defcon22 to unveil his latest creation, The Brown List.

Tech Times writes:

John McAfee announced The Brown List in a surprise appearance in Las Vegas at the Defcon, the largest gathering of computer hackers in the world. While the site sounds like it's just a magnet for rants, McAfee looks at it differently. "This taps into anger in a positive way. Instead of getting angry and shooting at somebody on the highway, or yelling at your wife, you can log onto the site. Instead of just lashing out, give us your positive solutions

Most programming languages come with built in support for handling common data types, however using and manipulating user-defined data types has to be done via general purpose syntax. This often leads to using Strings rather than structured data. Computer scientists have designed safe way to use multiple programming languages within the same program, which will allow programmers to use the language most suitable for each function while also guarding against code injection. Their language, called Wyvern, is available as an Open Source Project.

The full paper is available as a PDF.

Wyvern determines which sublanguage is being used within the program based on the type of data the programmer is manipulating. Types specify the format of data, such as alphanumeric characters, floating-point numbers or more complex data structures, such as Web pages and database queries.

...

Many programming tasks can involve multiple languages; when building a Web page, for instance, HTML might be used to create the bulk of the page, but the programmer might also include SQL to access databases and JavaScript to allow for user interaction. By using type-specific languages, Wyvern can simplify that task for the programmer, Aldrich said, while also avoiding workarounds that can introduce security vulnerabilities.

This isn't a poll about your favorite environment. Because most of us use different machine or desktops/window managers in life, or like to switch from time to time, this poll asks you to list all the environments you use in an entire month. That includes your work machine, your laptop, the wife's Mac, and grandma's home Unix workstation. Whatever you come across in a month, tick the box! Expecting to see Windows at the top here, but let's see what else rises to the surface! http://pipedot.org/poll/2014-08-11/in-any-given-month-i-use-as-interface

Google has changed how new app permissions are applied when updating Google Play apps. Previously, automatically updated apps displayed explicit details and required user confirmation when a new version gained additional privileges. Google Play no longer displays the addition of new privileges if a user has previously accepted any other permission in the same category as the new permission. This makes it possible for an app to sneak in permission changes without the user realising making the Android platform less secure.

BitTorrent Bleep expands the Bittorent protocol to enable people to make voice calls and send messages over the Internet without using a central server to direct traffic. Users will find one another through groups of other users, with no records of the calls or texts stored anywhere along the way. Once a connection is made for a call or text, the communication travels directly between the two computers involved. That peer-to-peer approach also defies mass surveillance. BT Bleep is currently invitation only and limited to Windows 7 and 8.

The Australian government has started the process for outsourcing the Department of Human Services payments systems. This includes Medicare Australia and the Australian Pharmaceutical Benefits Scheme which together with Centrelink make up the largest department in the Australian public service. The Department of Health, who hold the DHS purse strings, are seeking engagement from private vendors for management of the claims and payment services the Department of Human Services delivers. This move comes as a shock as it is just three years after these government departments were merged together to form the DHS.

Further, DHS employees only found out about this happening when it was reported in the local paper. The DHS is currently bargaining for renewal of the employee enterprise agreement for which has stalled.

PirateBox creates offline wireless networks designed for anonymous file sharing, chatting, message boarding, and media streaming. Think of it as your very own portable offline Internet in a box. PirateBox is designed to be private and secure. No logins are required and no user data is logged. Users remain anonymous - the system is purposely not connected to the Internet in order to subvert tracking and preserve user privacy. PirateBox is designed for openwrt. There are versions for android raspberry pi and linux.

AMD will start selling a range of SSD products under the Radeon brand later this year. However, with the flash chips sources from Toshiba (19nm) and controller sourced from Indilinx (Barefoot 3) AMD isn't exactly bringing anything new to the table.