TfL wants to make sure you’ll never get caught short on the Tube

You know how it is. You’re traversing the Jubilee Line, nearing Waterloo and feel the need for a number two. Does Waterloo provide toilet facilities? Unless you’ve got encyclopaedic knowledge of TfL’s toilet facilities, or have access to its trusty PDF map, you run the risk of being caught short (Waterloo is fully equipped by the way). Luckily, the city’s travel authority now believes such information is important enough to be made available to app developers. How’s that likely to affect you? Well, it means that travel apps (like CityMapper) can now fold in the locations of TfL’s public facilities if they choose to. Could be great news for that next night out in Clapham, when you don’t make a trip to the bathroom before embarking on the journey home.

[Image credit: Sarah, Flickr]

Filed under: Transportation, Internet, Software

Comments

.CPlase_panel display:none;

Even San Francisco is thinking about cracking down on Uber

The world’s authorities must have something of a love/hate relationship with ridesharing companies. On one hand, it’s a disruptive new technology that encourages competition, which they love, but it’s also a regulatory nightmare for all involved. After all, someone has to think about the unwitting customers who expect that these cars have the same rules and regulations as a licensed taxi, which isn’t often the case. That’s what prompted the district attorneys of both San Francisco and Los Angeles to write a letter to Uber, Lyft and Sidecar to warn them that if they don’t change their business practices, they could face some serious consequences.

In the same way that Berlin banned Uber for using “unverified drivers in unlicensed vehicles,” an Uber driver in San Francisco was recently charged with punching a passenger. While this driver had passed the company’s own background check, authorities found that they’d been previously convicted of both violent crimes and drug offenses. SF Gate is reporting that further investigation by authorities has found that the companies pledges to screen out offenders with DUIs, driving and sexual assault convictions is “patently untrue.”

In order to avoid a crackdown, San Francisco DA George Gascón, the man behind the smartphone kill-switch, wants the companies to remove their claims that they run background checks on their drivers. The letter also accuses Uber and Lyft of violating state law with their ride-sharing fee calculations, and by not securing the right permits in order to pick up passengers at airports.

The only company that’s responded so far is Sidecar, with CEO Sunil Paul claiming that Gascón’s letter is “shocking and baffling.” Paul has also launched a Change.org petition to stop what he describes as “overzealous regulators,” influenced by “big taxi companies” from shutting his company down. In the meantime, Uber, Lyft and Sidecar have until October 8th to sit down with the DA’s representatives to try and hammer out a solution. If not, then we might expect to see plenty more stories with the words “Uber,” “Fined” and/or “Banned” in the headline.

Filed under: Transportation, Internet, Software

Comments

Source: SF Gate, WSJ, Sidecar

.CPlase_panel display:none;

What is the Shellshock Bash bug and why does it matter?

By now you may have heard about a new bug found in the Bash shell. And unless you’re a programmer or security expert, you’re probably wondering if you should really worry. The short answer is: Don’t panic, but you should definitely learn more about it, because you may be in contact with vulnerable devices.

This bug, baptized “Shellshock” by Security Researchers, affects the Unix command shell “Bash,” which happens to be one of the most common applications in those systems. That includes any machine running Mac OS X or Linux. The “shell” or “command prompt” is a piece of software that allows a computer to interact with the outside (you) by interpreting text. This vulnerability affects the shell known as Bash (Bourne Again SHell), which is installed not only on computers, but also on many devices (smart locks, cameras, storage and multimedia appliances, etc.) that use a subset of Linux.

But, what is it?

The bug is a little hard to explain without getting technical and mentioning some programming terminology, but bear with us, because it’s not difficult to understand. Basically, an attacker can run code by simply asking for basic information from your computer, a server or an “internet of things” (IoT) device. Now, your computer is most likely unaffected because you are (and should be) running a firewall and blocking external requests not initiated locally by the software already authorized to run, but servers and IoT devices are a different issue.

Let’s start with your computer. If you have a Mac OS X or Linux system, open the Terminal and run this line of code:

env x='() :;; echo vulnerable’ bash -c ‘echo this is a test’

If you see the word “vulnerable” as an answer, your system is, well… vulnerable.

Your Bash shell is simply running more code after a function (the “() :;;” part), and that shouldn’t be happening. The function is the “allowed” code, while everything after it is where the potentially “malicious” code could be installed.

What can an attacker do?

The remote execution (over the internet or a network) of extra code could let an attacker load malware on a system and steal private information, delete files, activate your camera, open a lock and, well, do pretty much anything with a little know-how. However, as we mentioned, this is not something that should matter much on a user’s computer with a working firewall, because it hasn’t been proven possible to take advantage of the bug under that scenario.

A server, well, that’s a completely different story, because a server has to listen to requests in order to “serve” (pun intended) its purpose. This means that by requesting almost any data and running malicious code, an attacker can infect any affected server, which is about 60 percent of web servers out on the internet, most routers (even your home router) and many consumer devices (including security cameras and “smart” appliances — which don’t seem so smart right about now). This is because smart appliances are a form of servers.

How can this problem be solved?

It’s super simple to solve this problem. Many software developers have already issued patches and more are being released by the hour. Two of the most popular Linux distributions, Red Hat and Ubuntu, already have patches available, and we suspect Apple will soon release its fix. Updating a system takes almost no time. It’s a simple process and it’s a common task for most users. The problem is with systems that are not often updated. For example: It’s not very common to update the software on your router, and even less common to update something like a door lock, a light switch or a security camera.

The internet of things complicates the situation because there are many more devices that should be updated, and for some, the manufacturers may not even issue patches. However, most of the devices are configured to function in a secure manner, behind a firewall. Regardless, if you suspect your “things” use a version of Linux (and there’s a really good chance they do), we recommend you check for updates and even inquire about them from the manufacturer.

The bottom line is: this is a serious bug, but patches are available and should be installed promptly. But, there’s no doubt we’ll be hearing plenty more about Shellshock and the problems it can cause in the coming days and weeks — especially since it’s gone unnoticed for around 25 years. There’s a lot of holes out there to patch.

Filed under: Internet, Software

Comments

.CPlase_panel display:none;

Game Shout Out: Fire Jumpers by RedBlox

Every gamer has experienced this scenario at least once – you play this great game but no one else knows about it. Even in this day and age, many great games go unplayed by the masses. With this series of articles I hope to shine at least the faintest of light on those games.

Fire Jumpers by Redblox is a game about fighting wildfires. Each level is set in a different place with a unique scenario. You command a fire rescue team to try your best to contain each fire. Each unit has their purpose, it is up to you to use them to your their best ability:

• Cut Team- They are used to create barriers
• Hose Team- Attach them to a water source to spray down an area.
• Helicopter- Used as transportation and water dropsWater
• Bombers- After a certain time limit they can be used to carpet an area with water

If you are looking for a Real Time Strategy game for your Android device look no further. This game can played on most devices but I recommend playing on the plus size screens. Each mission does not take long to complete so its perfect for those in between moments of casual gaming.

If that is not enough to convince you to buy this game, which costs $0.99 USD, 5% of all sales goes to the Fire Fighters 1st organization. Although this is a fun game, it also helps spread awareness of what goes on in those situations. So remember, kids: only you can percent forest fire.

The post Game Shout Out: Fire Jumpers by RedBlox appeared first on AndroidSPIN.

.CPlase_panel display:none;

‘Bash’ command flaw leaves Linux, OS X and more open to attack

Apparently, the internet has more deep-seated security bugs to worry about than Heartbleed. Researchers have discovered a longstanding flaw in a common Unix command shell (bash) for Linux and Macs that lets attackers run any code they want as soon as the shell starts running. They can effectively get control of any networked device that runs bash, even if there are limits on the commands remote users can try. That’s a big problem when a large chunk of the internet relies on the shell for everyday tasks — many web servers will call on it when they’re running scripts, for example.

…for example, here is the bash bug in action on Mac OS X pic.twitter.com/nfDCUdRnb5

– Robert Graham (@ErrataRob) September 24, 2014

There are already patches for multiple Linux variants (CentOS, Debian, Redhat), and big internet services like Akamai have already taken action. However, the age and sheer ubiquity of the exploit means that there are some older servers and other internet-connected devices that won’t (and in some cases, can’t) be fixed. In other words, there’s a chance that everything from poorly maintained websites to your home security camera will remain vulnerable. Some devices will be protected, however, as security researcher Paul McMillan notes that many embedded devices “use BusyBox, which is not vulnerable.” It’s unlikely that hackers will breach many of the major sites you visit thanks to their quick responses to the flaw, and many of your existing gadgets are probably safe. Having said this, it’s hard to know exactly how far reaching the damage may be — it could take years before there’s no longer a significant threat.

[Image credit: Robert Graham, Twitter]

Filed under: Internet, Software

Comments

Source: Red Hat Security Blog, Debian.org, US-CERT

.CPlase_panel display:none;