LinkedIn denies harvesting user email accounts without permission

LinkedIn denied charges that the company breaks into the email accounts of its members without permission to harvest contacts’ addresses.

A class action complaint by four users has charged the professional networking site with hacking into their external email accounts and downloading addresses of their contacts for monetary gain by repeatedly promoting its services to these contacts.

Paul Perkins, Pennie Sempell, Ann Brandwein, and Erin Eggers charged LinkedIn with breaking into “its users’ third party email accounts, downloading email addresses that appear in the account, and then sending out multiple reminder emails ostensibly on behalf of the user advertising LinkedIn to non-members.”

The so-called hacking of the user’s email account and download of addresses is done without “clearly notifying the user or obtaining his or her consent,” which is likely to emerge as the crux of the case.

LinkedIn does not access a user’s email account without the user’s permission, and claims that it hacks or breaks into members’ accounts are false, Blake Lawit, senior director of litigation at LinkedIn wrote in a blog post on Saturday. LinkedIn never deceives by “pretending to be you” in order to access the user’s email account, Lawit wrote.

“We never send messages or invitations to join LinkedIn on your behalf to anyone unless you have given us permission to do so,” he added.

New users signing in to LinkedIn are asked for the external email address as their user name, though they aren’t told what it will be used for, according to the complaint filed last week in U.S. District Court for the Northern District of California.

If a LinkedIn user leaves an external email account open, LinkedIn is said to pretend to be that user and downloads the email addresses in that account to LinkedIn servers, according to the complaint. Linkedln is able to download the addresses without requesting the password for the external email accounts or obtaining users’ consent, according to the complaint.

If the LinkedIn user has logged out from his email applications, the network requests the user name and password of an external email account to ostensibly verify the identity of the user, and then, without notice or consent, attempts to access the user’s external email account to download email addresses, according to the complaint.

Linkedln does not inform its users that email addresses harvested from a user’s external email account will be sent multiple emails inviting the recipient to join Linkedln with the user’s endorsement, the complaint said. Users have complained to Linkedln about its “unethical harvesting” of email addresses and repeated spamming of those addresses, according to the complaint, which asks the court for damages and an order prohibiting LinkedIn from continuing its “wrongful and unlawful acts.”

John Ribeiro covers outsourcing and general technology breaking news from India for The IDG News Service.
More by John Ribeiro, IDG News Service

View the original article here

Secure your small-business network without spending a dime

You have a target on your back. In 2012, 31 percent of cyberattacks were aimed at small businesses, and that staggering number is 100 percent attributable to inadequate—or nonexistent—security measures at many of these firms, which might as well be an open invitation to hackers.

Now, we’re not going to hit you with another eat-your-veggies imperative to secure the computers and networks at your business. We understand that it’s all too easy to view security as a discretionary expense.

But what if we told you that there were security controls in the tools you already own that could vastly improve your protection if you just used them? And that you could fill any gaps in protection with free security programs that are every bit as effective as their commercial counterparts?

Below are several ways to fend off cyberthreats. The only investment is your time.

The quickest—and cheapest—way to beef up your defenses is to understand and employ the security measures you already have at your disposal.

Start with the simple things. Make sure that all your user accounts are protected with strong passwords and that only those employees who need administrative privileges have administrator accounts on their PCs.

Windows’ Local Group Policy Editor lets you administrate policies, restrictions, and more for groups of users and computers.

Next, take a look at the Local Group Policy Editor in Windows. This power tool gives you granular control over groups of users and computers, so it makes sense that Microsoft placed the utility where people can’t easily find it. (One way to find it is to type group in the search field in either Windows 7 or Windows 8. ‘Edit Group Policy’ should appear as one of the top few options available.) From the Editor, you can set password and account lockout policy, firewall policy, software restrictions, and more. Spend a couple of hours learning about the Local Group Policy Editor, and wield its power judiciously.

Zero-day attacks make for ominous headlines, but the reality is that known vulnerabilities are a much bigger threat. Most attackers don’t have the skill or the devotion to ferret out new security holes. Once a vendor releases a patch, though, lazy attackers can reverse-engineer it to identify the vulnerability it fixes and figure out how to exploit that flaw.

The longer you go without implementing an applicable patch, the more at risk you are. You should have automatic updates turned on in Windows, as well as in any other applications you use that offer such a function. If you can’t take advantage of this feature, you’ll have to make a serious effort to stay informed about new updates and test and apply them as soon as they’re available.

Once you’ve exhausted all the resources you have on hand, it’s time to explore outside options. Some of the best security tools available are free and can go toe-to-toe with features offered in big-brand security suites. Here are a few to get you started.

Microsoft Security Essentials: Windows 8 includes Windows Defender, but prior versions of the operating system didn’t come with antimalware protection. If you need to protect computers running Windows XP or Windows 7, you can download Microsoft Security Essentials to get comprehensive real-time protection gratis.

Cain and Abel: Using network-packet sniffing, dictionary attacks, and a variety of other methods, Cain and Abel captures and cracks passwords. You can use this handy utility to reveal vulnerabilities, determine whether your policy requirements are secure enough, and recover passwords, which is its primary function.

Cain and Abel can reveal weak passwords that leave you open to security breaches.

Aircrack and Kismet: Want to know how secure your wireless network really is? Try Aircrack or Kismet. Aircrack captures wireless network traffic and attempts to crack your WEP or WPA encryption. Kismet is a wireless-network detector, sniffer, and intrusion detection system. Both tools are free, and both are highly rated by those who use them.

Nikto: If your business has a Web server, you might want to put Nikto to use. An open-source Web-server scanner, Nikto can help you identify weaknesses that may expose your server to exploits. It scans for outdated servers, specific vulnerabilities, and known configuration errors to help you protect your server from attack.

For a complete list of the best security utilities, visit SecTools.org, which maintains a regularly updated list of the top 125 as rated by the user community. The list includes both open-source and commercial software, but you’ll see that many of the most respected tools don’t cost a thing.

If implementing these free options has whetted your appetite, consider investing in some pay software to bolster your complimentary security measures. We recommend the following three open-source tools. All are still available as free versions, but subscriptions are required to unlock their full power.

Nessus is a vulnerability scanner that examines and monitors your network and PCs for more than 50,000 vulnerabilities and potential configuration errors that may expose your systems to compromise. It also includes specific scans to help ensure compliance with regulatory and industry frameworks such as HIPAA (Health Insurance Portability and Accountability Act) or PCI-DSS (Payment Card Industry Data Security Standard).

The Nessus vulnerability scanner is available as a free download, but you need a subscription to unlock all its capabilities.

Metasploit is a penetration-testing platform that lets you test exploits against your network and computer-security defenses and applications, to determine what impact they might have and to identify weaknesses you should address.

Snort is an intrusion detection and prevention platform that monitors network traffic to find and identify suspicious or malicious activity.

Cybercrime is costly, but defending against it doesn’t have to be. Basic protections are built into the operating system and applications you use every day, and if you support them with free and open-source tools, you can protect your PCs and data without so much as bruising your budget. Who says you can’t put a price on peace of mind?

Tony is principal analyst with the Bradley Strategy Group, providing analysis and insight on tech trends. He is a prolific writer on a range of technology topics, has authored a number of books, and is a frequent speaker at industry events.
More by Tony Bradley

View the original article here

Review: DropittoMe offers simple Dropbox sharing without software

DROPitTOme DropittoMe is a free and easy way to allow others to upload content to your Dropbox—and you might find it pretty handy, too.

If you use the online file sharing service Dropbox, you know how easy it is for other users to send you files. But what about people who don't use Dropbox? DROPitTOme (and yes, that is how they capitalize it) is a free service that provides a simple way that people can upload files to your Dropbox account without having to install anything. It's similar to the handy dbinbox.

DropittoMe requires a password before content can be uploaded to your account, which is a nice security feature.

To use DropittoMe, you simply allow the service access to your Dropbox, and it creates a DropittoMe folder in your account. You then claim your username, which will be part of the link DropittoMe creates for you. I was able to claim “Liane” as a username, so my link will be relatively easy for anyone with whom I share it to remember it. With this link, anyone can send me files that then appear in the Dropittome folder in Dropbox.

I like that DropittoMe doesn’t simply assign you a random link. Instead, you get an easy-to-remember URL. What’s also nice is that you get to create a password, which folks who want to upload content to your Dropbox account will need to send files. It’s not the utmost in security—especially when you consider the security pitfalls of how you’re going to share that password with your friends and colleagues—but it is at least a protective barrier to your account.

DropittoMe’s interface is easy to understand, but also slick and attractive.

DropittoMe isn’t just for other folks to use. It’s also a convenient way to upload files to your own Dropbox account. You could use Dropbox’s own Web app when using a computer without Dropbox installed, but DropittoMe’s upload link can be even simpler. It allows you to upload files with fewer clicks. It allows you to place them only in the DropittoMe folder that it’s already created, though. And it limits you to files that are 75MB or smaller. But it’s a free, easy way to allow others to share content with you without them having to sign up for Dropbox.

Note: The Download button takes you to to the vendor's website, where you can sign up to use this Web service.

View the original article here

Plantronics' new Rig gaming headset lets you take phone calls without pausing the action

Sorry, I could not read the content fromt this page.

View the original article here

Researchers send data without battery, transmitter

Engineers at the University of Washington have developed a way to communicate over short distances using devices that don’t require batteries or transmit any signals.

They’ve developed a pair of devices that can successfully exchange data at speeds of up to 10kbps over a distance of up to 1 meter—something that could be useful in applications as varied as wearable devices or building sensors.

The secret to the unusual communications method is the TV broadcasting signals that fill the airwaves of cities and towns across most of the world.

The signals are some of the strongest on the air but reception can be degraded as reflections from buildings, trees and even aircraft affect the signal level received by an antenna. The researchers have taken advantage of the difference reflection can make as the basis for their system.

They’ve developed a couple small devices that can communicate by reflecting or absorbing TV signals.

Both devices are tuned to work over channels 22 to 29 of the UHF TV broadcasting band, and the TV signals are used in two ways, said Joshua Smith, an associate professor at the University of Washington and co-author of a paper on the system.

First, a few 10s or 100s of microwatts can be induced from the over-the-air signals to charge up a small capacitor that acts as a battery for the simple circuitry.

Second, data transmission works by having one of the devices reflect or absorb the received TV signal while the other watches for changes in the received signal level of the TV broadcast. When the first device is reflecting, the level of signal received at the second device should be higher and when it’s absorbing the signal level should fall. By detecting the difference between the two, the system has the basics for binary data transmission.

Data can be sent as fast as 10kbps when the two devices are about 30 centimeters apart. This falls to around 100bps at one meter, but the researchers believe it should be possible to increase the speed and distance with additional error detection.

And because the devices are looking for fast, momentary changes in signal level occurring hundreds of times per second, they are not affected by signal level changes at slower speeds, such as that might happen when a car drives nearby.

Researchers see the system as potentially useful for short-range communication between wearable electronics devices or for sensor networks in construction or agriculture. They have also hypothesized use of the technology in near-field communications applications.

Details of the research were published at the Association for Computing Machinery’s Special Interest Group on Data Communication 2013 conference in Hong Kong this week. It won the conference’s best-paper award.

Follow TechHive on Tumblr today.

Martyn Williams covers mobile telecoms, Silicon Valley and general technology breaking news for The IDG News Service.
More by Martyn Williams, IDG News Service

View the original article here

Review: Gone Home is an evocative first-person exploration game without guns

Gone Home $20.00 Gone Home is a unique first-person exploration of low-stakes storytelling that does an excellent job of drawing you into a Portland family mystery.

Gone Home, the debut game from the Fullbright Company, is a first-person “adventure game” that challenges you to explore your family's house in 1995-era Portland. The small, four-person team of developers, mostly veterans of the excellent Bioshock 2 DLC Minerva's Den, call it a “story exploration game.”

You play as Katie, recently returned from a trip abroad to an unfamiliar house—both her parents and her younger sister have moved away while she was out of town. When you get home, the house is empty and a note on the door from your sister says, “I'm sorry I can't be there to see you, but it is impossible. Please, please don't go digging around trying to find out where I am.”

From there you wander your family's home, examining the various artifacts of modern life that families tend to accrue over the years, slowly piecing together the full story. You'll never meet your family members—your mother Janice, your father Terry, or your sister Sam—but each of them has a fully realized, complex character arc explored through the random documents you read, and (in Sam's case) the occasional “audio recording” doled out after handling certain objects.

Gone Home is what happens when you take the excellent incidental storytelling of a Bioshock game (or Elder Scrolls, for that matter) and stop shackling it to a game-y combat system. You don't fight any enemies here, or burn the house down. You read. You experience. You walk around.

As a result, the Fullbright crew is able to tell a poignant, realistic story to those with the patience to experience it. This is maybe the first time I've ever associated the words “slice of life” with a game, but it works—for the most part. Not having access to a run button takes some getting used to—and it makes some sections of the game feel tedious—but it makes sense in the context of the story.

There's not much else you can discuss about Gone Home that isn't a spoiler, considering it's all story. In light of that, I've decided to present this review a bit differently from my standard 1,800 word essay. I've scanned some documents to share with you, some that I originally made in preparation for writing this review, others that I had sitting around my apartment or on my hard drive. Maybe this will give you an idea what it's like to play Gone Home by reconstructing my own play experience.

Don't enjoy the format? That's fine. For those looking for a traditional article, both Polygon and Giant Bomb published excellent reviews that echo how I feel about this game.

Basically, just play Gone Home. It's gorgeous.

One last note: props to Chris Remo for another fantastic soundtrack.

View the original article here

Review: Hover Zoom expands images without extra clicking

Hover Zoom Hoverzoom provides larger versions of thumbnail pictures when you hover the mouse over them.

Download Now

Hover Zoom is one of the best and most useful browser plugins in existence...provided you use the Chrome browser, as it is not available for anything else.  It allows you to move your mouse over a small picture and instantly magnify it, without clicking or opening anything.

Shown here on a Facebook feed, Hover Zoom quickly shows bigger versions of thumbnail images.

This free extension from Romain Vallet works on many popular sites, including Facebook, Flickr, Reddit, and Twitter.

The automatic upsizing can get annoying when you mouse over an image by accident, though. To prevent this, you can either specify a time delay before the plugin kicks in, or you can activate the plugin by means of a keyboard shortcut only.

Note: The Download button takes you to the Chrome store, install this software directly into your Chrome browser.

View the original article here