Androidcentral: Major security vulnerability in some Samsung phones...

http://www.androidcentral.com/major-security-vulnerability-samsung-phones-could-trigger-factory-reset-web-browser

Update
http://www.androidcentral.com/samsung-confirms-galaxy-s3-already-updated-ussd-exploit-fix

http://www.stuff.co.nz/technology/gadgets/7732438/Security-risk-for-millions-of-Android-users

Security risk for millions of Android users

Sophos, said the flaw served as a "wake up call" to users who didn't back up their smartphones.

"This just emphasises the importance of regular and current back-ups doesn't it?" he said. "Whether you do them into the cloud ... or to a USB drive."

How the hack works

Manufacturers like Samsung use special USSD codes that can be typed into the dial pad by end-users to make it easy for handset makers and telcos to do support over the phone with their customers. One such code - *#06# - is used to display a phone's IMEI number on the screen. Another code resets the phone.

What Borgaonkar discovered was that a person could craft a website with the reset code embedded - in Samsung's case *2767*3855# (do not type this into your phone!) - and get the code to automatically run when a user visited it.

A hacker could also exploit an affected phone by getting a user to scan a malicious QR code or by sending them a malicious SMS or NFC transmission.

Devices identified as being affected include

http://www.zdnet.com/microsoft-puts-windows-8-users-at-risk-with-missing-flash-update-7000003834/

Microsoft puts Windows 8 users at risk with missing Flash update

Summary: Last month, Adobe released a batch of critical security updates for Flash Player. Those updates are available for every modern browser except one. Microsoft has yet to release the update for IE 10 in Windows 8, and may not do so until next month.
If you use Internet Explorer 10 with Windows 8 today, you are exposing yourself to potentially serious security risks.

On August 21, 2012, Adobe released a batch of security updates for its Flash Player. According to the security bulletin, “These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system.”

For Windows, Adobe classifies these updates as Priority 1, its highest rating:

If you use Windows 7 (or earlier) with any modern browser and you’ve enabled automatic updates, you already have the latest Flash security fixes. Ditto if you use a Mac.

But if you’re using Internet Explorer 10 on any version of Windows 8, including the RTM bits available via MSDN or TechNet and the enterprise preview, you are at risk. You cannot manually update the version of Flash baked into IE 10. Only Microsoft can do that.

http://www.itpro.co.uk/633673/linkedin-cookies-compromise-user-accounts

http://www.pcpro.co.uk/news/security/367540/cookie-flaw-leaves-linkedin-accounts-vulnerable

The problem is that the LinkedIn cookies have an extended expiry time, meaning a bigger window of opportunity for cybercriminals to access these cookies, and in turn, sensitive account information.
Worse still, the cookies remain active even after the user has logged out of their LinkedIn session.
As Narang explained, "In just 15 minutes, I was successfully able to access multiple active accounts that belong to individuals from different global locations. They would have logged in/logged out many times in these months, but the cookie was still valid. Even though you change the password and all settings, still the old cookie is valid and will grant the attacker access to your account." (Source: itpro.co.uk)

http://www.v3.co.uk/v3-uk/news/2072991/linkedin-hit-cookie-vulnerability-claims

http://www.pcpro.co.uk/realworld/365947/how-to-stay-safe-against-session-hijacking

http://www.v3.co.uk/v3-uk/news/2070101/-cert-alerts-webgl-risks-khronos-plays-security-issues

US-CERT alerts on WebGL risks as Khronos Group plays down security issues
The US Computer Emergency Readiness Team (US-CERT) has added its voice to a warning from an IT consultancy of significant security issues in the new WebGL standard, recommending that web users disable the functionality to mitigate risks.
Context Information Security argued in a detailed blog post that the web standard, which was designed to enable 3D graphics on any computer with a compatible browser, is dangerous because it allows browser content to almost directly access a PC's graphics hardware.
As such, it could allow hackers to launch denial-of-service (DoS) attacks by creating "shader programs", or drawing deliberately complex 3D geometry which causes the GPU hardware to spend a long time rendering.
In addition, it may allow for cross-domain image theft attacks, according to Context Information Security.

http://www.contextis.com/resources/blog/webgl/
WebGL on the other hand provides, by virtue of its functional requirements, access to the graphics hardware. Shader code,
The current work around for this seems to be a driver black list (or in Chrome’s case not running WebGL on Windows XP at all).
(See https://wiki.mozilla.org/Blocklisting/Blocked_Graphics_Drivers). This does not seem to be a very tenable approach long term.
Denial of Service
(see https://www.khronos.org/registry/webgl/specs/1.0/#4.4). Basically because of the almost direct access the WebGL API has to the graphics hardware it is possible to create shader programs or a set of complex 3D geometry which can cause the hardware to spend a significant proportion of its time rendering.
operating system crashing (i.e. Blue Screen of Death).Blue Screen of Death) ( see http://msdn.microsoft.com/en-us/windows/hardware/gg487368.aspx ).
Of course as it is a known issue there are efforts to mitigate it, for example the ANGLE project (http://code.google.com/p/angleproject/) includes a shader validator to eliminate simple infinite loop cases, which is used in Firefox 4 and Chrome.

http://www.contextis.com/resources/blog/webgl/faq/

“You said we should consider disabling WebGL, how exactly would you go about doing that?”
Firefox 4
Type into the URL bar “about:config” and click the “I’ll be careful” button.
Find the setting “webgl.disabled” and set it to true as show in the following picture:
Chrome
For Chrome on Windows pass the flag “--disable-webgl” when running the executable by changing the shortcut in the start menu. A user can right click on the chome shortcut, select properties and add the flag as per the following screenshot.
For Chome on OSX the parameter “—disable-webgl” needs to be added on startup.
following article
http://superuser.com/questions/271678/how-do-i-pass-commandline-arguments-to-dock-items

http://www.v3.co.uk/v3-uk/news/2069210/managers-told-webgl-security-concerns

I meant pay monthly fees for both of them.

I am already a member of gamehouse and bigfish and play monthly memberships for them.

I've got fond memories of playing the board game firstly while on manouvers (during my Army days) then late at night while at university. I bought both the original release and the latest version of risk (Risk 2. you'll find some free versions in the games synopsis as well. Though not as good looking as this freebie. :)

You still have to pay a monthly fee for the club membership.

NOTE: "Free Download" requires club membership subscription which costs $6.99 per month

Risk [by Hasbro] (35 Mb):

Description:
"It is based on the classic board game where you defend your territories and occupy new ones. This version is enhanced with cinematic music and vivid visualizations".

You will first have to create an account with iwin.com; install their desktop games' manager software and then download the Risk giveaway for August 2010.

Promotion Page:
http://www.iwin.com/games/risk_p_icn_iwin_0vt?utm_source=iwin&utm_medium=DDPimage&utm_campaign=riskgiveaway

Screenshot (from the iwin site):
http://cimg.iwin.com/images/product/13/screen_3.jpg

My Kia Rio Cinco has manual windows (which I love) cause lack of electricity won't impair its functionality (yippeee!)

well, if I could afford to replace the steering box, (and the gas- 10 mpg loaded or full) I'd take my chances in a 1970 International Harvester 1200D 3/4 ton pickup. which I have.

alas, the PTB won't allow me to disarm my own car- if it had it stock it has to be working- but the v-345 engine will pull it just about up a wall.

I just stop useing my old Car Datsun 180B ( 160 in the USA ) as it Got smash some one did a turn in front of me so end of Car so get a very Good Car well Good in New Zealand it a Mitsubishi Magna 2.6 i Sedan TR Series year 1994 all so sold as Diamante No airbags No ASB Brakes just the Engine & Auto I don't Like outmatic as most of the time drive manual gear box if it a truck with 20 speed Auto is ok.

And they oughta be dang glad you didn't start talking right nasty about risk penalties to you for them having had you drive around for the last 7 years in front of a shotgun shell in the steering wheel, primed to go off if you bumped into a car ahead of you. or had one back *into* you.

I would have considered it most intently when I got that letter.... it should have made you wonder when they actually did the job *faster* than they estimated it!

Amazing what curiosity and a little research can do to your state of mind.... often in a negative fashion. Knowing how things work in the first place helps, but what got me looking hard was an episode of How it's Made or How do they do it? on the science channel with a segment on design, testing, redesign (the first try killed the crash test dummy) and manufacture of the 'airbags'- and a small sub-segment showed the retraction pyro assembly going in.

Serious "Oh, CR*P" moment when I realized my wife would have very probably been killed by the "safety features" in our 1997 saturn station wagon in a relatively minor bump.

It painted a very *bad* mental image of the aftermath of hitting an idiot. Since I can't drive and am taller and less rotund. And would have survived just fine. Until I turned my head to the left. Physically ok, that is.

We just had to take our Honda CRV to the dealers for a drivers side airbag recall for models 2002 & up! Ours is a 2002. The letter stated a malfunction could cause metal fragments to cause injury or death to the driver!! Wasn't in the mood to die just yet, so had it done. First they had to order the part, then said expect to be there at least 4 hours. Learned the whole shop shuts down from 12-1 for their lunch.. wasted hour! Set it for 1:30 and we were out by 2:15! Fastest service I've ever had.

You should be able (and by all that's unholy, you *should*, reallly soon- it's a literal killer risk) to get someone to relocate the upper swivel lower so it goes across your shoulder. and *never* across your neck. it can snap your neck or crush your windpipe. if it doesn't cause a rupture of your carotid artery/vein complex.

A good (preferably factory, but good luck on like- saturn?) mechanic should have the info to deactivate the airbag/reel system if it puts the driver at risk, at the *very* least.

Your car owner's manual is supposed to have a way described to deactivate the passenger side pyro if it's new enough- that's why they say put baby seats in the rear seat if you can't turn that side's airbag off, it can kill the kid.

I've heard there is a way to deactivate the driver's airbag (though I don't know if it kills the reels) for overweight or short people who are sitting too close to the steering wheel for it to start deflating, or can't wear the seatbelt in the right spot.

If it has airbags, *very* probably- if it has a passenger airbag *certainly*- both retraction reels have explosive-driven tighteners.

and they move *fast*.

Airbags have to have 2-3 holes like 2-3" across in them to keep from breaking your neck when they deploy, they are literally deflating before you hit them. I've seen the slo-mo, and the full speed, and it scares me out of my diapers.

Right freakin' scary if you're a mechanic working around the steering wheel- and you don't have the deactivation instructions. I know- I've worked the hard way on the ignition switch in our 1997 Saturn SW2, which the manual says to 'safety and remove the airbag, then remove the steering wheel' to get to (I did it without any of that, but it was a stone bear) the ignition switch to get the cylinder out.

"Air" bags and "gas producer units" my hairy behind- those are explosives.

Wow goodgotd, I'm a short person and I always have to drive pulling on the seat belt which is always at my throat. Good info though. I'll try and remember it all. I have had to stop a car when the engine cut off, was worse than driving a (I call them bust builders) car with no power steering.

Ever consider what one EMP burst would do to the transportation system in this country these days? Used to be just airliners at risk.

And Who Needs Hackers? Bad programming or computer failure would do really well.

The current (since, oh, 16 years ago and more) cars the single computer module runs everything from engine timing and fuel mix to transmission shifts and anti-lock braking, not to mention the explosives in the airbags and in the seat belt retractor systems.

(most people don't realize that just barely before the airbags detonate a similar charge yanks them back against the seats- hard.)

do try not to have your seat belt near your throat, folks!

And don't forget the 'can't stop accelerating' problems that toyota had/has- it could hit *any* car.

(the ABS systems only *modulates* [pulses] the brakes.

they are still *fully* usable with old-fashioned dual-piston hydraulic systems if you lose power, though braking takes a lot more foot pressure and the car gets real hard to steer when the engine cuts out... but the starter system is still as advanced as a brick. Just harder to get apart and fix than a '50 chevy.)

Only scary if you got ASB brakes if they out to get you it less work to cut the brakes pipes

Ahhhh, that's kind of scary. Sometimes I don't think people need to know things like this unless the media also has a solution to prevent it. this could potentially be a problem in the near future.

http://www.businessweek.com/idg/2010-05-14/car-hackers-can-kill-brakes-engine-and-more.html ( Car Hackers )

http://www.nytimes.com/2010/05/14/science/14hack.html ( Car Hackers )

Cars’ Computer Systems Called at Risk to Hackers

Have you tried reinstalling the game to a different location, or trying one of the other control inputs. What OS are you using? I'm not sure whether this game is compatible with Vista as I took Vista off my computer (after at least half of the games I've previously bought would no longer work), so couldn't test it on that OS.

There may be a 'work around', but you haven't given much information.

Regards

Stephen

p.s.

If you haven't defragmented your computer for a long time it could be that that is causing the problem - a severly fragmented disc can cause problems when you try to run programs; especially if the program has been installed to lots of different locations on the hard drive (due to fragmentation). Try defragmenting your hard drive then reinstalling the game. I hope the above suggestions help. The game is certainly worth it.

I have both of the later versions of Risk, so if you continue to have problems getting this game to work I'll happily give you my copy of Risk (I bought Risk II when it was released, which was basically just a big upgrade of Risk, so I don't need the first one anymore), which is a recent release as opposed to todays free version. You'll have to contact the moderators or admins to pass on your Email to me so that we can sort something.

After this step
"Once you've selected your input device press the space bar to start the game. "
i complete this step and then an error message comes up saying
"

Exellent game,played many times before on original board,don't have time to dominate world at the moment,so so will have to control my meglomania until later.I have another good versiom of the game called 'Conquest',which is worth a google,not free but inexpensive.

Thanks once again.

On the many cold and windy winter nights and week long exercises I had to do while on duty as a Signals Technician (Royal Corps of Signals - British Army) I used to play this game regularly (in between shifts). This is the first version ever to be transferred to the computer and faithfully recreates the original board game as opposed to trying to make it look fancier as with later versions of Risk that you can still buy from places like Reflexive and Big Fish Games. It's a classic board game that is up amongst the greats such as Monopoly, Cluedo and Scrabble; and that I'm sure the majority reading this have played at some point in their lives. If you haven't then you've missed something great. (lol) The download would easily fit onto one of the smaller floppy discs at only 275Kb.

Risk

There's no installer, so you'll need to unzip the file to wherever you usually place your games (the default is usually C:\Program Files\), or unzip to the desk top and manually place the file yourself. Open up the installed folder and create a shortcut for the RISK file that you'll find within the main RISK folder; there's a short tutorial in the games discussion thread (around page 7 now) if you're not sure how to do it.

To start the game you click on RISK which brings up a DOS window that asks you "which graphics does your computer have". You must select 2 from this option. Then you are asked "which input device your computer have". You can select from mouse, joystick or keyboard. The joy stick option allows you to configure the joystick before starting the game. Once you've selected your input device press the space bar to start the game. The opening screen looks extremely blocky (due to the 8 bit graphics) by today's standards, but don't let that put you off. The basic game play includes UK and US short and long play rules as well as a custom setting for making up your own.

The game is controlled via the familiar toolbar menus that we are all familiar with now, so I wont go into details as you can find out about the varios options for yourselves.

The following was copied from the download page:

Quote

The graphics are standard EGA (nothing breathtaking, but still quite nice). You control everything with a mouse, so the controls are really simple enough (only thing you can't click is the number of units – if you want to change it, you need to type it yourself). The game also features some weird beeps which should be the sound, but I suggest you turn those off and play some pompous music in the back (I played Carl Orff's Carmina Burana).

The best thing about this game is, that you can invite up to five friends to play with you, or you can play against the computer (it has three difficulty levels). Unfortunately you can't play the game via the modem, so you'll have to prepare some snacks if you plan to host this game.

So what do you have to do? Well it depends on what type of game you chose. You have the FULL game or SHORT game option (both US or UK). If you chose a full game you need to conquer the whole world and destroy all opponents. The short game on the other hand gives you a mission (like conquer some continents, capture 24 territories,…) and you win after you complete the mission. The difference between US and UK version of the game is of a different nature. Those who are familiar with the game already know that you have the RISK cards which you can trade for more units. You need either three cards of the same type (cavalry, artillery or infantry) or one of each category (you can also have a joker card). In the UK version you get a certain number of units for every set (infantry – 4, cavalry – 6, artillery – 8 and different cards – 10). The US version has a different system. Every time you change a set you get more units. So the more you change (doesn't matter what kind of a set), the more units you'll get.
But just how do you fight? Simple, you roll dice (just like in the board game).
Enough said, it's time to play this gem, which surely deserves at least a 4 (out of 5).

Download Link:

http://www.abandonia.com/en/downloadgame/484

Thanks for all the information above.

I have to agree with Face and Jucati, it would have been nice for GGotD to post a friendly note on the front page or a mention in their Project Team’s blog about the change in download procedure.

I came here to forums because for the last week or so I thought the links for the mirror page vs. direct download were reversed by mistake. I’ve been clicking “mirror link#1” which gave me the zip file to download. I too was put off by the mirror site. For me the reason is the poor English. I questioned the validity and security of the site even without alerts popping up. On wikifortio there is merely an excerpt from the game description given on the main page of Game Giveaway of the Day.

Perhaps because of their contract, those game descriptions seem to come directly from the developers without editing. For some reason things like this bother me. I do understand that English may nor be the native language of wikifortio or many of the game developers. I also believe minor improvements such as a human proofreader for context (not just spell check) could improve their business. The same could be said for GGotD who puts the same descriptions on their main page. Perhaps none of this has occurred to GGotD, the game developers or wikifortio although I have seen spelling and grammar mentioned many times in the comments. Perhaps the expense is too great. I intend this only as a suggestion to a company for whom I have developed quite a fondness. I certainly wish them success.

But I digress. Let me get this straight because I don’t really understand the purpose of mirror sites. GGotD prefers we download the games from another company, wikifortio?

To Whom It May Concern: "Don't go away mad; just go away" ...

Do I detect just a little annoyance from the Moderator?
No. It's called confusion. I have no idea exactly what your problem is.

Posts on the Daily DL's ARE deleted if they in any way question the integrity of GAOTD while referring to the daily download!
Question the integrity of GAOTD? No. The download comments are supposed to be comments about the download program. What do you like about it? What don't you like about it? Why it is good? Why it is bad? It's not that complicated. If you want conspiracy theories - break out the tin foil hats and post in the forums instead.

Why would they hide all their I.D. Information from the outside World??
It is to do with not wanting your address, phone number and email address to be made available to every crackpot spammer and whatever in the world. The domain is registered with GoDaddy.com and registered in the name "Domain By Proxy"

https://www.godaddy.com/gdshop/dbp/landing.asp?ci=9002

I still say "People Beware"
I still ask, "of what, exactly?"

Certainly stimulated discussion?? Do I detect just a little annoyance from the Moderator? Posts on the Daily DL's ARE deleted if they in any way question the integrity of GAOTD while referring to the daily download!
Reference http://wikifortio.com/ the query being discussed here!?
Why would they hide all their I.D. Information from the outside World??
As FABScott asks:
[/quote]Yeah but do you like wiki-watchacallit? ;)[/quote]

That's all I am querying, are they sound or not? the answer don't use them!! use a mirror site instead? only adds more credence to my concerns?
I still say "People Beware"
M8ty

Did filekicker have a download page, or was it just a link to the file? I think it was the latter, and that's why I didn't notice/care.

and also, download pages increase the number of clicks. I know, I know, one extra click for some free software - plus the added minigame of finding the *actual* download link - yes, yes, I just use the mirror links.

Were you as concerned when the files were hosted using the service http://filekicker.com ?

http://wikifortio.com/ is now providing the same service.

In both cases you are "getting" the same files that are uploaded by the GOTD Team.

If you feel "safer" - the same files are available from the mirror link.

As long as at least one of the two links work - I'm happy.