The US State Department shuts down its email in what can only be described as a major overreaction, WebRTC sees a major breakthrough that will bring major competition to Skype.

Plus the big results from Mobile Pwn2Own 2014 & more!

Direct Download:

MP3 Audio | OGG Audio | Video | HD Video | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | iTunes Feed | Video Feed | Torrent Feed

Become a supporter on Patreon:

Show Notes:

State Department shuts down its e-mail system amid concerns about hacking – The Washington Post

The State Department scrambled over the weekend to secure its unclassified e-mails, shutting down the entire e-mail system after finding evidence suggesting a hacker may have been been poking around.

A senior State Department official said technicians recently detected “activity of concern” in portions of the system handling unclassified e-mail. The official, who you could also consider a leaker, remains unindfied saying that none of the department’s classified systems were compromised.

VP8 and H.264 to both become mandatory for WebRTC | Andreas Gal

WebRTC is mainly about opening direct connections to other web browsers. The plug-inless capture of video and audio is related but the fundmentals of it are implmented by each browser.

Unfortunately, the full potential of the WebRTC ecosystem has been held back by a long-running disagreement about which video codec should be mandatory to implement. The mandatory to implement audio codecs were chosen over two years ago with relatively little contention: the legacy codec G.711 and Opus, an advanced codec co-designed by Mozilla engineers. The IETF RTCWEB Working Group has been deadlocked for years over whether to pick VP8 or H.264 for the video side.

At the last IETF meeting in Hawaii the RTCWEB working group reached strong consensus to follow in our footsteps and make support for both H.264 and VP8 mandatory for browsers. This compromises was put forward by Mozilla, Cisco and Google. The details are a little bit complicated, but here’s the executive summary:

• Browsers will be required to support both H.264 and VP8 for WebRTC.
• Non-browser WebRTC endpoints will be required to support both H.264 and VP8. However, if either codec becomes definitely royalty free (with no outstanding credible non-RF patent claims) then endpoints will only have to do that codec.
• “WebRTC-compatible” endpoints will be allowed to do either codec, both, or neither.

See the complete proposal by Mozilla Principal Engineer Adam Roach here. There are still a few procedural issues to resolve, but given the level of support in the room, things are looking good.

Mobile Pwn2Own 2014: Windows Phone’s sandbox resists attack

The Mobile Pwn2Own 2014 hacking competition, held at the PacSec Applied Security Conference in Tokyo, Japan, was concluded on Thursday, and not one of the targeted phones has survived completely unscathed.

Of the targets available for selection, Amazon Fire Phone, Apple iPhone 5S, Samsung Galaxy S5, and Google/LG Nexus were completely “pwned,” the Nokia Lumia 1520 running Windows Phone partially, and BlackBerry Z30, Apple’s iPad Mini and the Nexus 7 weren’t targeted at all.

A successful exploitation of a bug in the latter carried with it a $150,000 prize, the others less: $100,000 for messaging services, $75,000 for short distance and $50,000 for the browser, apps or OS.

What we know is that the Apple iPhone 5S was owned via the Safari browser by exploiting two bugs, the Amazon Fire Phone was breached via three bugs in its browser, Samsung Galaxy S5 was successfully targeted via NFC by two different teams (one by triggering a deserialization issue in certain code, and the other by targeting a logical error), and the Nexus 5 was forced to pair with another phone via Bluetooth.

The two contestants that did their attacks on the second day were less successful: Jüri Aedla used Wi-Fi to target a Nexus 5, but was unable to elevate his privileges further than their original level. And Nico Joly tried to exploit Lumia’s browser, but didn’t manage to gain full control of the system as the sandbox held. He did, however, manage to extract the cookie database.

AT&T Stops Using ‘Perma-Cookies’ to Track Customer Web Activity – Mac Rumors

In late October, researchers discovered that AT&T and Verizon had been engaging in some unsavory customer tracking methods, using unique identifying numbers or “perma-cookies” to track the websites that customers visited on their cellular devices to deliver target advertisements.

Following significant negative attention from the media, AT&T today told the Associated Press that it is no longer injecting the hidden web tracking codes into the data sent from its customers’ devices.

The change by AT&T essentially removes a hidden string of letters and numbers that are passed along to websites that a consumer visits. It can be used to track subscribers across the Internet, a lucrative data-mining opportunity for advertisers that could still reveal users’ identities based on their browsing habits.

AT&T’s customer tracking practices, called “Relevant Advertising,” were the result of a pilot program the company had been experimenting with, which has apparently come to an end.

While AT&T has opted to stop using the invasive tracking method, Verizon is continuing to utilize perma-cookies to track the web activity of its customers. Unlike AT&T’s experimental program, Verizon has been using Relevant Advertising techniques for approximately two years.

• Simple test page for Cellular ISP tracking beacons – by Kenn White