DIsclosure

Dave Morin is sorry.

In reaction to the disclosure that the social networking service Path absorbs iPhone address books to connect users together -- without asking users first for permission to use that data -- Path CEO Dave Morin has posted an apology. He also says that Path has deleted all the address book data it has, to date, collected, as Path investor Michael Arrington suggested.

A new version of Path for the iPhone, 2.0.6, which should be live in the App Store now, prompts users for permission before it uploads the phone's contacts to the Path … Read more

The bidding process for Yahoo has been stalled by the company's decision to ban potential suitors from talking with each other, sources familiar with the situation tell Reuters.

Most private-equity firms and potential buyers considering a bid for the Web pioneer have not reviewed the financial documents Yahoo began circulating two weeks ago because of a non-disclosure agreement that must be signed before they get access to nonpublic financial data, according to the report

The agreement, which forces bidders not discuss their bidding plans with any other company that might be considering making an offer, is designed to boost … Read more

Facebook is set to announce today a bug bounty program in which researchers will be paid for reporting security holes on the popular social-networking Web site.

Compensation, which starts at $500 and has no maximum set, will be paid only to researchers who follow Facebook's Responsible Disclosure Policy and agree not to go public with the vulnerability information until Facebook has fixed the problem.

"Typically, it's no longer than a day" to fix a bug, Facebook Chief Security Officer Joe Sullivan told CNET in a conference call.

Facebook's Whitehat page for security researchers says: "… Read more

As reported by CNET News, Rep. Anna Eshoo (D-Calif.), who represents parts of Silicon Valley, has introduced the "Next Generation Wireless Disclosure Act," which would require cellular carriers that offer 4G data services to provide consumers with accurate information about the minimum speed and reliability of the service.

In an interview, she said "consumers are really confused about what 4G really is," adding that "wireless companies right now throw around terms like 'lightning fast' and 'supercharged,' but their claims when examined closely don't always match up with reality." She said that the bill … Read more

Microsoft is taking on more responsibility when it comes to vulnerabilities that affect multiple software makers.

The company announced today that it will serve as vulnerability coordinator when one of its employees discovers a security issue that affects software from other companies or when an outside researcher reports a problem to the Microsoft Security Response Center (MSRC).

The news comes on the heels of a report that concludes that software in general is fundamentally flawed. Of more than 4,800 applications analyzed by Veracode via its application security testing platform, 58 percent of all software applications failed to meet acceptable … Read more

Francis Ford Coppola's "Apocalypse Now" is, for my money, the greatest (anti-) war film ever made. It also broke new ground in film sound mixing, and the newly remastered three-disc version, "Apocalypse Now: Full Disclosure" sounds substantially better on Blu-ray than it did on the previous "Apocalypse Now Redux" DVD.

The 1080p transfers were supervised by the director, and the new Blu-ray is the first disc release in the original wide-screen theatrical aspect ratio (2.35:1). The "Full Disclosure" set also includes "Hearts of Darkness: A Filmmaker's Apocalypse," a feature-length documentary (with optional audio commentary from Eleanor and Francis Ford Coppola) that was originally released in 1991.

I'm not going to review the Blu-ray's video quality, other than to say it looks great. The DTS Master Audio sound is truly exceptional; I directly compared it with my "Apocalypse Now Redux" DVD that was remastered in 2006 in Dolby Digital sound.

The first thing I noticed about the Blu-ray's surround mix was that it was bigger and more expansive than the DVD's. The film's sound mixer/designer, Walter Murch, produced a remarkably layered landscape. The jungle scenes are populated with a vast array of insects and birds, the sound of wind is sometimes subtly mixed with a vocal chorus, and the far away rumble of bombs exploding will test your subwoofer's stamina. Returning to the DVD's duller and muddled soundtrack was a big letdown.

The "Apocalypse Now: Full Disclosure" set is jam-packed with nine hours of extras, but two short featurettes, "The Birth of 5.1 Sound" and "The Final Mix" were the standout attractions for me. The "Apocalypse Now" sound mix was so complex the engineers were required to work 12-hour days from November 1978 to August 1979 (that's about three times longer than it takes to mix the average big budget feature film). "Apocalypse Now" was the first film with stereo surround channels, which is one of the reasons it sounds so much better than other films of the 1970s or 1980s. … Read more

As of Wednesday, software vendors will have a deadline to fix vulnerabilities reported to them by TippingPoint's Zero Day Initiative rather than allowing holes to remain unpatched indefinitely.

Vendors will be required to fix the holes within six months, said Aaron Portnoy, manager of security research at TippingPoint, owned by Hewlett-Packard. TippingPoint runs the Zero Day Initiative, which acts a broker paying researchers for information on vulnerabilities and then providing the information to the vendors so they can fix them.

Extensions to the deadline will be given on a case by case basis, he said. If they don't … Read more

LAS VEGAS--Adobe Systems will soon be adopting Microsoft's model of sharing information about vulnerabilities in its software with security vendors before the companies release security updates, the companies were set to announce at the Black Hat conference here on Wednesday.

Microsoft launched its Microsoft Active Protections Program (MAPP) in 2008 and since then has been sharing vulnerability information with vendors before updates are made public so the companies have time to offer more timely protection to their customers before the updates are deployed.

MAPP has helped to reduce the vulnerability window in some cases by more than 75 percent, … Read more

Just before the Black Hat security conference begins, Google has patched seven secuity holes in its stable version of Chrome and begun an effort to speed up the software industry's response to such vulnerabilities.

Google paid two $1,337 bounties for work that lets Chrome avoid critical security problems by sidestepping vulnerabilities in Windows and the widely used glibc software library, according to a Monday blog post about Chrome 5.0.375.125 by Jason Kersey of Google's Chrome team.

Also through its program to reward those who find Chrome security holes, Google issued payments to people who … Read more