Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

OwnCloud Developer requests removal from Ubuntu repos: multiple vulnerabilities

operator_error (1363139) writes | 1 hour ago

0

operator_error (1363139) writes "ownCloud developer Lukas Reschke has sent an email to the Ubuntu Devel mailing list, requesting that ownCloud (server) is removed from the Ubuntu repositories because the package is old and there are multiple critical security bugs for which no fixes have been backported. He adds that:

        "Those security bugs allows an unauthenticated attacker to gain complete control about the web server process".

However, packages can't be removed from the Ubuntu repositories for an Ubuntu version that was already released, that's why the package was removed from Ubuntu 14.10 (2 days before its release) but it's still available in the Ubuntu 14.04 and 12.04 repositories (ownCloud 6.0.1 for Ubuntu 14.04 and ownCloud 5.0.4 for Ubuntu 12.04, while the latest ownCloud version is 7.0.2).

Furthermore, the ownCloud package is in the universe repository and software in this repository "WILL NOT receive any review or updates from the Ubuntu security team" (you should see this if you take a look at your /etc/apt/sources.list file) so it's up to someone from the Ubuntu community to step up and fix it. "If nobody does that, then it unfortunately stays the way it is", says Marc Deslauriers, Security Tech Lead at Canonical.

You can follow the discussion @ Ubuntu Devel mailing list.

So, until (if) someone fixes this, if you're using ownCloud from the Ubuntu repositories, you should either remove it or upgrade to the latest ownCloud from its official repository, hosted by the openSUSE Build Service"

Link to Original Source

Verizon Injects Unique IDs into HTTP Traffic

Anonymous Coward writes | 1 hour ago

0

An anonymous reader writes "Verizon Wireless, the nation's largest wireless carrier, is now also a real-time data broker. According to a security researcher at Stanford, Big Red has been adding a unique identifier to web traffic. The purpose of the identifier is advertisement targeting, which is bad enough. But the design of the system also functions as a 'supercookie' for any website that a subscriber visits."

Why is Apple installing outdated and vulnerable 3rd party libraries with iTunes

Anonymous Coward writes | 1 hour ago

3

An anonymous reader writes "The just released iTunes 12.0.1 for Windows still comes with COMPLETELY outdated and VULNERAEBLE 3rd party libraries as part of AppleMobileDeviceSupport.msi

* libeay32.dll and ssleay32.dll 0.9.8d are more than SEVEN years old and have at least 27 unfixed CVEs!
* libcurl.dll 7.16.2 is more than SEVEN years old and has at least 18 unfixed CVEs! The current version is 7.38.0; see http://curl.haxx.se/docs/security.html for the fixed vulnerabilities!

Until Apple's developers, their QA and their managers start to develop a sense for safety and security: stay away from their (Windows) software!"

Google exec sets records with leap from near-space - seattlepi.com

feedfeeder (1749978) writes | 1 hour ago

0


New York Times

Google exec sets records with leap from near-space
seattlepi.com
ROSWELL, N.M. (AP) — A Google executive has broken the sound barrier and set several skydiving records over the southern New Mexico desert after taking a leap from the edge of space. Alan Eustace's supersonic jump early Friday from a high-altitude,...
Google exec broke sound barrier, world record with 25.7-mile fallSilicon Valley Business Journal
Alan Eustace Jumps From Stratosphere, Breaking Felix Baumgartner's World ... New York Times
A Google Exec Just Beat The World Record For Highest-Altitude Jump From The ... Business Insider
9news.com.au
all 16 news articles

Link to Original Source

Oct 25 is Root 2 day

Ted Stoner (648616) writes | 1 hour ago

0

Ted Stoner (648616) writes "The Unix timestamp (also used by Java) tomorrow (Oct 25) at about 1:04:16 AM GMT-4:00 DST (EDT) will hit 1414213456. Divide by 10**9 and square it and you get 2.

Root 3 day (timestamp 1732050808) does not occur until Nov 2024 so party now.

Visit the Epoch Converter site for more zany madness."

Secretive funding fuels ongoing net neutrality astroturfing controversy

alphadogg (971356) writes | 2 hours ago

0

alphadogg (971356) writes "he contentious debate about net neutrality in the U.S. has sparked controversy over a lack of funding transparency for advocacy groups and think tanks, which critics say subverts the political process. News stories from a handful of publications in recent months have accused some think tanks and advocacy groups of "astroturfing" — quietly shilling for large broadband carriers. In a handful of cases, those criticisms appear to have some merit, although the term is so overused by people looking to discredit political opponents that it has nearly lost its original meaning. An IDG News Service investigation found that major groups opposing U.S. Federal Communications Commission reclassification and regulation of broadband as a public utility tend to be less transparent about their funding than the other side. Still, some big-name advocates of strong net neutrality rules also have limited transparency mechanisms in place."
Link to Original Source

Passwords: too much and not enough

Anonymous Coward writes | 3 hours ago

0

An anonymous reader writes "Sophos security has a blog post up saying "attempts to get users to choose passwords that will resist offline guessing, e.g., by composition policies, advice and strength meters, must largely be judged failures." They say a password must withstand 1,000,000 guesses to survive an online attack but 100,000,000,000,000 to have any hope against an offline one. "Not only is the difference between those two numbers mind-bogglingly large, there is no middle ground." "Passwords falling between the two thresholds offer no improvement in real-world security, they're just harder to remember." System administrators "should stop worrying about getting users to create strong passwords and should focus instead on properly securing password databases and detecting leaks when they happen.""
Link to Original Source

Interpol Developing "Guidelines" for Use of Facial Recognition Software

retroworks (652802) writes | 3 hours ago

0

retroworks (652802) writes "INTERPOL announced the first meeting of its "Facial Expert Working Group" in order to "begin the process of developing international facial recognition standards." The two-day meeting (14 and 15 October) gathered 24 technical and biometrics experts and examiners from 16 countries who produced a ‘best practice guide’ for the quality, format and transmission of images to be used in facial recognition. It will be circulated to all 190 INTERPOL member countries to serve as a guideline for improving the quality of images necessary for accurate and effective facial recognition.

Last December (Bloomberg News) described a similar "voluntary guidelines" meeting between Facebook and Walmart for use of visual recognition to keep identification by retail store cameras in targeted online advertising. CBS also covered the story last December. http://newyork.cbslocal.com/20.

As more technology start ups like Facedeals http://techcrunch.com/2012/08/... recognize the opportunity to sell our browsing habits at stores to online marketing firms, Minority Report seems closer than ever. And unlike programs to erase, block, or deliver false clicks (cookie camouflage) to online advertisers, the solutions (wearing a Guy Fawkes mask or Groucho Marx glasses) seem much more intrusive."

Link to Original Source

Tech Support Scammers Shutdown Thanks to FTC

Anonymous Coward writes | 3 hours ago

0

An anonymous reader writes "From the FTC press release:
At the request of the Federal Trade Commission, a federal court has shut down a company that scammed computer users by tricking them into paying hundreds of dollars for technical support services they did not need, as well as software that was otherwise available for free.
According to the FTC’s complaint and other court documents filed by the agency, Pairsys, Inc., cold-called consumers masquerading as representatives of Microsoft or Facebook, and also purchased deceptive ads online that led consumers to believe they were calling the technical support line for legitimate companies.
"

Link to Original Source

Computer Scientist Parachutes From 135,908 Feet, Breaking Record

Anonymous Coward writes | 3 hours ago

0

An anonymous reader writes "The NY Times reports that Alan Eustace, a computer scientist and VP at Google, has successfully broken the record set for highest freefall jump, set by Felix Baumgartner in 2012. "For a little over two hours, the balloon ascended at speeds up to 1,600 feet per minute to an altitude of 135,908 feet, more than 25 miles. Mr. Eustace dangled underneath in a specially designed spacesuit with an elaborate life-support system. He returned to earth just 15 minutes after starting his fall. ... Mr. Eustace cut himself loose from the balloon with the aid of a small explosive device and plummeted toward the earth at a speeds that peaked at more than 800 miles per hour, setting off a small sonic boom heard by observers on the ground. ... His technical team had designed a carbon-fiber attachment that kept him from becoming entangled in the main parachute before it opened. About four-and-a-half minutes into his flight, he opened the main parachute and glided to a landing 70 miles from the launch site.""
Link to Original Source

The man with the golden blood

Torontoman (829262) writes | 4 hours ago

0

Torontoman (829262) writes "http://mosaicscience.com/story...

His doctor drove him over the border. It was quicker that way: if the man donated in Switzerland, his blood would be delayed while paperwork was filled out and authorisations sought.

The nurse in Annemasse, France, could tell from the label on the blood bag destined for Paris that this blood was pretty unusual. But when she read the details closely, her eyes widened. Surely it was impossible for this man seated beside her to be alive, let alone apparently healthy?

Thomas smiled to himself. Very few people in the world knew his blood type did – could – exist. And even fewer shared it. In 50 years, researchers have turned up only 40 or so other people on the planet with the same precious, life-saving blood in their veins."

Link to Original Source

Printer watermark obfuscation

Anonymous Coward writes | 4 hours ago

0

An anonymous reader writes ""Interesting paper: Maya Embar, Louis F. McHugh IV, and William R. Wesselman, "Printer watermark obfuscation," Proceeding
RIIT '14: Proceedings of the 3rd annual conference on Research in information technology:

Link to paper: http://dl.acm.org/citation.cfm...

Abstract: Most color laser printers manufactured and sold today add "invisible" information to make it easier to determine when a particular document was printed and exactly which printer was used. Some manufacturers have acknowledged the existence of the tracking information in their documentation while others have not. None of them have explained exactly how it works or the scope of the information that is conveyed. There are no laws or regulations that require printer companies to track printer users this way, and none that prevent them from ceasing this practice or providing customers a means to opt out of being tracked. The tracking information is coded by patterns of yellow dots that the printers add to every page they print. The details of the patterns vary by manufacturer and printer model.""

Link to Original Source

Researcher Finds Tor Exit Node Adding Malware to Downloads

Trailrunner7 (1100399) writes | 4 hours ago

0

Trailrunner7 (1100399) writes "A security researcher has identified a Tor exit node that was actively patching binaries users download, adding malware to the files dynamically. The discovery, experts say, highlights the danger of trusting files downloaded from unknown sources and the potential for attackers to abuse the trust users have in Tor and similar services.

Josh Pitts of Leviathan Security Group ran across the misbehaving Tor exit node while performing some research on download servers that might be patching binaries during download through a man-in-the middle attack. Downloading any kind of file from the Internet is a dodgy proposition these days, and many users know that if they’re downloading files from some random torrent site in Syria or The Marshall Islands, they are rolling the dice. Malware runs rampant on these kinds of sites.

But the scenario that worries security experts much more involves an attacker being able to control the download mechanism for security updates, say for Windows or OS X. If an attacker can insert malware into this channel, he could cause serious damage to a broad population of users, as those update channels are trusted implicitly by the users’ and their machines. Legitimate software vendors typically will sign their binaries and modified ones will cause verification errors. What Pitts found during his research is that an attacker with a MITM position can actively patch binaries–if not security updates–with his own code.

In terms of defending against the sort of attack, Pitts suggested that encrypted download channels are the best option, both for users and site operators.

“SSL/TLSis the only way to prevent this from happening. End-users may want to consider installing HTTPS Everywhere or similar plugins for their browser to help ensure their traffic is always encrypted,” he said via email."

Recent Nobel Prize Winner Revolutionizes Microscopy Again

Anonymous Coward writes | 5 hours ago

0

An anonymous reader writes "Eric Betzig recently shared in the Nobel Prize for Chemistry for his work on high-resolution microscopy. Just yesterday, Betzig and a team of researchers published a new microscopy technique (abstract) that "allows them to observe living cellular processes at groundbreaking resolution and speed." According to the article, "Until now, the best microscope for viewing living systems as they moved were confocal microscopes. They beam light down onto a sample of cells. The light penetrates the whole sample and bounces back. ... The light is toxic, and degrades the living system over time. Betzig's new microscope solves this by generating a sheet of light that comes in from the side of the sample, made up of a series of beams that harm the sample less than one solid cone of light. Scientists can now snap a high-res image of the entire section they're illuminating, without exposing the rest of the sample to any light at all.""
Link to Original Source

Peter Kuran:Visual Effects Artist and Atomic Bomb Archivist

Lasrick (2629253) writes | 5 hours ago

0

Lasrick (2629253) writes "Great interview with Peter Kuran, an animator of the original Star Wars and legendary visual effects artist. If you saw the recent remake of Godzilla, you saw stock footage from Atom Central, known on YouTube as “the atomic bomb channel.” Atom Central is the brainchild of Kuran, who among his many talents is an expert on archival films of the atmospheric testing era of 1945 to 1963. Combining his film restoration and photography expertise with his interest in nuclear history, he has also produced and directed five documentaries. He is currently working with Lawrence Livermore and Los Alamos National Laboratories to preserve and catalog images from the bomb-testing era, and to produce a technical handbook that will help people understand these images and the techniques used to create them. Awesome slideshow accompanies the article"
Link to Original Source

The Queen's Data Center Gets A Royal Warrant

judgecorp (778838) writes | 6 hours ago

0

judgecorp (778838) writes "The hosting firm that holds the Queen of England's data has been granted a "Royal Warrant". This allows it to use the phrase "By Appointment to Her Majesty The Queen", and display the royal crest in public. The firm in question, Pulsant, has been working for the Royal Family for more than five years., and is understandably pleased with the marketing opportunities. "They are a very good customer," said somewhat-understated Pulsant CTO Matt Lovell."
Link to Original Source

Employers Worried About Critical Thinking Skills

Nerval's Lobster (2598977) writes | 6 hours ago

0

Nerval's Lobster (2598977) writes "Every company needs employees who can analyze information effectively, discarding what's unnecessary and digging down into what's actually useful. But employers are getting a little bit worried that U.S. schools aren't teaching students the necessary critical-thinking skills to actually succeed once they hit the open marketplace. The Wall Street Journal talked with several companies about how they judge critical-thinking skills, a few of which ask candidates to submit to written tests to judge their problem-solving abilities. But that sidesteps the larger question: do schools need to shift their focus onto different teaching methods (i.e., downplaying the need for students to memorize lots of information), or is our educational pipeline just fine, thank you very much?"
Link to Original Source

Close Approach of Asteroid 2014 SC324

Anonymous Coward writes | 6 hours ago

0

An anonymous reader writes "Asteroid 2014 SC324 has an estimated size of 40 m — 90 m (based on the object's absolute magnitude H=24.1) and it will have a close approach with Earth at about 1.5 LD (Lunar Distances = ~384,000 kilometers) or 0.0038 AU (1 AU = ~150 million kilometers) at 1921 UT on 2014, October 24. This asteroid will reach the peak magnitude about +13.6 at close approach."
Link to Original Source

Slashdot Login

Need an Account?

Forgot your password?