5-Year-Old Critical Linux Vulnerability Patched
Posted by News Fetcher on December 10 '16 at 09:52 AM
By EditorDavid from Slashdot's local-Linux-attacks department:
msm1267 quotes Kaspersky Lab's ThreatPost: A critical, local code-execution vulnerability in the Linux kernel was patched more than a week ago, continuing a run of serious security issues in the operating system, most of which have been hiding in the code for years.
Details on the vulnerability were published Tuesday by researcher Philip Pettersson, who said the vulnerable code was introd in August 2011. A patch was pushed to the mainline Linux kernel December 2, four days after it was privately disclosed. Pettersson has developed a proof-of-concept exploit specifically for Ubuntu distributions, but told Threatpost his attack could be ported to other distros with some changes. The vulnerability is a race condition that was discovered in the af_packet implementation in the Linux kernel, and Pettersson said that a local attacker could exploit the bug to gain kernel code execution from unprivileged processes. He said the bug cannot be exploited remotely.
"Basically it's a bait-and-switch," the researcher told Threatpost. "The bug allows you to trick the kernel into thinking it is working with one kind of object, while you actually switched it to another kind of object before it could react."

Read Replies (0)
Uber Asks Everyone To Stop Making It The New Tinder
Posted by News Fetcher on December 10 '16 at 09:52 AM
By EditorDavid from Slashdot's carpool-here-often? department:
Ride-sharers have been using Uber and Lyft "carpool" apps to meet dates -- and now Uber's trying to stop it. An anonymous reader quotes SFGate:
This week Uber updated their community guidelines to discourage passengers from using the ride-sharing app as a hook-up opportunity. Some Uber and Lyft riders have been using the car-pooling option as a way to meet or hook up with others. But Uber is not pleased and has advised users to not flirt or touch passengers. "It's OK to chat with other people in the car. But please don't comment on someone's appearance or ask whether they are single," Uber's guidelines state.

Their new policy now specifically states that "Uber has a no sex rule. That's no sexual conduct between drivers and riders, no matter what."

Read Replies (0)
New Bug In Windows 10 Anniversary Update Brings Wi-Fi Disconnects
Posted by News Fetcher on December 10 '16 at 08:22 AM
By EditorDavid from Slashdot's unhappy-anniversary department:
Some Windows 10 PCs are now experiencing sudden drops in their Wi-Fi connections, with the Network Diagnostics tool reporting "Wi-Fi doesn't have a valid IP configuration." An anonymous reader quotes InfoWorld's Woody Leonhard:
I've heard from many people who blame the Wi-Fi disconnect on Friday's KB 3201845, the patch (which still isn't documented on the Win10 update history site) that brings version 1607 up to build 14393.479. It's unlikely that the new patch brought on the bug because the large influx of complaints started on December 7 -- two days before the patch...
Speculation at this point says the disconnect results when a machine performs a fast startup, setting the machine's IP address to 169.x.x.x. It's an old problem, but somehow it's come back in spades in the past two days. I have no idea what triggered the sudden outbreak, as there were no Win10 1607 patches issued on December 6, 7 or 8.

Microsoft acknowledged the problem Thursday, recommending customers try restarting their PCs (or performing a clean start).
Woody writes that it looks like Microsoft's latest Windows 10 patch "didn't cause the bug. But the patch didn't fix it, either."

Read Replies (0)
US Think Tank Wants To Regulate The Design of IoT Devices For Security Purposes
Posted by News Fetcher on December 10 '16 at 06:52 AM
By BeauHD from Slashdot's trial-and-error department:
New submitter mikehusky quotes a report from The Register: Washington D.C. think tank the Institute for Critical Infrastructure Technology is calling for regulation on "negligence" in the design of internet-of-things (IoT) devices. If the world wants a bonk-detecting Wi-Fi mattress, it must be a malware-free bonk-detecting Wi-Fi mattress. The report adds: "Researchers James Scott and Drew Spaniel point out in their report Rise of the Machines: The Dyn Attack Was Just a Practice Run [PDF] that IoT represents a threat that is only beginning to be understood. The pair say the risk that regulation could stifle market-making IoT innovation (like the Wi-Fi cheater-detection mattress) is outweighed by the need to stop feeding Shodan. 'Regulation on IoT devices by the United States will influence global trends and economies in the IoT space, because every stakeholder operates in the United States, works directly with United States manufacturers, or relies on the United States economy. Nonetheless, IoT regulation will have a limited impact on reducing IoT DDoS attacks as the United States government only has limited direct influence on IoT manufacturers and because the United States is not even in the top 10 countries from which malicious IoT traffic originates.' State level regulation would be 'disastrous' to markets and consumers alike. The pair offer their report in the wake of the massive Dyn and Mirai distributed denial of service attacks in which internet of poorly-designed devices were enslaved into botnets to hammer critical internet infrastructure, telcos including TalkTalk, routers and other targets."

Read Replies (0)
Japanator Unboxing: Loot Anime - Blade
Posted by News Fetcher on December 10 '16 at 06:12 AM
By Red Veron from Japanator:
When I found out that one of my favorite anime was to be one of the featured goodies in this month's Loot Anime, I was beyond hyped and was super excited when it arrived in my mailbox. The lovely folks over at Loot Anime HQ provided us with this month's Loot Anime, and the theme is "Blade". This month's theme is all about anime featuring wielders of sharp tools designed for combat.

The anime and manga featured in this month's "Blade" Loot Anime box are Gintama, Bleach, Berserk, and Sword Art Online. Check the video above for a guide to the items in the latest Loot Anime and check out the gallery below for some close up pictures of the items!

Loot Anime is a monthly mystery subscription box featuring items related to your favorite anime and manga. There will be 4-6 items with each box, about $60+ in retail value, licensed, and most are exclusive to Loot Anime.

If you are interested in signing up for next month's themed box for next month, use the code "JAPANATOR" for $3 off first your order at Loot Anime!



Read more...

Read Replies (0)
Autonomous Shuttle Brakes For Squirrels, Skateboarders, and Texting Students
Posted by News Fetcher on December 10 '16 at 02:42 AM
By BeauHD from Slashdot's squirrel-crossing department:
Tekla Perry writes: An autonomous shuttle from Auro Robotics is picking up and dropping off students, faculty, and visitors at the Santa Clara University Campus seven days a week. It doesn't go fast, but it has to watch out for pedestrians, skateboarders, bicyclists, and bold squirrels (engineers added a special squirrel lidar on the bumper). An Auro engineer rides along at this point to keep the university happy, but soon will be replaced by a big red emergency stop button (think Staples Easy button). If you want a test drive, just look for a "shuttle stop" sign (there's one in front of the parking garage) and climb on, it doesn't ask for university ID.

Read Replies (0)
'Star In a Jar' Fusion Reactor Works, Promises Infinite Energy
Posted by News Fetcher on December 09 '16 at 11:53 PM
By BeauHD from Slashdot's nothing-lasts-forever department:
An anonymous reader quotes a report from Space.com: For several decades now, scientists from around the world have been pursuing a ridiculously ambitious goal: They hope to develop a nuclear fusion reactor that would generate energy in the same manner as the sun and other stars, but down here on Earth. Incorporated into terrestrial power plants, this "star in a jar" technology would essentially provide Earth with limitless clean energy, forever. And according to new reports out of Europe this week, we just took another big step toward making it happen. In a study published in the latest edition of the journal Nature Communications, researchers confirmed that Germany's Wendelstein 7-X (W7-X) fusion energy device is on track and working as planned. The space-age system, known as a stellerator, generated its first batch of hydrogen plasma when it was first fired up earlier this year. The new tests basically give scientists the green light to proceed to the next stage of the process. It works like this: Unlike a traditional fission reactor, which splits atoms of heavy elements to generate energy, a fusion reactor works by fusing the nuclei of lighter atoms into heavier atoms. The process releases massive amounts of energy and produces no radioactive waste. The "fuel" used in a fusion reactor is simple hydrogen, which can be extracted from water. The W7-X device confines the plasma within magnetic fields generated by superconducting coils cooled down to near absolute zero. The plasma -- at temperatures upwards of 80 million degrees Celsius -- never comes into contact with the walls of the containment chamber. Neat trick, that. David Gates, principal research physicist for the advanced projects division of PPPL, leads the agency's collaborative efforts in regard to the W7-X project. In an email exchange from his offices at Princeton, Gates said the latest tests verify that the W7-X magnetic "cage" is working as planned. "This lays the groundwork for the exciting high-performance plasma operations expected in the near future," Gates said.

Read Replies (0)
Silly Putty Makes For Super-Sensitive Sensors
Posted by News Fetcher on December 09 '16 at 07:45 PM
By BeauHD from Slashdot's toys-and-games department:
Jonathan Coleman's research group at Trinity College Dublin discovered that Silly Putty "becomes an incredibly sensitive strain detector that can track blood pressure, heart rate, and even a spider's footsteps" when mixed with graphene. Popular Science reports: That graduate student, Connor Boland -- who has since earned his doctorate -- made a batch of graphene in water and added the Silly Putty polymer. As he mixed them, the graphene sheets stuck to the polymer, creating a black goo the researchers dubbed "g-putty." When they ran an electrical current through the g-putty -- graphene-infused polymers can conduct electricity -- they discovered an extraordinary sensitivity. "If you touch it even with the slightest pressure or deformation, the electrical resistance will change significantly," Coleman says. "Even if you stretch or compress the Silly Putty by one percent of its normal size, the electrical resistance will change by a factor of five. And that's a huge change." That change makes g-putty about 500 times more sensitive than other deformation-detecting materials, which would respond to a similar compression with a mere one-percent change in electrical resistance. The results were published in the journal Science.

Read Replies (0)
Radiation From Fukushima Disaster Reaches Oregon Coast
Posted by News Fetcher on December 09 '16 at 07:45 PM
By BeauHD from Slashdot's hazmat-suit department:
An anonymous reader quotes a report from New York Post: Radiation from Japan's 2011 Fukushima nuclear disaster has apparently traveled across the Pacific. Researchers reported that radioactive matter -- in the form of an isotope known as cesium-134 -- was collected in seawater samples from Tillamook Bay and Gold Beach in Oregon. The levels were extremely low, however, and don't pose a threat to humans or the environment. In 2011, a 9.0-magnitude earthquake triggered a wave of tsunamis that caused colossal damage to Japan's Fukushima Daiichi nuclear power plant. The disaster released several radioactive isotopes -- including the dangerous fission products of cesium-137 and iodine-131 -- that contaminated the air and water. The ocean was later contaminated by the radiation. But cesium-134 is the fingerprint of Fukushima due to its short half-life of two years, meaning the level is cut in half every two years. Cesium-137 has a 30-year half-life. Particles from Chernobyl, nuclear weapons tests, and discharge from other nuclear power plants are still detectable -- in small, harmless amounts. While this is the first time cesium-134 has been detected on US shores, Higley said "really tiny quantities" have previously been found in albacore tuna. The Oregon samples were collected by the Woods Hole Oceanographic Institution in January and February. Each sample measured 0.3 becquerels, a unit of radioactivity, per cubic meter of cesium-134 -- significantly lower than the 50 million becquerels per cubic meter measured in Japan after the disaster.

Read Replies (0)
Titans Return Leader Class Soundwave Found at US Retail
Posted by News Fetcher on December 09 '16 at 07:37 PM
By Matty from TFW2005:
<img width="338" height="600" src="http://news.tfw2005.com/wp-content/uploads/sites/10/2016/12/TR_Soundwave_Released.jpg" alt="" />

Thanks to TFW2005 member vbjjune, we have our first US retail sighting of Titans Return Leader Class Soundwave! Just in time for the Christmas shopping, Soundwave was found at Walmart in Conroe, Texas. Be on the lookout for more sightings! Happy hunting TFW!

The post Titans Return Leader Class Soundwave Found at US Retail appeared first on Transformer World 2005 - TFW2005.COM.

Read Replies (0)
Final Vent: Kamen Rider Ryuki Actor Satoshi Matsuda catches voyeur
Posted by News Fetcher on December 09 '16 at 06:57 PM
By Salvador G Rodiles from Japanator:
When a hero's battle against evil comes to a close, this doesn't mean that their passion for justice hasn't stopped. Even though it's been a long time since Satoshi Masuda (Kamen Rider Ryuki's Ren/Kamen Rider Knight, Akihabara@Deep's Tozaka) became a Rider to battle monsters and other Riders, the guy isn't going to let a voyeur have his way.

While Matsuda and his wife were shopping in Kumiyama Town, Kyoto Prefecture, a voyeur took photos of Matsuda's wife's skirt with a smartphone. Luckily, Matsuda heard his beloved scream, so he was able to chase down the culprit and take him to the police.

Matsuda talked about the incident on Twitter and he let everyone know that he and his wife are safe. Considering that his character in Ryuki was a guy who's willing to do what he could to free his beloved from her coma, it's great to see that he did his best to stop someone who was ruining his wife's day. This show's that any person that's been in a toku show continue to have the heart of a hero when things get tough.

[via Orends: Range]



Read Replies (0)
Google Starts Using HTML5 By Default Instead of Flash For Some Chrome Users
Posted by News Fetcher on December 09 '16 at 06:18 PM
By BeauHD from Slashdot's coming-to-a-browser-near-you department:
Google announced in a blog post today that it will be rolling out a feature over the next few months that starts disabling Flash and displaying HTML5 content instead on certain websites. Google notes, "This change disables Adobe Flash Player unless there's a user indication that they want Flash content on specific sites, and eventually all websites will require the user's permission to run Flash." VentureBeat reports: Google has deployed the change for half of the people who are using Chrome 56 beta, which rolled out yesterday, Google technical program manager Eric Deily wrote in a blog post. Then, "in the next few days," Deily wrote, the feature will be active for 1 percent of users of Chrome 55 stable. And by February 2016 it will be live for all users in Chrome 56 stable, Deily wrote. The idea is to lessen the dependence on a web component that can cause a drag on CPU and memory usage and shorten battery life as a result. Flash also has a track record of security issues.

Read Replies (0)
Researchers Point Out 'Theoretical' Security Flaws In AMD's Upcoming Zen CPU
Posted by News Fetcher on December 09 '16 at 06:18 PM
By BeauHD from Slashdot's buyer-beware department:
An anonymous reader writes from a report via BleepingComputer: The security protocol that governs how virtual machines share data on a host system powered by AMD Zen processors has been found to be insecure, at least in theory, according to two German researchers. The technology, called Secure Encrypted Virtualization (SEV), is designed to encrypt parts of the memory shared by different virtual machines on cloud servers. AMD, who plans to ship SEV with its upcoming line of Zen processors, has published the technical documentation for the SEV technology this past April. The German researchers have analyzed the design of SEV, using this public documentation, and said they managed to identify three attack channels, which work, at least in theory. [In a technical paper released over the past weekend, the researchers described their attacks:] "We show how a malicious hypervisor can force the guest to perform arbitrary read and write operations on protected memory. We describe how to completely disable any SEV memory protection configured by the tenant. We implement a replay attack that uses captured login data to gain access to the target system by solely exploiting resource management features of a hypervisor." AMD is scheduled to ship SEV with the Zen processor line in the first quarter of 2017.

Read Replies (0)
Bose Launches 'Hearphones' That Act Like Hearing Aids
Posted by News Fetcher on December 09 '16 at 04:55 PM
By BeauHD from Slashdot's focused-conversation department:
Bose has launched a new pair of earbuds called Hearphones that augment the sounds of the world around you, letting you select what kinds of outside noises you'd like to listen to. "Hearphones users can also pick which direction those outside noises come from, with what appears to be specific emphasis on helping people hear voices better in crowded places," reports The Verge: A "Bose Hear" app was recently added to the App Store, and offers a little more detail about what Hearphones are capable of. You can turn the "world volume" up or down, and change the direction you're hearing those sounds from. There are preset modes like "television," "focused conversation," "airplane," "doctor's office," or "gym," all of which presumably block out different sounds from different directions while letting in things like speech. A user manual was also recently submitted to the FCC. No pricing or availability can be found anywhere on Bose's website or in the app. Here's some more from that app's description: "Innovative technologies amplify softer sounds, let you turn down the distractions in noisy environments and focus on what you want to hear -- like a conversation across the table. You can also use them as controllable noise cancelling [sic] wireless headphones for your music or calls or just for quiet. Take control of the noise, and hear the world better."

Read Replies (0)
AirPods Delay Attributed To Apple Ensuring Both Earpieces Receive Audio At Same Time
Posted by News Fetcher on December 09 '16 at 04:55 PM
By BeauHD from Slashdot's any-day-now department:
An anonymous reader quotes a report from Mac Rumors: AirPods were originally slated to launch in October, but the wireless earphones were later delayed. Apple said it needed "a little more time" before they are ready for customers, and it has yet to provide an official update since. While the exact reason for the delay remains unclear, a person familiar with the development of AirPods told The Wall Street Journal that Apple's troubles appear to be related to its "efforts to chart a new path for wireless headphones," in addition to resolving what happens when users lose one of the earpieces or the battery dies. The Wall Street Journal reports: "A person familiar with the development of the AirPod said the trouble appears to stem from Apple's effort to chart a new path for wireless headphones. In most other wireless headphones, only one earpiece receives a signal from the phone via wireless Bluetooth technology; it then transmits the signal to the other earpiece. Apple has said AirPod earpieces each receive independent signals from an iPhone, Mac or other Apple device. But Apple must ensure that both earpieces receive audio at the same time to avoid distortion, the person familiar with their development said. That person said Apple also must resolve what happens when a user loses one of the earpieces or the battery dies."

Read Replies (0)
Google Is Testing User Ratings For Movies, TV Within Search Results
Posted by News Fetcher on December 09 '16 at 04:55 PM
By BeauHD from Slashdot's two-thumbs-way-up department:
Google has confirmed to Search Engine Land that it is testing a feature allowing users to rate movies or TV shows directly in the search results interface. "We're currently experimenting with the feature but have nothing to announce at this time," a Google spokesperson said. TechCrunch reports: Unlike other movie and TV rating platforms, Google's feature is not on a scale from one to five but instead offers a binary choice: like or dislike. Information about weather, ticket purchasing options and more used to be available on unique, individual websites. Today, however, Google has incorporated this information and functionality into the search results layer of its own service. Within the movie ratings feature, users will also be able to see the Rotten Tomatoes and IMDb ratings for the title, as they always have. You can view a screenshot of the rating system here.

Read Replies (0)
FNAF's FINAL SECRET | Sister Location Custom Night
Posted by News Fetcher on December 09 '16 at 04:44 PM
By The Game Theorists from The Game Theory:


Read Replies (0)
Uber Is Treating Its Drivers As Sweated Labor, Says Report
Posted by News Fetcher on December 09 '16 at 03:22 PM
By msmash from Slashdot's app-economy department:
Uber treats its drivers as Victorian-style "sweated labor", with some taking home less than the minimum wage, according to a report into its working conditions based on the testimony of dozens of drivers. From a report on The Guardian: Drivers at the taxi-hailing app company reported feeling forced to work extremely long hours, sometimes more than 70 a week, just to make a basic living, said Frank Field, the Labor MP and chair of the work and pensions committee. Field received testimony from 83 drivers who said they often took home significantly less than the "national living wage" after paying their running costs. The report says they described conditions that matched the Victorian definition of sweated labor: "when earnings were barely sufficient to sustain existence, hours of labor were such as to make lives of workers periods of ceaseless toil; and conditions were injurious to the health of workers and dangerous to the public."

Read Replies (0)
DHS Tried To Breach Our Firewall, Says Georgia's Secretary of State
Posted by News Fetcher on December 09 '16 at 01:45 PM
By BeauHD from Slashdot's access-denied department:
An anonymous reader quotes a report from CyberScoop: Georgia's secretary of state has claimed the Department of Homeland Security tried to breach his office's firewall and has issued a letter to Homeland Security Secretary Jeh Johnson asking for an explanation. Brian Kemp issued a letter to Johnson on Thursday after the state's third-party cybersecurity provider detected an IP address from the agency's Southwest D.C. office trying to penetrate the state's firewall. According to the letter, the attempt was unsuccessful. The attempt took place on Nov. 15, a few days after the presidential election. The office of the Georgia Secretary of State is responsible for overseeing the state's elections. "At no time has my office agreed to or permitted DHS to conduct penetration testing or security scans of our network," Kemp wrote in the letter, which was also sent to the state's federal representatives and senators. "Moreover, your department has not contacted my office since this unsuccessful incident to alert us of any security event that would require testing or scanning of our network. This is especially odd and concerning since I serve on the Election Cyber Security Working Group that your office created." "The Department of Homeland Security has received Secretary Kemp's letter," a DHS spokesperson told CyberScoop. "We are looking into the matter. DHS takes the trust of our public and private sector partners seriously, and we will respond to Secretary Kemp directly." Georgia was one of two states that refused cyber-hygiene support and penetration testing from DHS in the leadup to the presidential election. The department had made a significant push for it after hackers spent months exposing the Democratic National Committee's internal communications and data.

Read Replies (0)
Twitter Cuts API Access For Media Sonar, Spy Tool Used To Target Black Lives Matter
Posted by News Fetcher on December 09 '16 at 01:45 PM
By msmash from Slashdot's cutting-ties department:
Police have now one less tool to monitor users on Twitter. The Daily Dot is reporting that Twitter has cut ties with a third-party social network surveillance firm, citing company policies intended to safeguard users against the surreptitious collection of data by law enforcement agencies. From the report: The severed contract follows Twitter nullifying the commercial data agreements of two other leading social-network-surveillance firms, Geofeedia and Snaptrends. Previously unreported, Twitter severed the access of Media Sonar, an Ontario-based company founded in 2012, which has sold surveillance software to police departments across the United States. Nineteen local government services are known to have each spent at least $10,000 on the software between 2014 and 2016, according to documents acquired under state open-records laws. Twitter informed the Daily Dot this week that it had terminated Media Sonar's access to its public API in October. If the company attempts to create other API keys, Twitter said, "we will terminate those as well and take further action as appropriate."

Read Replies (0)