By timothy from Slashdot's siphoning-next-the-gas-from-this-tesla department
First time accepted submitter hackajar1 (1700328)
writes "Is it a crime of opportunity or another page in the current chapter of Anti-Tech movement in San Francisco? Either way, the new crime trending in San Francisco invloves tipping Smart Cars on their side. While they only take 3 — 4 people to tip, this could just be kids simply having "fun" at the very expensive cost of car owners. Alternatively it could be part of a larger movement in San Francisco against anyone associated with HiTech, which is largely being blamed for neighborhood gentrification and rent spikes in recent years."
This sounds like a story that would catch the ears of veteran reporter Roland Hedley
.Read Replies (0)
By Unknown Lamer from Slashdot's check-your-bounds department
writes "A potentially very serious bug in OpenSSL 1.0.1 and 1.0.2 beta has been discovered that can leak just about any information, from keys to content. Better yet, it appears to have been introduced in 2011, and known since March 2012."
Quoting the security advisory
: "A missing bounds check in the handling of the TLS heartbeat extension can be used to reveal up to 64k of memory to a connected client or server."
The attack may be repeated and it appears trivial to acquire the host's private key. If you were running a vulnerable release, it is even suggested that you go as far as revoking all of your keys. Distributions using OpenSSL 0.9.8 are not vulnerable (Debian Squeeze vintage). Debian Wheezy, Ubuntu 12.04.4, Centos 6.5, Fedora 18, SuSE 12.2, OpenBSD 5.4, FreeBSD 8.4, and NetBSD 5.0.2 and all following releases are vulnerable. OpenSSL released 1.0.1g today addressing the vulnerability. Debian's fix is in incoming
and should hit mirrors soon, Fedora is having some trouble applying their patches
, but a workaround patch to the package <tt>.spec</tt> (disabling heartbeats) is available for immediate application.Read Replies (0)