Security

Microsoft Opens Vulnerability Bounty Program For Spartan Browser 53

Posted by timothy
from the why-not-leave-the-code-to-survive-infancy-alone? dept.
jones_supa writes: As it did in the past when it tried to make Internet Explorer more secure, Microsoft has launched a new bug bounty program for Spartan browser, the default application of Windows 10 for surfing the information highway. A typical remote code execution flaw can bring between $1,500 and $15,000, and for the top payment you also need to provide a functioning exploit. The company says that it could pay even more than that, if you convince the jury on the entry quality and complexity. Sandbox escape vulnerabilities with Enhanced Protected Mode enabled, important or higher severity vulnerabilities in Spartan or its engine, and ASLR info disclosure vulnerabilities are also eligible. If you want to accept the challenge, Microsoft provides more information on how to participate.
Windows

Buggy Win 95 Code Almost Wrecked Stuxnet Campaign 86

Posted by timothy
from the when-governments-attack dept.
mask.of.sanity writes: Super-worm Stuxnet could have blown its cover and failed its sabotage mission due to a bug that allowed it to spread to ancient Windows boxes, malware analysts say. Stuxnet was on the brink of failure thanks to buggy code allowing it to spread to PCs running older and unsupported versions of Windows, and probably causing them to crash as a result. Those blue screens of death would have raised suspicions at the Natanz nuclear lab.
Bug

Groupon Refuses To Pay Security Expert Who Found Serious XSS Site Bugs 144

Posted by samzenpus
from the pay-the-man dept.
Mark Wilson writes: Bounty programs benefit everyone. Companies like Microsoft get help from security experts, customers gain improved security, and those who discover and report vulnerabilities reap the rewards financially. Or at least that's how things are supposed to work. Having reported a series of security problems to discount and deal site Groupon, security researcher Brute Logic from XSSposed.org was expecting a pay-out — but the site refuses to give up the cash. In all, Brute Logic reported more than 30 security issues with Groupon's site, but the company cites its Responsible Disclosure policy as the reason for not handing over the cash.
Bug

iOS WiFi Bug Allows Remote Reboot of All Devices In Area 117

Posted by timothy
from the wardriving-experiment dept.
New submitter BronsCon writes: A recently disclosed flaw in iOS 8 dubbed "No iOS Zone" allows an attacker to create a WiFi hot spot that will cause iOS devices to become unstable, crash, and reboot, even when in offline mode. Adi Sharabani and Yair Amit of Skycure are working with Apple for a fix; but, for now, the only workaround is to simply not be in range of such a malicious network.
Windows

iTunes Stops Working For Windows XP Users 366

Posted by timothy
from the why-it-seems-like-only-yesterday dept.
An anonymous reader writes: iTunes users who still run Windows XP started to experience connectivity issues this week. As documented in an Apple Support Communities thread, they can't log into the iTunes store, meaning functions like buying content, watching already purchased movies and TV shows, playing DRM-protected content, backing up, updating, and syncing all do not work.
Bug

Networking Library Bug Breaks HTTPS In ~1,500 iOS Apps 73

Posted by Soulskill
from the snake-in-the-walled-garden dept.
mrflash818 writes: A new report from analytics service SourceDNA found that roughly 1,500 iOS apps (with about 2 million total installs) contain a vulnerability that cripples HTTPS and makes man-in-the-middle attacks against those apps easy to pull off. "The weakness is the result of a bug in an older version of the AFNetworking, an open-source code library that allows developers to drop networking capabilities into their apps. Although AFNetworking maintainers fixed the flaw three weeks ago with the release of version 2.5.2, at least 1,500 iOS apps remain vulnerable because they still use version 2.5.1. That version became available in January and introduced the HTTPS-crippling flaw."
Space

Incorrectly Built SLS Welding Machine To Be Rebuilt 150

Posted by timothy
from the but-in-a-crash-you'd-be-totally-safe dept.
schwit1 writes A giant welding machine, built for NASA's multi-billion dollar Space Launch System (SLS), has to be taken apart and rebuilt because the contractor failed to reinforce the floor, as required, prior to construction: "Sweden's ESAB Welding & Cutting, which has its North American headquarters in Florence, South Carolina, built the the roughly 50-meter tall Vertical Assembly Center as a subcontractor to SLS contractor Boeing at NASA's Michoud Assembly Facility in New Orleans.

ESAB was supposed to reinforce Michoud's floor before installing the welding tool, but did not, NASA SLS Program Manager Todd May told SpaceNews after an April 15 panel session during the 31st Space Symposium here. As a result, the enormous machine leaned ever so slightly, cocking the rails that guide massive rings used to lift parts of the 8.4-meter-diameter SLS stages The rings wound up 0.06 degrees out of alignment, which may not sound like much, "but when you're talking about something that's 217 feet [66.14 meters] tall, that adds up," May said.

Asked why ESAB did not reinforce the foundation as it was supposed to, May said only it was a result of "a miscommunication between two [Boeing] subcontractors and ESAB."

It is baffling how everyone at NASA, Boeing, and ESAB could have forgotten to do the reinforcing, even though it was specified in the contract. It also suggests that the quality control in the SLS rocket program has some serious problems.
GUI

KDE Plasma 5.3 Beta Brings Lot of Improvements 64

Posted by timothy
from the gui-not-gooey dept.
jones_supa writes: The KDE project today announced the release of KDE Plasma 5.3 beta. It brings better power management, improved Bluetooth support, improved widgets, Wayland support, new media center, and nearly 350 bugfixes. The power management improvements include settings that can be independently configured per activity, there is a new energy usage monitor available in KInfoCenter, and a battery applet identifies applications that hog power. Bluetooth applet brings added support for blocking and unblocking devices. New touchpad module has been added as well. The combined window manager and compositor KWin is now able to start a nested XWayland server, which acts as a bridge between the old X11 and the new Wayland world.

Amazing bug-sized robots developed in DARPA project

Posted by Slashdot Staff
Researchers in Silicon Valley have developed insect-size robots that can manufacture microstructures that are too small and complex to be built by current machinery or by hand. The robots are part of work by SRI International into next-generation manufacturing technology funded by the Defense Advanced Projects Agency (DARPA), the U.S. military's research and development arm.
Windows

Remote Code Execution Vulnerability Found In Windows HTTP Stack 119

Posted by Soulskill
from the another-day,-another-vuln dept.
jones_supa writes: A remote code execution vulnerability exists in the Windows HTTP stack that is caused when HTTP.SYS parses specially-crafted HTTP requests. An attacker who has successfully exploited this vulnerability could execute arbitrary code under the SYSTEM context. Details of the bug are withheld, but exploit code is floating around. Microsoft describes the issue in security bulletin MS15-034. An update (KB3042553) is already available for all supported editions of Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, Windows 8.1, and Windows Server 2012 R2. As a workaround, Microsoft offers disabling IIS kernel caching.
Data Storage

New Samsung SSD 840 EVO Read Performance Fix Coming Later This Month 72

Posted by Soulskill
from the slower-than-fastest-but-faster-than-slowest dept.
An anonymous reader writes: The Samsung SSD 840 EVO read performance bug has been on the table for over six months now. Initially Samsung acknowledged the issue fairly quickly and provided a fix only a month after the news hit the mainstream tech media, but reports of read performance degradation surfaced again a few weeks after the fix had been released, making it clear that the first fix didn't solve the issue for all users. Two months ago Samsung announced that a new fix is in the works and last week Samsung sent out the new firmware along with Magician 4.6 for testing, which will be available to the public later this month.
Bug

Google Lollipop Bricking Nexus 5 and Nexus 7 Devices 179

Posted by timothy
from the upgrade-is-not-always-the-right-word dept.
First time accepted submitter Zape (303550) writes The Lollipop update has turned sour for me and several other Nexus 7, Gen 2 (and Nexus 5) owners. It seems that I'm not alone in having my tablet boot to the Google Logo since a couple of days after updating to Android 5.0.2. Now Nexus 5 owners are reporting a reboot loop in Android 5.1. My device, like many others, is a couple of months out of warranty, but worked great until the latest OTA update from Google. They branded it, and they updated it, but Google claims it is between the buyers and ASUS, the manufacturer.
Security

Heartbleed One Year Later: Has Anything Changed? 53

Posted by Soulskill
from the vulnerability-names-have-gotten-a-lot-more-annoying dept.
darthcamaro writes: It was on April 7, 2014 that the CVE-2014-0160 vulnerability titled "TLS heartbeat read overrun" in OpenSSL was first publicly disclosed — but to many its a bug known simply as Heartbleed. A new report from certificate vendor Venafi claims that 76% of organizations are still at risk, though it's a statistic that is contested by other vendors as well as other statistics. Qualys' SSL Pulse claims that only 0.3 percent of sites are still at risk. Whatever the risk is today, the bottom line is that Heartbleed did change the security conversation — but did it change it for the better or the worse? A related article explores how Heartbleed could have been found earlier.
Firefox

Mozilla Rolls Back Firefox 37's Opportunistic Encryption Over Security Issue 42

Posted by Soulskill
from the generates-too-many-opportunities dept.
darthcamaro writes: Barely a week ago, Mozilla released Firefox 37, which had a key new feature called opportunistic encryption. The basic idea is that it will do some baseline encryption for data that would have otherwise been sent by a user via clear text. Unfortunately, Mozilla has already issued Firefox 37.0.1, which removes opportunistic encryption. A security vulnerability was reported in the underlying Alternative Services capability that helps to enable opportunistic encryption. "If an Alt-Svc header is specified in the HTTP/2 response, SSL certificate verification can be bypassed for the specified alternate server. As a result of this, warnings of invalid SSL certificates will not be displayed and an attacker could potentially impersonate another site through a man-in-the-middle, replacing the original certificate with their own." They plan to re-enable opportunistic encryption when this issue is investigated and fixed.
Bug

Are Bug Bounties the Right Solution For Improving Security? 58

Posted by timothy
from the 10-bucks-says-they-might-be dept.
saccade.com writes Coding Horror's Jeff Atwood is questioning if the current practice of paying researchers bounties for the software vulnerabilities they find is really improving over-all security. He notes how the Heartbleed bug serves as a counter example to "Linus's Law" that "Given enough eyeballs, all bugs are shallow." "...If you want to find bugs in your code, in your website, in your app, you do it the old fashioned way: by paying for them. You buy the eyeballs. While I applaud any effort to make things more secure, and I completely agree that security is a battle we should be fighting on multiple fronts, both commercial and non-commercial, I am uneasy about some aspects of paying for bugs becoming the new normal. What are we incentivizing, exactly?
Windows

The Most Highly Voted Requests In Windows 10 Feedback Pool 159

Posted by timothy
from the those-sound-reasonable dept.
jones_supa writes: Some of you have probably used the Feedback app of Windows 10 Technical Preview, which has enabled us to submit feature requests and bug reports directly to Microsoft in order to improve the operating system as the company approaches the final release. While Microsoft tries to make some of the requests available, it also depends on the number of votes that each submission gets. Softpedia takes a look at the top 5 requests right now: make Feedback app available in final Windows, too; improve network connections management; allow task view drag windows between desktops; give Cortana the ability to open programs; and bring back resize options for Start Menu.
Bug

'Bar Mitzvah Attack' Plagues SSL/TLS Encryption 23

Posted by timothy
from the process-not-product dept.
ancientribe writes Once again, SSL/TLS encryption is getting dogged by outdated and weak options that make it less secure. This time, it's the weak keys in the older RC4 crypto algorithm, which can be abused such that an attacker can sniff credentials or other data in an SSL session, according to a researcher who revealed the hack today at Black Hat Asia in Singapore. A slice: Bar Mitzvah exploits the weak keys used by RC4 and allows an attacker to recover plain text from the encrypted information, potentially exposing account credentials, credit card data, or other sensitive information. And unlike previous SSL hacks, this one doesn't require an active man-in-the-middle session, just passive sniffing or eavesdropping on SSL/TLS-encrypted connections, [researcher Itsik] Mantin says. But MITM could be used as well, though, for hijacking a session, he says.
Bug

MIT Debuts Integer Overflow Debugger 40

Posted by timothy
from the measure-twice-cut-once dept.
msm1267 writes Students from M.I.T. have devised a new and more efficient way to scour raw code for integer overflows, the troublesome programming bugs that serve as a popular exploit vector for attackers and often lead to the crashing of systems. Researchers from the school's Computer Science and Artificial Intelligence Laboratory (CSAIL) last week debuted the platform dubbed DIODE, short for Directed Integer Overflow Detection. As part of an experiment, the researchers tested DIODE on code from five different open source applications. While the system was able to generate inputs that triggered three integer overflows that were previously known, the system also found 11 new errors. Four of the 11 overflows the team found are apparently still lingering in the wild, but the developers of those apps have been informed and CSAIL is awaiting confirmation of fixes.
Bug

OS X Users: 13 Characters of Assyrian Can Crash Your Chrome Tab 119

Posted by timothy
from the cat-like-typing-detected dept.
abhishekmdb writes No browsers are safe, as proved yesterday at Pwn2Own, but crashing one of them with just one line of special code is slightly different. A developer has discovered a hack in Google Chrome which can crash the Chrome tab on a Mac PC. The code is a 13-character special string which appears to be written in Assyrian script. Matt C has reported the bug to Google, who have marked the report as duplicate. This means that Google are aware of the problem and are reportedly working on it.
Encryption

OpenSSL Security Update Less Critical Than Expected, Still Recommended 64

Posted by timothy
from the man-nips-dog dept.
An anonymous reader writes As announced on Monday, the OpenSSL project team has released new versions of the cryptographic library that fix a number of security issues. The announcement created a panic within the security community, who were dreading the discovery of another Heartbleed-type bug, but as it turns out, the high severity issue fixed is a bug than can be exploited in a DoS attack against servers. Other issues fixed are mostly memory corruption and DoS flaws of moderate and low severity.