Security

D-Link Routers Vulnerable To DNS Hijacking 28

Posted by samzenpus
from the protect-ya-neck dept.
An anonymous reader writes At least one and likely more D-Link routers as well as those of other manufacturers using the same firmware are vulnerable to remote changing of DNS settings and, effectively, traffic hijacking, a Bulgarian security researcher has discovered. Todor Donev, a member of the Ethical Hacker research team, says that the vulnerability is found in the ZynOS firmware of the device, D-Link's DSL-2740R ADSL modem/wireless router. The firmware in question is implemented in many networking equipment manufactured by D-Link, TP-Link Technologies and ZTE.
Government

Drone Maker Enforces No-Fly Zone Over DC, Hijacking Malware Demonstrated 156

Posted by samzenpus
from the fly-that-anywhere dept.
An anonymous reader writes A recent incident at the White House showed that small aerial vehicles (drones) present a specific security problem. Rahul Sasi, a security engineer at Citrix R&D, created MalDrone, the first backdoor malware for the AR drone ARM Linux system to target Parrot AR Drones, but says it can be modified to target others as well. The malware can be silently installed on a drone, and be used to control the drone remotely and to conduct remote surveillance. Meanwhile, the Chinese company that created the drone that crashed on the White House grounds has announced a software update for its "Phantom" series that will prohibit flight within 25 kilometers of the capital.
Science

Spider Spins Electrically Charged Silk 40

Posted by samzenpus
from the will-you-walk-into-my-electric-parlour? dept.
sciencehabit writes In their quest to make ultrastrong yet ultrasmall fibers, the polymer industry may soon take a lesson from Uloborus spiders. Uloborids are cribellate spiders, meaning that instead of spinning wet, sticky webs to catch their prey, they produce a fluffy, charged, wool-like silk. A paper published online today in Biology Letters details the process for the first time. It all starts with the silk-producing cribellar gland. In contrast with other spiders, whose silk comes out of the gland intact, scientists were surprised to discover that uloborids' silk is in a liquid state when it surfaces. As the spider yanks the silk from the duct, it solidifies into nanoscale filaments. This "violent hackling" has the effect of stretching and freezing the fibers into shape. It may even be responsible for increasing their strength, because filaments on the nanoscale become stronger as they are stretched. In order to endow the fibers with an electrostatic charge, the spider pulls them over a comblike plate located on its hind legs. The technique is not unlike the so-called hackling of flax stems over a metal brush in order to soften and prepare them for thread-spinning, but in the spider's case it also gives them a charge. The electrostatic fibers are thought to attract prey to the web in the same way a towel pulled from the dryer is able to attract stray socks.
Programming

Computer Chess Created In 487 Bytes, Breaks 32-Year-Old Record 191

Posted by Soulskill
from the go-small-or-go-home dept.
An anonymous reader writes: The record for smallest computer implementation of chess on any platform was held by 1K ZX Chess, which saw a release back in 1983 for the Sinclair ZX81. It uses just 672 bytes of memory, and includes most chess rules as well as a computer component to play against. The 32-year-old record has been beaten this week by the demoscene group Red Sector Inc. They have implemented a fully-playable version of chess called BootChess in just 487 bytes (readme file including source code).
Businesses

Ubisoft Revokes Digital Keys For Games Purchased Via Unauthorised Retailers 462

Posted by Soulskill
from the there-is-no-entertainment-except-through-us dept.
RogueyWon writes: For the last several days, some users of Ubisoft's uPlay system have been complaining that copies of games they purchased have been removed from their libraries. According to a statement issued to a number of gaming websites, Ubisoft believes that the digital keys revoked have been "fraudulently obtained." What this means in practice is unclear; while some of the keys may have been obtained using stolen credit card details, others appear to have been purchased from unofficial third-party resellers, who often undercut official stores by purchasing cheaper boxed retail copies of games and selling their key-codes online, or by exploiting regional price differences, buying codes in regions where games are cheaper to sell them elsewhere in the world. The latest round of revocations appears to have triggered an overdue debate into the fragility of customer rights in respect of digital games stores.
Businesses

Calif. DMV Back-Pedals On Commercial-Plate Mandate For Ride-Share Drivers 213

Posted by timothy
from the can-your-neighbor-lend-you-a-cup-of-transportation dept.
The San Francisco Chronicle reports that In an abrupt U-turn, the California Department of Motor Vehicles late Friday retracted its finding that drivers for ride-hailing services like Uber, Lyft and Sidecar must obtain commercial license plates. That determination — based on a 1935 state law — ignited a firestorm of criticism from the San Francisco startups and their supporters as stifling innovation. Commercial licenses are cumbersome to obtain, meaning they could impede the companies’ growth, which relies on getting new drivers, many of whom work just part time, into service quickly. And commercial registration probably would have necessitated that drivers get commercial insurance, which is significantly more expensive than personal auto insurance. Republican Assembly members threatened legislation over the “nonsensical” interpretation if the DMV didn’t reconsider its stance before Feb. 17. Now the department says it will do just that. That doesn't mean drivers for companies like Uber and Lyft can expect to be left alone by the DMV, though, which according to the article "will meet with regulators and the industry to work through the issue."
Encryption

Researchers Moot "Teleportation" Via Destructive 3D Printing 162

Posted by timothy
from the don't-tell-the-mpaa dept.
ErnieKey writes Researchers from German-based Hasso Plattner Institute have come up with a process that may make teleportation a reality — at least in some respects. Their 'Scotty' device utilizes destructive scanning, encryption, and 3D printing to destroy the original object so that only the received, new object exists in that form, pretty much 'teleporting' the object from point A to point B. Scotty is based on an off-the-shelf 3D printer modified with a 3-axis milling machine, camera, and microcontroller for encryption, using Raspberry Pi and Arduino technologies." This sounds like an interesting idea, but mostly as an art project illustrating the dangers of DRM. Can you think of an instance where you would actually want the capabilities this machine claims to offer?
EU

TWEETHER Project Promises 10Gbps MmW 92-95GHz Based Wireless Broadband 54

Posted by timothy
from the fater-than-a-station-wagon-full-of-tapes dept.
Mark.JUK writes A new project called TWEETHER, which is funded by Europe's Horizon 2020 programme, has been set up at Lancaster University (England) with the goal of harnessing the millimetre wave (mmW) radio spectrum (specifically 92-95GHz) in order to deploy a new Point to Multipoint wireless broadband technology that could deliver peak capacity of up to 10Gbps (Gigabits per second). The technology will take three years to develop and is expected to help support future 5G based Mobile Broadband networks.
Crime

Silk Road 2.0 Deputy Arrested 126

Posted by samzenpus
from the book-him dept.
An anonymous reader writes With the Ulbricht trial ongoing in a case over the original Silk Road, Homeland Security agents have made another arrest in the Silk Road 2.0 case more than two and a half months after the site was shut down. This time they arrested Brian Richard Farrell who went by the moniker "DoctorClu." From the article: "Homeland Security agents tracked Silk Road 2.0 activity to Farrell's Bellevue home in July, according to an affidavit by Special Agent Michael Larson. In the months that followed, agents watched his activities and interviewed a roommate who said Farrell received UPS, FedEx and postal packages daily. One package was found to contain 107 Xanax pills, Larson said. That led to a search on Jan. 2 that recovered computers, drug paraphernalia, silver bullion bars worth $3,900, and $35,000 in cash, Larson said."
Programming

Is D an Underrated Programming Language? 383

Posted by Soulskill
from the single-letter-names dept.
Nerval's Lobster writes: While some programming languages achieved early success only to fall by the wayside (e.g., Delphi), one language that has quietly gained popularity is D, which now ranks 35 in the most recent Tiobe Index. Inspired by C++, D is a general-purpose systems and applications language that's similar to C and C++ in its syntax; it supports procedural, object-oriented, metaprogramming, concurrent and functional programming. D's syntax is simpler and more readable than C++, mainly because D creator Walter Bright developed several C and C++ compilers and is familiar with the subtleties of both languages. D's advocates argue that the language is well thought-out, avoiding many of the complexities encountered with modern C++ programming. So shouldn't it be more popular? The languages with the biggest gains this time around include JavaScript, PL/SQL, Perl, VB, and COBOL. (Yes, COBOL.) The biggest drops belonged to the six most popular languages: Objective-C, C, Java, C++, PHP, and C#.
Crime

Innocent Adults Are Easy To Convince They Committed a Serious Crime 291

Posted by timothy
from the well-you-did-you-know dept.
binarstu (720435) writes "Research recently published [link is to abstract only; full text requires subscription] in Psychological Science quantifies how easy it is to convince innocent, "normal" adults that they committed a crime. The Association for Psychological Science (APS) has posted a nice summary of the research. From the APS summary: "Evidence from some wrongful-conviction cases suggests that suspects can be questioned in ways that lead them to falsely believe in and confess to committing crimes they didn't actually commit. New research provides lab-based evidence for this phenomenon, showing that innocent adult participants can be convinced, over the course of a few hours, that they had perpetrated crimes as serious as assault with a weapon in their teenage years."
Security

19,000 French Websites Hit By DDoS, Defaced In Wake of Terror Attacks 206

Posted by timothy
from the just-don't-say-mon-dieu dept.
An anonymous reader writes Since the three day terror attack that started in France on January 7 with the attack on satirical newspaper Charlie Hebdo, 19,000 websites of French-based companies have been targeted by cyber attackers. This unprecedented avalanche of cyber attacks targeted both government sites and that of big and small businesses. Most were low-level DDoS attacks, and some were web defacements. Several websites in a number of towns in the outskirts of Paris have been hacked and covered with an image of an ISIS flag. The front pages of the official municipality websites have been covered with the Jihadist militant group's black flag. In a report, Radware researchers noted that Islamic hacker group AnonGhost has also launched a "digital jihad" against France.
AMD

AMD Catalyst Is the Broken Wheel For Linux Gaming 160

Posted by Soulskill
from the didn't-squeek-enough-to-get-the-grease dept.
An anonymous reader writes: Tests of the AMD Catalyst driver with the latest AAA Linux games/engines have shown what poor shape the proprietary Radeon driver currently is in for Linux gamers. Phoronix, which traditionally benchmarks with open-source OpenGL games and other long-standing tests, recently has taken specially interest in adapting some newer Steam-based titles for automated benchmarking. With last month's Linux release of Metro Last Light Redux and Metro 2033 Redux, NVIDIA's driver did great while AMD Catalyst was miserable. Catalyst 14.12 delivered extremely low performance and some major bottleneck with the Radeon R9 290 and other GPUs running slower than NVIDIA's midrange hardware. In Unreal Engine 4 Linux tests, the NVIDIA driver again was flawless but the same couldn't be said for AMD. Catalyst 14.12 wouldn't even run the Unreal Engine 4 demos on Linux with their latest generation hardware but only with the HD 6000 series. Tests last month also showed AMD's performance to be crippling for NVIDIA vs. AMD Civilization: Beyond Earth Linux benchmarks with the newest drivers.
Wireless Networking

Pirate Activist Shows Politicians What Digital Surveillance Looks Like 81

Posted by timothy
from the count-your-spoons-around-the-public-servants dept.
An anonymous reader writes How to make politicians really understand the dangers of mass digital surveillance and the importance of information security? Gustav Nipe, the 26-year old president of the Swedish Pirate Party's youth wing, tried to do it by setting up an open Wi-Fi network at the Society and Defence National Conference held in Sälen, Sweden, and collecting and analyzing the metadata of conference attendees who connected to it. Nipe set up an open wireless Internet access point named "Open Guest" and over 100 delegates used this particular unsecured Wi-Fi network to go online. The collected metadata showed that, among other sites, they visited those of daily Swedish newspaper Aftonbladet, Swedish private ads website Blocket, eBay, and tourism sites. "This was during the day when I suppose they were being paid to be at the conference working," Nipe noted for The Local.
Debian

SystemD Gains New Networking Features 553

Posted by samzenpus
from the making-things-better dept.
jones_supa writes A lot of development work is happening on systemd with just the recent couple of weeks seeing over 200 commits. With the most recent work that has landed, the networkd component has been improved with new features. Among the additions are IP forwarding and masquerading support (patch). This is the minimal support needed and these settings get turned on by default for container network interfaces. Also added was minimal firewall manipulation helpers for systemd's networkd. The firewall manipulation helpers (patch) are used for establishing NAT rules. This support in systemd is provided by libiptc, the library used for communicating with the Linux kernel's Netfilter and changing iptables firewall rulesets. Those wishing to follow systemd development on a daily basis and see what is actually happening under the hood, can keep tabs via the systemd Git viewer.
Security

Cyber Attacks Demonstrated On Autonomous Ground Vehicles 52

Posted by samzenpus
from the mr-toad's-wild-ride dept.
An anonymous reader writes As vehicles increasingly rely on automation, software and technology enhancements to run basic functionality, those systems serve as a potential safety risk when under cyber attack. Mission Secure uses a proprietary methodology developed by the University of Virginia with the Department of Defense for identifying the most consequential and easy to carry out cyber attacks on any system that a defense capability must address. The goal of the pilot is to demonstrate how to identify vehicle safety threats malicious cyber attackers could use to easily compromise the vehicle's key control systems and how these attacks could be detected and protected.
PHP

PHP vs. Node.js: the Battle For Developer Mind Share 245

Posted by Soulskill
from the my-script-is-scriptier-than-your-script dept.
snydeq writes: Simplicity vs. closures, speed of coding vs. raw speed — InfoWorld's Peter Wayner takes a look at how PHP and Node.js stack up against each other. "It's a classic Hollywood plot: the battle between two old friends who went separate ways. Often the friction begins when one pal sparks an interest in what had always been the other pal's unspoken domain. In the programming language version of this movie, it's the introduction of Node.js that turns the buddy flick into a grudge match: PHP and JavaScript, two partners who once ruled the Internet together but now duke it out for the mind share of developers."
Security

Do We Need Regular IT Security Fire Drills? 124

Posted by Soulskill
from the clearly-we-need-something-involving-fire dept.
An anonymous reader writes: This article argues that organizations need to move beyond focusing purely on the prevention of security incidents, and start to concentrate on what they will do when an incident occurs. IT security "fire drills," supported by executive management should be conducted regularly in organizations, in order to understand the appropriate course of action in advance of a security breach. This includes recovering evidence, identifying and resolving the root cause of the incident (not just the symptoms), and undertaking a forensic investigation.
The Almighty Buck

Cryptocurrency Based Basic Income Program Started In Finland 109

Posted by Soulskill
from the money-for-nothin' dept.
jovius writes: Krypto Fin ry, the association behind Fimkrypto cryptocurrency (FIMK), has started to provide each registered Finnish citizen a payment of 1000 FIMK per month in December. 1000 FIMK equals few dimes at the moment, and a bit over 100 people have registered so far. (The registration is free.)

FIMK is based on NXT 2nd generation crypto system; the add-ons and development making it into 2.5G. The roadmap includes payment cards and other technology to enable easier exchange between fiat currencies — FIMK, Bitcoins and others. Krypto Fin ry received 533 BTC in initial donations last Summer. FIMK can be traded for example on DGEX, and it's also a valid payment method in few stores in Finland.
Open Source

Fluxbox 1.3.6 Released 63

Posted by Soulskill
from the onward-and-upward dept.
jones_supa writes: After nearly two years since the previous release, the Fluxbox team has released version 1.3.6 to start off the new year. Like most Linux geeks already know, Fluxbox is the long-standing X window manager derived from Blackbox. The new version (announcement) puts emphasis on quality assurance and takes care of fixing a bunch of critical bugs: clocktool problems, rendering long text, race condition on shutdown, lost keypresses after workspace switch, corruption of fbrun-history, and resize and move problems. The two new features are an ArrangeWindowsStack action and treating Windows with a WM_CLASS as DockApp as DockApps. Translations for Bulgarian, Hebrew and Japanese also got updates. The Fluxbox project sends many thanks to all the contributors.