Soulskill - Slashdot User

Submission + - Samsung Cripples Windows Update To Prevent Incompatible Drivers

Submitted by jones_supa on Wednesday June 24, 2015 @05:10AM

jones_supa writes: If we were to tell you that your machine downloaded a file called Disable_Windowsupdate.exe, you would probably think that we are talking about malware. This is actually an helper utility by Samsung, for which their reasoning is: "When you enable Windows updates, it will install the Default Drivers for all the hardware no laptop which may or may not work. For example if there is USB 3.0 on laptop, the ports may not work with the installation of updates. So to prevent this, SW Update tool will prevent the Windows updates." Too bad that the solution means disabling all critical security updates as well. This isn't the first time an OEM goes against its users. From earlier this year, we remember the Superfish adware from Lenovo, and system security being compromised by the LG split screen software.

Submission + - Google launches free Pandora rival in the US (musicbusinessworldwide.com)

Submitted by journovampire on Wednesday June 24, 2015 @05:06AM

journovampire writes: Google Play has ‘gone freemium’ in the US, launching an ad-supported digital radio service in a bid to attract more users to its platform.

Submission + - Killer character HOSES almost all versions of Adobe Reader, Windows (theregister.co.uk)

Submitted by mask.of.sanity on Wednesday June 24, 2015 @04:36AM

mask.of.sanity writes: Google Project Zero hacker Mateusz Jurczyk has dropped 15 remote code execution vulnerabilities, including a single devastating hack against Adobe Reader and Windows he reckons beats all exploit defences.

The accomplished offensive security researcher published a video demonstration of the exploit for 32-bit and 64-bit systems. His slides are here [PDF].

Submission + - Building The Face Of A Criminal From DNA

Submitted by Dave Knott on Wednesday June 24, 2015 @01:19AM

Dave Knott writes: It sounds like science fiction, but revealing the face of a criminal based on their genes may be closer than we think. In a process known as molecular photo fitting, scientists are experimenting with using genetic markers from DNA to build up a picture of an offender's face. Dr Peter Claes, a medical imaging specialist at the University of Leuven has amassed a database of faces and corresponding DNA. Armed with this information, he is able to model how a face is constructed based on just 20 genes (this number will soon be expanded to 200). At the moment, police couldn't publish a molecular photo-fit like this and hope to catch a killer. But that's not how Dr Claes sees the technique being used in a criminal investigation. "If I were to bring this result to an investigator, I wouldn't necessarily give him the image to broadcast. I would talk to him and say okay, you're looking for a woman, with a very specific chin and eyebrow structure."

Submission + - NSA eavesdropped on the last three French presidents: WikiLeaks (nytimes.com)

Submitted by Earthquake Retrofit on Tuesday June 23, 2015 @07:18PM

Earthquake Retrofit writes: The New York Times is reporting that WikiLeaks has released "...material which appeared to capture officials in Paris talking candidly about Greece's economy, relations with Germany — and, ironically, American espionage... It came a day before the French Parliament is expected to definitively pass a controversial security bill legalizing broad surveillance, particularly of terrorism suspects."

Submission + - Car hacking - it's FAR too easy... (economist.com)

Submitted by Bruce66423 on Tuesday June 23, 2015 @07:03PM

Bruce66423 writes: "Consumer Reports got an eye-opener during a visit to a National Highway Traffic Safety Administration (NHTSA) laboratory. The publication’s editors were surprised when a technician turned off the engine of a test car they were driving using nothing more than a mobile phone. NHTSA has found ways of tampering remotely with door locks, seat-belt tensioners, instrument panels, brakes, steering mechanisms and engines—all while the test cars were being driven.

"Last summer, for instance, during a meeting of automotive engineers and security experts, a 14-year-old schoolboy showed industry experts how to take control of a car remotely using circuitry he had lashed up overnight with $15 worth of parts bought from Radio Shack the day before. The youngster turned the windscreen wipers on and off, locked and unlocked the doors, engaged the engine-start mechanism, and had the headlamps flash to the beat of a tune on his iPhone."

There is hope: "This being litigious America, the automakers concerned quickly found themselves in the legal cross-hairs, as owners sought financial compensation for their vehicles’ perceived vulnerabilities."

Submission + - Study: Major ISPs Slowing Traffic Across the US (theguardian.com)

Submitted by Anonymous Coward on Tuesday June 23, 2015 @06:07PM

An anonymous reader writes: A study based on test results from 300,000 internet users "found significant degradations on the networks of the five largest internet service providers" in the United States. This group includes Time Warner Cable, Verizon, and AT&T. "The study, supported by the technologists at Open Technology Institute’s M-Lab, examines the comparative speeds of Content Delivery Networks (CDNs), which shoulder some of the data load for popular websites. ... The study, supported by the technologists at Open Technology Institute’s M-Lab, examines the comparative speeds of Content Delivery Networks (CDNs), which shoulder some of the data load for popular websites." These findings arrive shortly after the FCC's new net neutrality rules took effect across the U.S.

Submission + - Your Next Allstate Inspector Might Be a Drone

Submitted by cameronag on Tuesday June 23, 2015 @04:23PM

cameronag writes: Following on the heels of EasyJet's plan to inspect planes with drones, insurance giant Allstate has received FAA clearance to test drones for insurance inspections. The company plans to use drones to inspect roofing, weather damage, and collapsed structures, among other things, and says the technology will ultimately speed up claims processing.

Submission + - IT pros blast Google over Android's refusal to play nice with IPv6 (networkworld.com)

Submitted by alphadogg on Tuesday June 23, 2015 @03:32PM

alphadogg writes: The widespread popularity of Android devices and the general move to IPv6 has put some businesses in a tough position, thanks to Android’s lack of support for a central component in the newer standard. DHCPv6 is an outgrowth of the DHCP protocol used in the older IPv4 standard – it’s an acronym for “dynamic host configuration protocol,” and is a key building block of network management. Nevertheless, Google’s wildly popular Android devices – which accounted for 78% of all smartphones shipped worldwide in the first quarter of this year – don’t support DHCPv6 for address assignment.

Submission + - GMail Lets You Undo Sent E-Mails

Submitted by jones_supa on Tuesday June 23, 2015 @03:01PM

jones_supa writes: A GMail feature that Google has been testing for years is one you might not even know exists: Undo Send. It artificially delays sending your e-mail for a few seconds after you click Send, so you can take the message back if you realize that there is a mistake. Google announced in a blog post this week that Undo Send is becoming an official feature. For users who already had the Undo Send beta enabled, the feature will remain on, and those who didn't, can turn it on via the General tab under Settings. Users can choose if they want to hold their mail for 5, 10, 20 or 30 seconds.

Submission + - Emergency Adobe Flash Patch Fixes Zero Day Under Attack (threatpost.com)

Submitted by msm1267 on Tuesday June 23, 2015 @01:16PM

msm1267 writes: Adobe released an emergency patch for a Flash zero day used in targeted attacks by APT3, the same group behind 2014’s Clandestine Fox attacks.

Adobe said Flash Player 18.0.0.161 and earlier for Windows and Macintosh systems are affected, as is 11.2.202.466 for Linux 11.x versions.

The current iteration of Clandestine Fox attacks shares many traits with last year’s attacks, including generic, almost spam-like phishing emails intent on snaring as many victims as possible that can be analyzed for their value before additional attacks are carried out. The two campaigns also share the same custom backdoor called SHOTPUT, as well as an insistence on using a throwaway command and control infrastructure.

Submission + - U.S. Securities and Exchange Commission hunting insider trading hackers (thestack.com)

Submitted by Anonymous Coward on Tuesday June 23, 2015 @11:56AM

An anonymous reader writes: The U.S. Securities and Exchange Commission are actively investigating the FIN4 financial hacking group identified by FireEye last December [http://it.slashdot.org/story/14/12/01/1827235/cyber-ring-stole-secrets-for-gaming-us-stock-market], according to a Reuters exclusive [http://www.reuters.com/article/2015/06/23/us-hackers-insidertrading-idUSKBN0P31M720150623]. In an unprecedented extension of its usual practice, the SEC is soliciting information about security breaches from private companies, which are not obliged to reveal them unless the breach enters into categories covered by federal law. Former SEC Head of Internet Enforcement John Reed Stark describes the proactive stance of the organisation as an ‘absolute first’.

Submission + - HP Researchers Disclose Details of Internet Explorer Zero Day

Submitted by Trailrunner7 on Tuesday June 23, 2015 @11:42AM

Trailrunner7 writes: Researchers at HP’s Zero Day Initiative have disclosed full details and proof-of-concept exploit code for a series of bugs they discovered that allow attackers to bypass a key exploit mitigation in Internet Explorer. The disclosure is a rarity for ZDI. The company typically does not publish complete details and exploit code for the bugs it reports to vendors until after the vulnerabilities are fixed. But in this case, Microsoft has told the researchers that the company doesn’t plan to fix the vulnerabilities, even though the bugs were serous enough to win ZDI’s team a $125,000 Blue Hat Bonus from Microsoft. The reason: Microsoft doesn’t think the vulnerabilities affect enough users.

The vulnerabilities that the ZDI researchers submitted to Microsoft enable an attacker to fully bypass ASLR (address space layout randomization), one of the many mitigations in IE that help prevent successful exploitation of certain classes of bugs. ZDI reported the bugs to Microsoft last year and disclosed some limited details of them in February. The researchers waited to release the full details until Microsoft fixed all of the flaws, but Microsoft later informed them that they didn’t plan to patch the remaining bugs because they didn’t affect 64-bit systems.

Submission + - The 2015 Open Source Summer Reading List (opensource.com)

Submitted by ectoman on Tuesday June 23, 2015 @10:30AM

ectoman writes: Opensource.com has just published its annual Open Source Summer Reading List. This year's edition contains 15 recommendations for books that celebrate open source values and practices. Topics include Python programming, Grace Hopper, open-minded leadership, and teaching children to code. And until July 3, five readers can win one copy of any book from the list.

Submission + - Open Source Security Projects Get $452,000 From The Linux Foundation

Submitted by Anonymous Coward on Monday June 22, 2015 @07:12AM

An anonymous reader writes: The Core Infrastructure Initiative (CII), a project managed by The Linux Foundation that enables technology companies, industry stakeholders and esteemed developers to collaboratively identify and fund critical open source projects in need of assistance, today announced financial support of nearly $500,000 for three new projects to better support critical security elements of today’s global information infrastructure.

The CII provides funding for key developers to work full-time on open source projects, security audits, computing and test infrastructure, travel, face-to-face meeting coordination and other support. The project is organized by The Linux Foundation and supported by Amazon Web Services, Adobe, Bloomberg, Cisco, Dell, Facebook, Fujitsu, Google, Hitachi, HP, Huawei, IBM, Intel, Microsoft, NetApp, NEC, Qualcomm, RackSpace, salesforce.com, and VMware.

Slashdot Top Deals