electronic convict - Slashdot User

Submission + - Bash shell vulnerable to attack

Submitted by JediJeremy on Thursday September 25, 2014 @11:25AM

JediJeremy writes: Several sources are reporting that there has been a vulnerability discovered in the bash shell, with some estimates that this could affect more systems than Heartbleed. From the Red Hat article
The vulnerability arises from the fact that you can create environment variables with specially-crafted values before calling the bash shell. These variables can contain code, which gets executed as soon as the shell is invoked. The name of these crafted variables does not matter, only their contents. As a result, this vulnerability is exposed in many contexts

Submission + - Ask Slashdot: Is reporting still relevant? (nabble.com)

Submitted by MrWHO on Thursday September 25, 2014 @10:47AM

MrWHO writes: A while ago we switched for monitoring our systems to the ELK (ElasticSearch, LogStash and Kibana) stack. Our management wanted to keep the reports they got — and possibly never read — flowing in at the beginning of every week with statistics like sites traffic, servers downtime, security alerts and the works. As we migrated some of our clients to the same stack they kept all asking for the same thing: reporting.

There was no way for us to create and schedule reports from ElasticSearch — searches for ElasticSearch and Jasper Reports returned nothing apart from people asking how to do it — so we created our own Jasper Reports plugin to create reports from ElasticSearch data, which we released on GitHub a while ago, and we promptly moved along.

None of our clients were easily convinced that a dashboard — Kibana — was a substitute for mail delivered PDFs, even if all the information was there, with custom created panels and selectable date ranges. On the other hand in on the elastic search mailing list when questions were asked about "how do I do reports" the answer was, and I sum it up here, "Why would you want reports when you have a dashboard?".

What I am asking the Slashdot crowd is: are reports still relevant — the PDF, templated, straight in to your mail kind — or the subset of my clients — we operate mainly in Italy — is a skewed sample of what's the actual reality of access to summary data? Are dashboards — management targeted ones — the current accepted solution or — in your experience — reports are still a hot item for management?

Submission + - Significant BASH vulnerability found (us-cert.gov) 2

Submitted by SpuriousLogic on Thursday September 25, 2014 @10:22AM

SpuriousLogic writes: US-CERT is aware of a Bash vulnerability affecting Unix-based operating systems such as Linux and Mac OS X. Exploitation of this vulnerability may allow a remote attacker to execute arbitrary code on an affected system.

US-CERT recommends users and administrators review the Redhat Security Blog (link is external) for additional details and to refer to their respective Linux or Unix-based OS vendor(s) for an appropriate patch. A GNU Bash patch is also available for experienced users and administrators to implement.
Operating systems with updates include:
CentOS
Debian
Redhat (link is external)
Ubuntu

Submission + - 'Space bubbles' may have led to deadly battle in Afghanistan (sciencemag.org)

Submitted by sciencehabit on Tuesday September 23, 2014 @05:16PM

sciencehabit writes: A new study reveals that one of the bloodiest battles for U.S. forces in Afghanistan may have been caused by "space bubbles". In early 2002, a rescue mission went awry because a U.S. command post was unable to radio one of its helicopters about mistaken coordinates. The chopper ended up being shot down by the same al-Qaida forces that necessitated the rescue mission in the first place. Now scientists say that turbulent pockets of ionized gas may have deflected the military satellite radio signals enough to cause temporary communications blackouts in the region--and thus prevented the warning from getting to the rescue helicopter. The mission turned into a 17-hour firefight, costing seven lives.

Submission + - The sexual threats against Emma Watson are an attack on every woman (vox.com)

Submitted by Lasrick on Tuesday September 23, 2014 @03:18PM

Lasrick writes: This is an important read. If the speech that Emma Watson gave to the United Nations gathering on September 21st can cause such misogyny, then the very act of women speaking will cause it (which seems to be the case when it comes to the internet). 'Emma Watson makes a wonderful UN Goodwill Ambassador. If the campaign she champions is successful, she will have done tremendous good in the world. There is nothing about her private, consensual sexual life that has any bearing on the value of her work, the validity of her feminist views, or her integrity as a person. If her stolen nude photos are leaked on the internet in retaliation for her work, that will not mean that she was irresponsible or reckless, it will mean that she is brave. Regardless of whether any photos are released, the threats against Watson are already an attack on all of us. And we should all take it personally.'

Comment Note to mods (Score 1) 1

by electronic convict on Tuesday September 23, 2014 @03:14PM (#47976793) Attached to: Apple's TouchID Fingerprint Scanner: Still Hackable

Rogers only tested the iPhone 6 sensor, not the 6 Plus. His reference to "both devices" is to the 5S and the 6. Apologies for the hurried reading of his post.

Submission + - Apple's TouchID Fingerprint Scanner: Still Hackable (lookout.com) 1

Submitted by electronic convict on Tuesday September 23, 2014 @02:43PM

electronic convict writes: A year ago, security researcher Marc Rogers demonstrated how to spoof the TouchID sensor in the iPhone 5S using some Elmer's glue and glycerol — oh, and a high resolution camera and a laser printer.

Has TouchID security improved at all on the iPhone 6 and 6 Plus? Not really, Rogers reports in his latest post, in which he again hacks the latest TouchID sensors using the same method as before. 'Fake fingerprints created using my previous technique were able to readily fool both devices,' he reports.

Rogers, however, says there's no reason to panic, as the attack requires substantial skill, patience and a good clear fingerprint. . As he writes: 'We use locks on our doors to keep criminals out not because they are perfect, but because they are both convenient and effective enough to meet most traditional threats.'

Submission + - Big bang finding from earlier this year may be dead (sciencemag.org)

Submitted by sciencehabit on Tuesday September 23, 2014 @02:35PM

sciencehabit writes: A beleaguered claim that appeared to reveal the workings of the big bang may instead say more about how science is done in an age of incessant news coverage. In March, researchers working with a specialized telescope at the South Pole, known as BICEP2, reported extremely faint pinwheel-like swirls in the afterglow of the big bang—the so-called cosmic microwave background (CMB). They claimed they had found traces of gravitational waves rippling through the infant universe—direct evidence that the newborn cosmos had undergone a bizarre exponential growth spurt known as inflation. But the supposed signal might have been emitted by warm dust within our own galaxy, others argued. Now, data from the European Space Agency's Planck spacecraft show that dust accounts for some, and possibly all, of the BICEP signal.

Submission + - Ebola Cases Could Reach 1.4 Million in 4 Months (nytimes.com)

Submitted by mdsolar on Tuesday September 23, 2014 @02:14PM

mdsolar writes: Yet another set of ominous projections about the Ebola epidemic in West Africa was released Tuesday, in a report from the Centers for Disease Control and Prevention that gave worst- and best-case estimates for Liberia and Sierra Leone based on computer modeling.

In the worst-case scenario, Liberia and Sierra Leone could have 21,000 cases of Ebola by Sept. 30 and 1.4 million cases by Jan. 20 if the disease keeps spreading without effective methods to contain it. These figures take into account the fact that many cases go undetected, and estimate that there are actually 2.5 times as many as reported.

The report does not include figures for Guinea because case counts there have gone up and down in ways that cannot be reliably modeled.

In the best-case model — which assumes that the dead are buried safely and that 70 percent of patients are treated in settings that reduce the risk of transmission — the epidemic in both countries would be “almost ended” by Jan. 20, the report said. It showed the proportion of patients now in such settings as about 18 percent in Liberia and 40 percent in Sierra Leone.

Submission + - To fight $5.2B in identity theft IRS may need to change the way you file taxes (networkworld.com) 2

Submitted by coondoggie on Tuesday September 23, 2014 @12:13PM

coondoggie writes: Crime in this case is paying lots of scammers. Based on preliminary analysis, the Internal Revenue Service (IRS) estimates it paid $5.2 billion in fraudulent identity theft refunds in filing season 2013 while preventing an additional $24.2 billion (based on what it could detect). As a result the IRS needs to implement changes in a system that apparently leaks like a sieve and such changes could impact legitimate taxpayers by delaying refunds, extending tax season and likely adding costs to the IRS.

Submission + - The Site That Teaches You to Code Well Enough to Get a Job

Submitted by HughPickens.com on Tuesday September 23, 2014 @11:03AM

HughPickens.com writes: Wanna be a programmer? Klint Finley reports that software developer Katrina Owen has created a site called Exercism.io where students can learn to craft code that’s both clear and efficient and get a lot of feedback on what they're doing right and what they're doing wrong. Exercism is updated every day with programming exercises in a variety of different languages. First, you download these exercises using a special software client, and once you’ve completed one, you upload it back to the site, where other coders from around the world will give you feedback. Then you can take what you’ve learned and try the exercise again. The idea was to have students not only complete the exercises, but get feedback. Exercism.io now has over 6,000 users who have submitted code or comments, and hundreds of volunteers submit new exercises or translate existing ones into new programming languages. But even Owen admits that the site is a bit lack in the usability department. “It’s hard to tell what it is just by looking at it,” she says. “It’s remarkable to me that people have figured out how to use it.”

Submission + - The UPS Store will 3-D print stuff for you (cnn.com)

Submitted by mpicpp on Monday September 22, 2014 @04:04PM

mpicpp writes: UPS (UPS) announced plans Monday to bring in-store 3-D-printing services to nearly 100 stores across the country, billing itself as the first national retailer to do so.

With the UPS system, customers can submit their own designs for objects like product prototypes, engineering parts and architectural models that are then printed on a professional-quality 3-D printer made by Stratasys.

Prices vary depending on the complexity of the object; an iPhone case would be about $60, while a replica femur bone would be around $325. UPS can also connect customers with outside professionals who charge an hourly rate to help produce a design file for the printer.

It generally takes about four or five hours to print a simple object, with more complex items taking a day or more.

The program started as a pilot at six locations last year, and UPS says those stores "saw demand for 3-D print continuing to increase across a broad spectrum of customers."

Submission + - The Skinny On Thin Linux

Submitted by snydeq on Monday September 22, 2014 @03:46PM

snydeq writes: Deep End's Paul Venezia follows up his call for splitting Linux distros in two by arguing that the new shape of the Linux server is thin, light, and fine-tuned to a single purpose. 'Those of us who build and maintain large-scale Linux infrastructures would be happy to see a highly specific, highly stable mainstream distro that had no desktop package or dependency support whatsoever, so was not beholden to architectural changes made due to desktop package requirements. When you're rolling out a few hundred Linux VMs locally, in the cloud, or both, you won't manually log into them, much less need any type of graphical support. Frankly, you could lose the framebuffer too; it wouldn't matter unless you were running certain tests,' Venezia writes. 'It's only a matter of time before a Linux distribution that caters solely to these considerations becomes mainstream and is offered alongside more traditional distributions'

Submission + - Nvidia sinks moon landing hoax using virtual light (cnet.com)

Submitted by schwit1 on Monday September 22, 2014 @02:01PM

schwit1 writes: Using its new top-shelf graphics processing unit, Nvidia tackles one of the most persistent conspiracy theories in American history: the veracity of the 1969 to 1972 Apollo moon landings.

Submission + - Astrophysicists Identify The "Habitable" Regions Of The Entire Universe

Submitted by KentuckyFC on Monday September 22, 2014 @06:57AM

KentuckyFC writes: It's not just star systems and galaxies that have habitable zones--regions where conditions are suitable for life to evolve. Astrophysicists have now identified the entire universe's habitable zones. Their approach starts by considering the radiation produced by gamma ray bursts in events such as the death of stars and the collisions between black holes and so on. Astrobiologists have long known that these events are capable of causing mass extinctions by stripping a planet of its ozone layer and exposing the surface to lethal levels of radiation. The likelihood of being hit depends on the density of stars, which is why the centre of galaxies are thought to be inhospitable to life. The new work focuses on the threat galaxies pose to each other, which turns out to be considerable when they are densely packed together. Astronomers know that the distribution of galaxies is a kind of web-like structure with dense knots of them connected by filaments interspersed with voids where galaxies are rare. The team says that life-friendly galaxies are most likely to exist in the low density regions of the universe in the voids and filaments of the cosmic web. The Milky Way is in one of these low density regions with Andromeda too far away to pose any threat. But conditions might not be so life friendly in our nearest knot of galaxies called the Virgo supercluster.

Slashdot Top Deals