Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?

Submission + - Vulnerability in Font Processing Library Affects Linux, OpenOffice, Firefox (softpedia.com)

An anonymous reader writes: If an application can embed fonts with special characters, then it's probably using the Graphite font processing library. This library has several security issues which an attacker can leverage to take control of your OS via remote code execution scenarios. The simple attack would be to deliver a malicious font via a Web page's CSS. The malformed font loads in Firefox, triggers the RCE exploit, and voila, your PC has a hole inside through which malware can creep in.

Submission + - EPA reveals Gold King mine spill much worse than initially stated (foxnews.com)

schwit1 writes: On Thursday, the House Committee on Natural Resources released a damning report on the EPA and its handling of the Gold King Mine disaster last August. The report detailed how the EPA and the Department of the Interior were inaccurate and misleading in their conflicting accounts of the wastewater spill, which the EPA said last week released 880,000 pounds of toxic metals.

"When government actions result in harm, it's our duty to know who was responsible and why decisions failed. They haven't been forthcoming in this regard," Committee Chairman Rob Bishop, R-Utah, said in a released statement. "This report peels back one more layer in what many increasingly view as a pattern of deception on the part of EPA and DOI. The EPA is saying one thing and their own experts say another"

No wonder the trust in government is so low.

Submission + - Pwn2Own 2016 Won't Attack Firefox (cause it's too easy!) (eweek.com) 1

darthcamaro writes: For the last decade, the Pwn2own hacking competition has pitted the world's best hackers against web browsers to try and find zero-day vulnerabilities in a live event. The contest, which is sponsored by HPE and TrendMicro this year is offering over half a million dollars in prize money, but for the first time, not a penny of that will directed to Mozilla Firefox. While Microsoft Edge, Google Chrome and Apple Safari are targets, Firefox isn't because it's apparently too easy and not keeping up with modern security.

"We wanted to focus on the browsers that have made serious security improvements in the last year," Brian Gorenc, manager of Vulnerability Research at HPE said.

Submission + - Bug List for F-35 is huge. (extremetech.com) 1

nairnr writes: ExtremeTech has an article on the extensive bugs that the F-35 program has still in it. It is the longest development cycle of any plane and problems keeping on getting pushed back.

The US plan to buy a block of planes while still not operational means every plane will require some level of refit in order to go into service.

Submission + - Companies Own and Sell Your Medical Data. Shouldn't You Get Access, Too? (backchannel.com)

kynthelig writes: Getting access to your medical information is supposed to be good for you, and save the beleaguered US healthcare system loads of money. Getting your medical record can reveal life-changing information: Symptoms to watch, drugs you shouldn’t take, even diagnoses you didn’t know you had. So the federal government has poured billions into making it easier for people to access their medical information.
But in reality it is anything but free. To access it, you may be forced to scale massive bureaucracies, combat insane copyright laws, sneak into secret data stashes, hack into medical devices—or perhaps even locate a working fax machine.

Comment Re:Cool! (Score 4, Informative) 438

To date, everything they've ever tested says that the theory of relativity, as far as we've been able to investigate, hasn't shown any cracks.

That's not quite right.

- GR breaks down when you go to quantum levels
- GR does not fully describe black holes (particularly their horizon and the singularity)
- GR is incomplete with regards to explaining the expansion of the universe (the discrepancy is called Dark Energy)

Submission + - Smart Chip Could Lead To Safer, Wireless Brain Implants (thestack.com)

An anonymous reader writes: A team of scientists has developed a tiny smart chip capable of attaching to neural implants, and facilitating the wireless transmission of brain signals. The use of neural implants has been restricted due to the need to connect wires to external devices outside of the body. Not only are these wires uncomfortable and an irritation for patients, the openings which allow the wires to reach the brain increase the risk of infection. The new chip, developed by engineers at the Nanyang Technological University in Singapore, can now allow for the efficient transmission of brain data without the need for wires. The new chip, which measures 5mm by 5mm, has been designed to analyse data patterns and pick out any abnormal activity. The technology avoids the need for bigger batteries or frequent recharging required by traditional chips transmitting enormous amounts data. Instead the chip can decode thousands of signals before compressing the results and sending them to an external receiver.

Comment No global deletion (Score 3, Informative) 93

[Google] will soon start polishing search results across all its websites when someone conducts a search from the country where the removal request originated, a person close to the company said.

So it will remove for all users requesting from France (or whichever country the request was made for). Requests from other countries remain unaffected. TFS spreads FUD about right-to-be-forgotten policies.

Submission + - Severe Vulnerability Lets Attackers Take Control of Cisco VPN Server Equipment (softpedia.com)

An anonymous reader writes: Cisco has released urgent security patches aimed at fixing a security vulnerability in some of its firewall equipment that employs several versions of Cisco Adaptive Security Appliance (ASA) software. This equipment is used mainly in data centers and bigger enterprises. As soon as the news broke, attackers already started scanning the Internet for open ports. Since the vulnerability only affects devices configured to run as VPN servers, this means that they need to have open ports to the Internet by default, putting all devices in danger of being hijacked. A Shodan scan shows that over 5.8 million devices have those ports open, but not all are Cisco.

Submission + - U.S. encryption ban would only send the market overseas (dailydot.com)

Patrick O'Neill writes: A U.S. legislatures posture toward legally mandating backdoored encryption, a new Harvard study suggests that a ban would push the market overseas because most encryption products come from over non-U.S. tech companies. “Cryptography is very much a worldwide academic discipline, as evidenced by the quantity and quality of research papers and academic conferences from countries other than the U.S.," the researchers wrote.

Comment Wonderful, but a sloppy UI (Score 1) 187

LibreOffice is wonderful, but the user interface is amazingly poor. Want italic? Click on a bold italic lower case letter a . Why not an italic letter I ?

Yesterday I spent several hours writing an article using LibreOffice v Many very seriously weird and time-consuming things happened.

It would be sensible, in my opinion, for governments to get together and support LibreOffice, so that Microsoft Office could be abandoned.

Slashdot Top Deals

We can predict everything, except the future.