Forgot your password?

+ - KeyStore Vulnerability Affects 86% of Android Devices

Submitted by jones_supa
jones_supa (887896) writes "IBM security researchers have published an advisory about an Android vulnerability that may allow attackers to obtain highly sensitive credentials, such as cryptographic keys for some banking services and virtual private networks, and PINs or patterns used to unlock vulnerable devices. It is estimated that the flaw affects 86 percent of Android devices. Android KeyStore has a little bug where the encode_key() routine that is called by encode_key_for_uid() can overflow the filename text buffer, because bounds checking is absent. The advisory says that Google has patched only version 4.4 of Android. There are several technical hurdles an attacker must overcome to successfully perform a stack overflow on Android, as these systems are fortified with modern NX and ASLR protections. The vulnerability is still considered to be serious, as it resides in one of the most sensitive resources of the operating system."

+ - British Ambassador Says Leaks Would Have Helped Hitler->

Submitted by Anonymous Coward
An anonymous reader writes "Where do you go when the assertions that Snowden's leaks will cause grave damage and irreparable harm to national security still fail to unite the world against the former NSA contractor? It appears you head to alternate realities where Snowden leaks documents during the early 1940s, thus dooming Britain to cowering at the feet of Hitler.

        If Edward Snowden had been around during World War II, Adolf Hitler would have been able to score victories against the United Kingdom, according to the British ambassador to the U.S.

        In remarks at The Ripon Society commemorating the U.S. and British alliance, Ambassador Peter Westmacott said leaks like Snowden's would have allowed the Nazis to overrun allied forces in the Battle of the Atlantic and gain the upper hand...

        "[T]here are moments ... when it is absolutely essential that intelligence operations in defense of our national security remain secret," he added. "These things are important. It's not frivolous and it is not hiding things."

        "It is actually necessary for our national security to ensure that our real secrets remain secret.""

Link to Original Source

+ - Cracking Atlanta Subway's Poorly-Encrypted RFID Smart Cards Is a Breeze, PART II->

Submitted by McGruber
McGruber (1417641) writes "In December 2013, Slashdot reported ( the arrest of seven metro Atlanta residents for allegedly selling counterfeit MARTA Breeze cards, stored-value smart cards that passengers use as part of an automated fare collection system on Atlanta's subway.

Now, six months later (June 2014), the seven suspects have finally been indicted (
According to the indictment, the co-conspirators purchased legitimate Breeze cards for $1, then fraudulently placed unlimited or monthly rides on the cards. They then sold the fraudulent cards to MARTA riders for a discounted cash price. Distributors of the fraudulent cards were stationed at several subway stations.

The indictment claims that the ring called their organization the “Underground Railroad"."

Link to Original Source

Comment: Feasibility of Printing Massive Domes (Score 0) 69

by BorisSkratchunkov (#46715669) Attached to: Interviews: Ask Bre Pettis About Making Things
I heard that you lived in Ithaca at one point in your life. As you might know then, it can be quite snowy in Ithaca. Do you have reason to believe that superstructures (in the style of Buckminster Fuller) could be built using 3D printing in the future, or are the technical challenges too great? Could a dome be printed? Is there any hope for keeping out at least some of the snow (perhaps not all of it as it is sometimes quite nice)?

+ - ReactOS hopes to advance development via 'Community Edition'->

Submitted by BorisSkratchunkov
BorisSkratchunkov (642046) writes "The ReactOS project has announced a more community-driven development approach with the launch of an IndieGoGo campaign in which contributors can push for support for specific hardware and apps. Furthermore, they have announced the impending release of ReactOS 0.4, which contains (among other improvements) USB support for the first time ever, as well as a new explorer. With the recent retirement of Windows XP and the foibles of Windows 8, it is encouraging to see that the Windows platform might not be entirely dependent on Microsoft in the future."
Link to Original Source

+ - Kate Mulgrew, aka Captain Janeway, Thinks Sun Revolves Around Earth.-> 3

Submitted by synaptik
synaptik (125) writes "A new documentary film, narrated by a former Star Trek actress, promotes the long-ago disproven idea that the sun revolves around the Earth. 'Everything we think we know about our universe is wrong,” says actress Kate Mulgrew as she narrates the trailer for “The Principle.' The film, which is set to be released sometime this spring, was bankrolled in part by the ultra-conservative and anti-Semitic Robert Sungenis, who maintains the blog 'Galileo Was Wrong.'"
Link to Original Source

Comment: Re:The herding impulse (Score 0) 387

by BorisSkratchunkov (#46133825) Attached to: Should Everybody Learn To Code?
I think that you're making the mistake of perceiving a mindless code monkey to be tantamount to someone who is a seasoned computer scientist with a solid grasp of theory and a fair understanding of software engineering principles/design patterns (or a super competent software engineer with a fair understanding of theory). Code monkeys will not make real discoveries or do real work- like it or not, for better or worse, only the super-talented will (yeah, reality's a bitch). We've also reached a bit of a ceiling effect in science and tech more generally in my eyes- all the low-hanging fruit has already been picked, so the discoveries that remain to be made require much more effort and interdisciplinary teamwork than ever before. Getting more people trained to code won't change that.

The other point is that most programming languages these days are becoming more expressive anyways, which lowers the entry barrier to coding significantly so that most people will be able to figure it out at one point or another anyways- you don't need to be in the IQ > 120 club anymore because you don't need to really understand pointers or assembly code or any of that mess. Domain-specific languages are becoming mature enough that a statistician won't necessarily need to learn C and can most of his or her work done with R; ditto for the scientist who wants to use Julia or SciPy (without delving into any of the non-SciPy libraries available in Python). Syntactic sugar has been added to web languages like such as Javascript (e.g., Coffeescript) and even HTML/CSS (although goodness knows why these needed syntactic sugar). Perhaps I'm just coming from a privileged standpoint where I already find it simple so I can't see how other people will continue to find it hard, but I really really don't think that the simpler aspects of programming are going to be out of reach for the masses that much longer.

One last point is that a lot of the progress I've noticed in the tech world right now seems to be in the world of DevOps, which is what I believe is being referred to in point 2; a minimal number of systems administrators and developers are needed now to due to advances in deployment and debugging automation. Case in point: Google's servers broke and fixed themselves. Do we still need workers to do these tasks now? Definitely. 10 years from now? Not so sure, and flooding the job market with a bunch of "coders" certainly won't make matters better.

It seems that more and more mathematicians are using a new, high level language named "research student".