Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
Security

Adobe's Latest Zero-Day Exploit Repurposed, Targeting Adult Websites 195

Posted by samzenpus
from the watch-what-you-watch dept.
MojoKid writes Adobe issued a patch for bug CVE-2015-0311, one that exposes a user's browser to become vulnerable to code injection, and the now infamous Angler EK (Exploit Kit). To fall victim to this kind of attack, all someone needs to do is visit a website with compromised Flash files, at which point the attacker can inject code and utilize Angler EK, which has proven to be an extremely popular tool over the past year. This particular version of Angler EK is different, however. For starters, it makes use of obfuscated JavaScript and attempts to detect virtual machines and anti-virus products. Its target audience is also rather specific: porn watchers. According to FireEye, which has researched the CVE-2015-0311 vulnerability extensively, this exploit has reached people via banner ads on popular adult websites. It was also noted that even a top 1000 website was affected, so it's not as though victims are surfing to the murkiest depths of the web to come in contact with it.
United States

Secret Service Investigating Small Drone On White House Grounds 146

Posted by samzenpus
from the a-little-off-course dept.
An anonymous reader sends word that the Secret Service is investigating a "device," described as a small drone, found on the grounds of the White House. "A small drone was found on the White House grounds overnight, two law enforcement sources told ABC News, but White House Press Secretary Josh Earnest said the situation 'does not pose any sort of ongoing threat.' The Secret Service is investigating the device, Earnest said. Police, fire and other emergency vehicles swarmed around the White House in the pre-dawn hours, with several clustered near the southeast entrance to the mansion. The White House was dark and the entire perimeter was on lockdown until around 5 a.m., when pass holders who work in the complex were allowed inside."
It's funny.  Laugh.

Americans Support Mandatory Labeling of Food That Contains DNA 351

Posted by timothy
from the pure-sugar-all-the-time dept.
HughPickens.com writes Jennifer Abel writes at the LA Times that according to a recent survey (PDF), over 80% of Americans says they support "mandatory labels on foods containing DNA," roughly the same number that support the mandatory labeling of GMO foods "produced with genetic engineering." Ilya Somin, writing about the survey at the Washington Post, suggested that a mandatory label for foods containing DNA might sound like this: "WARNING: This product contains deoxyribonucleic acid (DNA). The Surgeon General has determined that DNA is linked to a variety of diseases in both animals and humans. In some configurations, it is a risk factor for cancer and heart disease. Pregnant women are at very high risk of passing on DNA to their children."

The report echoes a well-known joke/prank wherein people discuss the dangers of the chemical "dihydrogen monoxide" also known as hydrogen oxide and hydrogen hydroxide. Search online for information about dihydrogen monoxide, and you'll find a long list of scary-sounding and absolutely true warnings about it: the nuclear power industry uses enormous quantities of it every year. Dihydrogen monoxide is used in the production of many highly toxic pesticides, and chemical weapons banned by the Geneva Conventions. Dihydrogen monoxide is found in all tumors removed from cancer patients, and is guaranteed fatal to humans in large quantities and even small quantities can kill you, if it enters your respiratory system. In 2006, in Louisville, Kentucky, David Karem, executive director of the Waterfront Development Corporation, a public body that operates Waterfront Park, wished to deter bathers from using a large public fountain. "Counting on a lack of understanding about water's chemical makeup," he arranged for signs reading: "DANGER! – WATER CONTAINS HIGH LEVELS OF HYDROGEN – KEEP OUT" to be posted on the fountain at public expense.
Medicine

New Nicotine Vaccine May Succeed Where Others Have Failed 178

Posted by Soulskill
from the willpower-also-an-effective-vaccine dept.
Zothecula writes: If you're a smoker who's trying to quit, you may recall hearing about vaccines designed to cause the body's immune system to treat nicotine like a foreign invader, producing antibodies that trap and remove it before it's able to reach receptors in the brain. It's a fascinating idea, but according to scientists at California's Scripps Research Institute, a recent high-profile attempt had a major flaw. They claim to have overcome that problem (abstract), and are now developing a vaccine of their own that they believe should be more effective.
Bug

Steam For Linux Bug Wipes Out All of a User's Files 329

Posted by Soulskill
from the big-oops dept.
An anonymous reader sends a report of a bug in Steam's Linux client that will accidentally wipe all of a user's files if they move their Steam folder. According to the bug report: I launched steam. It did not launch, it offered to let me browse, and still could not find it when I pointed to the new location. Steam crashed. I restarted it. It re-installed itself and everything looked great. Until I looked and saw that steam had apparently deleted everything owned by my user recursively from the root directory. Including my 3tb external drive I back everything up to that was mounted under /media. Another user reported a similar problem — losing his home directory — and problems with the script were found: at some point, the Steam script sets $STEAMROOT as the directory containing all Steam's data, then runs rm -rf "$STEAMROOT/"* later on. If Steam has been moved, $STEAMROOT returns as empty, resulting in rm -rf "/"* which causes the unexpected deletion.
Wireless Networking

Pirate Activist Shows Politicians What Digital Surveillance Looks Like 81

Posted by timothy
from the count-your-spoons-around-the-public-servants dept.
An anonymous reader writes How to make politicians really understand the dangers of mass digital surveillance and the importance of information security? Gustav Nipe, the 26-year old president of the Swedish Pirate Party's youth wing, tried to do it by setting up an open Wi-Fi network at the Society and Defence National Conference held in Sälen, Sweden, and collecting and analyzing the metadata of conference attendees who connected to it. Nipe set up an open wireless Internet access point named "Open Guest" and over 100 delegates used this particular unsecured Wi-Fi network to go online. The collected metadata showed that, among other sites, they visited those of daily Swedish newspaper Aftonbladet, Swedish private ads website Blocket, eBay, and tourism sites. "This was during the day when I suppose they were being paid to be at the conference working," Nipe noted for The Local.

Comment: Re:About KDE compatibility (Score 3, Informative) 84

by Dr.Dubious DDQ (#48792091) Attached to: KDE Frameworks 5.3 and Plasma 2.1 – First Impressions
To be honest, I wouldn't necessarily notice which aplications are KF5-native yet if I hadn't been watching what gets installed and replaced when I upgraded. (Actually, that's a misleading way of writing that -all of the kf5-native applications on my system are the "system" ones that you don't normally explicitly run like krunner, kwallet, the system-settings, some widgets e.g. the "NetworkManager", and so on).

I do have the development branch of kdeconnect installed, which I THINK is the kf5 port - it seems to work fine.

They've split the core system and applications development, so I assume that as KF5-native apps are released, they'll just replace the kf4 versions. I'm assuming most distributions will consider them "testing" or "unstable" versions for a while so you'd have to explicitly ask for them (for the first few versions) instead of having them just pop up without warning.

With the core libraries that they depend on in apparently pretty solid shape as of KF5.6 in my experience, I suspect the kf5-native applications will stabilize pretty quickly once they come out.

Comment: Re:Jesus. I'll stick to Win7, thanks. (Score 5, Informative) 84

by Dr.Dubious DDQ (#48790831) Attached to: KDE Frameworks 5.3 and Plasma 2.1 – First Impressions
If it's not clear to you, KF5 is the "next generation" stuff, not the current release (which is still KDE4). Also note that KDE Frameworks 5.6 is actually the current one. The improvement since the older 5.3 release in the article has been substantial, in my experience. (Ubuntu always seems to be a few releases behind everything, unless you intentionally install from a more up-to-date 3rd-party PPA.)

KDE4's apps still work under it, too. I'm using it fine, though I'm missing the "IM Presence" widget for kde-telepathy.

I actually haven't been seeing crashes or other serious problems so far since about the last couple of releeases (KF5.4), just missing "KF5-native" features from KDE4.

The Internet

FCC Says It Will Vote On Net Neutrality In February 81

Posted by Soulskill
from the when-all-the-astroturfing-is-accounted-for dept.
schwit1 sends this report from the Washington Post: Federal regulators looking to place restrictions on Internet providers will introduce and vote on new proposed net neutrality rules in February, Federal Communications Commission officials said Friday. President Obama's top telecom regulator, Tom Wheeler, told fellow FCC commissioners before the Christmas holiday that he intends to circulate a draft proposal internally next month with an eye toward approving the measure weeks later, said one official who spoke on the condition of anonymity because the agency's deliberations are ongoing. The rules are meant to keep broadband providers such as Verizon and Comcast from speeding up or slowing down some Web sites compared to others.
Security

Hackers Used Nasty "SMB Worm" Attack Toolkit Against Sony 177

Posted by timothy
from the forewarned-is-forearmed dept.
wiredmikey writes Just hours after the FBI and President Obama called out North Korea as being responsible for the destructive cyber attack against Sony Pictures, US-CERT issued an alert describing the primary malware used by the attackers, along with indicators of compromise. While not mentioning Sony by name in its advisory, instead referring to the victim as a "major entertainment company," US-CERT said that the attackers used a Server Message Block (SMB) Worm Tool to conduct the attacks. According to the advisory, the SMB Worm Tool is equipped with five components, including a Listening Implant, Lightweight Backdoor, Proxy Tool, Destructive Hard Drive Tool, and Destructive Target Cleaning Tool. US-CERT also provided a list of the Indicators of Compromise (IOCs), which include C2 IP addresses, Snort signatures for the various components, host based Indicators, potential YARA signatures to detect malware binaries on host machines, and recommended security practices and tactical mitigations.
Google

Spanish Media Group Wants Gov't Help To Keep Google News In Spain 191

Posted by timothy
from the what's-english-for-bully? dept.
English-language site The Spain Report reports that Google's response to mandated payments for linking to and excerpting from Spanish news media sources — namely, shutting down Google News in Spain — doesn't sit well with Spanish Newspaper Publishers' Association, which issued a statement [Thursday] night saying that Google News was "not just the closure of another service given its dominant market position," recognising that Google's decision "will undoubtedly have a negative impact on citizens and Spanish businesses. Given the dominant position of Google (which in Spain controls almost all of the searches in the market and is an authentic gateway to the Internet), AEDE requires the intervention of Spanish and community authorities, and competition authorities, to effectively protect the rights of citizens and companies." Irene Lanzaco, a spokeswoman for AEDE, told The Spain Report by telephone that "we're not asking Google to take a step backwards, we've always been open to negotiations with Google" but, she said: "Google has not taken a neutral stance. Of course they are free to close their business, but one thing is the closure of Google News and quite another the positioning in the general index." Asked if the newspaper publishers' association had received any complaints from its members since Wednesday's announcement by Google, Mrs. Lanzaco refused to specify, but said: "Spanish publishers talk to AEDE constantly."
Canada

Canada Waives Own Rules, Helps Microsoft Avoid US Visa Problems 122

Posted by timothy
from the alle-menschen-sind-auslaender-fast-ueberall dept.
Freshly Exhumed writes Citizenship and Immigration Canada has granted an unprecedented exemption to Microsoft that will allow the company to bring in an unspecified number of temporary foreign workers as trainees without first looking for Canadians to fill the jobs. No other company in any other field has been granted such an exemption, and it does not fall within any of the other categories where exemptions are normally given, according to a source familiar with process, effectively creating a new category: the Microsoft Exemption. Microsoft Canada did not immediately respond to questions about the deal, but in an interview earlier this year with Bloomberg Businessweek, Karen Jones, Microsoft's deputy general counsel, said the deal will allow Microsoft to bypass stricter U.S. rules on visas for foreign workers. The entire issue of temporary foreign workers has been as blisteringly hot a topic across Canada as it has been in the USA.

Remember -- only 10% of anything can be in the top 10%.

Working...