Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror

Submission + - Vulnerability in Font Processing Library Affects Linux, OpenOffice, Firefox (softpedia.com)

An anonymous reader writes: If an application can embed fonts with special characters, then it's probably using the Graphite font processing library. This library has several security issues which an attacker can leverage to take control of your OS via remote code execution scenarios. The simple attack would be to deliver a malicious font via a Web page's CSS. The malformed font loads in Firefox, triggers the RCE exploit, and voila, your PC has a hole inside through which malware can creep in.

Submission + - EPA reveals Gold King mine spill much worse than initially stated (foxnews.com)

schwit1 writes: On Thursday, the House Committee on Natural Resources released a damning report on the EPA and its handling of the Gold King Mine disaster last August. The report detailed how the EPA and the Department of the Interior were inaccurate and misleading in their conflicting accounts of the wastewater spill, which the EPA said last week released 880,000 pounds of toxic metals.

"When government actions result in harm, it's our duty to know who was responsible and why decisions failed. They haven't been forthcoming in this regard," Committee Chairman Rob Bishop, R-Utah, said in a released statement. "This report peels back one more layer in what many increasingly view as a pattern of deception on the part of EPA and DOI. The EPA is saying one thing and their own experts say another"

No wonder the trust in government is so low.

Submission + - Pwn2Own 2016 Won't Attack Firefox (cause it's too easy!) (eweek.com) 1

darthcamaro writes: For the last decade, the Pwn2own hacking competition has pitted the world's best hackers against web browsers to try and find zero-day vulnerabilities in a live event. The contest, which is sponsored by HPE and TrendMicro this year is offering over half a million dollars in prize money, but for the first time, not a penny of that will directed to Mozilla Firefox. While Microsoft Edge, Google Chrome and Apple Safari are targets, Firefox isn't because it's apparently too easy and not keeping up with modern security.

"We wanted to focus on the browsers that have made serious security improvements in the last year," Brian Gorenc, manager of Vulnerability Research at HPE said.


Submission + - Bug List for F-35 is huge. (extremetech.com) 1

nairnr writes: ExtremeTech has an article on the extensive bugs that the F-35 program has still in it. It is the longest development cycle of any plane and problems keeping on getting pushed back.

The US plan to buy a block of planes while still not operational means every plane will require some level of refit in order to go into service.

Submission + - Companies Own and Sell Your Medical Data. Shouldn't You Get Access, Too? (backchannel.com)

kynthelig writes: Getting access to your medical information is supposed to be good for you, and save the beleaguered US healthcare system loads of money. Getting your medical record can reveal life-changing information: Symptoms to watch, drugs you shouldn’t take, even diagnoses you didn’t know you had. So the federal government has poured billions into making it easier for people to access their medical information.
But in reality it is anything but free. To access it, you may be forced to scale massive bureaucracies, combat insane copyright laws, sneak into secret data stashes, hack into medical devices—or perhaps even locate a working fax machine.

Submission + - Smart Chip Could Lead To Safer, Wireless Brain Implants (thestack.com)

An anonymous reader writes: A team of scientists has developed a tiny smart chip capable of attaching to neural implants, and facilitating the wireless transmission of brain signals. The use of neural implants has been restricted due to the need to connect wires to external devices outside of the body. Not only are these wires uncomfortable and an irritation for patients, the openings which allow the wires to reach the brain increase the risk of infection. The new chip, developed by engineers at the Nanyang Technological University in Singapore, can now allow for the efficient transmission of brain data without the need for wires. The new chip, which measures 5mm by 5mm, has been designed to analyse data patterns and pick out any abnormal activity. The technology avoids the need for bigger batteries or frequent recharging required by traditional chips transmitting enormous amounts data. Instead the chip can decode thousands of signals before compressing the results and sending them to an external receiver.

Submission + - Severe Vulnerability Lets Attackers Take Control of Cisco VPN Server Equipment (softpedia.com)

An anonymous reader writes: Cisco has released urgent security patches aimed at fixing a security vulnerability in some of its firewall equipment that employs several versions of Cisco Adaptive Security Appliance (ASA) software. This equipment is used mainly in data centers and bigger enterprises. As soon as the news broke, attackers already started scanning the Internet for open ports. Since the vulnerability only affects devices configured to run as VPN servers, this means that they need to have open ports to the Internet by default, putting all devices in danger of being hijacked. A Shodan scan shows that over 5.8 million devices have those ports open, but not all are Cisco.

Submission + - U.S. encryption ban would only send the market overseas (dailydot.com)

Patrick O'Neill writes: A U.S. legislatures posture toward legally mandating backdoored encryption, a new Harvard study suggests that a ban would push the market overseas because most encryption products come from over non-U.S. tech companies. “Cryptography is very much a worldwide academic discipline, as evidenced by the quantity and quality of research papers and academic conferences from countries other than the U.S.," the researchers wrote.

Comment Wonderful, but a sloppy UI (Score 1) 187

LibreOffice is wonderful, but the user interface is amazingly poor. Want italic? Click on a bold italic lower case letter a . Why not an italic letter I ?

Yesterday I spent several hours writing an article using LibreOffice v 5.0.4.2. Many very seriously weird and time-consuming things happened.

It would be sensible, in my opinion, for governments to get together and support LibreOffice, so that Microsoft Office could be abandoned.

Comment 7 and 8 are just guesses, but here is evidence: (Score 4, Interesting) 307

A few of the many stories about backdoors in U.S. hardware:

D-Link: Reverse Engineering a D-Link Backdoor (Oct. 12, 2013)

Arris: 600,000 Arris cable modems have 'backdoors in backdoors', researcher claims (Nov. 20, 2015)

Juniper Networks: Juniper drops NSA-developed code following new backdoor revelations (Jan. 10, 2016)

Cisco: Snowden: The NSA planted backdoors in Cisco products (May 15, 2014)

Netgear: Netgear Patch Said to Leave Backdoor Problem in Router (April 23, 2014)

Windows 8: NSA Backdoor Exploit in Windows 8 Uncovered (Aug. 22, 2013)

Windows: NSA "backdoor" mandates lead to a computer-security FREAK show Quote: "Microsoft Windows OS vulnerable to hackers, thanks to National Security Agency requirements." (March 6, 2015)

Windows: NSA Built Back Door In All Windows Software by 1999 (June 7, 2013)

Hard drives: Breaking: Kaspersky Exposes NSA's Worldwide, Backdoor Hacking of Virtually All Hard-Drive Firmware (Feb. 17, 2015)

Is every backdoor the work of the NSA? There is no way of knowing.

Comment My guesses about Microsoft: (Score 4, Interesting) 307

My guesses:

1) Basically, Windows is dead. Countries will have to move away from using Microsoft products, since Microsoft has shown it cannot be trusted in ANY way. For example: Windows 10 phones home (A LOT) even with all reporting and telemetry disabled.

2) Microsoft wants to make money in the Facebook and Google way. Microsoft plans to mine all user data on all computers connected to the internet and sell the information.

3) The reason there will be no more versions of Windows is that Microsoft will do what Adobe Systems has done: Force users to move to a subscription model.

4) Windows users will isolate Windows from the internet, and use Linux on a different network with a cheap 2nd computer to connect to the internet. (But how to allow information interchange between the 2 networks?)

5) In response to users isolating Windows from the internet, Microsoft will make Windows stop working after a few days of no internet connection. Adobe Systems does that, in my experience, with CS6. (CS6 is the last version before the forced move to a subscription model.)

6) Satya Nadella, the new Microsoft CEO, was chosen because he was the least annoying candidate. He is apparently not the real controlling manager, but only someone to advertise.

7) Microsoft has a contract with secret U.S. government agencies to make Windows into what users consider to be malware.

8) Because Microsoft often releases buggy software, possibly because it is paid to do so by secret U.S. government agencies, Windows 10, with its many ways to connect to the internet, is now FAR less secure than before.

Not a guess, because verified by others: Microsoft is shockingly badly managed. The cover of the January 16, 2013 issue of BusinessWeek magazine has a large photo of former Microsoft CEO Steve Ballmer with the headline calling him "Monkey Boy". See the BusinessWeek cover in this article: Steve Ballmer Is No Longer A Monkey Boy, Says Bloomberg BusinessWeek. The BusinessWeek cover says "No More" and "Mr.", but that doesn't take much away from the fact that the magazine called Ballmer Monkey Boy -- on its cover.

Slashdot commenters called Ballmer "Monkey Boy" for years before BusinessWeek called him that on the cover of its magazine.

Worst CEO in the United States: Quote from an article in Forbes Magazine about Steve Ballmer: "Without a doubt, Mr. Ballmer is the worst CEO of a large publicly traded American company today." Another quote: "The reach of his bad leadership has extended far beyond Microsoft when it comes to destroying shareholder value -- and jobs." (May 12, 2012)

Submission + - Your credit card knows what you did last summer - and tells everyone near it

An anonymous reader writes: More and more credit and debit cards are being equipped with NFC. It promises fast and convenient payment. But did you know, that many also reveal your past chip and pin transactions, including the date, amount and currency? What privacy implications do you see? See if your card also shares this information with anything reading it's NFC tag. Does your bank's ToS or Privacy Policy include this?

This story has already been picked up by Computer Bild, a popular German tech blog. Read the original story at here: https://metabubble.net/payment-cards-bank-accounts/your-number26-mastercard-knows-what-you-did-last-summer/

Slashdot Top Deals

Administration: An ingenious abstraction in politics, designed to receive the kicks and cuffs due to the premier or president. -- Ambrose Bierce

Working...