Forgot your password?
typodupeerror
Bug

OwnCloud Dev Requests Removal From Ubuntu Repos Over Security Holes 10

Posted by timothy
from the if-you-could-turn-back-time dept.
operator_error notes a report that ownCloud developer Lukas Reschke has emailed the Ubuntu Devel mailing list to request that ownCloud (server) be removed from the Ubuntu repositories because it contains "multiple critical security bugs for which no fixes have been backported," through which an attacker could "gain complete control [of] the web server process." From the article: However, packages can't be removed from the Ubuntu repositories for an Ubuntu version that was already released, that's why the package was removed from Ubuntu 14.10 (2 days before its release) but it's still available in the Ubuntu 14.04 and 12.04 repositories (ownCloud 6.0.1 for Ubuntu 14.04 and ownCloud 5.0.4 for Ubuntu 12.04, while the latest ownCloud version is 7.0.2). Furthermore, the ownCloud package is in the universe repository and software in this repository "WILL NOT receive any review or updates from the Ubuntu security team" (you should see this if you take a look at your /etc/apt/sources.list file) so it's up to someone from the Ubuntu community to step up and fix it. "If nobody does that, then it unfortunately stays the way it is", says Marc Deslauriers, Security Tech Lead at Canonical. You can follow the discussion @ Ubuntu Devel mailing list. So, until (if) someone fixes this, if you're using ownCloud from the Ubuntu repositories, you should either remove it or upgrade to the latest ownCloud from its official repository, hosted by the openSUSE Build Service."
Microsoft

Microsoft Now Makes Money From Surface Line, Q1 Sales Reach Almost $1 Billion 43

Posted by timothy
from the but-that's-just-on-the-surface dept.
SmartAboutThings writes Microsoft has recently published its Q1 fiscal 2015 earnings report, disclosing that it has made $4.5 billion in net income on $23.20 billion in revenue. According to the report, revenue has increased by $4.67 billion, compared to $18.53 billion from the same period last year. However, net income has decreased 14 percent compared to last year's $5.24 billion mainly because of the $1.14 billion cost associated with the integration and restructuring expenses related to the Nokia acquisition.

But what's finally good news for the company is that the Surface gross margin was positive this quarter, which means the company finally starts making money on Surface sales. Microsoft didn't yet reveal Surface sales, but we know that Surface revenue was $908 million this quarter, up a massive 127 percent from the $400 million this time last year. However, if we assume that the average spent amount on the purchase of this year's Surface Pro 3 was around $1000, then we have less than 1 million units sold, which isn't that impressive, but it's a good start.
Canada

Days After Shooting, Canada Proposes New Restrictions On and Offline 147

Posted by timothy
from the absolute-security dept.
New submitter o_ferguson writes As Slashdot reported earlier this week, a lone shooter attacked the war memorial and parliament buildings in Ottawa, Canada on Wednesday. As many comments predicted, the national government has seized this as an opportunity to roll out considerable new regressive legislation, including measures designed to* increase data access for domestic intelligence services, institute a new form of extra-judicial detention, and, perhaps most troubling, criminalize some forms of religious and political speech online. As an example of the type of speech that could, in future, be grounds for prosecution, the article mentions that the killer's website featured "a black ISIS flag and rejoiced that 'disbelievers' will be consigned to the fires of Hell for eternity." A government MP offers the scant assurance that this legislation is not "trauma tainted," as it was drafted well prior to this week's instigating incidents. Needless to say, some internet observes remain, as always, highly skeptical of the manner in which events are being portrayed. (Please note that some articles may be partially paywalled unless opened in a private/incognito browser window.)
AT&T

AT&T Locks Apple SIM Cards On New iPads 67

Posted by timothy
from the well-that's-not-cricket dept.
As reported by MacRumors, the unlocked, carrier-switchable SIM cards built into the newest iPads aren't necessarily so -- at least if you buy them from an AT&T store. Though the card comes from Apple with the ability to support (and be switched among with software, if a change is necessary) all major carriers, "AT&T is not supporting this interchangeability and is locking the SIM included with cellular models of the iPad Air 2 and Retina iPad mini 3 after it is used with an AT&T plan. ... AT&T appears to be the only participating carrier that is locking the Apple SIM to its network. T-Mobile's John Legere has indicated that T-Mobile's process does not lock a customer in to T-Mobile, which appears to be confirmed by Apple's support document, and Sprint's process also seems to leave the Apple SIM unlocked and able to be used with other carrier plans. Verizon, the fourth major carrier in the United States, did not opt to allow the Apple SIM to work with its network." The iPad itself can still be activated and used on other networks, but only after the installation of a new SIM.
Security

Passwords: Too Much and Not Enough 137

Posted by Soulskill
from the 123456-trustno1-hunter2-letmein dept.
An anonymous reader writes: Sophos has a blog post up saying, "attempts to get users to choose passwords that will resist offline guessing, e.g., by composition policies, advice and strength meters, must largely be judged failures." They say a password must withstand 1,000,000 guesses to survive an online attack but 100,000,000,000,000 to have any hope against an offline one. "Not only is the difference between those two numbers mind-bogglingly large, there is no middle ground." "Passwords falling between the two thresholds offer no improvement in real-world security, they're just harder to remember." System administrators "should stop worrying about getting users to create strong passwords and should focus instead on properly securing password databases and detecting leaks when they happen."
Verizon

Verizon Injects Unique IDs Into HTTP Traffic 127

Posted by Soulskill
from the doing-the-wrong-thing-badly dept.
An anonymous reader writes: Verizon Wireless, the nation's largest wireless carrier, is now also a real-time data broker. According to a security researcher at Stanford, Big Red has been adding a unique identifier to web traffic. The purpose of the identifier is advertisement targeting, which is bad enough. But the design of the system also functions as a 'supercookie' for any website that a subscriber visits. "Any website can easily track a user, regardless of cookie blocking and other privacy protections. No relationship with Verizon is required. ...while Verizon offers privacy settings, they don’t prevent sending the X-UIDH header. All they do, seemingly, is prevent Verizon from selling information about a user." Just like they said they would.
The Internet

Secretive Funding Fuels Ongoing Net Neutrality Astroturfing Controversy 45

Posted by Soulskill
from the all-about-the-benjamins dept.
alphadogg writes: The contentious debate about net neutrality in the U.S. has sparked controversy over a lack of funding transparency for advocacy groups and think tanks, which critics say subverts the political process. News stories from a handful of publications in recent months have accused some think tanks and advocacy groups of "astroturfing" — quietly shilling for large broadband carriers. In a handful of cases, those criticisms appear to have some merit, although the term is so overused by people looking to discredit political opponents that it has nearly lost its original meaning. An IDG News Service investigation found that major groups opposing U.S. Federal Communications Commission reclassification and regulation of broadband as a public utility tend to be less transparent about their funding than the other side. Still, some big-name advocates of strong net neutrality rules also have limited transparency mechanisms in place.
Google

Computer Scientist Parachutes From 135,908 Feet, Breaking Record 146

Posted by Soulskill
from the touching-space dept.
An anonymous reader writes: The NY Times reports that Alan Eustace, a computer scientist and senior VP at Google, has successfully broken the record for highest freefall jump, set by Felix Baumgartner in 2012. "For a little over two hours, the balloon ascended at speeds up to 1,600 feet per minute to an altitude of 135,908 feet, more than 25 miles. Mr. Eustace dangled underneath in a specially designed spacesuit with an elaborate life-support system. He returned to earth just 15 minutes after starting his fall. ... Mr. Eustace cut himself loose from the balloon with the aid of a small explosive device and plummeted toward the earth at a speeds that peaked at more than 800 miles per hour, setting off a small sonic boom heard by observers on the ground. ... His technical team had designed a carbon-fiber attachment that kept him from becoming entangled in the main parachute before it opened. About four-and-a-half minutes into his flight, he opened the main parachute and glided to a landing 70 miles from the launch site."
Security

Researcher Finds Tor Exit Node Adding Malware To Downloads 95

Posted by Soulskill
from the at-least-it's-anonymous-malware dept.
Trailrunner7 writes: A security researcher has identified a Tor exit node that was actively patching binaries users download, adding malware to the files dynamically. The discovery, experts say, highlights the danger of trusting files downloaded from unknown sources and the potential for attackers to abuse the trust users have in Tor and similar services. Josh Pitts of Leviathan Security Group ran across the misbehaving Tor exit node while performing some research on download servers that might be patching binaries during download through a man-in-the middle attack.

What Pitts found during his research is that an attacker with a MITM position can actively patch binaries–if not security updates–with his own code. In terms of defending against the sort of attack, Pitts suggested that encrypted download channels are the best option, both for users and site operators. "SSL/TLSis the only way to prevent this from happening. End-users may want to consider installing HTTPS Everywhere or similar plugins for their browser to help ensure their traffic is always encrypted," he said via email.
Education

Employers Worried About Critical Thinking Skills 406

Posted by Soulskill
from the employees-worried-about-it-too dept.
Nerval's Lobster writes: Every company needs employees who can analyze information effectively, discarding what's unnecessary and digging down into what's actually useful. But employers are getting a little bit worried that U.S. schools aren't teaching students the necessary critical-thinking skills to actually succeed once they hit the open marketplace. The Wall Street Journal talked with several companies about how they judge critical-thinking skills, a few of which ask candidates to submit to written tests to judge their problem-solving abilities. But that sidesteps the larger question: do schools need to shift their focus onto different teaching methods (i.e., downplaying the need for students to memorize lots of information), or is our educational pipeline just fine, thank you very much?

Comment: Re:This is silly (Score 1) 616

It's a win-win in the short term, even though it's disastrous for the economy in the long term.

And yet not a single one of the minimum wage increases over the last decades has proven this out. In fact, it has been the opposite as those people have now had more money to spend to further the economy.

Nothing is more admirable than the fortitude with which millionaires tolerate the disadvantages of their wealth. -- Nero Wolfe

Working...