Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror

Submission Summary: 0 pending, 9 declined, 2 accepted (11 total, 18.18% accepted)

+ - Six new OpenSSL vulnerabilities addressed->

Submitted by
dachshund
dachshund writes "Six new vulnerabilities have been addressed in OpenSSL. The most serious is a timing-based attack against Datagram TLS, capable of completely recover the plaintext from encrypted messages. This flaw was discovered by Nadhem Alfardan and Kenny Paterson at Royal Holloway University. The remaining attacks deal with potential denial of service issues, as well as bug that could potentially leak fragments of memory over the Internet due to the use of an uninitialized buffer. This puts the cap on a year of TLS vulnerabilities headlined by the recent BEAST attack."
Link to Original Source

+ - Toyota Sudden Acceleration Report can be Unredacte->

Submitted by dachshund
dachshund (300733) writes "You may remember a year or two ago, Toyota vehicles were having problems with sudden acceleration. Earlier this year, NASA and NHTSA systematically reviewed the engine control code and cleared them. Or maybe not. You see, the report they wrote was heavily redacted. However, it appears that the redaction wasn't done right, and the missing pieces can be recovered simply by copying and pasting from the cached versions of the PDF files. These reports are really begging for a crowdsourced reading. Some of the details certainly raise my interest. For example:

Any duty command from the PID controller greater than or equal to 88% will perpetually open the throttle and lead to WOT [wide open throttle]. This also means that any duty greater than 88% will be interpreted by the hardware as a 100% duty command.

"

Link to Original Source
Security

+ - Vulnerabilities in Anarchy Online and Age of Conan->

Submitted by dachshund
dachshund (300733) writes "The Baltimore Sun reports that security firm Independent Security Evaluators (ISE) has disclosed vulnerabilities in the popular MMORPGs "Age of Conan" and "Anarchy Online". The flaws (which have since been patched) allowed a malicious user to take read files from and take control of another player's computer. The full details can be found here, including a video (hi res) showing how the targeted avatar can be made to strip down and dance."
Link to Original Source

"In the face of entropy and nothingness, you kind of have to pretend it's not there if you want to keep writing good code." -- Karl Lehenbauer

Working...