Forgot your password?
typodupeerror
Security

Drupal Warns Users of Mass, Automated Attacks On Critical Flaw 70

Posted by timothy
from the big-targets-get-hit-first dept.
Trailrunner7 writes The maintainers of the Drupal content management system are warning users that any site owners who haven't patched a critical vulnerability in Drupal Core disclosed earlier this month should consider their sites to be compromised. The vulnerability, which became public on Oct. 15, is a SQL injection flaw in a Drupal module that's designed specifically to help prevent SQL injection attacks. Shortly after the disclosure of the vulnerability, attackers began exploiting it using automated attacks. One of the factors that makes this vulnerability so problematic is that it allows an attacker to compromise a target site without needing an account and there may be no trace of the attack afterward.
Australia

Australian Gov't Tries To Force Telcos To Store User Metadata For 2 Years 56

Posted by timothy
from the authority-problem dept.
AlbanX writes The Australian Government has introduced a bill that would require telecommunications carriers and service providers to retain the non-content data of Australian citizens for two years so it can be accessed — without a warrant — by local law enforcement agencies. Despite tabling the draft legislation into parliament, the bill doesn't actually specify the types of data the Government wants retained. The proposal has received a huge amount of criticism from the telco industry, other members of parliament and privacy groups. (The Sydney Morning Herald has some audio of discussion about the law.)
Government

Hackers Breach White House Network 98

Posted by Soulskill
from the dozens-of-solitaire-games-compromised dept.
wiredmikey writes: The White House's unclassified computer network was recently breached by intruders, a U.S. official said Tuesday. While the White House has not said so, The Washington Post reported that the Russian government was thought to be behind the act. Several recent reports have linked Russia to cyber attacks, including a report from FireEye on Tuesday that linked Russia back to an espionage campaign dating back to 2007. Earlier this month, iSight Partners revealed that a threat group allegedly linked with the Russian government had been leveraging a Microsoft Windows zero-day vulnerability to target NATO, the European Union, and various private energy and telecommunications organizations in Europe. The group has been dubbed the "Sandworm Team" and it has been using weaponized PowerPoint files in its recent attacks. Trend Micro believes the Sandworm team also has their eyes set on compromising SCADA-based systems.
Supercomputing

16-Teraflops, £97m Cray To Replace IBM At UK Meteorological Office 123

Posted by Soulskill
from the crayzy-powerful dept.
Memetic writes: The UK weather forecasting service is replacing its IBM supercomputer with a Cray XC40 containing 17 petabytes of storage and capable of 16 TeraFLOPS. This is Cray's biggest contract outside the U.S. With 480,000 CPUs, it should be 13 times faster than the current system. It will weigh 140 tons. The aim is to enable more accurate modeling of the unstable UK climate, with UK-wide forecasts at a resolution of 1.5km run hourly, rather than every three hours, as currently happens. (Here's a similar system from the U.S.)
Government

Ken Ham's Ark Torpedoed With Charges of Religious Discrimination 433

Posted by Soulskill
from the after-a-flood-of-complaints dept.
McGruber writes: Back on February 4, "Science Guy" Bill Nye debated Creationist Kenneth Alfred "Ken" Ham. That high-profile debate helped boost support for Ham's $73 million "Ark Encounter" project, allowing Ham to announce on February 25 that a municipal bond offering had raised enough money to begin construction. Nye said he was "heartbroken and sickened for the Commonwealth of Kentucky" after learning that the project would move forward. Nye said the ark would eventually draw more attention to the beliefs of Ham's ministry, which preaches that the Bible's creation story is a true account, and as a result, "voters and taxpayers in Kentucky will eventually see that this is not in their best interest."

In July, the Kentucky Tourism Development Finance Authority unanimously approved $18.25 million worth of tax incentives to keep the ark park afloat. The funds are from a state program that allows eligible tourism attractions a rebate of as much as 25 percent of the investment in the project. Since then, the Ark Park's employment application has became public: "Nestled among the requirements for all job applicants were three troubling obligatory documents: 'Salvation testimony,' 'Creation belief statement,' and a 'Confirmation of your agreement with the AiG statement of faith.' (AiG is Answers in Genesis, Ham's ministry and Ark Encounter's parent company.)"

That caused the Kentucky Tourism, Arts and Heritage Cabinet to halt its issuance of tax incentives for the ark park. Bob Stewart, secretary of the cabinet, wrote to Ham that "the Commonwealth does not provide incentives to any company that discriminates on the basis of religion and we will not make any exception for Ark Encounter, LLC." Before funding could proceed, Stewart explained, "the Commonwealth must have the express written assurance from Ark Encounter, LLC that it will not discriminate in any way on the basis of religion in hiring." The ark park has not yet sunk. It is "still pending before the authority" and a date has not yet been set for the meeting where final approval will be considered.
Open Source

OpenBSD Drops Support For Loadable Kernel Modules 158

Posted by Soulskill
from the loadable-kernel-modules-have-had-it-too-good-for-too-long dept.
jones_supa writes: The OpenBSD developers have decided to remove support for loadable kernel modules from the BSD distribution's next release. Several commits earlier this month stripped out the loadable kernel modules support. Phoronix's Michael Larabel has not yet found an official reason for the decision to drop support. He wagers that it is due to security or code quality/openness ideals.
Businesses

Why CurrentC Will Beat Out Apple Pay 629

Posted by timothy
from the some-downsides-might-strike-your-mind dept.
itwbennett writes Working closely with VISA, Apple solved many complex security issues making in-person payments safer than ever. But it's that close relationship with the credit card companies that may be Apple Pay's downfall. A competing solution called CurrentC has recently gained a lot of press as backers of the project moved to block NFC payments (Apple Pay, Google Wallet, etc.) at their retail terminals. The merchants designing or backing CurrentC reads like a greatest hits list of retail outfits and leading the way is the biggest of them all, Walmart. The retailers have joined together to create a platform that is independent of the credit card companies and their profit-robbing transaction fees. Hooking directly to your bank account rather than a credit or debit card, CurrentC will use good old ACH to transfer money from your account to the merchant's bank account at little to no cost.
Microsoft

Microsoft Works On Windows For ARM-Based Servers 112

Posted by timothy
from the arms-race dept.
SmartAboutThings writes According to some reports from the industry, Microsoft is working on a version of its software for servers that run on chips based on ARM Holdings's technology. Windows Server now runs on Intel hardware, but it seems that Redmond wants to diversify its strategy. An ARM-based version of Windows Server could help challenge Intel's dominance and make a place for ARM in the server market, not only in mobile chips. According to the article, though, Microsoft "hasn’t yet decided whether to make the software commercially available."
Transportation

LAX To London Flight Delayed Over "Al-Quida" Wi-Fi Name 339

Posted by timothy
from the low-threshold dept.
linuxwrangler writes A flight from LAX to London was delayed after a passenger reported seeing "Al-Quida Free Terror Nettwork" as an available hotspot name and reported it to a flight attendant. The flight was taken to a remote part of the airport and delayed for several hours but "after further investigation, it was determined that no crime was committed and no further action will be taken." That seems an awfully low threshold for disrupting air traffic, since wireless access points can be had for just a few dollars these days.
Google

Rite Aid and CVS Block Apple Pay and Google Wallet 554

Posted by samzenpus
from the your-money-is-no-good-here dept.
An anonymous reader writes CVS and Rite Aid have reportedly shut off the NFC-based contactless payment option at point of sale terminals in thousands of stores. The move will make it impossible to pay for products using Apple Pay or Google Wallet. Rite Aid posted at their stores: "Please note that we do not accept Apple Pay at this time. However we are currently working with a group of large retailers to develop a mobile wallet that allows for mobile payments attached to credit cards and bank accounts directly from a smart phone. We expect to have this feature available in the first half of 2015."
Verizon

Verizon Injects Unique IDs Into HTTP Traffic 206

Posted by Soulskill
from the doing-the-wrong-thing-badly dept.
An anonymous reader writes: Verizon Wireless, the nation's largest wireless carrier, is now also a real-time data broker. According to a security researcher at Stanford, Big Red has been adding a unique identifier to web traffic. The purpose of the identifier is advertisement targeting, which is bad enough. But the design of the system also functions as a 'supercookie' for any website that a subscriber visits. "Any website can easily track a user, regardless of cookie blocking and other privacy protections. No relationship with Verizon is required. ...while Verizon offers privacy settings, they don’t prevent sending the X-UIDH header. All they do, seemingly, is prevent Verizon from selling information about a user." Just like they said they would.
Hardware

FTDI Removes Driver From Windows Update That Bricked Cloned Chips 571

Posted by Soulskill
from the righteous-backpedaling dept.
New submitter weilawei writes: Last night, FTDI, a Scottish manufacturer of USB-to-serial ICs, posted a response to the ongoing debacle over its allegedly intentional bricking of competitors' chips. In their statement, FTDI CEO Fred Dart said, "The recently release driver release has now been removed from Windows Update so that on-the-fly updating cannot occur. The driver is in the process of being updated and will be released next week. This will still uphold our stance against devices that are not genuine, but do so in a non-invasive way that means that there is no risk of end user's hardware being directly affected." This may have resulted from a discussion with Microsoft engineers about the implications of distributing potentially malicious driver software.

If you design hardware, what's your stance on this? Will you continue to integrate FTDI chips into your products? What alternatives are available to replace their functionality?
Government

Michigan Latest State To Ban Direct Tesla Sales 256

Posted by samzenpus
from the not-in-my-town dept.
An anonymous reader writes As many expected, Michigan Governor Michigan Governor Rick Snyder signed a bill that bans Tesla Motors from selling cars directly to buyers online in the state. When asked what Tesla's next step will be, Diarmuid O'Connell, vice president of business development, said it was unclear if the company would file a lawsuit. "We do take at their word the representations from the governor that he supports a robust debate in the upcoming session," O'Connell said. "We've entered an era where you can buy products and services with much greater value than a car by going online."
Encryption

Deutsche Telecom Upgrades T-Mobile 2G Encryption In US 27

Posted by timothy
from the tell-all-your-grandparents dept.
An anonymous reader writes T-Mobile, a major wireless carrier in the U.S. and subsidiary of German Deutsche Telecom, is hardening the encryption on its 2G cellular network in the U.S., reports the Washington Post. According to Cisco, 2G cellular calls still account for 13% of calls in the US and 68% of wireless calls worldwide. T-Mobile's upgrades will bring the encryption of older and inexpensive 2G GSM phone signals in the US up to par with that of more expensive 3G and 4G handsets. Parent company Deutsche Telecom had announced a similar upgrade of its German 2G network after last year's revelations of NSA surveillance. 2G is still important not only for that 13 percent of calls, but because lots of connected devices rely on it, or will, even while the 2G clock is ticking. The "internet of things" focuses on cheap and ubiquitous, and in the U.S. that still means 2G, but lots of things that might be connected that way are ones you'd like to be encrypted.
Hardware

FTDI Reportedly Bricking Devices Using Competitors' Chips. 697

Posted by Soulskill
from the playing-dirty dept.
janoc writes It seems that chipmaker FTDI has started an outright war on cloners of their popular USB bridge chips. At first the clones stopped working with the official drivers, and now they are being intentionally bricked, rendering the device useless. The problem? These chips are incredibly popular and used in many consumer products. Are you sure yours doesn't contain a counterfeit one before you plug it in? Hackaday says, "It’s very hard to tell the difference between the real and fake versions by looking at the package, but a look at the silicon reveals vast differences. The new driver for the FT232 exploits these differences, reprogramming it so it won’t work with existing drivers. It’s a bold strategy to cut down on silicon counterfeiters on the part of FTDI. A reasonable company would go after the manufacturers of fake chips, not the consumers who are most likely unaware they have a fake chip." Update: 10/24 02:53 GMT by S : In a series of Twitter posts, FTDI has admitted to doing this.

Saliva causes cancer, but only if swallowed in small amounts over a long period of time. -- George Carlin

Working...