Forgot your password?
typodupeerror

Submission Summary: 0 pending, 933 declined, 587 accepted (1520 total, 38.62% accepted)

+ - Critical XSS Flaws Patched in WordPress and Popular Plug-in->

Submitted by itwbennett
itwbennett (1594911) writes "The WordPress development team on Thursday released critical security updates that address an XSS vulnerability in the comment boxes of WordPress posts and pages. An attacker could exploit this flaw to create comments with malicious JavaScript code embedded in them that would get executed by the browsers of users seeing those comments. 'In the most obvious scenario the attacker leaves a comment containing the JavaScript and some links in order to put the comment in the moderation queue,' said Jouko Pynnonen, the security researcher who found the flaw."
Link to Original Source

+ - Microsoft Patches Kerberos Vulnerability Being Used In Attacks->

Submitted by itwbennett
itwbennett (1594911) writes "Microsoft released an out-of-band patch on Tuesday, addressing a vulnerability in Kerberos KBC, a component that handles authentication on local networks. The patch was supposed to have been released earlier this month, but Microsoft withheld it due to QA concerns. However, Redmond says the flaw is being used in attacks online, so organizations are urged to update immediately."
Link to Original Source

+ - Facebook's Flow Could Help JavaScript Programmers Spot Elusive Bugs->

Submitted by itwbennett
itwbennett (1594911) writes "Facebook has released as open source a debugging tool for JavaScript, called Flow. Flow is a static type checker, one that ensures that when a program is run that its variables, functions and other elements of code will adhere to their original specifications. 'Flow improves speed and efficiency so developers can be more productive while using JavaScript,' Facebook engineers said in a blog post on Tuesday."
Link to Original Source

+ - Superbugs: 10 Long-Lived Software Bugs->

Submitted by itwbennett
itwbennett (1594911) writes "Earlier this week, Microsoft patched a 19-year-old security vulnerability that has been present in every version of its operating systems since the release of Windows 1995. As the IBM researchers who discovered the bug put it, it’s been 'sitting in plain site' while other vulnerabilities in the same library have been fixed over the years. While it may seem surprising that a critical error in such a major piece of software, used by so many people, could go unnoticed for decades, it’s actually not that uncommon, writes ITworld's Phil Johnson, who rounded up 10 more examples of software bugs that were particularly long-lived — not all of which have yet been fixed."
Link to Original Source

+ - Facebook Testing Lithium-ion Batteries for Backup Power->

Submitted by itwbennett
itwbennett (1594911) writes "Facebook has just started testing lithium-ion batteries as the backup power source for its server racks and plans to roll them out widely next year. Lithium-ion has been too expensive until now, says Matt Corddry, Facebook's director of hardware engineering, but its use in electric cars has changed the economics. It's now more cost effective than the bulky, lead-acid batteries widely used in data centers today."
Link to Original Source

+ - China's Smartphone Boom Times Are Over, Says Lenovo CEO->

Submitted by itwbennett
itwbennett (1594911) writes "Since 2010, Lenovo's smartphone business has almost solely grown on demand from Chinese consumers, with the company rising to become one of the country's top handset vendors. 'But now the China market is not hyper-growing any longer,' said Lenovo's CEO Yang Yuanqing in an earnings call earlier this month. 'It has been saturated. If you want to win you have to find new growth areas.'"
Link to Original Source

+ - No, You Can't Seize Country TLDs, US Court Rules->

Submitted by itwbennett
itwbennett (1594911) writes "A U.S. court has quashed an attempt to seize Iran's, Syria's and North Korea's domains as part of a lawsuit against those countries' governments. The plaintiffs in the case wanted to seize the domains after they successfully sued Iran, Syria and North Korea as state sponsors of terrorism. But the court found the domains have the nature of a contractual right, and ruled that rights arising under a contract cannot be seized as part of a judgment."
Link to Original Source

+ - German Spy Agency Seeks Millions To Monitor Social Networks->

Submitted by itwbennett
itwbennett (1594911) writes "Germany's foreign intelligence agency reportedly wants to spend €300 million (about $375 million) in the next five years on technology that would let it spy in real time on social networks outside of Germany, and decrypt and monitor encrypted Internet traffic. The agency, which already spent €6.22 million in preparation for this online surveillance push, also wants to use the money to set up an early warning system for cyber attacks, the report said. A prototype is expected to be launched next June with the aim of monitoring publicly available data on Twitter and blogs."
Link to Original Source

+ - NEC Smartphone Tech Can Spot Counterfeit Goods->

Submitted by itwbennett
itwbennett (1594911) writes "NEC has developed an anti-counterfeiting smartphone app that compares images snapped with a phone with those in a cloud-based database. The "object fingerprint" technology can establish authenticity by identifying fine patterns in the grain of metal or plastic that occur naturally during manufacturing and are invisible to the human eye. The accuracy of the system depends on the material in question, but NEC said its tests on bolts yielded an equal error rate (EER) of less than one in 1 million."
Link to Original Source

+ - MS Word Macro Attacks Make a Comeback->

Submitted by itwbennett
itwbennett (1594911) writes "A recent piece of malware that aims to steal your online banking credentials revives a decade-old technique to install itself on your PC. Called Dridex, the malware tries to steal your data when you log into an online bank account by creating HTML fields that ask you to enter additional information like your social security number. That's not unusual in itself. What's different is how Dridex tries to infect your computer in the first place: It's delivered in the form of a macro, buried in a Microsoft Word document in a spam email message."
Link to Original Source

+ - Google To Bolster Flu Trends Model With CDC Data->

Submitted by itwbennett
itwbennett (1594911) writes "Scientists spoke, and Google listened. As reported in Slashdot over the weekend, when scientists combined historic flu levels with Google Flu Trends data, they found that "Google Flu Trends data sets significantly add information to the forecasts of current flu levels," but that the aggregate Web searches alone cannot provide an accurate assessment of where flu has struck and its severity. Now Google has decided to take into account data from the U.S. Centers for Disease Control and Prevention in its Google Flu Trends model for the 2014-2015 flu season. Christian Stefansen, a senior software engineer at Google, wrote in a blog post that the company decided it could improve the accuracy significantly with a model that learns continuously from official flu data."
Link to Original Source

+ - Adobe's Digital Editions Collecting Less Data, Says EFF->

Submitted by itwbennett
itwbennett (1594911) writes "Tests on the latest version of Adobe System's e-reader software shows the company is now collecting less data following a privacy-related dustup last month, according to the Electronic Frontier Foundation. Adobe was criticized in early October after it was discovered Digital Editions collected metadata about e-books on a device, even if the e-books did not have DRM. Those logs were also sent to Adobe in plain text. Digital Editions version 4.0.1 appears to only collect data on e-books that have DRM (Digital Rights Management), wrote Cooper Quintin, a staff technologist with the EFF."
Link to Original Source

+ - Facebook Sets Up Shop On Tor->

Submitted by itwbennett
itwbennett (1594911) writes "Assuming that people who use the anonymity network want to also use Facebook, the social network has made its site available on Tor, Facebook software engineer Alec Muffett said in a post on Friday. Facebook also decided to encrypt the connection between clients and its server with SSL, providing an SSL certificate for Facebook's onion address. This was done both for internal technical reasons and as a way for users to verify Facebook's ownership of the onion address. Since it is still an experiment, Facebook hopes to improve the service and said it would share lessons learned about scaling and deploying services via an onion address over time."
Link to Original Source

+ - Vulnerabilities Found In More Command-Line Tools-> 2

Submitted by itwbennett
itwbennett (1594911) writes "The critical Shellshock vulnerabilities found last month in the Bash Unix shell have motivated security researchers to search for similar flaws in old, but widely used, command-line utilities. Two remote command execution vulnerabilities were patched this week in the popular wget download agent and tnftp client for Unix-like systems. This comes after a remote code execution vulnerability was found last week in a library used by strings, objdump, readelf and other command-line tools."
Link to Original Source

+ - Facebook Explains Math Behind WhatsApps' $19B Value->

Submitted by itwbennett
itwbennett (1594911) writes "Roughly $15.3 billion of the $19 billion Facebook paid is attributed to "goodwill," or, in business accounting parlance, what Facebook deems to be WhatsApp's potential future value, according to an SEC filing made on Tuesday. The rest of it breaks out like this, according to the filing: $2 billion for its users; $448 million for the trade name; $288 million for its technology; and $21 million for "other" items."
Link to Original Source

What the world *really* needs is a good Automatic Bicycle Sharpener.

Working...