Forgot your password?

+ - Heartbleed OpenSSL Vulnerability: A Technical Remediation

Submitted by Anonymous Coward
An anonymous reader writes "Since the announcement, there has been buzz around the underground and malicious actors have been actively leaking software library data and using one of the several provided PoC code to attack the massive amount of services available on the internet. One of the more complicated issues is that the OpenSSL patches were not in-line with the upstream of large Linux flavors. We have had a opportunity to review the behavior of the exploit and have come up with the following IDS signatures to be deployed for detection."

+ - Facebook Is Ripping Chat Out Of Its Mobile App->

Submitted by Advocatus Diaboli
Advocatus Diaboli (1627651) writes "Facebook is taking its standalone app strategy to a new extreme today. It’s starting to notify users they’ll no longer have the option to send and receive messages in Facebook for iOS and Android, and will instead have to download Facebook Messenger to chat on mobile. Facebook’s main apps have always included a full-featured messaging tab. Then a few months ago, users who also had Facebook’s standalone Messenger app installed had the chat tab of their main apps replaced with a hotlink button that would open Messenger. But this was optional. If you wanted to message inside Facebook for iOS or Android, you just didn’t download Messenger. That’s not going to be an option anymore."
Link to Original Source

+ - Do any development shops build-test-deploy in a cloud-based service?

Submitted by bellwould
bellwould (11363) writes "Our CTO has asked us to move our entire dev/test platform off of shared, off-site, hardware onto Amazon, Savvis or the like. Because we don't know enough about this, we're nervous about the costs like CPU: Jenkins tasks checks-out 1M lines of source, then builds, tests and test-deploys 23 product modules 24/7; as well, several Glassfish and Tomcat instances run integration and UI tests 24/7. Disk: large databases instances packed with test and simulation data. Of course, it's all backed up too. So before we start an in-depth review of what's available, what experiences are dev shops having doing stuff like this in the cloud?"

+ - Chrome Finally Passes Firefox In Market Share

Submitted by Anonymous Coward
An anonymous reader writes "March saw the fifth full month of IE11 availability with Windows 8.1, the release of Firefox 28, and the first full month of Chrome 33 availability. The latest numbers from Net Applications show that Chrome was the only major winner last month, having finally passed Firefox. Between February and March, IE dipped 0.23 percentage points (from 58.19 percent to 57.96), Firefox fell 0.42 percentage points (from 17.68 percent to 17.52 percent), and Chrome gained 0.68 percentage points (from 16.84 percent to 17.52 percent). Safari meanwhile gained 0.01 percentage points to 5.68 percent and Opera slipped 0.03 percentage points to 1.20 percent."

+ - New Apache Allura project for project development hosting->

Submitted by brondsem
brondsem (553348) writes "Today the Apache Software Foundation announced the Allura project for hosting software development projects. Think GitHub or SourceForge on your own servers — Allura has git, svn, hg, wiki, tickets, forums, news, and more. It's written in python and has a modular and extensible platform so you can write your own tools and extensions. It's already used by SourceForge, DARPA, German Aerospace Center, and Open Source Projects Europe. Allura is open source; available under the Apache License v2.0. When you don't want all your project resources in the cloud on somebody else's walled garden, you can run Allura on your own servers and have full control and full data access."
Link to Original Source

+ - Spinoffs from Spyland: How Some NSA Technology Is Making Its Way Into Industry->

Submitted by Anonymous Coward
An anonymous reader writes "MIT Technology Review reports, "Like other federal agencies, the NSA is compelled by law to try to commercialize its R&D. It employs patent attorneys and has a marketing department that is now trying to license inventions ... The agency claims more than 170 patents ... But the NSA has faced severe challenges trying to keep up with rapidly changing technology. ... Most recently, the NSA’s revamp included a sweeping effort to dismantle ... “stovepipes,” and switch to flexible cloud computing ... in 2008, NSA brass ordered the agency’s computer and information sciences research organization to create a version of the system Google uses to store its index of the Web and the raw images of Google Earth. That team was led by Adam Fuchs, now Sqrrl’s chief technology officer. Its twist on big data was to add “cell-level security,” a way of requiring a passcode for each data point ... that’s how software (like the infamous PRISM application) knows what can be shown only to people with top-secret clearance. Similar features could control access to data about U.S. citizens. “A lot of the technology we put [in] is to protect rights,” says Fuchs. Like other big-data projects, the NSA team’s system, called Accumulo, was built on top of open-source code because “you don’t want to have to replicate everything yourself,” ... In 2011, the NSA released 200,000 lines of code to the Apache Foundation. When Atlas Venture’s Lynch read about that, he jumped—here was a technology already developed, proven to work on tens of terabytes of data, and with security features sorely needed by heavily regulated health-care and banking customers. ... Eventually, Fuchs and several others left the NSA, and now their company is part of a land grab in big data ...""
Link to Original Source

+ - Linux may succeed Windows XP as OS of choice for ATMs->

Submitted by Dega704
Dega704 (1454673) writes "Some financial services companies are looking to migrate their ATM fleets from Windows to Linux in a bid to have better control over hardware and software upgrade cycles.

Pushing them in that direction apparently is Microsoft's decision to end support for Windows XP on April 8, said David Tente, executive director, USA, of the ATM Industry Association (ATMIA).

"There is some heartburn in the industry" over Microsoft's end-of-support decision, Tente said.

ATM operators would like to be able to synchronize their hardware and software upgrade cycles. But that's hard to do with Microsoft dictating the software upgrade timetable. As a result, "some are looking at the possibility of using a non-Microsoft operating system to synch up their hardware and software upgrades," Tente said."

Link to Original Source

+ - Fruit Flies are Better Than You at Calculus

Submitted by DudeTheMath
DudeTheMath (522264) writes "Cornell University scientists studied how fruit flies respond to flight disturbances (instead of wind gusts, they used carefully controlled magnetic pulses) and found that the flies recover in as little as three wing beats (at 250 per second) by doing some kind of calculus in a little "integrated circuit" of neurons that control the wings directly. The pitch and yaw results are already published, and the roll study is forthcoming. (NYT, partial paywall, autoplay of fly that starts with a car ad.)"

+ - Missing Plane Would Have Been Found By Now If Communications Box Had $10 Upgrade-> 1

Submitted by concertina226
concertina226 (2447056) writes "The missing Malaysia Airlines Flight MH370 might have been found by now if a small communications box on the plane had been configured to send out more frequent reports, according to British satellite communications firm Inmarsat.

Critics of the aerospace industry are now calling out its "outdated" accident investigation process and asking for data from the black box to be streamed in-flight to the cloud, which could be expensive, but Inmarsat's Senior VP Chris McLaughlin says that the plane could have been found by now if the communications box buried in the plane's avionics had been configured to send out more frequent reports.

"What we have at the moment would have been fine if the airlines had been mandated to provide data on all their flights. The only area where data is mandated is on the transatlantic route, which is so busy that everyone needs to know where all the other planes are," he said. "We may never know what happened to the plane because the cockpit is not mandated to be monitored in other areas, and we urge regulators to look into this.""

Link to Original Source

+ - Xbox One Chat Headsets Still Hit Or Miss 1

Submitted by TheG0at
TheG0at (3585267) writes "When the Xbox One launched, it had no native support for aftermarket headsets. You were forced to use your TV's sound system to hear the game and either the (crappy) bundled headset mic or Kinect for chat. Some enterprising users of course took advantage of this gap and modified the bundled chat adapter to allow you use your Xbox 360 Headset as seen in our review: . (I still use this, you can see why below)

Now Microsoft has rolled out their own "Stereo Headset Adapter". We reviewed it here: and were impressed at first, that is until we got into party chat and found perhaps why they didn't call it a "chat adapter":

We returned that and ordered up Microsoft's "Stereo Headset" to see if it worked better than tying to use an old 360 headset. It actually was pretty good as seen here:

On a whim, we tried out Turtle Beach's "XO Four" headset and it's turned out to be better than Microsoft's offering, if you don't mind spending a little more:

We are still finding that the sound when in "Party Chat" is not nearly as good as other communication methods be. We recorded this Titanfall video using party chat: and this one using Skype on Xbox One, still using the same hardware: .

Since the controller firmware update included in the Xbox's March update, we've also been experiencing the microphone cutting out in chat, requiring unplugging and re-plugging of the chat module into the controller to fix.

Hopefully Microsoft will spend a little more time on getting things up to snuff in upcoming patches."

+ - A New State of Matter Has Been Discovered->

Submitted by Diggester
Diggester (2492316) writes "The days when solid, liquid and gas were the only three states of matter were over when newer states such as plasma and superficial fluid were discovered. It seems like science students will be updating their course notes in the near future, thanks to the discovery of a yet another state of matter. Say hello to Dropleton which comes across as a new sort of puny particle that may possess the postulates of the liquid state of matter."
Link to Original Source

+ - Mark Shuttleworth blasts OSS FUD

Submitted by Anonymous Coward
An anonymous reader writes "In a Google+ posting, Mark Shuttleworth, founder of Ubuntu and Canonical, announces that Ubuntu is sticking with MySQL in the upcoming Trusty Tahr (14.04) release. In response to a followup question from ZDNet's Steven Vaughan-Nichols, Shuttleworth offers some pointed comments on the OSS FUD culture: "As for phobias, the real pitchforks have been those agitating against Oracle. I think Oracle have been an excellent steward of MySQL, with real investment and great quality. Appreciating and celebrating that doesn't detract from our willingness to engage elsewhere. I think the tendency to imagine conspiracies and malfeasance is one of the sadder aspects of OSS culture. Don't feed it.""

+ - Bitcoin Exchanges Halt Withdrawals After 'Massive' DDoS Attack->

Submitted by Anonymous Coward
An anonymous reader writes "The Bitstamp bitcoin exchange has temporarily halted its users from withdrawing bitcoins, as it is targeted by a "massive and concerted" cyber attack.

A DDoS (distributed denial of service) attack is being felt across the bitcoin landscape, with a number of exchanges affected by what is known as the cryptocurrency 'transaction malleability problem', first discovered in 2011 and flagged up by the Mt Gox exchange earlier this week."

Link to Original Source

+ - Sophisticated Spy Tool 'The Mask' Rages Undetected for 7 Years->

Submitted by thomst
thomst (1640045) writes "Kim Zetter of Wired's Threat Level reports that Kaspersky Labs discovered a Spanish-language spyware application that employs "uses techniques and code that surpass any nation-state spyware previously spotted in the wild." The malware, dubbed "The Mask" by Kaspersky's researchers, targeted targeted government agencies, diplomatic offices, embassies, companies in the oil, gas and energy industries, and research organizations and activists had been loose on the Internet since at least 2007, before it was shut down last month. It infected its targets via a malicious website that contained exploits — among which were the Adobe Flash player vulnerability CVE-2012-0773 — that affected both Windows and Linux machines. Users were directed to the site via spearphishing emails."
Link to Original Source

Everything that can be invented has been invented. -- Charles Duell, Director of U.S. Patent Office, 1899