Forgot your password?
typodupeerror
Bug

Passport Database Outage Leaves Thousands Stranded 74

Posted by Unknown Lamer
from the maintenance-considered-harmful dept.
linuxwrangler (582055) writes Job interviews missed, work and wedding plans disrupted, children unable to fly home with their adoptive parents. All this disruption is due to a outage involving the passport and visa processing database at the U.S. State Department. The problems have been ongoing since July 19 and the best estimate for repair is "soon." The system "crashed shortly after maintenance."
Privacy

UK Government Report Recommends Ending Online Anonymity 178

Posted by timothy
from the but-you-have-a-right-to-be-forgotten dept.
An anonymous reader writes with a bit of pith from TechDirt: Every so often, people who don't really understand the importance of anonymity or how it enables free speech (especially among marginalized people), think they have a brilliant idea: "just end real anonymity online." They don't seem to understand just how shortsighted such an idea is. It's one that stems from the privilege of being in power. And who knows that particular privilege better than members of the House of Lords in the UK — a group that is more or less defined by excess privilege? The Communications Committee of the House of Lords has now issued a report concerning "social media and criminal offenses" in which they basically recommend scrapping anonymity online.
Government

CIA Director Brennan Admits He Was Lying: CIA Really Did Spy On Congress 207

Posted by timothy
from the note-the-passive-voice-and-weasel-words dept.
Bruce66423 (1678196) writes with this story from the Guardian: The director of the Central Intelligence Agency, John Brennan, issued an extraordinary apology to leaders of the US Senate intelligence committee on Thursday, conceding that the agency employees spied on committee staff and reversing months of furious and public denials. Brennan acknowledged that an internal investigation had found agency security personnel transgressed a firewall set up on a CIA network, called RDINet, which allowed Senate committee investigators to review agency documents for their landmark inquiry into CIA torture." (Sen. Diane Feinstein was one of those vocally accusing the CIA of spying on Congress; Sen. Bernie Sanders has raised a similar question about the NSA.)
PHP

PHP Finally Getting a Formal Specification 92

Posted by timothy
from the let-the-ossification-ceremony-commence dept.
itwbennett (1594911) writes "Despite becoming one of the most widely used programming languages on the Web, PHP didn't have a formal specification — until now. Facebook engineer and PHP core contributor Sara Golemon announced the initiative at OSCON earlier this month, and an initial draft of the specification was posted Wednesday on GitHub."
NASA

NASA's JPL Develops Multi-Metal 3D Printing Process 29

Posted by timothy
from the just-use-a-photoshop-gradient dept.
yyzmcleod (1534129) writes The technology to 3D print a single part from multiple materials has been around for years, but only for polymer-based additive manufacturing processes. For metals, jobs are typically confined to a single powdered base metal or alloy per object. However, researchers at NASA's Jet Propulsion Laboratory say they have developed a 3D printing technique that allows for print jobs to transition from one metal to another in a single object. From the article: In JPL’s technique, the build material’s composition is gradually transitioned as the print progresses. For example, the powdered build material might contain 97 percent titanium alloy and 3 percent stainless steel at the beginning of the transition. Then, in 1 percent increments between layers, the gradient progresses to 97 percent stainless steel and 3 percent Ti alloy by some defined point in the overall 3D printing process.
Science

More Quantum Strangeness: Particles Separated From Their Properties 130

Posted by Soulskill
from the superposition-of-cat-metaphors dept.
Dupple sends word of new quantum mechanical research in which a neutron is sent along a different path from one of its characteristics. First, a neutron beam is split into two parts in a neutron interferometer. Then the spins of the two beams are shifted into different directions: The upper neutron beam has a spin parallel to the neutrons’ trajectory, the spin of the lower beam points into the opposite direction. After the two beams have been recombined, only those neutrons are chosen which have a spin parallel to their direction of motion. All the others are just ignored. ... These neutrons, which are found to have a spin parallel to its direction of motion, must clearly have travelled along the upper path — only there do the neutrons have this spin state. This can be shown in the experiment. If the lower beam is sent through a filter which absorbs some of the neutrons, then the number of the neutrons with spin parallel to their trajectory stays the same. If the upper beam is sent through a filter, than the number of these neutrons is reduced.

Things get tricky when the system is used to measure where the neutron spin is located: the spin can be slightly changed using a magnetic field. When the two beams are recombined appropriately, they can amplify or cancel each other. This is exactly what can be seen in the measurement, if the magnetic field is applied at the lower beam – but that is the path which the neutrons considered in the experiment are actually never supposed to take. A magnetic field applied to the upper beam, on the other hand, does not have any effect.
Businesses

Jesse Jackson: Tech Diversity Is Next Civil Rights Step 488

Posted by Soulskill
from the opportunity-shortage dept.
theodp writes: U.S. civil rights leader Rev. Jesse Jackson called on the Obama administration Monday to scrutinize the tech industry's lack of diversity. "There's no talent shortage. There's an opportunity shortage," Jackson said, calling Silicon Valley "far worse" than many others, such as car makers that have been pressured by unions. He said tech behemoths have largely escaped scrutiny by a public dazzled with their cutting-edge gadgets. Jackson spoke to press after meeting with Labor Secretary Tom Perez for a review of H-1B visas, arguing that data show Americans have the skills and should have first access to high-paying tech work. Jackson's Rainbow Push Coalition plans to file a freedom-of-information request next month with the EEOC to acquire employment data for companies that have not yet disclosed it publicly, which includes Amazon, Broadcom, Oracle, Qualcomm and Yelp. Unlike the Dept. of Labor, Jackson isn't buying Silicon Valley's argument that minority hiring statistics are trade secrets. Five years after Google's HR Chief would only reassure Congress the company had "a very strong internal Black Googler Network" and its CEO brushed off similar questions about its diversity numbers by saying "we're pretty happy with the way our recruiting work," Google — under pressure from Jackson — fessed up to having a tech workforce that's only 1% Black, apparently par for the course in Silicon Valley.
Transportation

UK To Allow Driverless Cars By January 185

Posted by Soulskill
from the crucial-to-development-of-the-tardis dept.
rtoz sends this news from the BBC: The UK government has announced that driverless cars will be allowed on public roads starting in January next year. It also invited cities to compete to host one of three trials of the tech, which would start at the same time. In addition, ministers ordered a review of the UK's road regulations to provide appropriate guidelines. ... The debate now is whether to allow cars, like the prototype unveiled by Google in May, to abandon controls including a steering wheel and pedals and rely on the vehicle's computer. Or whether, instead, to allow the machine to drive, but insist a passenger be ready to wrest back control at a moment's notice.
Communications

Black Hat Researchers Actively Trying To Deanonymize Tor Users 82

Posted by Soulskill
from the good-research-vs-bad-research dept.
An anonymous reader writes: Last week, we discussed news that a presentation had been canceled for the upcoming Black Hat security conference that involved the Tor Project. The researchers involved hadn't made much of an effort to disclose the vulnerability, and the Tor Project was scrambling to implement a fix. Now, the project says it's likely these researchers were actively attacking Tor users and trying to deanonymize them. "On July 4 2014 we found a group of relays that we assume were trying to deanonymize users. They appear to have been targeting people who operate or access Tor hidden services. The attack involved modifying Tor protocol headers to do traffic confirmation attacks. ...We know the attack looked for users who fetched hidden service descriptors, but the attackers likely were not able to see any application-level traffic (e.g. what pages were loaded or even whether users visited the hidden service they looked up). The attack probably also tried to learn who published hidden service descriptors, which would allow the attackers to learn the location of that hidden service." They also provide a technical description of the attack, and the steps they're taking to block such attacks in the future.
The Courts

Ford, GM Sued Over Vehicles' Ability To Rip CD Music To Hard Drive 302

Posted by Soulskill
from the i-buy-a-car-every-time-i-want-to-steal-some-music dept.
Lucas123 writes: The Alliance of Artists and Recording Companies is suing Ford and General Motors for millions of dollars over alleged copyrights infringement violations because their vehicles' CD players can rip music to infotainment center hard drives. The AARC claims in its filing (PDF) that the CD player's ability to copy music violates the Audio Home Recording Act of 1992. The Act protects against distributing digital audio recording devices whose primary purpose is to rip copyrighted material. For example, Ford's owner's manual explains, "Your mobile media navigation system has a Jukebox which allows you to save desired tracks or CDs to the hard drive for later access. The hard drive can store up to 10GB (164 hours; approximately 2,472 tracks) of music." The AARC wants $2,500 for each digital audio recording device installed in a vehicle, the amount it says should have been paid in royalties.
Businesses

Comcast Confessions 231

Posted by Soulskill
from the beancounters-shouldn't-run-the-show dept.
An anonymous reader writes: We heard a couple weeks ago about an incredibly pushy Comcast customer service representative who turned a quick cancellation into an ordeal you wouldn't wish on your enemies. To try and find out what could cause such behavior, The Verge reached out to Comcast employees, hoping a few of them would explain training practices and management directives. They got more than they bargained for — over 100 employees responded, and they painted a picture of a corporation overrun by the neverending quest for greater profit. From the article: 'These employees told us the same stories over and over again: customer service has been replaced by an obsession with sales, technicians are understaffed and tech support is poorly trained, and the massive company is hobbled by internal fragmentation. ... Brian Van Horn, a billing specialist who worked at Comcast for 10 years, says the sales pitch gradually got more aggressive. "They were starting off with, 'just ask," he says. "Then instead of 'just ask,' it was 'just ask again,' then 'engage the customer in a conversation,' then 'overcome their objections.'" He was even pressured to pitch new services to a customer who was 55 days late on her bill, he says.'
The Military

Hackers Plundered Israeli Defense Firms That Built 'Iron Dome' Missile Defense 181

Posted by Soulskill
from the intercepting-missiles-is-easier-than-learning-not-to-click-on-attachments dept.
An anonymous reader writes: Brian Krebs reports on information from Columbia, Md.-based threat intelligence firm Cyber Engineering Services Inc. that attackers thought to be operating out of China hacked into the corporate networks of three top Israeli defense technology companies. The attackers were seeking technical documents related to Iron Dome, Israel's air defense system. "IAI was initially breached on April 16, 2012 by a series of specially crafted email phishing attacks. ... Once inside the IAI’s network, [the attackers] spent the next four months in 2012 using their access to install various tools and trojan horse programs on systems throughout company’s network and expanding their access to sensitive files, CyberESI said. The actors compromised privileged credentials, dumped password hashes, and gathered system, file, and network information for several systems. The actors also successfully used tools to dump Active Directory data from domain controllers on at least two different domains on the IAI’s network. All told, CyberESI was able to identify and acquire more than 700 files — totaling 762 MB total size — that were exfiltrated from IAI’s network during the compromise. The security firm said most of the data acquired was intellectual property and likely represented only a small portion of the entire data loss by IAI." Most of the stolen material pertained to Arrow III missiles, UAVs, and ballistic rockets.

+ - Hackers Plundered Israeli Defense Firms that Built 'Iron Dome' Missile Defense ->

Submitted by Anonymous Coward
An anonymous reader writes "Krebs gets information from Columbia, Md.-based threat intelligence firm Cyber Engineering Services Inc. that attackers thought to be operating out of China hacked into the corporate networks of three top Israeli defense technology companies. This happened in 2011-12."
Link to Original Source
Android

Old Apache Code At Root of Android FakeID Mess 127

Posted by Soulskill
from the write-once-run-anywhere dept.
chicksdaddy writes: A four-year-old vulnerability in an open source component that is a critical part of Android leaves hundreds of millions of mobile devices susceptible to silent malware infections. The vulnerability affects devices running Android versions 2.1 to 4.4 ("KitKat"), according to a statement released by Bluebox. The vulnerability was found in a package installer in affected versions of Android. The installer doesn't attempt to determine the authenticity of certificate chains that are used to vouch for new digital identity certificates. In short, Bluebox writes, "an identity can claim to be issued by another identity, and the Android cryptographic code will not verify the claim."

The security implications of this are vast. Malicious actors could create a malicious mobile application with a digital identity certificate that claims to be issued by Adobe Systems. Once installed, vulnerable versions of Android will treat the application as if it was actually signed by Adobe and give it access to local resources, like the special webview plugin privilege, that can be used to sidestep security controls and virtual 'sandbox' environments that keep malicious programs from accessing sensitive data and other applications running on the Android device. The flaw appears to have been introduced to Android through an open source component, Apache Harmony. Google turned to Harmony as an alternative means of supporting Java in the absence of a deal with Oracle to license Java directly.

Work on Harmony was discontinued in November, 2011. However, Google has continued using native Android libraries that are based on Harmony code. The vulnerability concerning certificate validation in the package installer module persisted even as the two codebases diverged.

+ - Which is better, Adblock or Adblock Plus?->

Submitted by Anonymous Coward
An anonymous reader writes "Wladimir Palant is the creator of the Adblock Plus browser extension, but he often gets asked how it compares to a similar extension for Chrome called Adblock. In the past, he's told people that they're achieve largely the same end in slightly different ways, but recent changes to the Adblock project have him worried. "AdBlock covertly moved from an open development model towards hiding changes from its users. Users were neither informed about that decision nor the reasons behind it." He goes through the changelog and highlights some changes that call into question the integrity of Adblock. For example, from an update on June 6th: "Calling home functionality has been extended. It now sends user’s locale in addition to the unique user ID, AdBlock version, operating system and whether Google Search ads are being allowed. Also, AdBlock will tell getadblock.com (or any other website if asked nicely) whether AdBlock has just been installed or has been used for a while — again, in addition to the unique user ID." Of course, Palant has skin in this game, and Adblock Plus has dealt with fallout from their "acceptable ads policy," but at least it's still developed in the open."
Link to Original Source

You can't have everything... where would you put it? -- Steven Wright

Working...