×
Opera

Hackers Steal Opera-Signed Certificate Through Infrastructure Attack 104

Posted by samzenpus from the protect-ya-neck dept.
wiredmikey writes "Norwegian browser maker Opera Software has confirmed that a targeted internal network infrastructure attack led to the theft of a code signing certificate that was used to sign malware. 'The current evidence suggests a limited impact. The attackers were able to obtain at least one old and expired Opera code signing certificate, which they have used to sign some malware. This has allowed them to distribute malicious software which incorrectly appears to have been published by Opera Software, or appears to be the Opera browser,' Opera warned in a brief advisory. The Opera breach signals a growing shift by organized hacking groups to target the internal infrastructure network at big companies that provide client side software to millions of end users."
Google

How Not To Be a SEO Spammer 65

Posted by samzenpus from the it's-up-to-you-whether-or-not-you-want-to-just-do-the-bare-minimum dept.
An anonymous reader writes "The head of Google's webspam team, Matt Cutts, has blogged about one of his colleagues receiving an email offering SEO services to help the web site www.google.com. The irony wasn't lost on Matt, who has blogged about these emails before. As this article points out, if ever there was evidence that the people who send many of these emails haven't done their homework, this is it."
Movies

Buy the WarGames IMSAI 8080 and Possibly Impress Ally Sheedy 103

Posted by samzenpus from the do-you-want-to-play-a-game? dept.
ilikenwf writes "Todd Fischer, the man behind this iconic prop from WarGames, the movie that spawned countless hackers, has come forward recently to announce its sale in the near future. Interestingly enough, the IMSAI 8080 still works, although the disk drive was damaged in shipping after the movie's conclusion, and was trashed."
Medicine

Eye Surgery By Magnetically Guided Microbots Moves Toward Clinical Trials 47

Posted by samzenpus from the here's-a-robot-for-your-eye dept.
Sabine Hauert writes "According to robotics researcher Simone Schürle from ETH Zurich's Multi-Scale Robotics Lab (MSRL), the OctoMag is a magnetic manipulation system that uses electromagnetic coils to wirelessly guide micro-robots for ophthalmic surgery. With this system, mobility experiments were conducted in which a micro-robot with a diameter of 285 um (about four times the width of a hair) was navigated reliably through the eye of a rabbit, demonstrating the feasibility of using this technology in surgical applications."
GNU is Not Unix

When GPL Becomes Almost-GPL — the CSS, Images and JavaScript Loophole 224

Posted by Soulskill from the dr-stallman-and-mr-hyde dept.
New submitter sobolwolf writes "It has been apparent for some time that many developers (mainly theme designers) are split-licensing PHP-based GPL distributions, releasing proprietary files alongside GPL files with the excuse that CSS, JavaScript and Images are 'immunized' from the GPL because they run in the browser and not on the server. This is almost always done to limit the distribution of the entire release, not just the proprietary items (most extensions will not function in any meaningful way without the accompanying CSS, Images and JavaScript). Some of the more popular PHP-based GPL projects, like WordPress, have gone as far as to apply sanctions to developers distributing split-licensed themes/plugins. Others, such as Joomla, have openly embraced the split-licensed model, even changing their extension directory submission rules to cater specifically to split-licensed distributions. In light of all this, I would like to ask the following question: While it seems to be legal to offer split-licensed GPL distributions, is it in the spirit of the GPL for a project such as Joomla (whose governing body has the motto 'Open Source Matters') to openly embrace such a practice when they can easily require that all CSS, Images and JavaScript be GPL (or GPL-compatible) for extensions that are listed on the Joomla Extensions Directory?"
Android

Android On the Desktop 247

Posted by Soulskill from the wait-what dept.
puddingebola writes "John Morris at CNET offers a brief review of PC Android devices, many of them hybrids running Windows 8 and Android. From the article, 'Microsoft has spent a lot of time and effort trying to get Windows onto smartphones and tablets — so far without a whole lot to show for it. Now several PC companies are trying the opposite approach, taking the Android operating system and porting it to PCs.' The article reviews the recent releases from HP, Acer, Asus, and Samsung. Does Android creeping onto desktop or 'traditional' PC devices have any kind of possible long term consequences? Could this be a way for Android and Google to develop a larger presence in corporate IT, or could Android ever really supplant the Windows foothold?"
Space

Unlikely Planets Found In Violent Star Clusters 30

Posted by Soulskill from the no,-not-cubical-planets dept.
astroengine writes "When it comes to forming planets, Mother Nature isn't very picky. Despite horrific conditions inside densely packed open clusters, stars apparently have no problem forming and hanging on to an orbital brood. That's the conclusion from a new study (abstract) that used data collected by NASA's now-dormant Kepler space telescope to hunt for planets in a one-billion-year old open cluster called NGC 6811, a collection of about 70 stars located about 3,400 light years away in the constellation Cygnus."
Google

How Much Is Your Gmail Account Worth To Crooks? 80

Posted by Soulskill from the single-point-of-failure dept.
tsu doh nimh writes "If you use Gmail and have ever wondered how much your account might be worth to cyber thieves, have a look at Cloudsweeper, a new OAuth service launching this week that tries to price the value of your Gmail address based on the number of retail accounts you have tied to it and the current resale value of those accounts in the underground. From KrebsOnSecurity: 'The brainchild of researchers at the University of Illinois at Chicago, Cloudsweeperâ(TM)s account theft audit tool scans your inbox and presents a breakdown of how many accounts connected to that address an attacker could seize if he gained access to your Gmail. Cloudsweeper then tries to put an aggregate price tag on your inbox, a figure thatâ(TM)s computed by totaling the resale value of other account credentials that crooks can steal if they hijack your email.'" A recent report from Kaspersky (PDF) also highlighted the trend toward phishing attepts targeting Facebook, Google, and Yahoo accounts alongside bank accounts.
Microsoft

Hands-On With Windows 8.1 Preview 505

Posted by Soulskill from the solid-color-rectangles-redux dept.
adeelarshad82 writes "Microsoft launched the preview version of Windows 8.1 at the company's Build conference in San Francisco and early signs show that Microsoft heard the criticisms, and has responded with improvements. The new OS includes a number of changes starting with the return of the Start button and the ability to boot directly to the desktop. However, Microsoft hasn't given up on making the new-style tile and full-screen more usable for all users. If anything, the tile-based Start screen has gotten more flexible, with new smaller and larger tile options. Windows 8.1 also drastically improves built-in search, SkyDrive cloud syncing, mail and Microsoft Music." Microsoft also released a preview of Visual Studio 2013 and .NET 4.5.1, and there's a program that will give developers early access to the PC version of the Kinect sensor. Other tidbits: Windows 8.1 will use a standard driver model for 3-D printers, and it's getting better support for both high-res displays and using multiple displays with different resolutions.
The Internet

Google Adds Data About Malware To Transparency Report 20

Posted by Soulskill from the for-connoisseurs-of-worldly-fare dept.
Nerval's Lobster writes "Google is adding data about malware to its Transparency Report. For the past seven years, the search-engine giant has offered a Safe Browsing program that warns Web-surfers about unsafe Websites (i.e., those loaded with malware or phishing scams). The new section of the Transparency Report will show how many people see those Safe Browsing warnings on a weekly basis, along with other malware-related tidbits, including Webmaster response times to threats and Website reinfection rates. The data includes malware distribution by autonomous systems, which are one (or more) networks controlled by a single entity such as a university or ISP. 'This data is part of our effort to support a safer and more secure web,' read Google's explanatory note in the Report. 'By sharing information from our scans, we hope to encourage cooperation among those who battle malware.' Google takes all that autonomous system data and breaks it down by country. For example, of the 31 million Websites in the United States scanned by Google, roughly 2 percent host malware. In other words, this data just reinforces what pretty much everybody knows: it's not a safe Internet out there."
The Internet

RMS, Aaron Swartz Among 2013 Internet Hall of Fame Inductees 118

Posted by Soulskill from the barry-bonds-given-the-cold-shoulder-again dept.
gnujoshua writes "The Internet Hall of Fame inducted 32 new members, today. This years class had a number of 'policy innovators' and activists including Aaron Swartz (posthumous), John Perry Barlow, Jimmy Wales, and Richard M. Stallman. Stallman had this to say upon his induction: 'Now that we have made the Internet work, the next task is to stop it from being a platform for massive surveillance, and make it work in a way that respects human rights, including privacy.'"
AMD

AMD Overhauls Open-Source Linux Driver 126

Posted by Soulskill from the added-support-for-individual-tree-leaf-motion-and-rump-physics dept.
An anonymous reader writes "AMD's open-source developer has posted an incredible set of 165 patches against the Linux kernel that provide support for a few major features to their Linux graphics driver. Namely, the open-source Radeon Linux driver now supports dynamic power management on hardware going back to the Radeon HD 2000 (R600) generation. The inability to re-clock the GPU frequencies and voltages dynamically based upon load has been a major limiting factor for open-source AMD users where laptops have been warm and there is diminished battery power. The patches also provide basic support for the AMD Radeon HD 8000 'Sea Islands' graphics processors on their open-source Linux driver."
Security

Black Hat Talks To Outline Attacks On Home Automation Systems 79

Posted by timothy from the hal-do-you-do? dept.
colinneagle writes "If you use the Z-Wave wireless protocol for home automation then you might prepare to have your warm, fuzzy, happiness bubble burst; there will be several presentations about attacking the automated house at the upcoming Las Vegas hackers' conferences Black Hat USA 2013 and Def Con 21. For example, CEDIA IT Task force member Bjorn Jensen said, 'Today, I could scan for open ports on the Web used by a known control system, find them, get in and wreak havoc on somebody's home. I could turn off lights, mess with HVAC systems, blow speakers, unlock doors, disarm alarm systems and worse.' Among other things, the hacking Z-Wave synopsis adds, 'Zigbee and Z-wave wireless communication protocols are the most common used RF technology in home automation systems...An open source implementation of the Z-wave protocol stack, openzwave, is available but it does not support the encryption part as of yet. Our talk will show how the Z-Wave protocol can be subjected to attacks.'"
HP

HP Confirms Backdoor In StoreOnce Backup Products 45

Posted by timothy from the top-men-are-on-it dept.
wiredmikey writes "Security response personnel at HP are 'actively working on a fix' for a potentially dangerous backdoor in older versions of its StoreOnce backup product line. The company's confirmation of what it describes as a 'potential security issue' follows the public disclosure that malicious hackers can use SSH access to perform full remote compromise of HP's StoreOnce backup systems. The SHA1 hash for the password was also published, putting pressure on HP to get a fix ready for affected customers. SecurityWeek has confirmed that it is relatively trivial to brute-force the hash to obtain the seven-character password. The HP StoreOnce product, previously known as HP D2D, provides disk backup and recovery to small- to midsize businesses, large enterprises, remote offices and cloud service providers."
Virtualization

Cray X-MP Simulator Resurrects Piece of Computer History 55

Posted by timothy from the just-plain-cray-zee-ness! dept.
An anonymous reader writes "If you have a fascination with old supercomputers, like I do, this project might tickle your interest: A functional simulation of a Cray X-MP supercomputer, which can boot to its old batch operating system, called COS. It's complete with hard drive and tape simulation (no punch card readers, sorry) and consoles. Source code and binaries are available. You can also read about the journey that got me there, like recovering the OS image from a 30 year old hard drive or reverse-engineering CRAY machine code to understand undocumented tape drive operation and disk file-systems."

Slashdot Top Deals