Trust the World's Fastest VPN with Your Internet Security & Freedom with PureVPN - 79% off. ×
Transportation

'Largest Recall In American History': Takata To Recall Nearly 70 Million Airbags (nbcnews.com) 82

An anonymous reader writes: Federal regulators are ordering Japanese supplier Takata to recall as many as 40 million additional airbags linked to a defect already blamed for at least 11 deaths, bringing the total number of faulty airbags in the U.S. to 69 million. Previously, the recall involved about 24 million vehicles sold in the U.S. over roughly the last decade, with 14 manufacturers impacted. With the latest recall, almost every other major carmaker will now be pulled. "This is the largest recall in American history," National Highway Traffic Safety Administrator Mark Rosekind told reporters on Wednesday. Initial estimates said 35-40 million airbags were to be recalled. And because some vehicles use more than one Takata airbag, the total number of vehicles will likely be smaller. Now it's considered highly likely that the total number of cars, trucks and crossovers will now top the 50 million mark, and as many as a quarter of all vehicles on U.S. roads could be covered. The NHTSA has reported that just over 8 million vehicles had been fixed as of April 22. The airbags have so far been tied to at least 10 U.S. deaths and more than 100 injuries -- two more fatalities in Malaysia were confirmed Wednesday. "The exploding airbags can send shrapnel into the faces and necks of victims, leaving them looking as if they had been shot or stabbed," according to Fox 59.
Google

Google Encrypts All Blogspot Domains With HTTPS 44

Reader Mickeycaskill writes: Google is continuing its crusade to encrypt the web by enabling an HTTPS version of every single domain hosted on Blogspot. The search giant started the rollout last September, but as an opt-in service. Now users can opt to visit an HTTPS version of a site without its participation, while administrators can turn on an automatic redirect so all visitors are sent to the encrypted version. "HTTPS is fundamental to internet security; it protects the integrity and confidentiality of data sent between websites and visitors' browsers," said Milanda Perera, security software engineer at Google. Google already encrypts its search results, Google Drive and Gmail, while it also ranks HTTPS-enabled sites higher in the search. Blogspot rival WordPress began rolling out HTTPS in 2014.
Java

No One Should Have To Use Proprietary Software To Communicate With Their Government (fsf.org) 133

Donald Robertson, writing for Free Software Foundation: Proprietary JavaScript is a threat to all users on the Web. When minified, the code can hide all sorts of nasty items, like spyware and other security risks. [...] On March 1st, 2016, the Copyright Office announced a call for comments on an update to their technology infrastructure. We submitted a comment urging them to institute a policy that requires all software they develop and distribute to be free software. Further, we also urged them to not require people to run proprietary software in order to communicate or submit comments to them. Unfortunately, once again, the Copyright Office requires the use of proprietary JavaScript in order to submit the comment and they are only accepting comments online unless a person lacks computer or Internet access. [...] The most absurd part of all this is that other government agencies, while still using Regulations.gov, are perfectly capable of offering alternatives to submission.
Security

Aging and Bloated OpenSSL Is Purged of 2 High-Severity Bugs (arstechnica.com) 52

An anonymous reader cites a story on Ars Technica: Maintainers of the OpenSSL cryptographic library have patched high-severity holes that could make it possible for attackers to decrypt login credentials or execute malicious code on Web servers. The updates were released Tuesday morning for both versions 1.0.1 and 1.0.2 of OpenSSL, which a large portion of the Internet relies on to cryptographically protect sensitive Web and e-mail traffic using the transport layer security protocol. OpenSSL advisories labeled the severity of both vulnerabilities "high," meaning the updates fixing them should be installed as soon as possible. The fixes bring the latest supported versions to 1.0.1t and 1.0.2h. The decryption vulnerability is the result of what cryptographers call a padding oracle weakness, which allows attackers to repeatedly probe an encrypted payload for clues about the plaintext content inside. According to TLS expert Filippo Valsorda, the bug allows for only 16 bytes of encrypted traffic to be recovered, and even then only when an end user sends it repeatedly.
Security

Millions of Gmail, Yahoo, Hotmail Email Accounts Being Traded in Russian Underworld (reuters.com) 70

Eric Auchard, reporting for Reuters (edited and condensed): Hundreds of millions of hacked usernames and passwords for email accounts and other websites are being traded in Russia's criminal underworld, a security expert told Reuters. The discovery of 272.3 million stolen accounts included a majority of users of Mail.ru, Russia's most popular email service, and smaller fractions of Google, Yahoo and Microsoft email users (Editor's note: the numbers are: 57M Mail.ru, 24M Google, 40M Yahoo, and 33M Hotmail), said Alex Holden, founder and chief information security officer of Hold Security. [...] The latest discovery came after Hold Security researchers found a young Russian hacker bragging in an online forum that he had collected and was ready to give away a far larger number of stolen credentials that ended up totaling 1.17 billion records.Amir Efrati, a reporter with The Information, asks: "Industry seems to be failing at convince email users to do 2-step verification. Why not require it?"
Facebook

Facebook Paid $10,000 To A 10-Year-Old For Hacking Instagram (thenextweb.com) 61

An anonymous reader writes: Facebook has paid $10,000 to a 10-year-old hacker who discovered how one could hack into Instagram and delete comments made by users. Speaking to local publication Iltalehti, Jani said: "I would have been able to eliminate anyone, even Justin Bieber." The Finnish hacker just became the youngest person to receive cash from Facebook for hacking its products. The previous record was set by a 13-year-old back in 2013. What's funny is Jani isn't technically old enough to sign-up and use Facebook or Instagram, as it's supposed to be restricted to those under the age of 13. Jani found he could alter code on Instagram's servers and force-delete users' posts. This was confirmed by Facebook using a test account and patched in February, Facebook told Forbes. Facebook has received more than 2,400 valid submissions and awarded upwards of $4.3 million to over 800 researchers since the bounty program launched in 2011.
Government

Snowden: 'Governments Can Reduce Our Dignity To That Of Tagged Animals' (theguardian.com) 109

An anonymous reader writes: NSA whistleblower Edward Snowden writes a report on The Guardian explaining why leaking information about wrongdoing is a vital act of resistance. "One of the challenges of being a whistleblower is living with the knowledge that people continue to sit, just as you did, at those desks, in that unit, throughout the agency; who see what you saw and comply in silence, without resistance or complaint," Snowden writes. "They learn to live not just with untruths but with unnecessary untruths, dangerous untruths, corrosive untruths. It is a double tragedy: what begins as a survival strategy ends with the compromise of the human being it sought to preserve and the diminishing of the democracy meant to justify the sacrifice." He goes on to explain the importance and significance of leaks, how not all leaks are alike, nor are their makers, and how our connected devices come into play in the post-9/11 period. Snowden writes, "By preying on the modern necessity to stay connected, governments can reduce our dignity to something like that of tagged animals, the primary difference being that we paid for the tags and they are in our pockets."
Security

Samsung Smart Home Flaws Let Hackers Pick Connected Doors From Anywhere In the World (arstechnica.com) 74

Researchers have discovered flaws in Samsung's Smart Home automation system, which if exploited, allows them to carry a range of remote attacks. These attacks include digitally picking connected door locks from anywhere in the world. The flaws have been documented by researchers from the University of Michigan ahead of the 2016 IEEE Symposium on Security and Privacy. "All of the above attacks expose a household to significant harm -- break-ins, theft, misinformation, and vandalism," the researchers wrote in a paper. "The attack vectors are not specific to a particular device and are broadly applicable." Dan Goodin, reports for Ars Technica: Other attacks included a malicious app that was able to obtain the PIN code to a smart lock and send it in a text message to attackers, disable a preprogrammed vacation mode setting, and issue a fake fire alarm. The one posing the biggest threat was the remote lock-picking attack, which the researchers referred to as a "backdoor pin code injection attack." It exploited vulnerabilities in an existing app in the SmartThings app store that gives an attacker sustained and largely surreptitious access to users' homes. The attack worked by obtaining the OAuth token that the app and SmartThings platform relied on to authenticate legitimate users. The only interaction it required was for targeted users to click on an attacker-supplied HTTPS link that looked much like this one that led to the authentic SmartThings login page. The user would then enter the username and password. A flaw in the app allowed the link to redirect the credentials away from the SmartThings page to an attacker-controlled address. From then on, the attackers had the same remote access over the lock that users had.
Ubuntu

Ubuntu Founder Pledges No Back Doors In Linux (eweek.com) 105

Mark Shuttleworth, founder of Canonical and Ubuntu Foundation, gave an interview to eWeek this week ahead of Ubuntu Online Summit (UOS). In the wide-ranging interview, Shuttleworth teased some features that we could expect in Ubuntu 16.10, and also talked about security and privacy. From the report: One thing that Ubuntu Linux users will also continue to rely on is the strong principled stance that Shuttleworth has on encryption. With the rapid growth of the Linux Foundation's Let's Encrypt free Secure Sockets Layer/Transport Layer Security (SSL/TLS) certificate platform this year, Shuttleworth noted that it's a good idea to consider how that might work in an integrated way with Ubuntu. Overall, he said, the move to encryption as a universal expectation is really important. "We don't do encryption to hide things; we do encryption so we can choose what to share," Shuttleworth said. "That's a profound choice we should all be able to make." Shuttleworth emphasized that on the encryption debate, Canonical and Ubuntu are crystal clear. "We will never backdoor Ubuntu; we will never weaken encryption," he said.
Government

Kim Jong-Un Bans All Weddings, Funerals And Freedom Of Movement In North Korea (independent.co.uk) 201

An anonymous reader quotes a report from The Independent: Weddings and funerals have been banned and Pyongyang is in lockdown as preparations for a once-in-a-generation party congress get underway in North Korea. The ruling Worker's Party of Korea, headed by the country's leader, Kim Jong-un, is due to stage the first gathering of its kind for 36 years on Friday. Free movement in and out of the capital has also been forbidden and there has been an increase in inspections and property searches, according to Daily NK, which claims to have sources in the country. The temporary measures are said to be an attempt to minimize the risk of "mishaps" at the event, according to Cheong Joon-hee, a spokesman at South Korea's Unification Ministry. Meanwhile, North Korea has been conducting missile tests left and right, many of which have failed miserably.
AI

Self-Driving Features Could Lead To More Sex In Moving Cars, Expert Warns (www.cbc.ca) 267

An anonymous reader writes: According to CBC.ca, "At least one expert is anticipating that, as the so-called 'smart' cars get smarter, there will eventually be an increase in an unusual form of distracted driving: hanky-panky behind the wheel." Barrie Kirk of the Canadian Automated Vehicles Centre of Excellence said, "I am predicting that, once computers are doing the driving, there will be a lot more sex in cars. That's one of several things people will do which will inhibit their ability to respond quickly when the computer says to the human, 'Take over.'" Federal officials, who have been tasked with building a regulatory framework to govern driverless cars, highlighted their concerns in briefing notes compiled for Transport Minister Marc Garneau. "Drivers tend to overestimate the performance of automation and will naturally turn their focus away from the road when they turn on their auto-pilot," said the note. The Tesla autopilot feature has been receiving the most criticism as there have been many videos posted online showing Tesla drivers engaged in questionable practices, including reading a newspaper or brushing their teeth.
EU

Greenpeace Leaks Big Part Of Secret TTIP Documents (bbc.com) 131

An anonymous reader writes: The environmental group Greenpeace has obtained 248 pages of classified documents from the Transatlantic Trade and Investment Partnership (TTIP) trade talks. The group warns EU standards on the environment and public health risk being undermined by compromises with the US, specifically that US corporations may erode Europe's consumer protections. The TTIP would "harmonize regulations across a huge range of business sectors, providing a boost to exporters on both sides of the Atlantic," writes the BBC. After the Greenpeace leak was published, EU Trade Commissioner Cecilia Malmstroem said in her blog, "I am simply not in the business of lowering standards." Meanwhile, Greenpeace EU director Jorgo Riss said, "These leaked documents confirm what we have been saying for a long time: TTIP would put corporations at the center of policy-making, to the detriment of environment and public health." You can be the judge for yourself. The leaked documents are available for download here.
Encryption

Without Encryption, Everything Stops, Says Snowden (thehill.com) 143

An anonymous reader writes about Snowden's appearance on a debate with CNN's Fareed Zakaria: Edward Snowden defended the importance of encryption, calling it the "backbone of computer security." He said, "Encryption saves lives. Encryption protects property. Without it, our economy stops. Our government stops. Everything stops. Our intelligence agencies say computer security is a bigger problem than terrorism, than crime, than anything else," he noted. "[...] Lawful access to any device or communication cannot be provided to anybody without fatally compromising the security of everybody."
Music

Audiophile Torrent Site What.CD Fully Pwnable Thanks To Wrecked RNG (theregister.co.uk) 125

Reader mask.of.sanity writes: Users of popular audiophile torrent site What.CD can make themselves administrators to completely compromise the private music site and bypass its notorious download ratio limits thanks to the use of the mt_rand function for password resets, a researcher has found. From the report (edited and condensed):What.CD is the world's most popular high quality music private torrent site that requires its users to pass an interview testing their knowledge of audio matters before they are granted an account. Users must maintain a high upload to download ratio to continue to download from the site. [...] "I reported it a year ago, and they acknowledged it but said 'don't worry about it,'" said New-Zealand-based independent security researcher who goes by the alias ss23.
Bitcoin

Craig Wright Claims He's Satoshi Nakamoto, the Creator Of Bitcoin 147

Australian entrepreneur Craig Wright has put an end to the years-long speculation about the creator of Bitcoin. In an interview with the BBC, The Economist (may have a paywall), and GQ, Wright claimed that he is indeed the person who developed the concepts on which Bitcoin cryptocurrency is built. According to the BBC, Mr. Wright provided "technical proof to back up his claim using coins known to be owned by Bitcoin's creator." Wright writes in a blog post: [A]fter many years, and having experienced the ebb and flow of life those years have brought, I think I am finally at peace with what he meant. If I sign Craig Wright, it is not the same as if I sign Craig Wright, Satoshi[...] Since those early days, after distancing myself from the public persona that was Satoshi, I have poured every measure of myself into research. I have been silent, but I have not been absent. I have been engaged with an exceptional group and look forward to sharing our remarkable work when they are ready. Satoshi is dead. But this is only the beginning. According to Wright's website, he is a "computer scientist, businessman and inventor" born in Brisbane, Australia, in October 1970. Some have questioned the authenticity and relevance of the "technical proof" Wright has provided. Nik Cubrilovic, an Australian former hacker and leading internet security blogger, wrote, "I don't believe for a second Wright is Satoshi. I know two people who worked with Wright, characterized him as crazy and schemer/charlatan." Michele Spagnuolo, Information Security Engineer at Google added, "He's not Satoshi. He just reused a signed message (of a Sartre text) by Satoshi with block 9 key as 'proof.'"

Slashdot Top Deals