Catch up on stories from the past week (and beyond) at the Slashdot story archive

 


Forgot your password?
Close
typodupeerror
×

Submission + - Faulty software lands postmasters and postmistresses in prison. (bbc.co.uk)

Submitted by Martin S.
Martin S. writes: Today the UK will Court of Appeal will issue its ruling on A group of 42 sub-postmasters and postmistresses will learn later whether convictions for stealing money will be quashed amid a Post Office IT scandal.

This case has been rumbling on for over a decade Post Office scandal: What the Horizon saga is all about

As a software geek, the part I find most troubling is that blind faith that those in authority placed in the software without proper accounting. Accounting systems and Software are deterministic, well they should be. IFF the system/software worked correctly this missing money must have shown up somewhere. Software defects are always traceable. It might be expensive and time consuming but persistence will win in the end. Somebody somewhere is responsible for this and defacto framing of these people is criminal in principle, if not in law.

Submission + - Autopilot lie exposed by consumer reports. (arstechnica.com)

Submitted by Rei_is_a_dumbass
Rei_is_a_dumbass writes: Elon Musk has tweeted that "data logs recovered so far show Autopilot was not enabled." Tesla defenders also insisted that Autopilot couldn't have been active because the technology doesn't operate unless someone is in the driver's seat. Consumer Reports decided to test this latter claim by seeing if it could get Autopilot to activate without anyone in the driver's seat.

It turned out not to be very difficult.

Submission + - Latest Windows preview build adds support for Linux GUI apps (windows.com)

Submitted by jonesy16
jonesy16 writes: While users have long been able to run Linux GUI apps on Windows by installing a separate X Server, this marks the first time that native support is available through the Windows Subsystem for Linux (WSL). Audio support and hardware acceleration are also provided, seemingly enabling a limitless set of use cases for those wishing to live the dual OS life. The change is identified in the recent preview build release along with a more in-depth discussion of the graphical subsystem now called WSLg.

Submission + - Antibodies to South Africa Covid Variant are Backwards Compatible (nature.com)

Submitted by Thelasko
Thelasko writes: Penny Moore hoped that B.1.351 infection would trigger strong immune responses, but she was open to the possibility that this variant might be less visible to the immune system than are other strains. To find out, her team analysed antibodies from 89 people who had been hospitalized with B.1.351 infections. The researchers used a ‘pseudovirus’ — a modified form of HIV that infects cells using the SARS-CoV-2 spike protein — to measure the capacity of the antibodies to block infection.

Reassuringly, people who recovered from B.1.351 infection made as many antibodies as did those infected with earlier circulating variants. Those antibodies did a good job of blocking pseudoviruses with B.1.351 mutations. To Moore’s surprise, the antibodies also blocked other strains. These included some that were similar to the ones that B.1.351 displaced, and an immune-evading variant called P.1, identified in Brazil, that shares several mutations in common with B.1.351.

The results are a boost to nascent efforts to develop vaccines able to cope with variants such as B.1.351. Last week, updated versions of Moderna’s vaccine, based on the genetic sequence of the B.1.351 variant, were given to trial participants for the first time. Other developers, including Pfizer–BioNTech, also plan to trial vaccines based on B.1.351’s genetic sequence. “I think there’s a good possibility those vaccines might perform slightly better,” Moore says.

Submission + - GUI app support is now available for the Windows Subsystem for Linux (microsoft.com) 1

Submitted by yogikoudou
yogikoudou writes: Microsoft is releasing a preview of Windows Subsystem for Linux with GUI app support. Users can now run applications with a graphical user interface natively in Windows, where they appear in the task bar and have access to the Linux filesystem.

An impressive demo video on YouTube shows the presenter running gVim in its own window with drop shadows, alongside Visual Studio Code and even Microsoft Edge for Linux. The feature does not require running a separate X server, and Linux applications have access to audio devices as well as GPUs managed by the Windows host.

Head to the WLSg GitHub repository for install instructions and documentation.

Submission + - DNS record tracking measure leads to web cookie leaks (arxiv.org) 1

Submitted by Anonymous Coward
An anonymous reader writes: In a new research paper scientists from Belgium describe the rising popularity of a new tracking method that is using DNS entries (CNAME records), which anti-tracking methods of web bowsers. The researchers detail the use of the method which technically makes the tracker to be embedded on the website in context of the visited website. As a consequence, the authors note that in 95% cases, cookies were leaking to unrelated third-party servers. One of the authors calls this behaviour a data breac of data protection regulations.

Submission + - SPAM: Introducing Crowdsec: A Modernized, Collaborative Massively Multiplayer Firewall

Submitted by b-dayyy
b-dayyy writes: CrowdSec is a massively multiplayer firewall designed to protect Linux servers, services, containers, or virtual machines exposed on the Internet with a server-side agent. It was inspired by Fail2Ban and aims to be a modernized, collaborative version of that intrusion-prevention tool.

CrowdSec is free and open-source (under an MIT License), with the source code available on GitHub. It uses a behavior analysis system to qualify whether someone is trying to hack you, based on your logs. If your agent detects such aggression, the offending IP is then dealt with and sent for curation. If this signal passes the curation process, the IP is then redistributed to all users sharing a similar technological profile to “immunize” them against this IP.

The goal is to leverage the power of the crowd to create a real-time IP reputation database. As for the IP that aggressed your machine, you can choose to remedy the threat in any manner you feel appropriate. Ultimately, CrowdSec leverages the power of the community to create an extremely accurate IP reputation system that benefits all its users.

It was clear to the founders that Open Source was going to be one of the main pillars of CrowdSec. The project's founders have been working on open-source projects for decades — they didn’t just jump on the train. Rather, they are strong Open Source believers. They believe that the crowd is key to the mass hacking plague we are experiencing, and that Open Source is the best lever to create a community and have people contribute their knowledge to the project, ultimately make it better and more secure.

The solution recently turned 1.x, introducing a major architectural change: the introduction of a local REST API.
Link to Original Source

Submission + - Brave privacy bug exposes Tor onion URLs to your DNS provider (bleepingcomputer.com)

Submitted by AmiMoJo
AmiMoJo writes: Brave Browser is fixing a privacy issue that leaks the Tor onion URL addresses you visit to your locally configured DNS server, exposing the dark web websites you visit. To access Tor onion URLs, Brave added a 'Private Window with Tor' mode that acts as a proxy to the Tor network. When you attempt to connect to an onion URL, your request is proxied through volunteer-run Tor nodes who make the request for you and send back the returned HTML. Due to this proxy implementation, Brave's Tor mode does not directly provide the same level of privacy as using the Tor Browser.

When using Brave's Tor mode, it should forward all requests to the Tor proxies and not send any information to any non-Tor Internet devices to increase privacy. However, a bug in Brave's 'Private window with Tor' mode is causing the onion URL for any Tor address you visit to also be sent as a standard DNS query to your machine's configured DNS server. This bug was first reported in a Reddit post and later confirmed by James Kettle, the Director of Research at PortSwigger. BleepingComputer has also verified the claims by using Wireshark to view DNS traffic while using Brave's Tor mode.

Submission + - SPAM: Video shows Perseverance rover's dramatic Mars landing

Submitted by Thelasko
Thelasko writes: Nasa has released stunning video of its Perseverance rover landing on Mars.

The movie covers the final minutes of last week's hair-raising descent, up to the point where the robot's wheels make contact with the ground.

The sequence shows a whirl of dust and grit being kicked up as the vehicle is lowered by its rocket backpack to the floor of Jezero Crater.

Perseverance was sent to Mars festooned with cameras, seven of which were dedicated to recording the landing.

Their imagery represents vital feedback for engineers as they look to improve still further the technologies used to put probes on the surface of the Red planet.
Link to Original Source

Submission + - Facebook Had Much Bigger Part than Parler in Capitol Riot

Submitted by RoccamOccam
RoccamOccam writes: The Department of Justice has now charged 223 people for their participation in the events of Jan. 6. A comprehensive analysis of those charging documents performed by Forbes demonstrate that Parler’s role was minimal, compared to that of Facebook, YouTube, and Instagram.

Of the 223 charging documents, 73 reference posts on Facebook as evidence, 24 reference posts YouTube, 20 single out Instagram posts (owned by Facebook), and only eight highlight posts on Parler.

In the immediate aftermath, Sheryl Sandberg, Facebook’s chief operating officer, claimed “These events were largely organized on platforms that don’t have our abilities to stop hate and don’t have our standards and don’t have our transparency.”

Submission + - GM crops could support food security in Africa, new study suggests (cornell.edu)

Submitted by wooloohoo
wooloohoo writes: Genetically modified (GM) maize has produced higher yields than conventional hybrid varieties in South Africa, highlighting the technology’s potential to support food security in the face of climate challenges, a new study finds.

“Our study shows that the gains from biotechnology for white maize as a staple food crop in South Africa have been greater than for yellow maize for livestock feed,” said lead author Dr. Aaron Shew, an assistant professor of agricultural economics at Arkansas State University. “This could signal substantial potential to improve production of other staple crops in Africa with biotech tools.”

Shew noted that “the yield gains for white maize were about twice that of yellow maize, which suggests genetic modification may act as a ‘catch-up’ technology to more rapidly address production issues. We also found that the yield gains were similar in dryland production — not just irrigated — which may be important for climate resilience.”

The study, published in the journal Nature Food, found that GM maize improved yields by 8 percent on average while GM white maize yield gains were more than double GM yellow maize gains.

Submission + - Flaws in Zoom's Keybase App Kept Chat Images From Being Deleted

Submitted by chicksdaddy
chicksdaddy writes: The Security Ledger reports (https://securityledger.com/2021/02/exclusive-flaws-in-zooms-keybase-app-kept-chat-images-from-being-deleted/ ) that a flaw in Zoom’s Keybase (https://keybase.io/blog/keybase-joins-zoom) secure chat application left copies of images contained in secure communications on Keybase users’ computers after they were supposedly deleted, according to researchers from the group Sakura Samurai. (https://sakurasamurai.pro/)

The flaw in the encrypted messaging application, CVE-2021-23827(https://johnjhacking.com/blog/cve-2021-23827/) does not expose Keybase users to remote compromise. However, it could put their security, privacy and safety at risk, especially for users living under authoritarian regimes in which apps like Keybase and Signal are increasingly relied on as a way to conduct conversations out of earshot of law enforcement or security services. It comes as millions of users have flocked to apps like Keybase, Signal and Telegram in recent months.

Sakura Samurai researchers Aubrey Cottle (@kirtaner), Robert Willis (@rej_ex) and Jackson Henry (@JacksonHHax) discovered an unencrypted directory, /Cache, associated with the Keybase client that contained a comprehensive record of images from encrypted chat sessions. The application used a custom extension to name the files, but they were easily viewable directly or simply by changing the custom file extension to the PNG image format, researcher John Jackson told Security Ledger.

In a statement, a Zoom spokesman said that the company appreciates the work of the researchers and takes privacy and security “very seriously.”

“We addressed the issue identified by the Sakura Samurai researchers on our Keybase platform in version 5.6.0 for Windows and macOS and version 5.6.1 for Linux. Users can help keep themselves secure by applying current updates or downloading the latest Keybase software with all current security updates,” the spokesman said.

In most cases, the failure to remove files from cache after they were deleted would count as a “low priority” security flaw. However, in the context of an end-to-end encrypted communications application like Keybase, the failure takes on added weight, Jackson wrote.

“An attacker that gains access to a victim machine can potentially obtain sensitive data through gathered photos, especially if the user utilizes Keybase frequently. A user, believing that they are sending photos that can be cleared later, may not realize that sent photos are not cleared from the cache and may send photos of PII or other sensitive data to friends or colleagues.”

Submission + - Microsoft finally has the potential(1 billion devices) to crush SAMBA? (theverge.com) 1

Submitted by Your Average Joe
Your Average Joe writes: Oh look this security issue needs to be patched.... Well it seems that Microsoft is winning when it comes to the SMB client/server space numbers. If you look the SAMBA team cannot handle domain trusts, multiple domains, DFS, DFS-R, Linux file systems supporting SAMBA ACLs, internal DNS service complexity and newer versions of the Active Directory schema beyond 2012r2. Just a short while ago the schema limit was 2008r2. Some of these AD features have been functional and used by Windows AD admins since 2003(schema version 30) and we still are not on feature parity 17 years later. One AD replacement distribution, Zentyal is painful when compared to Microsoft's product. If you try to see what is popular on the docker platform for samba containers you see 10 million downloads of a generic docker that lets you serve up files to guests, then you look for an Active Directory container and that is stale by 2 years and 20x fewer downloads. Windows Server and Windows 10 are changing each month via updates so I bet in the next few months we will see incompatibilities between SAMBA and the clients. Microsoft can now swing the dog by changing 1 billion Windows clients to do whatever they feel like. Do you think any large company can pull the SAMBA project out of this tailspin?

Slashdot Top Deals

"Plastic gun. Ingenious. More coffee, please." -- The Phantom comics

Close