Slashdot is powered by your submissions, so send in your scoop


Forgot your password?
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×

Submission + - "Most serious" Linux privilege-escalation bug ever is under active exploit (

operator_error writes: Lurking in the kernel for nine years, flaw gives untrusted users unfettered root access.

By Dan Goodin — 10/20/2016

A serious vulnerability that has been present for nine years in virtually all versions of the Linux operating system is under active exploit, according to researchers who are advising users to install a patch as soon as possible.

While CVE-2016-5195, as the bug is cataloged, amounts to a mere privilege-escalation vulnerability rather than a more serious code-execution vulnerability, there are several reasons many researchers are taking it extremely seriously. For one thing, it's not hard to develop exploits that work reliably. For another, the flaw is located in a section of the Linux kernel that's a part of virtually every distribution of the open-source OS released for almost a decade. What's more, researchers have discovered attack code that indicates the vulnerability is being actively and maliciously exploited in the wild.

"It's probably the most serious Linux local privilege escalation ever," Dan Rosenberg, a senior researcher at Azimuth Security, told Ars. "The nature of the vulnerability lends itself to extremely reliable exploitation. This vulnerability has been present for nine years, which is an extremely long period of time."

The underlying bug was patched this week by the maintainers of the official Linux kernel. Downstream distributors are in the process of releasing updates that incorporate the fix. Red Hat has classified the vulnerability as "important."

Submission + - First New US Nuclear Reactor In 20 Years Goes Live (

An anonymous reader writes: The Tennessee Valley Authority is celebrating an event 43 years in the making: the completion of the Watts Bar Nuclear Plant. In 1973, the TVA, one of the nation's largest public power providers, began building two reactors that combined promised to generate enough power to light up 1.3 million homes. The first reactor, delayed by design flaws, eventually went live in 1996. Now, after billions of dollars in budget overruns, the second reactor has finally started sending power to homes and businesses. Standing in front of both reactors Wednesday, TVA President Bill Johnson said Watts Bar 2, the first US reactor to enter commercial operation in 20 years, would offer clean, cheap and reliable energy to residents of several southern states for at least another generation. Before Watts Bar 2, the last time an American reactor had fired up was in 1996. It was Watts Bar 1--and according to the Atlanta Journal-Constitution, it cost $6.8 billion, far greater than the original price tag at $370 million. In the 2000s, some American power companies, faced with growing environmental regulations, eyed nuclear power again as a top alternative to fossil fuels such as coal and oil. A handful of companies, taking advantage of federal loan guarantees from the Bush administration, revived nuclear reactor proposals in a period now known as the so-called "nuclear renaissance." Eventually, nuclear regulators started to green light new reactors, including ones in Georgia and South Carolina. In 2007, the TVA resumed construction on Watts Bar 2, according to the International Atomic Energy Agency. The TVA originally said it would take five years to complete. The TVA, which today serves seven different southern states, relies on nuclear power to light up approximately 4.5 million homes. Watts Bar 2, the company's seventh operating reactor, reaffirms its commitment to nukes for at least four more decades, Johnson said Wednesday. In the end, TVA required more than five years to build the project. The final cost, far exceeding its initial budget, stood at $4.7 billion.

Submission + - Microsoft speech recognition tech understands a conversation as well a human (

coondoggie writes: Microsoft researchers say they have created a speech recognition system that understands human conversation as well as the average person does. In a paper published this week the Microsoft Artificial Intelligence and Research group said its speech recognition system had attained “human parity” and made fewer errors than a human professional transcriptionist.

Submission + - Archaeology team uses cosmic muons to discover 2 new rooms in the Great Pyramid (

drdread66 writes: Muography is an established technique that uses the constant global background of muons (the much heavier cousin of the electron, created during interactions between cosmic rays and the Earth's atmosphere) as an illumination source that can penetrate even dense, thick structures. This technique has been used to probe the structure inside the damaged nuclear reactor at Fukushima, image Mt. Vesuvius, and to study other pyramids. Now this technique has yielded evidence of new "voids" inside the Great Pyramid of Giza.

From the article: "Egypt's Great Pyramid of Giza could contain two previously unknown "cavities", scientists using radiography to scan the millennia-old monument said on Saturday. On Thursday, the antiquities ministry cautiously announced finding "two anomalies" in the pyramid built 4,500 years ago under King Khufu, with further tests to determine their function, nature and size."

Submission + - Quantum Research Achieves 10-Fold Boost In Superposition Stability

An anonymous reader writes: A team of Australian researchers has developed a qubit offering ten times the stability of existing technologies. The computer scientists claim that the new innovation could significantly increase the reliability of quantum computing calculations. The new technology, developed at the University of New South Wales (UNSW), has been named a ‘dressed’ quantum bit as it combines a single atom with an electromagnetic field. This process allows the qubit to remain in a superposition state for ten times longer than has previously been achieved. The researchers argue that this extra time in superposition could boost the performance stability of quantum computing calculations. Previously fragile and short-lived, retaining a state of superposition has been one of the major barriers to the development of quantum computing. The ability to remain in two states simultaneously is the key to scaling and strengthening the technology further.

Submission + - University of Quebec finds "signals probably from Extraterrestrial Intelligence"

An anonymous reader writes: A recent submission the Publications of the Astronomical Society of the Pacific titled, "Discovery of peculiar periodic spectral modulations in a small fraction of solar type stars" places considerable weight on the ETI hypothesis as an explanation for observed modulation around a small percentage of sun-like stars. The paper has been accepted for publication and the full pdf is available here:

SETI has commented on it in an October 11 Press release ( and cautions jumping to conclusions:
"The one in 10,000 objects with unusual spectra seen by Borra and Trottier are certainly worthy of additional
study. However, extraordinary claims require extraordinary evidence. It is too early to unequivocally attribute
these purported signals to the activities of extraterrestrial civilizations. Internationally agreed-upon protocols
for searches for evidence of advanced life beyond Earth (SETI) require candidates to be confirmed by
independent groups using their own telescopes, and for all natural explanations to be exhausted before
invoking extraterrestrial agents as an explanation. Careful work must be undertaken to determine false
positive rates, to rule out natural and instrumental explanations, and most importantly, to confirm detections
using two or more independent telescopes."

Submission + - Nokia Achieves Record 65Tbps Transmission On Undersea Cables

Mickeycaskill writes: Nokia has achieved a record transmission rate of 65Tbps on a submarine cable, claiming the advent could help increase the capacity of transoceanic networks to meet growing data demands.

The Finnish networking giant’s Bell Labs and Alcatel Lucent Submarine Networks (ALSN), both of which acquired in the £11.2 billion takeover of Alcatel-Lucent last year, conducted the test using Probabilistic Constellation Shaping (PCS) technology.

It is claimed the use of Bell Lab’s PCS system helps signals adapt to changing conditions and provides more resilience to noise and other impairments by using intelligent non-uniform transmission.

PCS was also used in a separate trial in Germany between Nokia, Deutsche Telekom and the Technical university of Munich to achieve speeds of 1Tbps on terrestrial networks.

The submarine record rate is the equivalent of more than 10 million high definition television channels streamed simultaneously and is 13,000 times the capacity available on the first undersea amplified transatlantic system installed two decades ago.

Submission + - FBI Looks Into Unlocking Minnesota Mall Stabber's iPhone (

An anonymous reader writes: The Minnesota man suspected of stabbing 10 people in a mall before police fatally shot him left behind his iPhone. Now, FBI agents are looking into unlocking his iPhone as part of the investigation. The FBI says Dahir Adan, 20, attacked several shoppers on September 17 in a frenzy, asking his victims if they were Muslim before he stabbed them. ISIS claimed responsibility for attack shortly after. FBI director James Comey told the House Judiciary Committee his agency is reviewing Adan's electronic devices — but is having issues getting into his iPhone. The device remains locked, as agents are "exploring technical and legal options," Minneapolis FBI spokesman Jeff Van Nest said. He declined to specify what model the iPhone was.

Submission + - U.S. Officially Accuses Russia of Election Hacks

wiredmikey writes: The U.S. government has officially accused Russia of being behind cyberattacks against American political organizations with the intent of interfering with the upcoming Presidential election in November.

“The U.S. Intelligence Community (USIC) is confident that the Russian Government directed the recent compromises of e-mails from US persons and institutions, including from US political organizations,” a joint statement from the Department of Homeland Security (DHS) and Office of the Director of National Intelligence said.

"We believe, based on the scope and sensitivity of these efforts, that only Russia's senior-most officials could have authorized these activities," the statement adds.

In August, researchers from two security firms uncovered evidence that they say linked a Russian threat actor to the cyberattack targeting the U.S. Democratic Congressional Campaign Committee (DCCC).

Submission + - Law-Defying Transistor Smashes Industry 'Limit', Measures Just 1nm

An anonymous reader writes: U.S. researchers have unveiled the world’s smallest transistor reported to date, combining a new mix of materials, which makes even the tiniest silicon-based transistor appear big in comparison. The team, led by the U.S. Department of Energy’s Lawrence Berkeley National Laboratory, designed the minuscule transistor with a working one-nanometer gate – far surpassing any industry expectation for reducing transistor sizes. In the scientific study, the researchers describe a prototype device which uses a novel semiconductor material known as transition metal dichalcogenides (TMDs). The transistor structure uses a single-walled carbon nanotube as the gate electrode and molybdenum disulfide (MoS2) for the channel material, rather than silicon. ‘The semiconductor industry has long assumed that any gate below 5 nanometers wouldn’t work, so anything below that was not even considered. This research shows that sub-5-nanometer gates should not be discounted. Industry has been squeezing every last bit of capability out of silicon. By changing the material from silicon to MoS2, we can make a transistor with a gate that is just 1 nanometer in length, and operate it like a switch,’ explained study lead Sujay Desai.

Submission + - Alien life could feed on cosmic rays (

sciencehabit writes: A bizarre microbe found deep in a gold mine in South Africa could provide a model for how life might survive in seemingly uninhabitable environments through the cosmos. Known as Desulforudis audaxviator, the rod-shaped bacterium thrives 2.8 kilometers underground in a habitat devoid of the things that power the vast majority of life on Earth—light, oxygen, and carbon. Instead, this “gold mine bug” gets energy from radioactive uranium in the depths of the mine. Now, scientists predict that life elsewhere in the universe might also feed off of radiation, especially radiation raining down from space.

Submission + - Hacker-Proof Code Confirmed (

An anonymous reader writes: In the summer of 2015 a team of hackers attempted to take control of an unmanned military helicopter known as Little Bird. The helicopter, which is similar to the piloted version long-favored for U.S. special operations missions, was stationed at a Boeing facility in Arizona. The hackers had a head start: At the time they began the operation, they already had access to one part of the drone’s computer system. From there, all they needed to do was hack into Little Bird’s onboard flight-control computer, and the drone was theirs.

When the project started, a “Red Team” of hackers could have taken over the helicopter almost as easily as it could break into your home Wi-Fi. But in the intervening months, engineers from the Defense Advanced Research Projects Agency (DARPA) had implemented a new kind of security mechanism — a software system that couldn’t be commandeered. Key parts of Little Bird’s computer system were unhackable with existing technology, its code as trustworthy as a mathematical proof. Even though the Red Team was given six weeks with the drone and more access to its computing network than genuine bad actors could ever expect to attain, they failed to crack Little Bird’s defenses.

“They were not able to break out and disrupt the operation in any way,” said Kathleen Fisher, a professor of computer science at Tufts University and the founding program manager of the High-Assurance Cyber Military Systems (HACMS) project. “That result made all of DARPA stand up and say, oh my goodness, we can actually use this technology in systems we care about.”...

Submission + - LinkedIn Accesses Gmail Contact Information Via 'Auto-Authorization' (

An anonymous reader writes: Curious as to why LinkedIn began suggesting potential new contacts whom he had only ever contacted by Gmail, research scientist Forrest Abouelnasr asked the company to explain. After discounting the possibility of address book imports which never took place, Linked in finally admitted the truth — that if you have Gmail and LinkedIn open in the same browser, a process called 'auto-authorization' will directly access your contacts in order to populate LinkedIn's 'suggested' contacts. A LinkedIn representative told Abouelnasr that the only way to prevent this happening is to access LinkedIn and Gmail in separate browsers, and that there is no setting that can be changed to stop this happening. She added:

‘We are not doing this to invade your privacy, we are doing this to assist you in growing your network. We don’t share this information with anyone else and is particular to your account only.’

Submission + - Cisco Scrambles to Patch Second Shadow Brokers Bug in Firewalls

Trailrunner7 writes: Cisco is scrambling to patch another vulnerability in many of its products that was exposed as part of the Shadow Brokers dump last month. The latest vulnerability affects many different products, including all of the Cisco PIX firewalls.

The latest weakness lies in the code that Cisco’s IOS operating system uses to process IKEv1 packets. IKE is used in the IPSec protocol to help set up security associations, and Cisco uses it in a number of its products. The company said in an advisory that many versions of its IOS operating system are affected, including IOS XE and XR.

Cisco does not have patches available for this vulnerability yet, and said there are no workarounds available to protect against attacks either. Many of the products affected by this flaw are older releases and are no longer supported, specifically the PIX firewalls, which haven’t been supported since 2009.

Submission + - FBI Agent Posing As Journalist To Deliver Malware To Suspect Was Fine, Says DOJ (

An anonymous reader writes: In 2007, an FBI agent impersonated an Associated Press journalist in order to deliver malware to a criminal suspect and find out his location. According to a newly published report from the Department of Justice, the operation was in line with the FBI's undercover policies at the time. Journalistic organizations had expressed concern that the tactic could undermine reporters’ and media institutions’ credibility. The case concerned a Seattle teenager suspected of sending bomb threats against a local school. FBI Special Agent Mason Grant got in touch with the teen over email, pretending to be an AP journalist. After some back and forth, Grant sent the suspect a fake article which, when clicked, grabbed his real IP address. Armed with this information, the FBI identified and arrested the suspect. The Associated Press, the Reporters Committee for Freedom of the Press, and other journalistic organizations condemned the move. They pointed out that an FBI agent posing as a reporter could create distrust between legitimate journalists and sources, and also raised issues with the way the malware was distributed through a fake news story. The new Department of Justice report noted that, today, this activity would require greater authorization, under an interim policy on impersonating members of the media that was adopted by the FBI this June. Now, for the agency to pretend to be a journalist as part of an undercover operation, an application must be made by the head of an FBI field office to the agency's main headquarters, reviewed by the Undercover Review Committee, and then approved by the deputy director, after discussion with the deputy attorney general.

Slashdot Top Deals

I am a computer. I am dumber than any human and smarter than any administrator.