Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×

Submission + - 5-Year-Old Critical Linux Vulnerability Patched (threatpost.com)

msm1267 writes: A critical, local code-execution vulnerability in the Linux kernel was patched more than a week ago, continuing a run a serious security issues in the operating system, most of which have been hiding in the code for years.

Details on the vulnerability were published Tuesday by researcher Philip Pettersson, who said the vulnerable code was introduced in August 2011. A patch was pushed to the mainline Linux kernel Dec. 2, four days after it was privately disclosed. Pettersson has developed a proof-of-concept exploit specifically for Ubuntu distributions, but told Threatpost his attack could be ported to other distros with some changes.

The vulnerability is a race condition that was discovered in the af_packet implementation in the Linux kernel, and Pettersson said that a local attacker could exploit the bug to gain kernel code execution from unprivileged processes. He said the bug cannot be exploited remotely.

Cellphones

NSA, GCHQ Have Been Intercepting In-Flight Mobile Calls For Years (reuters.com) 99

An anonymous reader quotes a report from Reuters: American and British spies have since 2005 been working on intercepting phone calls and data transfers made from aircraft, France's Le Monde newspaper reported on Wednesday, citing documents from former U.S. spy agency contractor Edward Snowden. According to the report, also carried by the investigative website The Intercept, Air France was targeted early on in the projects undertaken by the U.S. National Security Agency (NSA) and its British counterpart, GCHQ, after the airline conducted a test of phone communication based on the second-generation GSM standard in 2007. That test was done before the ability to use phones aboard aircraft became widespread. "What do the President of Pakistan, a cigar smuggler, an arms dealer, a counterterrorism target, and a combatting proliferation target have in common? They all used their everyday GSM phone during a flight," the reports cited one NSA document from 2010 as saying. In a separate internal document from a year earlier, the NSA reported that 100,000 people had already used their mobile phones in flight as of February 2009, a doubling in the space of two months. According to Le Monde, the NSA attributed the increase to "more planes equipped with in-flight GSM capability, less fear that a plane will crash due to making/receiving a call, not as expensive as people thought." Le Monde and The Intercept also said that, in an internal presentation in 2012, GCHQ had disclosed a program called "Southwinds," which was used to gather all the cellular activity, voice communication, data, metadata and content of calls made on board commercial aircraft.
Businesses

T-Mobile's 'Digits' Solution Lets You Use One Phone Number Across All Your Devices (theverge.com) 46

An anonymous reader quotes a report from The Verge: T-Mobile just revealed its answer to ATT's NumberSync technology, which lets customers use one phone number across all their connected devices. T-Mobile's version is called Digits and it will launch in a limited, opt-in customer beta beginning today before rolling out to everyone early next year. "You can make and take calls and texts on whatever device is most convenient," the company said in its press release. "Just log in and, bam, your call history, messages and even voicemail are all there. And it's always your same number, so when you call or text from another device, it shows up as you." When it leaves beta, Digits will cost an extra monthly fee, but T-Mobile isn't revealing pricing today. "This is not going to be treated as adding another line to your account," said COO Mike Sievert. "Expect us to be disruptive here." And while its main feature is one number for everything, Digits does offer T-Mobile customers another big perk: multiple numbers on the same device. This will let you swap between personal and work numbers without having to maintain separate lines and accounts. You can also give out an "extra set" of Digits in situations where you might be hesitant to give someone your primary number; this temporary number forwards to your devices like any other call. You can have multiple numbers for whatever purposes you want, based on T-Mobile's promotional video.
Software

Windows 10 'Home Hub' Is Microsoft's Response To Amazon Echo and Google Home (mashable.com) 101

Microsoft's response to the Amazon Echo and Google Home is Home Hub, a software update for Windows 10's Cortana personal assistant that turns any Windows PC into a smart speaker of sorts. Mashable reports: Microsoft's smart digital assistant Cortana can already answer your queries, even if the PC's screen is locked. The Home Hub is tied to Cortana and takes this a few steps further. It would add a special app with features such as calendar appointments, sticky notes and shopping lists. A Home Hub-enabled PC might have a Welcome Screen, a full-screen app that displays all these, like a virtual fridge door. Multiple users (i.e. family members) could use the Home Hub, either by authenticating through Windows Hello or by working in a family-shared account. Cortana would get more powerful on Home Hub; it could, for example, control smart home devices, such as lights and locks. And even though all of this will work on any Windows 10 device -- potentially making the PC the center of your smart home experience -- third-party manufacturers will be able to build devices that work with Home Hub. You can read Windows Central's massive report here. Do note that Home Hub is not official and individual features could change over time. The update is slated for 2017.
United Kingdom

For The UK's 'Snoopers' Charter', Politicians Voted Themselves An Exemption (independent.co.uk) 134

The "Snoopers' Charter" passed in the U.K. greatly expands the government's surveillance power. But before they'd enact the new Investigatory Powers Act, Britain's elected officials first voted to make themselves exempt from it. Sort of. An anonymous reader writes: While their internet browsing history will still be swept up, just like everyone else's, no one will ever be able to access it without specific approval from the Prime Minister. And according to The Independent, "That rule applies not only to members of the Westminster parliament but also politicians in the devolved assembly and members of the European Parliament."
The article adds that the exemption was the very first amendment they approved for the legislation. And for a very long time, the only amendment.
Encryption

Encryption Backdoor Sneaks Into UK Law (theregister.co.uk) 137

Coisiche found a disturbing article from The Register about the U.K.'s new "Snoopers' Charter" law that has implications for tech companies around the world: Among the many unpleasant things in the Investigatory Powers Act that was officially signed into law this week, one that has not gained as much attention is the apparent ability for the U.K. government to undermine encryption and demand surveillance backdoors... As per the final wording of the law, comms providers on the receiving end of a "technical capacity notice" will be obliged to do various things on demand for government snoops -- such as disclosing details of any system upgrades and removing "electronic protection" on encrypted communications. Thus, by "technical capability," the government really means backdoors and deliberate security weaknesses so citizens' encrypted online activities can be intercepted, deciphered and monitored... At the end of the day, will the U.K. security services be able to read your email, your messages, your posts and private tweets, and your communications if they believe you pose a threat to national security? Yes, they will.
The bill added the Secretaries of State as a required signatory to the "technical capacity" notices, which "introduces a minor choke-point and a degree of accountability." But the article argues the law ultimately anticipates the breaking of encryption, and without customer notification. "The U.K. government can certainly insist that a company not based in the U.K. carry out its orders -- that situation is specifically included in the new law -- but as to whether it can realistically impose such a requirement, well, that will come down to how far those companies are willing to push back and how much they are willing to walk away from the U.K. market."
Operating Systems

Taking a Stand Against Unofficial Ubuntu Images (ubuntu.com) 103

Canonical isn't pleased with cloud providers who are publishing broken, insecure images of Ubuntu despite being notified several times. In a blogpost, Mark Shuttleworth, the founder of Ubuntu, and the Executive Chairman and VP, Product Strategy at Canonical, made the situation public for all to see. An excerpt from the blog post: We are currently in dispute with a European cloud provider which has breached its contract and is publishing insecure, broken images of Ubuntu despite many months of coaxing to do it properly. The home-grown images on the cloud, VPS and bare metal services of this provider disable fundamental security mechanisms and modify the system in ways that are unsupportable. They are likely to behave unpredictably on update in weirdly creative and mysterious ways (the internet is full of fun examples). We hear about these issues all the time, because users assume there is a problem with Ubuntu on that cloud; users expect that 'all things that claim to be Ubuntu are genuine', and they have a right to expect that. We have spent many months of back and forth in which we unsuccessfully tried to establish the same operational framework on this cloud that already exists on tens of clouds around the world. We have on multiple occasions been promised it will be rectified to no avail. We are now ready to take legal steps to remove these images. We will seek to avoid affecting existing running users, but we must act to prevent future users from being misled. We do not make this move lightly, but have come to the view that the value of Ubuntu to its users rests on these commitments to security, quality and updates.
Microsoft

Microsoft Says Summer's Windows 10 Upgrade Fit For Business (computerworld.com) 119

Microsoft has moved Windows 10 August update to the Current Branch for Business release track, putting the "Anniversary Update" in the queue for automatic downloads and installation on enterprise PCs. From a report on ComputerWorld: The move will also set in motion a two-month countdown clock on support for the original mid-2015 version of Windows 10. "Windows 10 1607, also known as the Windows 10 Anniversary Update, has been declared as Current Branch for Business (CBB) and is ready for deployment," Michael Niehaus, a director of product marketing, said in a post to a company blog that used similar wording to the first upgrade to the CBB. In April, Microsoft moved the November 2015 upgrade to the corporate delivery track. Microsoft issued the Anniversary Update Aug. 2, even though its numerical designation of 1607 referred to July (07) of this year (16). The upgrade will be released in January through Windows Update, Windows Update for Business and Windows Server Update Services (WSUS), Niehaus said.
Google

Google's New Public NTP Servers Provide Smeared Time (googleblog.com) 179

Google says it has built support for the leap second into the time servers that regulate all Google services. An anonymous reader shares a blogpost by Google:No commonly used operating system is able to handle a minute with 61 seconds, and trying to special-case the leap second has caused many problems in the past. Instead of adding a single extra second to the end of the day, we'll run the clocks 0.0014% slower across the ten hours before and ten hours after the leap second, and "smear" the extra second across these twenty hours. For timekeeping purposes, December 31 will seem like any other day. All Google services, including all APIs, will be synchronized on smeared time, as described above. You'll also get smeared time for virtual machines on Compute Engine if you follow our recommended settings. You can use non-Google NTP servers if you don't want your instances to use the leap smear, but don't mix smearing and non-smearing time servers.
Privacy

Uber Wants To Track Your Location Even When You're Not Using the App, Here's Why (businessinsider.com) 131

With the most recent update to Uber's ride-hailing app, the company has begun requesting users if they are willing to share their location data with Uber app even while the app is not in use. The company says it plans to use the data gained to improve user experience -- including offering improved pick-up times and locations. From an article on Business Insider: In August the company moved away from using Google Maps for its service and began using its own mapping technology. Google's lack of accuracy in many non-Western countries led to increased friction between consumers and drivers. This means the company needs to boost the amount of location data it has. Location data could also be used to provide new channels of revenue for the digital platform. This could include serving ads of local businesses or recommending nearby places of interest to users. Mobile marketing, which relies on accurate location data is a rapidly growing industry and could serve as a revenue windfall for Uber in the years ahead as it faces increasing competition. In fact, revenue from location-targeted mobile ads is expected to grow at an annualized rate of almost 34% between 2014 and 2019, surpassing $18 billion, according to a forecast from BIA/Kelsey.
Government

FBI To Gain Expanded Hacking Powers as Senate Effort To Block Fails (reuters.com) 153

A last-ditch effort in the Senate to block or delay rule changes that would expand the U.S. government's hacking powers failed Wednesday, despite concerns the changes would jeopardize the privacy rights of innocent Americans and risk possible abuse by the incoming administration of President-elect Donald Trump. Reuters adds: Democratic Senator Ron Wyden attempted three times to delay the changes which, will take effect on Thursday and allow U.S. judges will be able to issue search warrants that give the FBI the authority to remotely access computers in any jurisdiction, potentially even overseas. His efforts were blocked by Senator John Cornyn of Texas, the Senate's second-ranking Republican. The changes will allow judges to issue warrants in cases when a suspect uses anonymizing technology to conceal the location of his or her computer or for an investigation into a network of hacked or infected computers, such as a botnet.
Privacy

China Pilots a System That Rates Citizens on 'Social Credit Score' To Determine Eligibility For Jobs, Travel (technologyreview.com) 204

Speculations have turned out be true. The Chinese government is now testing systems that will be used to create digital records of citizens' social and financial behavior. In turn, these will be used to create a so-called social credit score, which will determine whether individuals have access to services, from travel and education to loans and insurance cover. Some citizens -- such as lawyers and journalists -- will be more closely monitored. From a report on MIT Technology Review: Planning documents apparently describe the system as being created to "allow the trustworthy to roam everywhere under heaven while making it hard for the discredited to take a single step." The Journal claims that the system will at first log "infractions such as fare cheating, jaywalking and violating family-planning rules" but will be expanded in the future -- potentially even to Internet activity. Some aspects of the system are already in testing, but there are some challenges to implementing such a far-reaching apparatus. It's difficult to centralize all that data, check it for accuracy, and process it, for example -- let alone feed it back into the system to control everyday life. And China has data from 1.4 billion people to handle.
Communications

The UK Is About to Legalize Mass Surveillance [Update] (vice.com) 394

From a report on Motherboard: On Tuesday, the UK is due to pass its controversial new surveillance law, the Investigatory Powers Act, according to the Home Office. The Act, which has received overwhelming support in both the House of Commons and Lords, formally legalizes a number of mass surveillance programs revealed by Edward Snowden in 2013. It also introduces a new power which will force internet service providers to store browsing data on all customers for 12 months. Civil liberties campaigners have described the Act as one of the most extreme surveillance laws in any democracy, while law enforcement agencies believe that the collection of browsing data is vital in an age of ubiquitous internet communications. "The Investigatory Powers Act 2016 will ensure that law enforcement and the security and intelligence agencies have the powers they need in a digital age to disrupt terrorist attacks, subject to strict safeguards and world-leading oversight," a statement from the Home Office reads. Much of the Act gives stronger legal footing to the UK's various bulk powers, including "bulk interception," which is, in general terms, the collection of internet and phone communications en masse. In June 2013, using documents provided by Edward Snowden, The Guardian revealed that the GCHQ taps fibre-optic undersea cables in order to intercept emails, internet histories, calls, and a wealth of other data. Update: "Snooper's charter" bill has become the law. The home secretary said:"The Investigatory Powers Act is world-leading legislation, that provides unprecedented transparency and substantial privacy protection. "The government is clear that, at a time of heightened security threat, it is essential our law enforcement and security and intelligence services have the power they need to keep people safe. The internet presents new opportunities for terrorists and we must ensure we have the capabilities to confront this challenge. But it is also right that these powers are subject to strict safeguards and rigorous oversight."

Comment Re:It helps the economy too (Score 1) 351

Good points, but this doesn't even address the problems with *motorcycles.* Millions of bikes on the road aren't built to run on anything over *E10.* Along with that, you can't just use Sta-Bil in your gas tank over the winter anymore like you could with 100% regular gasoline.

We need new leadership in the EPA -- the current clown is catering to the ethanol lobby at the expense of the rest of the US!

Slashdot Top Deals

Kill Ugly Processor Architectures - Karl Lehenbauer

Working...