Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
Trust the World's Fastest VPN with Your Internet Security & Freedom - A Lifetime Subscription of PureVPN at 88% off. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. ×

Submission + - Spike of radioactive Iodine levels is detected in Europe (theaviationist.com)

schwit1 writes: Iodine-131 (131I), a radionuclide of anthropogenic origin, has recently been detected in tiny amounts in the ground-level atmosphere in Europe. The preliminary report states it was first found during week 2 of January 2017 in northern Norway. Iodine-131 was also detected in Finland, Poland, Czech Republic, Germany, France and Spain, until the end of January.

However, no one seems to know the reason behind the released Iodine-131. Along with nuclear power plants, the isotope is also widely used in medicine and its presence in the air could be the effect of several different incidents.

Or, as someone speculates, it could have been the side effect of a test of a new nuclear warhead in Russia: an unlikely (considered the ability to detect nuke tests through satellites and seismic detectors) violation of Nuclear Test Ban Treaty.

Submission + - Norwegian cyber command warns against supply chain security risks in F35 project (safecontrols.blog)

hrdo writes: The commander of the Norwegian CYFOR (a branch of the military) held a speach Monday night in Oslo where he warned that large military projects like the F35 fighter jet project can be threatened by attacks on the supply chain. The warnings follow several media stories about security breaches due to outsourcing and lack of controls. In one case an Indian IT company was contracted to operate the emergency communications network for Norwegian police, ambulances and fire departments — without security clearances or background checks.

The general should keep preaching security to his peers, not only within his own organization and on the battle field, but also in the procurement trenches. The initianl penetration of advanced persistent threats targeting high-security organizations is tyically coming via a less secure supply chain partner. Still, coordinated security management in large projects remains a fantacy in most cases.

Submission + - PHP Is First Language To Add "Modern" Cryptography Library To Its Core (bleepingcomputer.com)

An anonymous reader writes: The PHP team has unanimously voted to integrate the Libsodium library in the PHP core, and by doing so, becoming the first programming language to support a modern cryptography library by default. Developers approved a proposal with a vote of 37 to 0 and decided that Libsodium will be added to the upcoming PHP 7.2 release that will be launched towards the end of 2017.

Scott Arciszewski, the cryptography expert who made the proposal says that by supporting modern crypto in the PHP core, the PHP team will force the WordPress team to implement better security in its CMS, something they avoided until now. Additionally, it will allow PHP and CMS developers to add advanced cryptography features to their apps that run on shared hosting providers, where until now they weren't able to install custom PHP extensions to support modern cryptography. Other reasons on why he made the proposal are detailed in depth here.

Arciszewski also says that PHP is actually "the first" programming language to support a "modern" cryptography library in its core, despite Erlang and Go including similar libraries, which he claims are not as powerful and up-to-date as PHP's upcoming Libsodium implementation.

Submission + - Apple doesn't like Philip K. Dick's novels

lesincompetent writes: We all heard our fair share of kafkian AppStore rejection stories but this might be a new low for Apple.
This developer had his app rejected just because it dared mention Philip K. Dick's famous sci-fi novel "Do Androids Dream of Electric Sheep?".
The problem of course is that apparently barely mentioning the word "android" is enough to infringe on rule #2.3.10 of the App Store Review Guidelines which mandates don’t include names, icons, or imagery of other mobile platforms.

Submission + - Linux Kernel 4.10 Officially Released with Virtual GPU Support

prisoninmate writes: Linux kernel 4.10 is out and it has been in development for the past seven weeks, during which it received a total of seven RC (Release Candidate) snapshots that implemented all the changes that you'll soon be able to enjoy on your favorite Linux-based operating system. Prominent new features include virtual GPU (Graphics Processing Unit) support, new "perf c2c" tool that can be used for analysis of cacheline contention on NUMA systems, support for the L2/L3 caches of Intel processors (Intel Cache Allocation Technology), eBPF hooks for cgroups, hybrid block polling, and better writeback management. A new "perf sched timehist" feature has been added in Linux kernel 4.10 to provide detailed history of task scheduling, and there's experimental writeback cache and FAILFAST support for MD RAID5. More details about these new features can be studied at https://kernelnewbies.org/Linu....

Submission + - Google Discloses Windows Bug After Microsoft Delays Patch Tuesday (bleepingcomputer.com)

An anonymous reader writes: For the second time in three months, Google engineers have disclosed a bug in the Windows OS without Microsoft having released a fix before Google's announcement. The bug in question affects the Windows GDI (Graphics Device Interface) (gdi32.dll). According to Google, the issue allows an attacker to read the content of the user's memory using malicious EMF files. The bad news is that the EMF file can be hidden in other documents, such as DOCX, and can be exploited via Office, IE, or Office Online, among many.

According to a bug report filed by Google's Project Zero team, the bug was initially part of a larger collection of issues discovered in March 2016, and fixed in June 2016, via Microsoft's security bulletin MS16-074. Mateusz Jurczyk, the Google engineer who found the first bugs, says the MS16-074 patches were insufficient, and some of the issues he reported continued to remain vulnerable. He later resubmitted the bugs in November 2016.

The 90-days deadline for fixing the bugs expired last week, and the Google researcher disclosed the bug to the public after Microsoft delayed February's security updates to next month's Patch Tuesday, for March 15.

Submission + - HAARP Comes Alive Once Again

Freshly Exhumed writes: News on Hackaday today informs that the famous HAARP antenna array is to be brought back into service for experiments by the University of Alaska. Built in the 1990s for the US Air Forceâ(TM)s High Frequency Active Auroral Research Program, the array is a 40-acre site containing a phased array of 180 HF antennas and their associated high power transmitters. Its purpose it to conduct research on charged particles in the upper atmosphere.

Submission + - Is Vodafone's new broadband service a man-in-the-middle attack? (vodafone.co.uk)

Duncan J Murray writes: Vodafone's recent entry into the competitive broadband ADSL and fibre market in the UK has been met with accusations that they are partaking in a man in a middle attack by providing certificates from contentcontrol.vodafone.co.uk. bored writes "Vodafone are performing a man-in-the-middle attack... Rather than subverting a wifi router, they have a proxy server which is intercepting your encrypted data requests, making the connection to the encrypted endpoint itself and getting you to send your requests to the Vodafone proxy server...."

Vodafone broadband also seems to be falling foul noscript's Application Boundary Enforcer designed to prevent DNS rebinding attacks, requiring system ABE rules to be disabled to access https addresses.

So far vodafone have responded by suggesting a security exception is created for each occurrence, and another reply from vodafone respond "I've double checked this with our Broadband team and this is how our routers are set up, we're unable to change any settings at our end."

Though we should not attribute to malice that which is adequately explained by stupidity, is this unwittingly compromising the security of vodafone broadband users?

Submission + - Techdirt asks judge to throw out suit over "Inventor of E-mail" (arstechnica.com)

walterbyrd writes: Michael Masnick, who founded the popular Techdirt blog, filed a motion today asking for a defamation lawsuit against him to be thrown out. Masnick was sued last month by Shiva Ayyadurai, a scientist and entrepreneur who claims to have invented e-mail in 1978 at a medical college in New Jersey.

In his motion, Masnick claims that Ayyadurai "is seeking to use the muzzle of a defamation action to silence those who question his claim to historical fame."

Slashdot Top Deals

Life is cheap, but the accessories can kill you.

Working...