Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×

Submission + - 5-Year-Old Critical Linux Vulnerability Patched (threatpost.com)

msm1267 writes: A critical, local code-execution vulnerability in the Linux kernel was patched more than a week ago, continuing a run a serious security issues in the operating system, most of which have been hiding in the code for years.

Details on the vulnerability were published Tuesday by researcher Philip Pettersson, who said the vulnerable code was introduced in August 2011. A patch was pushed to the mainline Linux kernel Dec. 2, four days after it was privately disclosed. Pettersson has developed a proof-of-concept exploit specifically for Ubuntu distributions, but told Threatpost his attack could be ported to other distros with some changes.

The vulnerability is a race condition that was discovered in the af_packet implementation in the Linux kernel, and Pettersson said that a local attacker could exploit the bug to gain kernel code execution from unprivileged processes. He said the bug cannot be exploited remotely.

Comment Re:It helps the economy too (Score 1) 351

Good points, but this doesn't even address the problems with *motorcycles.* Millions of bikes on the road aren't built to run on anything over *E10.* Along with that, you can't just use Sta-Bil in your gas tank over the winter anymore like you could with 100% regular gasoline.

We need new leadership in the EPA -- the current clown is catering to the ethanol lobby at the expense of the rest of the US!

Submission + - Aspartame stops us from getting slimmer (dw.com)

schwit1 writes: For some time, nutritionists have suspected that artificial sweetener — often used as a substitute for sugar in coffee or added as an essential ingredient in diet sodas — does not help people lose weight. However, scientists have struggled to understand why this is the case.

Now, researchers from the Massachusetts General Hospital (MGH) have found a lead. "We found that aspartame blocks a gut enzyme called intestinal alkaline phosphatase (IAP)". IAP is produced in the small intestine. "We previously showed [this enzyme] can prevent obesity, diabetes and metabolic syndrome [a disease characterized by a combination of obesity, high blood pressure, a metabolic disorder and insulin resistence]. So, we think that aspartame might not work because, even as it is substituting for sugar, it blocks the beneficial aspects of IAP."

The researchers confirmed their suspicions via a variety of tests on mice. In one case, they fed IAP directly to mice, who were also on a high-fat diet. It turned out that the IAP could effectively prevent the emergence of the metabolic syndrome. It also helped relieve symptoms in animals that were already suffering from the obesity-related illness.

Comment Re:I still don't want it (Score 1) 280

+1 for jpsoft. From the first time I used NDOS from Norton Utilities, then moved on to 4DOS, I *instantly* preferred it to "command.com" and "CMD.EXE". Left it largely behind when I went to Linux as my primary OS, but still install it on all my Win7 legacy stuff.

The free version is called "tcc/le" on the site and there is also a 64-bit version "tcc/le x64".

Hopefully he will get more business from this (yet another!) asinine decision by MS, they have been really overtly stupid since Win8 came out and are continuing to get worse every month from the news I've been paying attention to. Honestly don't know why anyone would still plan to stay on a Windows platform after Win7 drops support; long-term, would be better to transition to Linux or Mac in the next 3 years and pay for software you need to be ported over.

There needs to be end-user outrage and blowback over crazy, out-of-touch decisions like this. NOBODY I know prefers Powershell over CMD, and older users are going to go nuts with frustration.

Submission + - Grubhub CEO orders pro-Trump employees to resign (foxnews.com) 8

mi writes: If you do not agree with this statement then please reply to this email with your resignation because you have no place here,” — wrote Matt Maloney, Co-Founder of Grubhub. “We do not tolerate hateful attitudes on our team."

Hating (on) haters is Ok. Who is deplorable now?

Submission + - The FCC just passed sweeping new rules to protect your online privacy (washingtonpost.com) 1

jriding writes: Federal regulators have approved unprecedented new rules to ensure broadband providers do not abuse their customers' app usage and browsing history, mobile location data and other sensitive personal information generated while using the Internet.

The rules, passed Thursday in a 3-to-2 vote by the Federal Communications Commission, require Internet providers, such as Comcast and Verizon, to obtain their customers' explicit consent before using or sharing that behavioral data with third parties, such as marketing firms.

Submission + - HomeKit Would Have Prevented DDOS IoT Botnet

macs4all writes: According to an Article in Appleinsider.com, the security measures built-into Apple's HomeKit home-automation protocol would most likely have prevented the widescale takeover of IoT devices that enabled the DDOS attack on Dyn.

"To prevent another Mirai attack, or a similar assault harnessing IoT hardware, offending devices might require a recall, Krebs says. Short of a that, unplugging an affected product is an [likely the only --ed.] effective stopgap.

By contrast, as detailed in this Security Brief, Apple's HomeKit features built-in end-to-end encryption, protected wireless chip standards, remote access obfuscation and other security measures designed to thwart hacks. Needless to say, it would be relatively difficult to turn a HomeKit MFi device into a DDoS zombie.

Apple uses the Secure Remote Password (3,072-bit) protocol to establish a connection between an iOS device and a HomeKit accessory via Wi-Fi or Bluetooth. Upon first use, keys are exchanged through a procedure that involves entering an 8-digit code provided by the manufacturer into a host iPhone or iPad. Finally, exchanged data is encrypted while the system verifies the accessory's MFi certification.

When an iPhone communicates with a HomeKit accessory, the two devices authenticate each other using the exchanged keys, Station-to-Station protocol and per-session encryption. Further, Apple painstakingly designed a remote control feature called iCloud Remote that allows users to access their accessories when not at home.

Apple's coprocessor is key to HomeKit's high level of security, though the implementation is thought to have delayed the launch of third-party products by months. The security benefits were arguably worth the wait.

At its core, HomeKit is a well-planned and well-executed IoT communications backbone. The accessories only work with properly provisioned devices, are difficult to infiltrate, seamlessly integrate with iPhone and, with iOS 10 and the fourth-generation Apple TV (which acts as a hub), feature rich notifications and controls accessible via Apple's dedicated Home app. And they can't indiscriminately broadcast junk data to the web.

The benefits of HomeKit come at cost to manufacturers, mainly in incorporating Apple's coprocessor, but the price is undoubtedly less dear than recalling an unfixable finished product."

Submission + - Verizon trying to abandon copper (arstechnica.com)

Caviller writes: A internal letter from Verizon released by the CWA union shows that Verizon does not want to maintain their copper infrastructure. The union says that Verizon is telling techs to replace the users phone with their VoiceLInk service if the problem appears to be in their cable plant. Verizon says that their number one concern is to get their customer's service working again but the memo says otherwise. Is Verizon abandoning copper to push more people to the more profitable wireless service?

Submission + - Verizon workers can now be fired if they fix copper phone lines (arstechnica.com)

Swave An deBwoner writes: Verizon doesn't like providing access to their copper lines to competitors, as required by law. So ...

http://arstechnica.com/information-technology/2016/10/verizon-workers-can-now-be-fired-if-they-fix-copper-phone-lines/

Verizon has told its field technicians in Pennsylvania that they can be fired if they try to fix broken copper phone lines. Instead, employees must try to replace copper lines with a device that connects to Verizon Wireless’s cell phone network.


Submission + - SPAM: Yahoo! searched users' emails for the Feds 1

mi writes: Yahoo Inc last year secretly built a custom software program to search all of its customers' incoming emails for specific information provided by U.S. intelligence officials, according to people familiar with the matter.

The company complied with a classified U.S. government directive, scanning hundreds of millions of Yahoo Mail accounts at the behest of the National Security Agency or FBI, said two former employees and a third person apprised of the events.

Supposedly, this represents the first case to surface of a U.S. Internet company agreeing to a spy agency's demand by searching all arriving messages, as opposed to examining stored messages or scanning a small number of accounts in real time.

Link to Original Source

Slashdot Top Deals

Somebody's terminal is dropping bits. I found a pile of them over in the corner.

Working...