zoobab writes: Companies across UK have expressed their opposition to an attempt to ratify the Unitary Patent treaty which is neither desirable for British software companies nor compatible with Brexit. They call for an urgent debate in the House of Lords and in the Scottish Parliament. Maurice Shakeshaft, CEO of CB Automation Ltd, from Newark: "The Unitary Patent will be the nail in the coffin for the european software industry. This court will be populated by members of the patent industry, which has broadened the scope of patents to software for the last 30 years."
Orome1 writes: A critical vulnerability in Apache Struts 2 is being actively and heavily exploited, even though the patch for it has been released on Monday. The vulnerability (CVE-2017-5638) affects the Jakarta file upload Multipart parser in Apache Struts 2. It allows attackers to include code in the “Content-Type” header of an HTTP request, so that it is executed by the web server. Almost concurrently with the release of the security update that plugs the hole, a Metasploit module for targeting it has been made available. Unfortunately, the vulnerability can be easily exploited as it requires no authentication, and two very reliable exploits have already been published online. Also, vulnerable servers are easy to discover through simple web scanning. Link to Original Source
matafagafo writes: Google Security Blog just published
Cryptographic hash functions like SHA-1 are a cryptographer’s swiss army knife. You’ll find that hashes play a role in browser security, managing code repositories, or even just detecting duplicate files in storage. Hash functions compress large amounts of data into a small message digest. As a cryptographic requirement for wide-spread use, finding two messages that lead to the same digest should be computationally infeasible. Over time however, this requirement can fail due to attacks on the mathematical underpinnings of hash functions or to increases in computational power.
Today, 10 years after of SHA-1 was first introduced, we are announcing the first practical technique for generating a collision.
AmiMoJo writes: In comments submitted to a U.S. Copyright Office consultation, Google has given the DMCA a vote of support, despite widespread abuse. Noting that the law allows for innovation and agreements with content creators, Google says that 99.95% of URLs it was asked to take down last month didn't even exist in its search indexes. “For example, in January 2017, the most prolific submitter submitted notices that Google honored for 16,457,433 URLs. But on further inspection, 16,450,129 (99.97%) of those URLs were not in our search index in the first place.”
Humbubba writes: President Donald Trump fired the nation's acting attorney general Monday night after she refused to defend an executive order he issued last week restricting immigration in the name of national security.
In an act of high political drama just ten days after taking office, Trump replaced Obama administration appointee Sally Yates with the U.S. Attorney in Alexandria, Va., Dana Boente.
"The acting Attorney General, Sally Yates, has betrayed the Department of Justice by refusing to enforce a legal order designed to protect the citizens of the United States. This order was approved as to form and legality by the Department of Justice Office of Legal Counsel," a White House statement said. "Ms. Yates is an Obama Administration appointee who is weak on borders and very weak on illegal immigration."
schwit1 writes: When Nicole Lepke’s son was born, she listened to her pediatrician and kept peanuts away until the age of 2, but the toddler still developed a severe peanut allergy when he finally tried them.
Now, 12 years later, health experts have reversed their advice on peanuts, urging parents to begin feeding foods containing peanut powder or extract during infancy in hopes of reducing a child’s risk for allergy.
The about-face on peanuts has stunned parents around the country who are coping with the challenges of severe peanut allergies. Like many parents, Ms. Lepke is now plagued with guilt. By restricting peanuts early, did she inadvertently cause the very allergy she was trying to prevent?
schwit1 writes: In a group of 562 Scots in their 70s, those whose consumption patterns more closely followed the Mediterranean diet experienced, on average, half the brain shrinkage that was normal for the group as a whole over a three-year period.
To glean how diet might influence brain aging, researchers tapped into a large group of Scottish people who were all born in 1936 and had many measures of health status and lifestyle tracked from an early age.
Around the time they reached age 70, 843 members of the “Lothian Birth Cohort” filled out a dietary frequency form that gave researchers a broad look at what foods they ate, which they avoided, and how often they consumed them. At about age 73 and again around age 76, their brains were scanned to gauge the volume of the overall organ and a few of its key components.
The researchers used the food-frequency surveys to divide the group into two — those who at least approximated a Mediterranean-style diet and those who came nowhere close. Even though many in the Med-diet group were far from perfect in their adherence, the average brain-volume loss differed significantly between the two groups.
This should not only improve performance also ensure Canadian companies can benefit from privacy and data protection laws in their own country.
The new region is located near Montreal and was first disclosed in January.
AWS has been working hard to spread its services in the last couple of months, having recently opened a new region in Ohio. It is also moving forward with its UK-based data centre plans and is planning to expand into France into 2017.
lwmv writes: On December 8, 2016, the U.S. Senate passed the Countering Disinformation And Propaganda Act as part of the National Defense Authorization Act (NDAA) Conference Report for fiscal year 2017. The bipartisan bill was written in March 2016 by U.S. Senators Republican Rob Portman and Democrat Chris Murphy, and designed to help American allies counter foreign government propaganda from Russia, China, and other nations. In the version of the bill incorporated into the 2017 NDAA, the U.S. Congress would ask the United States Secretary of State to collaborate with the United States Secretary of Defense and create a Global Engagement Center to monitor information warfare from foreign governments, and publicize the nature of ongoing foreign propaganda and disinformation operations against the U.S. and other countries. To support these efforts, the bill also creates a grant program for NGOs, think tanks, civil society and other experts outside government who are engaged in counter-propaganda related work.
chicksdaddy writes: A serious and easy to exploit security hole in the software that runs certain models of wifi routers made by the firm Netgear prompted experts at Carnegie Mellon to urge customers to stop using them until a fix can be found.
The warning comes in a vulnerability note (VU#582384)(https://www.kb.cert.org/vuls/id/582384) published on Friday by Carnegie Mellon University’s CERT. An “arbitrary command injection” vulnerability in the latest version of firmware used by a number of Netgear wireless routers.
The security hole could allow a remote attacker to take control of the router by convincing a user to visit a malicious web site. A proof of concept exploit for the hole was published online (https://www.exploit-db.com/exploits/40889/) on Wednesday by an individual using the handle Acew0rm (@acew0rm1).
Firmware version 126.96.36.199_1.1.93 (and possibly earlier) for the R7000 and version 188.8.131.52_1.0.4 (and possibly earlier) for the R6400 are known to contain the arbitrary command injection vulnerability. CERT cited “community reports” that indicate the R8000, firmware version 184.108.40.206_1.1.2, is also vulnerable.
The warning comes amid increased concern about the security of home routers, following widespread attacks in recent weeks that have targeted the devices in Germany, the UK and other countries.
In statements on Twitter (https://twitter.com/acew0rm1), AceW0rm said that he informed Netgear of the flaw more than four months ago, but did not hear back from the company since then. He released information on the hole as well as proof of concept exploit code.
A search of the public Internet using the Shodan search engine finds around 8,000 R6450 and R7000 devices that can be reached directly from the Internet and that would be vulnerable to takeover attacks. The vast majority of those are located in the United States.
Mark Wilson writes: Right-wing website Breitbart — the darling of the so-called alt-right movement — has been blocked by a leading ad exchange. The site, home to Milo Yiannopoulos (also known as @Nero and banned from Twitter) will no longer be permitted to sell ad space via AppNexus.
The move comes after an audit by AppNexus found that Breitbart was in violation of its policies on hate speech and incitement to violence.
the rule change, as requested by the department, would allow judges to grant warrants for remote searches of computers located outside their district or when the location is unknown.
The government has defended the maneuver as a necessary update of protocol intended to modernize criminal procedure to address the increasingly complex digital realities of the 21st century. The FBI wants the expanded authority, which would allow it to more easily infiltrate computer networks to install malicious tracking software. This way, investigators can better monitor suspected criminals who use technology to conceal their identity.
But the plan has been widely opposed by privacy advocates, such as the American Civil Liberties Union, as well as some technologists, who say it amounts to a substantial rewriting of the rule and not just a procedural tweak. Such a change could threaten the Fourth Amendment’s protections against unreasonable search and seizures, they warn, and possibly allow the FBI to violate the sovereignty of foreign nations. The rule change also could let the agency simultaneously target millions of computers at once, even potentially those belonging to users who aren’t suspected of any wrongdoing.
rmdingler writes: After remaining abroad since the Snowden revelations broke in June of last year, the two were in New York Friday to accept a Polk Award for national security reporting. Though they cleared customs without a hitch, they are traveling with an ACLU lawyer and a German journalist who are to "document any unpleasant surprises." According to Ms. Poitras, the risks of subpoena are very real.
What, if anything, do you expect the American government to do considering Snowden's case has been officially cited as violating the Espionage Act? nytimes
schwit1 writes: An independent federal privacy watchdog has concluded that the National Security Agency’s program to collect bulk phone call records has provided only “minimal” benefits in counterterrorism efforts, is illegal and should be shut down.
The findings are laid out in a 238-page report, scheduled for release by Thursday, that represent the first major public statement by the Privacy and Civil Liberties Oversight Board, which Congress made an independent agency in 2007 and only recently became fully operational.
Defenders of the program have argued that Congress acquiesced to that secret interpretation of the law by twice extending its expiration without changes. But the report rejects that idea as “both unsupported by legal precedent and unacceptable as a matter of democratic accountability.”
The report also scrutinizes in detail a handful of investigations in which the program was used, finding “no instance in which the program directly contributed to the discovery of a previously unknown terrorist plot or the disruption of a terrorist attack.”