hawkinspeter writes: A new set of vulnerabilities with the most common NTP daemon have been discovered by Google security researchers. There exist public exploits that target these flaws, so it's recommended to patch to version 4.2.8 (or switch to openntp which doesn't have the same issues) immediately. This is especially problematic for those systems that run ntpd with root privileges as a single carefully crafted packet can allow access at the privilege level of the process. This was reported by ZDNet a few days ago and I have yet to see the Ubuntu patches for this, but it looks like Red Hat are on top of things.
hawkinspeter writes: The BBC has reported that Microsoft's Azure cloud computing platform has taken down many third-party sites that rely on it in addition to disrupting Microsoft's own products. Office 365 (maybe they were optimistic with choosing that name) and Xbox Live services were affected.
This has happened at a particularly inopportune time as Microsoft has recently been pushing its Azure services in an effort to catch up with other providers such as Amazon, IBM and Google. Just a couple of hours previously, Microsoft had screened an Azure advert in the UK during the Scotland v England soccer match.
hawkinspeter writes: Amazon has given the green light to produce the Hugo award-winning "The Man in the High Castle". This is after the four-hour mini-series was rejected by Syfy and afterwards by the BBC.
Philip K Dick's novel takes place in an alternate universe where the Axis Powers won the Second World War. It's one of his most successful works, probably due to him actually spending the time to do some editing on it (most of his fiction was produced rapidly in order to get some money). Ridley Scott has previously adapted PKD's "Do Androids Dream of Electric Sheep" as the film "Blade Runner", so it will be interesting to see how close he keeps to the source material this time.
hawkinspeter writes: It seems that the BBC didn't notice a crowd of 50,000 protesters right outside their front door on Saturday. The march was organised by the People's Assembly Against Austerity on their one-year anniversary and was led by comedian Russell Brand who has become a figure head for the movement. He called out for a "peaceful, effortless, joyful revolution".
The protesters started their march outside the BBC to protest against the broadcaster ignoring the impact of the cuts on the impoverished. Sam Fairbairn (the national secretary of the People's Assembly) spoke to the crowds at the end of the march, outside Parliament, saying "Make no mistake, these cuts are killing people and destroying cherished public services which have served generations".
hawkinspeter writes: The BBC is reporting that US corn that was found to contain an unapproved genetically modified strain. Although China doesn't have a problem per se with GM crops (they've been importing GM soybeans since 1997), their product safety agency found MIR162 in 12 batches of corn.
"The safety evaluation process [for MIR162] has not been completed and no imports are allowed at the moment before the safety certificate is issued" said Nui Din, China's vice agricultural minister.
The Chinese are now calling on US authorities to tighten their controls to prevent unapproved strains from being sent to China after the first batch of corn was rejected in November due to MIR162.
hawkinspeter writes: Kickstarter backers are up in arms and accusing the head of developer The Forking Path Erik Chevalier of fraud following the cancellation of a tabletop game that successfully brought in nearly $123,000 on the crowdfunding website.
According to Chevalier, the project — a game called The Doom that Came to Atlantic City — ran out of money following 13 months of development despite earning nearly four times the amount originally asked for through Kickstarter. Chevalier began the Kickstarter campaign in May 2012, asking for $35,000 to create the title.
"The project is over, the game is cancelled," he wrote. "Every possible mistake was made, some due to my inexperience in board game publishing, others due to ego conflicts, legal issues and technical complications. No matter the cause though, these could all have been avoided by someone more experienced and I apparently was not that person."
Chevalier added he hopes to personally refund the full amount to his backers beginning with those who pre-ordered the game through its official webstore.
"Unfortunately I can't give any type of schedule for the repayment as I left my job to do this project and must find work again.
"Again, I never set out to con anyone or to perpetrate a fraud but I did walk into a situation that was beyond my abilities and for that I'm deeply sorry." A number of backers since claimed to have reported Chevalier to the Oregon Department of Justice. According to the designer, he has contacted the department himself in response.
"While they gave no promises their agent didn't feel that I'd committed any fraud. I am going to provide them with more information and work with them to see what I need to do to make this right in their eyes. I will also be contacting any other agencies who receive reports in order to provide them with a transparent view of the scenario from all angles."
Angry backers are of the opinion that the project money was used to fund Erik's move to Portland and to set up a video production company (formerly Suicide Pact LLC and now renamed as Intrinsic Gray). Additionally, it appears that Erik had to have legal action threatened by the game designers themselves before agreeing to come clean about the wasted money.
hawkinspeter writes: Lawyers representing MIT are filing a motion to intervene in Wired's Kevin Poulsen's FOIA lawsuit over thousands of pages of Secret Service documents about the late activist and coder Aaron Swartz.
It looks like MIT are afraid of the public finding out about the individuals who thought that sending Aaron to prison (for the digital equivalent of checking out too many library books) was a really good idea. Does that justify a non-governmental interfering with a FOIA request?
hawkinspeter writes: Popular programming framework Ruby on Rails is affected by two critical security vulnerabilities — one allowing anyone to execute commands on the servers running affected web apps.
The bugs both involve the parsing and handling of data supplied by visitors to a Rails application. The CVE-2013-0156 hole is the more severe of the two because it allows remote-code execution against any Ruby on Rails application that has the XML parser enabled — a feature switched on by default. According to security tools firm Sourcefire the flaw allows hackers to run system commands on the server with the same level of privileges as the app.
Both vulnerabilities can be resolved by updating to the latest version of the Ruby on Rails platform.
But what makes the holes particularly nasty is that, until the patches are applied, every application running on the insecure open-source framework will be vulnerable — like castles built on sand and the tide is rising: at least 240,000 websites powered by RoR are thought to be at risk.
hawkinspeter writes: Scientists at the University of Glasgow have captured images of ‘quantum entanglement’ on camera for the first time.
In quantum mechanics, entanglement is one of the bizarre behaviours exhibited by particles where the rules of classical physics are broken and seemingly impossible events are a reality.
Described by Einstein as ‘spooky action at a distance’, entanglement is the phenomenon whereby two particles act as one system even when separated by immense distances.
The entangled particles are in a superposition where their individual state isn’t known. However, as soon as one of them is measured or observed the other will take on a correlated state instantaneously, seemingly violating the speed of light.
Being able to exploit such behaviour would have major applications in communications encryption and could underpin the next generation of computer technology, known as quantum computation.
hawkinspeter writes: The BBC is reporting that Microsoft is dropping the 'Metro' name for the new Windows 8 UI. Apparently, the catchy new name they've settled on is 'Windows 8 style UI'! This has happened due to a (potential) trademark dispute with Metro AG , a German retail giant.
I'm wondering if Microsoft planned this to get publicity for their new OS and UI or whether they just forget to check on how 'Metro' is used around the world.
hawkinspeter writes: Just one day after Chief Cathy Lanier made it illegal for MPD cops to take recording equipment, a 26-year-old local man had his phone taken as he was trying to record a violent arrest. They eventually gave back his phone, but without the memory card which also contained photos of his daughter along with the record of the alleged police brutality.