Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×

Submission + - Apple Knew About HTTP Update Bug Two Years Ago

Trailrunner7 writes: With the release of iOS 10 on Tuesday, Apple made a number of significant changes to the mobile operating system. The most attention-grabbing security upgrade is the move to push software updates over an encrypted connection, a fix that is more than two years in the making.

In 2014, researcher Raul Siles of DinoSec discovered that an attacker could intercept the traffic between an iOS device and Apple’s update servers and prevent the device from receiving an update. The vulnerability was a major one, as it would allow the attacker to block security fixes from reaching a device and effectively freeze the device on a given iOS version. The attacker could then exploit known vulnerabilities in the software.

Sales disclosed the bug to Apple at the time, and the company released a patch for it in iOS 8, but the fix was incomplete. It’s only now, more than two years and two major iOS releases later that the root cause of the vulnerability has been addressed. By not using HTTPS for the software update process, Apple had left the attack scenario open for years.

Submission + - Security pro who exposed flaws in Florida elections website sentenced to 20-day (washingtontimes.com)

An anonymous reader writes: A Florida man will serve 20 days in jail for computer hacking after he exploited a security flaw on the Lee County Elections Office website as “a silly political stunt” for a local candidate.
David Michael Levin of Estero, Fla. pleaded guilty in a Fort Myers courtroom Tuesday to a single misdemeanor count in connection with hacking the Lee County elections website. He’ll serve 20 days in jail followed by two years of probation, a local CBS affiliate reported.

Submission + - Russians Hacked Arizona Voter Registration Database -Official (time.com)

alir1272 writes: Russians were responsible for the recent breach of Arizona’s voter registration system, the FBI told state officials in June.

Matt Roberts, a spokesman for Arizona Secretary of State Michele Reagan said on Monday that FBI investigators did not say whether the hackers were working for the Russian government or not, the Washington Post reported. He said hackers gained access after stealing the username and password of an election official in Gila County, rather than compromising the state or county system.

Submission + - IRS doesn't tell 1 million taxpayers that illegal immigrants stole their SSNs (washingtontimes.com)

schwit1 writes: The IRS has discovered more than 1 million Americans whose Social Security numbers were stolen by illegal immigrants, but officials never bothered to tell the taxpayers themselves, the agency’s inspector general said in a withering new report released Tuesday.

Investigators first alerted the IRS to the problem five years ago, but it’s still not fixed, the inspector general said, and a pilot program meant to test a solution was canceled, and fell woefully short anyway.

As a result most taxpayers don’t learn that their identities have been stolen and their Social Security files may be screwed up.

“Taxpayers identified as victims of employment-related identity theft are not notified,” the inspector general said.

And we should put the federal government in charge of healthcare?

Submission + - Infants Have Gender Identity (sciencedaily.com)

Texmaize writes: It is in vogue today to pretend that gender is fluid and a mere social construct. Some parents even gleefully go out of their way to give their children toys that traditionally are for the other gender, in hopes of making them......better? A study published in Infant and development suggests that babies seem to know better than some confused adults.

"Children as young as 9 months-old prefer to play with toys specific to their own gender, according to a new study. The research suggests the possibility that boys and girls follow different developmental trajectories with respect to selection of gender-typed toys and that there is both a biological and a developmental-environmental components to the sex differences seen in object preferences."

Submission + - SourceForge MITM Projects (github.io) 2

lister king of smeg writes: What happened?

SourceForge, once a trustworthy source code hosting site, started to place misleading ads (like fake download buttons) a few years ago. They are also bundling third-party adware/malware directly with their Windows installer.

Some project managers decided to leave SourceForge – partly because of this, partly just because there are better options today. SF staff hijacked some of these abandoned accounts, partly to bundle the crapware with their installers. It has become just another sleazy garbage site with downloads of fake antivirus programs and such.

How can I help?

If you agree that SourceForge is in fact distributing malicious software under the guise of open source projects, report them to google. Ideally this will help remove them from search results, prevent others from suffering their malware and provide them with incentive to change their behavior.

As this story has been submitted several times in the past several days, by various submitter and is going around various other tech forums( https://news.ycombinator.com/i... , https://soylentnews.org/articl... , https://www.reddit.com/r/progr... ,) this submitter wonders has our shared "glorious Dice Corporate overloads" been shooting this story down?

Submission + - SourceForge assumes ownership of GIMP For Win, wraps installer in adware (arstechnica.com)

An anonymous reader writes: It appears that SourceForge is assuming control of all projects that appear "abandoned." In a blog update on their site, they responded saying in part "There has recently been some report that the GIMP-Win project on SourceForge has been hijacked; this project was actually abandoned over 18 months ago, and SourceForge has stepped-in to keep this project current. "

SourceForge is now offering "to establish a program to enable users and developers to help us remove misleading and confusing ads."

Submission + - Why BMW Engineered Its i3 REx Electric Car Just To Satisfy CA Bureaucrats

cartechboy writes: BMW is known for building "ultimate driving machines," but its electric cars are a whole new ball game. The new i3 electric car is the most efficient battery-powered car sold in the U.S.--but its optional range extender turns out to have been designed with one audience in mind: California bureaucrats in Sacramento. To get the i3 REx to qualify as the world's first "BEVx," BMW only lets the range extender turn on when the battery is exhausted--and it only carries 1.9 gallons of gas, giving less than 80 miles more on top of the battery's 81 miles. The design tactics worked: CA gives the i3 REx its top purchase rebate of $2,500, which no other plug-in car with an engine can boast. But at what cost to the actual driving experience?

Submission + - Oregon State University Fires Climate Change Skeptic (foxnews.com) 2

brian0918 writes: "With finals approaching, Oregon State University chemistry professor Nicholas Drapela was fired without warning. Three weeks later, he has still been given no reason for the university’s decision to 'not renew his contract'. Drapela, an outspoken critic of man-made climate change, worked at the university for 10 years and was well-liked by students. Oregon physicist Gordon J. Fulks, another critic of anthropogenic climate change, has circulated a letter in defense of Drapela."

Comment Re:Open source (Score 0, Flamebait) 1747

The climategate scientists didn't seem to be very open with their sources. Deleting their original source data sounds pretty suspicious to me - not the sort of thing that gets done accidentally.

That's exactly the point SHOW YOUR WORK OR YOU DON'T GET CREDIT. If global warming was as infallible as Algore leads people to think then opening up the data and the algorithms to analyze the data would only bolster his case, yet time after time data is withheld and algorithms and code are not released. When things are hidden people become suspicious of what is really going on, in this case some funny business was going on and the only way to clean up their image would be to completely open the books.

Slashdot Top Deals

Multics is security spelled sideways.

Working...