rolandw - Slashdot User

Submission + - Stealthy malware infects digitally-signed files without altering hashes (theregister.co.uk)

Submitted by Anonymous Coward on Monday August 08, 2016 @03:51AM

An anonymous reader writes: Black Hat Deep Instinct researcher Tom Nipravsky has undermined the ubiquitous security technique of digitally-signed files by baking malicious code into headers without tripping popular security tools ..

One of three file size checks is not properly conducted by Microsoft's Authenticode allowing VXers to alter expected values so that infected digitally-signed files appear valid ...

Submission + - Linux 4.8 Prepares NVIDIA Pascal & Raspberry Pi 3 SoC Support, AMD Overclock (phoronix.com)

Submitted by Anonymous Coward on Sunday August 07, 2016 @09:33PM

An anonymous reader writes: The Linux 4.8 feature merge window was open the past two weeks and it culminated with this evening's release of Linux 4.8-rc1. Now that the merge window is over, it's easy to grasp a good look at the Linux 4.8 features. Coming to the Linux 4.8 kernel is initial NVIDIA Pascal support via the open-source Nouveau driver, initial support for the Broadcom SoC found in the Raspberry Pi 3, AMD GPU overclocking support for the open-source driver, multiple new security safeguards, file-system improvements, and more.

Submission + - NASA demonstrates HiRyRS-X: a Game-Changing Camera (nasa.gov)

Submitted by vikingpower on Sunday August 07, 2016 @06:47AM

vikingpower writes: When a rocket takes off, one sees an inferno of glowing gases streaming out of the engines: a source of unimaginably bright light, for looking at which you need at least sunglasses. No camera is adapted for a detailed recording of how the gases exactly behave. Until now. NASA developed the so-called High Dynamic Range Stereo-X-camera (HiDyRS-X), to better than ever before image what happens in and around a rocket engine during launch. And the result is a spectacular video feed. The HiDyRS-X project began as part of NASA Space Technology Mission Directorate’s Early Career Initiative (ECI), designed to give young engineers the opportunity to lead projects and develop hardware alongside leading innovators in industry. Howard Conyers, a structural dynamist at NASA’s Stennis Space Center, was awarded an ECI grant in 2015. And he developed HiDyRS-X as part of NASA's Game Changing Development program, set up to investigate technologies "that have the potential to revolutionize future space missions".

Submission + - BBC [UK] gets go-ahead to detect iPlayer packets over encrypted Wi-Fi. (telegraph.co.uk)

Submitted by product_bucket on Friday August 05, 2016 @08:23PM

product_bucket writes: The BBC has been given permission to use a new technology to detect users of the iPlayer who do not hold a TV licence. Researchers at University College London have apparently developed a method to identify specially crafted packets over an encrypted Wi-Fi link without needing to break the underlying encryption itself. TV Licensing (the fee-collecting arm of the BBC) has said the practice is under regular scrutiny by independent regulators, but declined to elaborate on how the technique works.

Comment Re:Don't Panic (Score 1) 535

by rolandw on Tuesday June 28, 2016 @02:04AM (#52403939) Attached to: UK Tech Sector Reacts To Brexit: Some Anticipate Slow Down, Some Contemplate Relocation

As a mentor at a London based start-up school in the last few years I have seen a rapid shift to the brightest and most innovative new wannabie entrepreneurs coming to London from other EU memberstates rather than from the UK - at least attending our school. They have good ideas and plenty of determination and significantly out do most of the home grown people.

Submission + - Microsoft Open-Sources Checked C, a Safer Version of C (softpedia.com)

Submitted by Anonymous Coward on Thursday June 16, 2016 @06:06PM

An anonymous reader writes: Microsoft has open-sourced Checked C, an extension to the C programming language that brings new features to address a series of security-related issues. As its name hints, Checked C will add checking to C, and more specifically pointer bounds checking. The company hopes to curb the high-number of security bugs such as buffer overruns, out-of-bounds memory accesses, and incorrect type casts, all which would be easier to catch in Checked C. Despite tangible benefits to security, the problem of porting code to Checked C still exists, just like it did when C# or Rust came out, both C alternatives.

Submission + - Would you trust medical data stored on AWS by CareMonkey? (caremonkey.com)

Submitted by rolandw on Thursday June 16, 2016 @05:42PM

rolandw writes: My teenage daughter's school in the UK wants me to approve the storage of her full medical details in CareMonkey. CareMonkey say that this data is stored on AWS and their security page says that it is secured by every protocol ever claimed by AWS (apparenlty). As a sysadmin and developer who has used AWS extensively for non-secure information my alarm bells are sounding. Should I ignore them and say yes? Why would you refuse?

Submission + - CO2 Levels Likely To Stay Above 400PPM For The Rest of Our Lives, Study Shows (inhabitat.com)

Submitted by Anonymous Coward on Thursday June 16, 2016 @04:15PM

An anonymous reader writes: A new study from the UN's Intergovernmental Panel on Climate Change (IPCC) shows that carbon dioxide (CO2) concentrations in the atmosphere are likely to remain above 400 parts per million (ppm) for many years. Specifically, scientists forecasted that levels would not dip below 400pm in 'our lifetimes.' The CO2 concentrations of "about 450ppm or lower are likely to maintain warming below 2 degrees Celsius over the 21st century relative to pre-industrial levels." However, lead author on the paper Richard Betts said we could pass that number in 20 years or less. In an article on The Guardian, he said even if we reduce emissions immediately, we might be able to delay reaching 450ppm but "it is still looking like a challenge to stay below 450ppm." El Nino has played a significant role in climbing carbon dioxide levels, but it's likely we'll see higher CO2 levels than the last large El Nino storm during 1997 and 1998 because "manmade emissions" have risen by 25 percent since that storm, according to The Guardian. Met Office experts predicted in November 2015 that in May 2016 "mean concentrations of atmospheric CO2" would hit 407.57ppm — the actual figure was 407.7ppm. The NOAA reported during 2015 that the "annual growth rate" of CO2 in the atmosphere rose by 3.05ppm. NOAA lead scientist Pieter Tans said, "Carbon dioxide levels are increasing faster than they have in hundreds of thousands of years. It's explosive compared to the natural processes."

Submission + - We discovered a bug in all SHA functions of JavaScript crypto SJCL (dancvrcek.com)

Submitted by dc352 on Thursday June 16, 2016 @03:21PM

dc352 writes: "What a surprise when a colleague of mine discovered that it fails to compute any of the hash functions (SHA1, SHA256, SHA512) from data of more than 256MB."

"It seems I have to deal with a question of who to trust – our new product or an established software package – way too often. Answers make me question what is the level of testing in open-source software and what is the reliability of software in general."

Submission + - The Average Cost Of A Data Breach Is Now $4 Million (helpnetsecurity.com)

Submitted by Orome1 on Thursday June 16, 2016 @08:17AM

Orome1 writes: The average data breach cost has grown to $4 million, representing a 29 percent increase since 2013, according to the Ponemon Institute. Cybersecurity incidents continue to grow in both volume and sophistication, with 64 percent more security incidents reported in 2015 than in 2014. As these threats become more complex, the cost to companies continues to rise. In fact, companies lose $158 per compromised record. Breaches in highly regulated industries like healthcare were even more costly, reaching $355 per record – a full $100 more than in 2013.

Comment Re:You should be anyways (Score 1) 303

by rolandw on Monday January 18, 2016 @03:08AM (#51320695) Attached to: Use Code From Stack Overflow? You Must Provide Attribution

You should be anyways, but not for the reasons that you might think.

I always include a link in comments to the source of the borrowed code (or approach), because the relevant discussion will illuminate the how and why far better than a large block comment.

I even do so in one off shell scripts (of which many owe some level of inspiration to SO). It is all too easy not to be able to remember the exact query you made on SO and not be able to come back to the discussion even a few hours later.

Comment The lot at Bonhams (Score 1) 1

by rolandw on Thursday September 24, 2015 @01:34AM (#50587593) Attached to: Darwin's letter denouncing Christ sells for $200k

See http://www.bonhams.com/22964/3... for further details on this letter.

Submission + - SPAM: Researchers study natural gas as a marine fuel

Submitted by EL Solutions on Wednesday September 23, 2015 @11:50PM

EL Solutions writes: A new research study examines the market potential and environmental trade-offs of using natural gas in marine fuels. Natural gas is considered by many to be a 21st century energy resource that will enable multiple sectors, including shipping, to transition away from petroleum fuels. But, questions remain about whether the economic and energy potential benefits include co-benefits for the environment.
Link to Original Source

Submission + - Inside Amazon's Cloud Computing Infrastructure (datacenterfrontier.com)

Submitted by 1sockchuck on Wednesday September 23, 2015 @03:26PM

1sockchuck writes: As Sunday's outage demonstrates, the Amazon Web Services cloud is critical to many of its more than 1 million customers. Data Center Frontier looks at Amazon's cloud infrastructure, and how it builds its data centers. The company's global network includes at least 30 data centers, each typically housing 50,000 to 80,000 servers. "We really like to keep the size to less than 100,000 servers per data center," said Amazon CTO Werner Vogels. Like Google and Facebook, Amazon also builds its own custom server, storage and networking hardware, working with Intel to produce processors that can run at higher clockrates than off-the-shelf gear.

Submission + - Mozilla Fixed A 14-Year-Old Bug In Firefox, Now Adblock Plus Uses Less Memory

Submitted by Anonymous Coward on Wednesday September 23, 2015 @12:32PM

An anonymous reader writes: Mozilla launched Firefox 41 yesterday. Today, Adblock Plus confirmed the update “massively improves” the memory usage of its Firefox add-on. This particular memory issue was brought up in May 2014 by Mozilla and by Adblock Plus. But one of the bugs that contributed to the problem was actually first reported on Bugzilla in April 2001 (bug 77999).

Slashdot Top Deals