Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×
Microsoft

Microsoft Update Servers Left All Azure RHEL Instances Hackable (theregister.co.uk) 35

An anonymous reader shares a report on The Register: Microsoft has patched flaws that attackers could exploit to compromise all Azure Red Hat Enterprise Linux (RHEL) instances. Software engineer Ian Duffy found the flaws while building a secure RHEL image for Microsoft Azure. During that process he noticed an installation script Azure uses in its preconfigured RPM Package Manager contains build host information that allows attackers to find all four Red Hat Update Appliances which expose REST APIs over HTTPS. From there Duffy found a package labeled PrepareRHUI (Red Hat Update Infrastructure) that runs on all Azure RHEL boxes, and contains the rhui-monitor.cloud build host. Duffy accessed that host and found it had broken username and password authentication. This allowed him to access a backend log collector application which returned logs and configuration files along with a SSL certificate that granted full administrative access to the four Red Hat Update Appliances. Duffy says all Azure RHEL images are configured without GPG validation checks meaning all would accept malicious package updates on their next run of yum updates.
United Kingdom

48 Organizations Now Have Access To Every Brit's Browsing Hstory (zerohedge.com) 251

schwit1 quotes a report from Zero Hedge on Great Britain's newly-enacted "snoopers' charter": For those who missed our original reports, here is the new law in a nutshell: it requires telecom companies to keep records of all users' web activity for a year, creating databases of personal information that the firms worry could be vulnerable to leaks and hackers. Civil liberties groups say the law establishes mass surveillance of British citizens, following innocent internet users from the office to the living room and the bedroom. They are right. Which government agencies have access to the internet history of any British citizen? Here is the answer courtesy of blogger Chris Yuo, who has compiled the list
Click through to the comments to read the entire list.
Transportation

Self-Driving Trucks Begin Real-World Tests on Ohio's Highways (cbsnews.com) 178

An anonymous reader writes: "A vehicle from self-driving truck maker Otto will travel a 35-mile stretch of U.S. Route 33 on Monday in central Ohio..." reports the Associated Press. The truck "will travel in regular traffic, and a driver in the truck will be positioned to intervene should anything go awry, Department of Transportation spokesman Matt Bruning said Friday, adding that 'safety is obviously No. 1.'"

Ohio sees this route as "a corridor where new technologies can be safely tested in real-life traffic, aided by a fiber-optic cable network and sensor systems slated for installation next year" -- although next week the truck will also start driving on the Ohio Turnpike.

Comment Moron Monday (Score 1, Insightful) 217

"I don't take precautions because they make me complacent." I'm glad that the idiots in that article aren't the ones making any decisions in the computer security industry. Note how the CEO of MalwareBytes is the exception in that article - that's the person who's worked with exploits and viruses. Kudos for not having your head in the sand.

Comment Re:Right after the end of the free Win10 upgrade (Score 2) 85

"...considering that MS made their OS into a service as a way to push ads for the app store..."

That's not a fair statement. Come now.

They also push ads for Office upgrades and replace your specifically-chosen default programs with their own. So let's not sell them short.

Slashdot Top Deals

The means-and-ends moralists, or non-doers, always end up on their ends without any means. -- Saul Alinsky

Working...