SpaceX’s Challenge Against Blue Origins’ Patent Fails To Take Off

by w00t
Categories: The News
Tags: No Tags
Comments: No Comments
Published on: March 4, 2015

speedplane writes As was previously discussed on Slashdot, back in September SpaceX challenged a patent owned by Blue Origin. The technology concerned landing rockets at sea. Yesterday, the judges in the case issued their opinion stating that they are unable to initiate review of the patent on the grounds brought by SpaceX. Although at first[…]

Star Trek Fans Told To Stop “Spocking” Canadian $5 Bill

by w00t
Categories: The News
Tags: No Tags
Comments: No Comments
Published on: March 4, 2015

bellwould writes The Toronto Sun is reporting that Bank of Canada executives are urging Star Trek fans to stop altering Wilfred Laurier’s face on the Canadian $5 bill to look like Spock. Although not illegal to draw on the bills, a Bank of Canada spokesperson points out that the markings may reduce effectiveness of the[…]

Drones Underwater, Drones on Wheels (Video)

by w00t
Categories: The News
Tags: No Tags
Comments: No Comments
Published on: March 4, 2015

Rocky Mountain Unmanned Systems seems to be primarily in the business of selling aerial ‘copter drones ranging in price from sub-$100 up into $1000s. But there they were at the 2015 CES (Consumer Electronics Show), showing off a submarine drone & a wheeled drone. These products don’t seem to be on the company’s website or[…]

New Zealand Spied On Nearly Two Dozen Pacific Countries

by w00t
Categories: The News
Tags: No Tags
Comments: No Comments
Published on: March 4, 2015

An anonymous reader writes New documents from Edward Snowden indicate New Zealand undertook “full take” interception of communications from Pacific nations & forwarded the data to the NSA. The data, collected by New Zealand’s Government Communications Security Bureau, was then fed into the NSA’s XKeyscore search engine to allow analysts to trawl for intelligence. The[…]

Microsoft Convinced That Windows 10 Will Be Its Smartphone Breakthrough

by w00t
Categories: The News
Tags: No Tags
Comments: No Comments
Published on: March 4, 2015

jfruh (300774) writes “At the Mobile World Congress in Barcelona, handset manufacturers are making all the right noises approximately support for Windows 10, which will run on both ARM- & Intel-based phones & provide an experience very much like the desktop. But much of the same buzz surrounded Windows 8 & Windows 7 Phone. In[…]

Demand For Linux Skills Rising This Year

by w00t
Categories: The News
Tags: No Tags
Comments: No Comments
Published on: March 4, 2015

Nerval’s Lobster writes This year is shaping up as a really satisfactory one for Linux, at least on the jobs front. According to a new report (PDF) from The Linux Foundation & Dice, nearly all surveyed hiring managers want to recruit Linux professionals within the next six months, with 44 percent of them indicating they’re[…]

‘The Moon Is a Harsh Mistress’ Coming To the Big Screen

by w00t
Categories: The News
Tags: No Tags
Comments: No Comments
Published on: March 4, 2015

HughPickens.com writes: According to the Hollywood Reporter, Twentieth Century Fox recently picked up the movie rights to The Moon is a Harsh Mistress, based on the classic sci-fi book by Robert A. Heinlein. It will retitled as Uprising. Heinlein’s 1966 sci-fi novel centers on a lunar colony’s revolt against rule from Earth, & the book[…]

US Air Traffic Control System Is Riddled With Vulnerabilities

by w00t
Categories: The News
Tags: No Tags
Comments: No Comments
Published on: March 4, 2015

An anonymous reader writes: A recently released report (PDF) by the U.S. Government Accountability Office has revealed that despite some improvements, the Federal Aviation Administration (FAA) still needs to quash significant security control weaknesses that threaten the agency’s ability to ensure the safe & uninterrupted operation of the national airspace system (NAS). The report found[…]

Racial Discrimination Affects Virtual Reality Characters Too

by w00t
Categories: The News
Tags: No Tags
Comments: No Comments
Published on: March 4, 2015

vrml writes: You are looking for the exit of a building in a virtual reality experience when a virtual character gets stuck in a room & cries for your help. Could the color of the skin (black or white) of the virtual human influence your decision to provide or refuse help? That’s what comes out[…]

One Year Later, We’re No Closer To Finding MtGox’s Missing Millions

by w00t
Categories: The News
Tags: No Tags
Comments: No Comments
Published on: March 4, 2015

itwbennett writes: When Mt. Gox collapsed on Feb. 28, 2014, with liabilities of some ¥6.5 billion ($63.6 million), it said it was unable to account for some 850,000 bitcoins. Some 200,000 of them turned up in an old-format bitcoin wallet last March, bringing the tally of missing bitcoins to 650,000 (now worth approximately $180 million).[…]

The Mexican Drug Cartels’ Involuntary IT Guy

by w00t
Categories: The News
Tags: No Tags
Comments: No Comments
Published on: March 4, 2015

sarahnaomi writes: It could have been any other morning. Felipe del Jesús Peréz García received dressed, said goodbye to his wife & kids, & drove off to work. It would be a two hour commute from their home in Monterrey, in Northeastern Mexico’s Nuevo León state, to Reynosa, in neighboring Tamaulipas state, where Felipe, an[…]

NVIDIA Announces SHIELD Game Console

by w00t
Categories: The News
Tags: No Tags
Comments: No Comments
Published on: March 4, 2015

MojoKid writes: NVIDIA held an event in San Francisco last night at GDC, where the company unveiled a new Android TV streamer, game console, & supercomputer, as NVIDIA’s Jen Hsun Huang calls it, all wrapped up in a single, ultra-slim device called NVIDIA SHIELD. The SHIELD console is powered by the NVIDIA Tegra X1 SoC[…]

Mars Curiosity Rover Experiences Short Circuit, Will Be Stationary For Days

by w00t
Categories: The News
Tags: No Tags
Comments: No Comments
Published on: March 4, 2015

hypnosec writes: NASA says its Mars Curiosity rover has experienced a transient short circuit. The team has halted all work from the rover temporarily while engineers analyze the situation. Telemetry data received from Curiosity indicated the short circuit, after which the vehicle followed its programmed response, stopping the arm activity underway whenthe irregularity in the[…]

Linux 4.0 Getting No-Reboot Patching

by w00t
Categories: The News
Tags: No Tags
Comments: No Comments
Published on: March 4, 2015

An anonymous reader writes: ZDNet reports that the latest changes to the Linux kernel include the ability to apply patches without requiring a reboot. From the article: “Red Hat & SUSE both started working on their own purely open-source means of giving Linux the ability to keep running even while critical patches were being installed.[…]

Technology’s Legacy: the ‘Loser Edit’ Awaits Us All

by w00t
Categories: The News
Tags: No Tags
Comments: No Comments
Published on: March 4, 2015

An anonymous reader writes: The NY Times Magazine has an insightful article putting into words how I’ve felt approximately information-age culture for a while now. It’s approximately a phenomenon dubbed the “loser edit.” The term itself was born out of reality TV — once an outcome had been decided while the show was still taping,[…]

Treadmill Performance Predicts Mortality

by w00t
Categories: The News
Tags: No Tags
Comments: No Comments
Published on: March 4, 2015

An anonymous reader writes: Cardiologists from Johns Hopkins have published an analysis of exercise data that strongly links a patient’s performance on a treadmill to their risk of dying. Using data from stress tests of over 58,000 people, they report: “[A]mong people of the same age & gender, fitness level as measured by METs &[…]

#1337day Solarwinds Orion Service SQL Injection Vulnerability CVE-2014-9566 [webapps #exploits #Vulnerability #0day #Exploit]

by w00t
Categories: New Vulnerabilities
Tags: No Tags
Comments: No Comments
Published on: March 4, 2015

View Source

Schneier: Either Everyone Is Cyber-secure Or No One Is

by w00t
Categories: The News
Tags: No Tags
Comments: No Comments
Published on: March 4, 2015

Presto Vivace sends a new essay from Bruce Schneier called “The Democratization of Cyberattack. Quoting: When I was working with the Guardian on the Snowden documents, the one top-secret program the NSA desperately did not want us to expose was QUANTUM. This is the NSA’s program for what is called packet injection–basically, a technology that[…]

Lost City Discovered In Honduran Rain Forest

by w00t
Categories: The News
Tags: No Tags
Comments: No Comments
Published on: March 4, 2015

jones_supa writes: An expedition to Honduras has emerged from the jungle with the discovery of a previously unknown culture’s lost city. The team was led to the remote, uninhabited region by long-standing rumors that it was the site of a storied “White City,” moreover referred to in legend as the “City of the Monkey God.”[…]

The US’s First Offshore Wind Farm Will Cut Local Power Prices By 40%

by w00t
Categories: The News
Tags: No Tags
Comments: No Comments
Published on: March 4, 2015

merbs writes: The U.S. is finally getting its first offshore wind farm. Deepwater Wind has announced that its Block Island project has been fully financed, passed the permitting process, & will commence putting “steel in water” this summer. For local residents, that means a 40% drop in electricity rates. The company has secured $290 million[…]

Has the Supreme Court Made Patent Reform Legislation Unnecessary?

by w00t
Categories: The News
Tags: No Tags
Comments: No Comments
Published on: March 4, 2015

An anonymous reader writes: As Congress gears up again to seriously consider patent litigation abuse—starting with the introduction of H.R. 9 (the “Innovation Act”) last month—opponents of reform are arguing that recent Supreme Court cases have addressed concerns. Give the decisions time to work their way through the system, they assert. A recent hearing on[…]

GitLab Acquires Gitorious

by w00t
Categories: The News
Tags: No Tags
Comments: No Comments
Published on: March 4, 2015

New submitter sckirklan writes with news that code repository GitLab has purchased rival service Gitorious. Gitorious users are now able to import their projects into GitLab. They must do so by the end of May, because Gitorious will shut down on June 1st. Rolf Bjaanes, Gitorious CEO, gives some background on the reasons for the[…]

AMD Enters Virtual Reality Fray With LiquidVR SDK At GDC

by w00t
Categories: The News
Tags: No Tags
Comments: No Comments
Published on: March 4, 2015

MojoKid writes: AMD jumped into the virtual reality arena today by announcing that its new LiquidVR SDK will assist developers customize VR content for AMD hardware. “The upcoming LiquidVR SDK makes a number of technologies available which assist address obstacles in content, comfort & compatibility that together take the industry a major step closer to[…]

Rosetta Photographs Its Own Shadow On Comet 67P/C-G

by w00t
Categories: The News
Tags: No Tags
Comments: No Comments
Published on: March 4, 2015

mpicpp notes an image release from the European Space Agency showing the shadow of its Rosetta probe on the comet it’s currently orbiting. The probe snapped the picture from a very low flyby — only six kilometers off the surface. The image has a resolution of 11cm/pixel. The shadow is fuzzy & somewhat larger than[…]

Study: Refactoring Doesn’t Improve Code Quality

by w00t
Categories: The News
Tags: No Tags
Comments: No Comments
Published on: March 3, 2015

itwbennett writes: A team of researchers in Sri Lanka set out to test whether usual refactoring techniques resulted in measurable improvements in software quality, both externally (e.g., Is the code more maintainable?) & internally (e.g., Number of lines of code). Here’s the short version of their findings: Refactoring doesn’t make code easier to analyze or[…]

Solarwinds Orion Service SQL Injection

by w00t
Categories: New Vulnerabilities
Tags: No Tags
Comments: No Comments
Published on: March 3, 2015

Various remote SQL injection vulnerabilities exist in the core Orion service used in most of the Solarwinds products. Affected products include Network Performance Monitor below version 11.5, NetFlow Traffic Analyzer below version 4.1, Network Configuration Manager below version 7.3.2, IP Address Manager below version 4.3, User Device Tracker below version 3.2, VoIP View Source

Red Hat Security Advisory 2015-0288-01

by w00t
Categories: New Vulnerabilities
Tags: No Tags
Comments: No Comments
Published on: March 3, 2015

Red Hat Security Advisory 2015-0288-01 – The foreman-proxy package provides a RESTful API to manage DNS, DHCP, TFTP, & Puppet settings, & can be used as part of Foreman. It was discovered that foreman-proxy, when running in SSL-secured mode, did not correctly verify SSL client certificates. This could permit any client with access to the[…]

Red Hat Security Advisory 2015-0287-01

by w00t
Categories: New Vulnerabilities
Tags: No Tags
Comments: No Comments
Published on: March 3, 2015

Red Hat Security Advisory 2015-0287-01 – The foreman-proxy package provides a RESTful API to manage DNS, DHCP, TFTP, & Puppet settings, & can be used as part of Foreman. It was discovered that foreman-proxy, when running in SSL-secured mode, did not correctly verify SSL client certificates. This could permit any client with access to the[…]

Former MLB Pitcher Doxes Internet Trolls, Delivers Real-World Consequences

by w00t
Categories: The News
Tags: No Tags
Comments: No Comments
Published on: March 3, 2015

An anonymous reader writes: When Twitter trolls began posting obscene, sexually explicit comments approximately his teenage daughter, former MLB pitcher Curt Schilling responded by recording their comments & gathering personal information readily available to the public. He then doxxed two of them on his blog, resulting in one being suspended from his community college &[…]

Physicists Gear Up To Catch a Gravitational Wave

by w00t
Categories: The News
Tags: No Tags
Comments: No Comments
Published on: March 3, 2015

sciencehabit writes: A patch of woodland just north of Livingston, Louisiana, population 1893, isn’t the first place you’d go looking for a breakthrough in physics. Yet it is here that physicists may fulfill perhaps the most spectacular prediction of Albert Einstein’s theory of gravity, or general relativity. Structures here house the Laser Interferometer Gravitational-Wave Observatory[…]

Ask Slashdot: Wireless Microphone For Stand-up Meetings?

by w00t
Categories: The News
Tags: No Tags
Comments: No Comments
Published on: March 3, 2015

rolandw writes We have daily stand-ups & normally there is at least one person missing from the room. We relay via on-line chat yet the sound quality is rubbish. The remote person sounds tremendous via our speaker when they use a headset yet they can’t hear what is happening in the room. We need a[…]

FREAK Attack Threatens SSL Clients

by w00t
Categories: The News
Tags: No Tags
Comments: No Comments
Published on: March 3, 2015

msm1267 writes: For the nth time in the last couple of years, security experts are warning approximately a new Internet-scale vulnerability, this time in some popular SSL clients. The flaw allows an attacker to force clients to downgrade to weakened ciphers & break their supposedly encrypted communications through a man-in-the-middle attack. Researchers recently discovered that[…]

A Versatile and Rugged MIDI Mini-Keyboard (Video)

by w00t
Categories: The News
Tags: No Tags
Comments: No Comments
Published on: March 3, 2015

The K-Board won a “Best in Show” award at CES 2015. Plus, as Timothy said, “I always like pour & stomp demos.” And it’s totally cross-platform. If your computer, tablet or smartphone has a USB port & (almost) any kind of music software, it works. In theory, you could hook a K-Board to your Android[…]

Linux and Multiple Internet Uplinks: a New Tool

by w00t
Categories: The News
Tags: No Tags
Comments: No Comments
Published on: March 3, 2015

New submitter Alessandro Zarrilli writes: Linux has been able do multipath routing for a long time: it means being able to have routes with multiple gateways & to use them in a (weighted) round-robin fashion. But Linux is missing a tool to actively monitor the state of internet uplinks & alter the routing accordingly. Without[…]

Snowden Reportedly In Talks To Return To US To Face Trial

by w00t
Categories: The News
Tags: No Tags
Comments: No Comments
Published on: March 3, 2015

HughPickens.com writes: The Globe & Mail reports that Edward Snowden’s Russian lawyer, Anatoly Kucherena, says the fugitive former U.S. spy agency contractor is working with American & German lawyers to return home. “I won’t keep it secret that he wants to return back home. And we are doing everything possible now to solve this issue.[…]

Deutsche Telecom Calls For Google and Facebook To Be Regulated Like Telcos

by w00t
Categories: The News
Tags: No Tags
Comments: No Comments
Published on: March 3, 2015

An anonymous reader writes Tim Hoettges, the CEO of the world’s third-largest telecoms company, has called for Google & Facebook to be regulated in the same way that telcos are, declaring that “There is a convergence between over-the-top web companies & classic telcos” & “We need one level regulatory environment for us all.” The Deutsche[…]

Gritty ‘Power Rangers’ Short Is Not Fair Use

by w00t
Categories: The News
Tags: No Tags
Comments: No Comments
Published on: March 3, 2015

Bennett Haselton writes: Vimeo & Youtube are pressured to remove a dark, fan-made “Power Rangers” short film; Vimeo capitulated, while Youtube has so far left it up. I’m generally against the overreach of copyright law, yet in this case, how could anyone argue the short film doesn’t violate the rights of the franchise creator? And[…]

Flaw In GoPro Update Mechanism Reveals Users’ Wi-Fi Passwords

by w00t
Categories: The News
Tags: No Tags
Comments: No Comments
Published on: March 3, 2015

An anonymous reader writes A vulnerability in the update mechanism for the wireless networks operated by GoPro cameras has allowed a security researcher to easily harvest over a 1,000 login credentials (including his own). The popular rugged, wearable cameras can be controlled via an app, yet in order to do so the user has to[…]

Red Hat Security Advisory 2015-0286-01

by w00t
Categories: New Vulnerabilities
Tags: No Tags
Comments: No Comments
Published on: March 3, 2015

Red Hat Security Advisory 2015-0286-01 – In accordance with the Red Hat Enterprise Linux Errata Support Policy, Extended Update Support for Red Hat Enterprise Linux 6.4 was retired on March 3, 2015, & support is no longer provided. Accordingly, Red Hat will no longer provide updated packages, including Critical impact security patches or urgent priority[…]

Red Hat Security Advisory 2015-0285-01

by w00t
Categories: New Vulnerabilities
Tags: No Tags
Comments: No Comments
Published on: March 3, 2015

Red Hat Security Advisory 2015-0285-01 – The kernel packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way the Linux kernel’s SCTP implementation validated INIT chunks when performing Address Configuration Change. A remote attacker could use this flaw to crash the system by sending a specially[…]

Red Hat Security Advisory 2015-0284-03

by w00t
Categories: New Vulnerabilities
Tags: No Tags
Comments: No Comments
Published on: March 3, 2015

Red Hat Security Advisory 2015-0284-03 – The kernel packages contain the Linux kernel, the core of any Linux operating system. A race condition flaw was found in the way the Linux kernel’s KVM subsystem handled PIT emulation. A guest user who has access to the PIT I/O ports could use this flaw to crash the[…]

Mandriva Linux Security Advisory 2015-052

by w00t
Categories: New Vulnerabilities
Tags: No Tags
Comments: No Comments
Published on: March 3, 2015

Mandriva Linux Security Advisory 2015-052 – Apache Tomcat 7.x before 7.0.47, when an HTTP connector or AJP connector is used, does not properly handle certain inconsistent HTTP request headers, which allows remote attackers to trigger incorrect identification of a request’s length & conduct request-smuggling attacks via a Content-Length header & a Transfer-Encoding: chunked header. Apache[…]

Mandriva Linux Security Advisory 2015-053

by w00t
Categories: New Vulnerabilities
Tags: No Tags
Comments: No Comments
Published on: March 3, 2015

Mandriva Linux Security Advisory 2015-053 – Integer overflow in the parseChunkHeader function in java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat before 6.0.40 & 7.x before 7.0.53 allows remote attackers to cause a denial of service via a malformed chunk size in chunked transfer coding of a request during the streaming of data. java/org/apache/catalina/servlets/DefaultServlet.java in the default servlet in[…]

Mandriva Linux Security Advisory 2015-051

by w00t
Categories: New Vulnerabilities
Tags: No Tags
Comments: No Comments
Published on: March 3, 2015

Mandriva Linux Security Advisory 2015-051 – A vulnerability have been discovered in Sympa web interface that allows access to files on the server filesystem. This breach allows to send to a list or a user any file readable by the Sympa user, located on the server filesystem, using the Sympa web interface newsletter posting area.[…]

Debian Security Advisory 3178-1

by w00t
Categories: New Vulnerabilities
Tags: No Tags
Comments: No Comments
Published on: March 3, 2015

Debian Linux Security Advisory 3178-1 – Jakub Wilk discovered that unace, an utility to extract, test & view .ace archives, contained an integer overflow leading to a buffer overflow. If a user or automated system were tricked into processing a specially crafted ace archive, an attacker could cause a denial of service (application crash) or,[…]

Ubuntu Security Notice USN-2506-1

by w00t
Categories: New Vulnerabilities
Tags: No Tags
Comments: No Comments
Published on: March 3, 2015

Ubuntu Security Notice 2506-1 – Armin Razmdjou discovered that contents of locally readable files could be made available via manipulation of form autocomplete in some circumstances. If a user were tricked in to opening a specially crafted message with scripting enabled, an attacker could potentially exploit this to obtain sensitive information. Abhishek Arya discovered an[…]

Supreme Court Gives Tacit Approval To Warrantless DNA Collection

by w00t
Categories: The News
Tags: No Tags
Comments: No Comments
Published on: March 3, 2015

An anonymous reader writes On Monday, the U.S. Supreme Court refused to review a case involving the conviction of a man based solely on the analysis of his “inadvertently shed” DNA. The Electronic Frontier Foundation (EFF) argues that this tacit approval of the government’s practice of collecting anyone’s DNA anywhere without a warrant will lead[…]

What Would Minecraft 2 Look Like Under Microsoft?

by w00t
Categories: The News
Tags: No Tags
Comments: No Comments
Published on: March 3, 2015

An anonymous reader writes “Microsoft spent billions purchasing Mojang, the studio behind the game Minecraft, & while it’s unlikely to start work on a sequel anytime soon, rather than continue development of the game, it’s worth considering what a Minecraft 2 will look like. After all, as a public company with revenues to justify, it[…]

Why We Should Stop Hiding File-Name Extensions

by w00t
Categories: The News
Tags: No Tags
Comments: No Comments
Published on: March 3, 2015

An anonymous reader writes 14 years after the Anna Kournikova virus took advantage of users’ ignorance approximately file-name extensions in order to wreak worldwide havoc, virus writers & hackers are still taking advantage of the tendency of popular consumer operating systems to hide file-name extensions: Windows users still need to activate extension visibility manually –[…]

Khronos Group Announces Vulkan To Compete Against DirectX 12

by w00t
Categories: The News
Tags: No Tags
Comments: No Comments
Published on: March 3, 2015

Phopojijo writes The Khronos Group has announced the Vulkan API for compute & graphics. Its goal is to compete against DirectX 12. It has some absorbing features, such as queuing to multiple GPUs & an LLVM-based bytecode for its shading language to remove the need for a compiler from the graphics drivers. Also, the API[…]

Inside the North Korean Data Smuggling Movement

by w00t
Categories: The News
Tags: No Tags
Comments: No Comments
Published on: March 3, 2015

Sparrowvsrevolution writes A new Wired magazine story goes inside the North Korean rebel movement seeking to overthrow Kim Jong-un by smuggling USB drives into the country packed with foreign television & movies. As the story describes, one group has stashed USB drives in Chinese cargo trucks. Another has passed them over from tourist boats that[…]

NVIDIA Fixes Old Compiz Bug

by w00t
Categories: The News
Tags: No Tags
Comments: No Comments
Published on: March 3, 2015

jones_supa writes NVIDIA has fixed a long-standing issue in the Ubuntu Unity desktop by patching Compiz. When opening the window of a new application, it would go black or become transparent on NVIDIA hardware. There have been bug reports dating back to Ubuntu 12.10 times. The problem was caused by Compiz, which had some leftover[…]

Hillary Clinton Used Personal Email At State Dept., Possibly Breaking Rules

by w00t
Categories: The News
Tags: No Tags
Comments: No Comments
Published on: March 3, 2015

HughPickens.com writes: The NY Times reports that Hillary Rodham Clinton exclusively used a personal email account to conduct government business as secretary of state, according to State Department officials. She may have violated federal requirements that officials’ correspondence be retained as part of the agency’s record. Clinton did not have a government email address during[…]

Google Backs Off Default Encryption on New Android Lollilop Devices

by w00t
Categories: The News
Tags: No Tags
Comments: No Comments
Published on: March 3, 2015

An anonymous reader writes: Although Google announced in September 2014 that Android 5.0 Lollipop would require full-disk encryption by default in new cell phones, Ars Technica has found otherwise in recently-released 2nd-gen Moto E & Galaxy S6. It turns out, according to the latest version of the Android Compatibility Definition document (PDF), full-disk encryption is[…]

How a Kickstarter Project Can Massively Exceed Its Funding Goals and Still Fail

by w00t
Categories: The News
Tags: No Tags
Comments: No Comments
Published on: March 3, 2015

An anonymous reader writes: In November, 2013, a Kickstarter project for a software-defined camera trigger scored £290,386 (~$450,000) in funding after asking for a mere £50,000. After almost a year of delays, they’ve now announced the project is dead. Their CEO has published a lengthy article approximately how such a successful funding round can still[…]

Games Workshop At 40: How They Brought D&D To Britain

by w00t
Categories: The News
Tags: No Tags
Comments: No Comments
Published on: March 3, 2015

An anonymous reader writes: Following on the fortieth anniversary of Dungeons & Dragons last year, another formative influence on modern gaming is celebrating its fortieth birthday: Games Workshop. Playing at the World covers the story of how the founders, Ian Livingstone & Steve Jackson (not the other Steve Jackson), started out as subscribers to the[…]

Astronomers Find an Old-Looking Galaxy In the Early Universe

by w00t
Categories: The News
Tags: No Tags
Comments: No Comments
Published on: March 3, 2015

schwit1 tips news that a team of astronomers has studied one of the most distant galaxies ever observed & found puzzling results. The light we’re seeing from this galaxy comes from roughly 700 million years after the Big Bang, so on the cosmic scale, it’s quite young. But the galaxy appears much older than astronomers[…]

#1337day WordPress Holding Pattern Theme Arbitrary File Upload Exploit [webapps #exploits #0day #Exploit]

by w00t
Categories: New Vulnerabilities
Tags: No Tags
Comments: No Comments
Published on: March 3, 2015

View Source

#1337day Solarwinds Orion AccountManagement.asmx GetAccounts Admin Creation Exploit [#0day #Exploit]

by w00t
Categories: New Vulnerabilities
Tags: No Tags
Comments: No Comments
Published on: March 3, 2015

View Source

#1337day Symantec Web Gateway 5 restore.php Command Injection Exploit [remote #exploits #0day #Exploit]

by w00t
Categories: New Vulnerabilities
Tags: No Tags
Comments: No Comments
Published on: March 3, 2015

View Source

#1337day Seagate Business NAS Unauthenticated Remote Command Execution Exploit [remote #exploits #0day #Exploit]

by w00t
Categories: New Vulnerabilities
Tags: No Tags
Comments: No Comments
Published on: March 3, 2015

View Source

Police Could Charge Data Center Operators In the Largest Child Porn Bust Ever

by w00t
Categories: The News
Tags: No Tags
Comments: No Comments
Published on: March 3, 2015

sarahnaomi sends this report from Motherboard: Canadian police say they’ve uncovered a massive online file sharing network for exploitative material that could involve up to 7,500 users in nearly 100 countries worldwide. But unlike past investigations into the distribution of child porn, which typically involve targeting suspects individually, police have instead seized over 1.2 petabytes[…]

Symantec Web Gateway 5 restore.php Command Injection

by w00t
Categories: New Vulnerabilities
Tags: No Tags
Comments: No Comments
Published on: March 3, 2015

This Metasploit module exploits a command injection vulnerability found in Symantec Web Gateway’s setting restoration feature. The filename portion can be used to inject system commands into a syscall function, & gain control under the context of HTTP service. For Symantec Web Gateway 5.1.1, you can exploit this vulnerability by any kind of user. However,[…]

#1337day WordPress WP All Import 3.2.3 plugin RCE Vulnerability [webapps #exploits #Vulnerability #0day #Exploit]

by w00t
Categories: New Vulnerabilities
Tags: No Tags
Comments: No Comments
Published on: March 3, 2015

View Source

#1337day BEdita CMS 3.5.0 XSS & CSRF Vulnerabilities [webapps #exploits #Vulnerabilities #0day #Exploit]

by w00t
Categories: New Vulnerabilities
Tags: No Tags
Comments: No Comments
Published on: March 3, 2015

View Source

Ask Slashdot: Which Classic OOP Compiled Language: Objective-C Or C++?

by w00t
Categories: The News
Tags: No Tags
Comments: No Comments
Published on: March 3, 2015

Qbertino writes: I’ve been trying to pick up a classic, object-oriented, compiled language since the early 90s, yet have never gotten around to it. C++ was always on my radar, yet I’m a little torn to-and-fro with Objective-C. Objective-C is the obvious choice if you moreover want to make money developing for Mac OS X,[…]

#1337day WordPress Calculated Fields Form 1.0.10 SQL Injection Vulnerability [webapps #exploits #Vulnerability #0day #Exploit]

by w00t
Categories: New Vulnerabilities
Tags: No Tags
Comments: No Comments
Published on: March 3, 2015

View Source

#1337day D-Link and TRENDnet 'ncc2' service – multiple Vulnerabilities [#0day #Exploit]

by w00t
Categories: New Vulnerabilities
Tags: No Tags
Comments: No Comments
Published on: March 3, 2015

View Source

#1337day Wireless File Transfer Pro Android Cross Site Request Forgery Vulnerability [#0day #Exploit]

by w00t
Categories: New Vulnerabilities
Tags: No Tags
Comments: No Comments
Published on: March 3, 2015

View Source

#1337day Jetty 9.2.8 Shared Buffer Leakage Vulnerability CVE-2015-2080 [webapps #exploits #Vulnerability #0day #Exploit]

by w00t
Categories: New Vulnerabilities
Tags: No Tags
Comments: No Comments
Published on: March 3, 2015

View Source

#1337day HelpDezk 1.0.1 Shell Upload / Code Execution / Disclosure Vulnerabilities [#0day #Exploit]

by w00t
Categories: New Vulnerabilities
Tags: No Tags
Comments: No Comments
Published on: March 3, 2015

View Source

#1337day D-Link DIR636L Remote Command Injection Vulnerability CVE-2015-1187 [webapps #exploits #Vulnerability #0day #Exploit]

by w00t
Categories: New Vulnerabilities
Tags: No Tags
Comments: No Comments
Published on: March 3, 2015

View Source

New Seagate Shingled Hard Drive Teardown

by w00t
Categories: The News
Tags: No Tags
Comments: No Comments
Published on: March 2, 2015

New submitter Peter Desnoyers writes: Shingled Magnetic Recording (SMR) drives are starting to hit the market, promising larger drives without heroic (and expensive) measures such as helium fill, yet at a cost — data can no longer be over-written in place, requiring SSD-like algorithms to handle random writes. At the USENIX File & Storage Technologies[…]

Marissa Mayer On Turning Around Yahoo

by w00t
Categories: The News
Tags: No Tags
Comments: No Comments
Published on: March 2, 2015

An anonymous reader writes For the 20th anniversary of Yahoo, Marissa Mayer discusses how she’s trying to reinvent the company. In a wide-ranging interview, Mayer shares her vision for fixing the company’s past mistakes, including a major investment in mobile & a new ad platform. Yet she’s been dogged by critics who see her as[…]

Mandriva Linux Security Advisory 2015-050

by w00t
Categories: New Vulnerabilities
Tags: No Tags
Comments: No Comments
Published on: March 2, 2015

Mandriva Linux Security Advisory 2015-050 – It was reported that a crafted diff file can make patch eat memory & after segfault. It was reported that the versions of the patch utility that support Git-style patches are vulnerable to a directory traversal flaw. This could allow an attacker to overwrite arbitrary files by applying a[…]

Google Prepares To Enter Wireless Market As an MVNO

by w00t
Categories: The News
Tags: No Tags
Comments: No Comments
Published on: March 2, 2015

jfruh writes Google is getting into the wireless connectivity business, yet doesn’t mean you’ll be able to use them as your wireless connectivity provider any time soon. The company isn’t building its own cell network, yet will rather be a “mobile virtual network operator” offering services over existing networks. Google says it won’t be a[…]

Photo First: Light Captured As Both Particle and Wave

by w00t
Categories: The News
Tags: No Tags
Comments: No Comments
Published on: March 2, 2015

mpicpp sends word that scientists have succeeded in capturing the first-ever snapshot of the dual behavior of light. “It’s one of those enduring Zen koans of science that we’ve all grown up with: Light behaves as both a particle & a wave—at the same time. Einstein taught us that, so we’re all generally on board,[…]

Blackphone 2 Caters To the Enterprise, the Security-Minded and the Paranoid

by w00t
Categories: The News
Tags: No Tags
Comments: No Comments
Published on: March 2, 2015

Mark Wilson writes While much of the news coming out of MWC 2015 has been dominated by Microsoft’s Lumia 640, the Samsung Galaxy S6 Edge, & tablets from Sony, there’s always room for something a little different. Following on from the security-focused Blackphone, Silent Circle used the Barcelona event to announce the follow-up — the[…]

NASA’s Spitzer Team Releases Highest-resolution View of the Full Galactic Plane

by w00t
Categories: The News
Tags: No Tags
Comments: No Comments
Published on: March 2, 2015

StartsWithABang writes From our vantage point within the Milky Way, most of our 200-400 billion stars are obscured by the dust lanes present within. But thanks to its views in infrared light, the Spitzer Space Telescope can glimpse not only all of the stars & the dust simultaneously, it can do it at an alarming[…]

Unreal Engine 4 Is Now Free

by w00t
Categories: The News
Tags: No Tags
Comments: No Comments
Published on: March 2, 2015

jones_supa writes In 2014, Epic Games took the step of making Unreal Engine 4 available to everyone by subscription for $19 per month. Today, this general-purpose game engine is available to everyone for free. This includes future updates, the full C++ source code of the engine, documentation, & all sorts of bonus material. You can[…]

Doomsday Vault: First Tree Samples Arrive At Underground Seed Store

by w00t
Categories: The News
Tags: No Tags
Comments: No Comments
Published on: March 2, 2015

An anonymous reader writes “The Svalbard Global Seed Vault, built into an Arctic mountain, received its first delivery of tree seeds. Opened in 2008, the vault is designed to withstand all natural & human disasters. From the article: “The ‘doomsday’ vault built into an Arctic mountain, which stores seeds for food crops in case of[…]

Feds Admit Stingray Can Disrupt Bystanders’ Communications

by w00t
Categories: The News
Tags: No Tags
Comments: No Comments
Published on: March 2, 2015

linuxwrangler writes The government has fought complex to keep details approximately use & effects of the controversial Stingray device secret. But this Wired article points to recently released documents in which the government admits that the device can cause collateral damage to other network users. The controversy has heated to the point that Florida senator[…]

World’s First Lagoon Power Plants Unveiled In UK

by w00t
Categories: The News
Tags: No Tags
Comments: No Comments
Published on: March 2, 2015

AmiMoJo writes Plans to generate electricity from the world’s first series of tidal lagoons have been unveiled in the UK. The six lagoons — four in Wales & one each in Somerset & Cumbria — will capture incoming & outgoing tides behind giant sea walls, & use the weight of the water to power turbines.[…]

Seagate Business NAS Unauthenticated Remote Command Execution

by w00t
Categories: New Vulnerabilities
Tags: No Tags
Comments: No Comments
Published on: March 2, 2015

Some Seagate Business NAS devices are vulnerable to command execution via a local file include vulnerability hidden in the language parameter of the CodeIgniter session cookie. The vulnerability manifests in the way the language files are included in the code on the login page, & hence is open to attack from users without the need[…]

HP Security Bulletin HPSBST03274 1

by w00t
Categories: New Vulnerabilities
Tags: No Tags
Comments: No Comments
Published on: March 2, 2015

HP Security Bulletin HPSBST03274 1 – Potential security vulnerabilities have been identified with HP XP P9000 Command View Advanced Edition Software Online Help for Windows & Linux. The vulnerabilities could be exploited resulting in remote Cross-site scripting (XSS). Revision 1 of this advisory. View Source

D-Link DIR636L Remote Command Injection

by w00t
Categories: New Vulnerabilities
Tags: No Tags
Comments: No Comments
Published on: March 2, 2015

D-Link DIR636L suffers from a remote command injection vulnerability. View Source

Interactive Edition of the Nuclear Notebook

by w00t
Categories: The News
Tags: No Tags
Comments: No Comments
Published on: March 2, 2015

Lasrick writes The Bulletin of the Atomic Scientists has just launched a very rad interactive graphic to go with their famed Nuclear Notebook, the feature that tracks the world’s nuclear arsenals. Now you can see at a glance who has nuclear weapons, when they received them, & how those numbers compare to each other. A[…]

Slim PHP Framework 2.5.0 Weak Cryptography

by w00t
Categories: New Vulnerabilities
Tags: No Tags
Comments: No Comments
Published on: March 2, 2015

Slim PHP Framework versions 2.5.0 & below suffer weak cryptographic implementations. View Source

RV4sec 2015 Call For Papers

by w00t
Categories: New Vulnerabilities
Tags: No Tags
Comments: No Comments
Published on: March 2, 2015

The RV4sec 2015 Call For Papers has been announced. It will be held June 4th through June 5th, 2015, in Richmond, Virginia, USA. View Source

WordPress Calculated Fields Form 1.0.10 SQL Injection

by w00t
Categories: New Vulnerabilities
Tags: No Tags
Comments: No Comments
Published on: March 2, 2015

WordPress Calculated Fields Form plugin versions 1.0.10 & below suffer from a remote SQL injection vulnerability. View Source

ECCMS 1.0 Cross Site Scripting / SQL Injection

by w00t
Categories: New Vulnerabilities
Tags: No Tags
Comments: No Comments
Published on: March 2, 2015

ECCMS version 1.0 suffers from cross site scripting & remote SQL injection vulnerabilities. View Source

Mandriva Linux Security Advisory 2015-049

by w00t
Categories: New Vulnerabilities
Tags: No Tags
Comments: No Comments
Published on: March 2, 2015

Mandriva Linux Security Advisory 2015-049 – A malformed file with an invalid page header & compressed raster data can trigger a buffer overflow in cupsRasterReadPixels. View Source

Ubuntu Security Notice USN-2516-2

by w00t
Categories: New Vulnerabilities
Tags: No Tags
Comments: No Comments
Published on: March 2, 2015

Ubuntu Security Notice 2516-2 – USN-2516-1 fixed vulnerabilities in the Linux kernel. There was an unrelated regression in the use of the virtual counter (CNTVCT) on arm64 architectures. This update fixes the problem. A flaw was discovered in the Kernel Virtual Machine’s (KVM) emulation of the SYSTENTER instruction when the guest OS does not initialize[…]

ATutor LCMS 2.2 Cross Site Request Forgery

by w00t
Categories: New Vulnerabilities
Tags: No Tags
Comments: No Comments
Published on: March 2, 2015

ATutor LCMS version 2.2 suffers from a cross site request forgery vulnerability. View Source

Secret Memo Slams Canadian Police On Inaccurate ISP Request Records

by w00t
Categories: The News
Tags: No Tags
Comments: No Comments
Published on: March 2, 2015

An anonymous reader writes Last fall, Daniel Therrien, the government’s newly appointed Privacy Commissioner of Canada, released the annual report on the Privacy Act, the legislation that governs how government collects, uses, & discloses personal information. The lead story from the report was the result of an audit of the Royal Canadian Mounted Police practices[…]

BEdita CMS 3.5.0 Cross Site Request Forgery / Cross Site Scripting

by w00t
Categories: New Vulnerabilities
Tags: No Tags
Comments: No Comments
Published on: March 2, 2015

BEdita CMS version 3.5.0 suffers from cross site request forgery & cross site scripting vulnerabilities. View Source

Linux CVE-2014-9322 Proof Of Concept

by w00t
Categories: New Vulnerabilities
Tags: No Tags
Comments: No Comments
Published on: March 2, 2015

arch/x86/kernel/entry_64.S in the Linux kernel before 3.17.5 does not properly handle faults associated with the Stack Segment (SS) segment register, which allows local users to gain privileges by triggering an IRET instruction that leads to access to a GS Base address from the wrong space. This is a POC to reproduce vulnerability. No exploitation here,[…]

Linux CVE-2014-4943 Proof Of Concept

by w00t
Categories: New Vulnerabilities
Tags: No Tags
Comments: No Comments
Published on: March 2, 2015

The PPPoL2TP feature in net/l2tp/l2tp_ppp.c in the Linux kernel through 3.15.6 allows local users to gain privileges by leveraging data-structure differences between an l2tp socket & an inet socket. This is a POC to reproduce vulnerability. No exploitation here, just simple kernel panic. View Source

Linux CVE-2014-3631 Proof Of Concept

by w00t
Categories: New Vulnerabilities
Tags: No Tags
Comments: No Comments
Published on: March 2, 2015

The assoc_array_gc function in the associative-array implementation in lib/assoc_array.c in the Linux kernel before 3.16.3 does not properly implement garbage collection, which allows local users to cause a denial of service (NULL pointer dereference & system crash) or possibly have unspecified other impact via multiple “keyctl newring” operations followed by a “keyctl timeout” operation. View[…]

Fortimail 5.2.1 Cross Site Scripting

by w00t
Categories: New Vulnerabilities
Tags: No Tags
Comments: No Comments
Published on: March 2, 2015

Fortimail version 5.2.1 suffers from reflective cross site scripting vulnerabilities. View Source

Tags
Online Now
Welcome , today is Wednesday, March 4, 2015