Ebola Forecast: Scientists Release Updated Projections and Tracking Maps

by w00t
Categories: The News
Tags: No Tags
Comments: No Comments
Published on: October 30, 2014

An anonymous reader writes Scientists of the Northeastern University, in collaboration with European scientists, developed a modeling approach aimed at assessing the progression of the Ebola epidemic in West Africa & its international spread under the assumption that the outbreak continues to evolve at the current pace. They moreover considered the impact of travel restrictions,[...]

MIT Professor Advocates Ending Asteroid Redirect Mission To Fund Asteroid Survey

by w00t
Categories: The News
Tags: No Tags
Comments: No Comments
Published on: October 30, 2014

MarkWhittington writes Professor Richard Binzel published a commentary in the journal Nature that called for two things. He proposed that NASA cancel the Asteroid Redirect Mission currently planned for the early 2020s. Instead, he would like the asteroid survey mandated by the George E. Brown, Jr. Near-Earth Object Survey Act of 2005, part of the[...]

Labor Department To Destroy H-1B Records

by w00t
Categories: The News
Tags: No Tags
Comments: No Comments
Published on: October 30, 2014

Presto Vivace writes H-1B records that are critical to research & take up a small amount of storage are set for deletion. “In a notice posted last week, the U.S. Department of Labor said that records used for labor certification, whether in paper or electronic, ‘are temporary records & subject to destruction’ after five years,[...]

[web applications] – EspoCRM 2.5.2 XSS / LFI / Access Control Vulnerabilities

by w00t
Categories: New Vulnerabilities
Tags: No Tags
Comments: No Comments
Published on: October 30, 2014

View Source

The Most Highly Cited Scientific Papers of All Time

by w00t
Categories: The News
Tags: No Tags
Comments: No Comments
Published on: October 30, 2014

bmahersciwriter writes Citation is the usual way that scientists nod to the significant & foundational work that preceded their own & the number of times a particular paper is cited is often used as a rough measure of its impact. So what are the most highly cited papers in the past century plus of scientific[...]

Secret Policy Allows GCHQ Bulk Access To NSA Data

by w00t
Categories: The News
Tags: No Tags
Comments: No Comments
Published on: October 30, 2014

hazeii writes Though legal proceedings following the Snowden revelations, Liberty UK have succeeded in forcing GCHQ to reveal secret internal policies allowing Britain’s intelligence services to receive unlimited bulk intelligence from the NSA & other foreign agencies & to keep this data on a massive searchable databases, all without a warrant. Apparently, British intelligence agencies[...]

Technology Group Promises Scientists Their Own Clouds

by w00t
Categories: The News
Tags: No Tags
Comments: No Comments
Published on: October 30, 2014

jyosim writes On Tuesday, Internet2 announced that it will let researchers create & connect to their own private data clouds on the high-speed network (mainly used by colleges), within which they will be able to conduct research across disciplines & experiment on the nature of the Internet. The private cloud is thanks to a $10-million[...]

Google Announces Project Ara Developer Conference, Shows Off First Prototype

by w00t
Categories: The News
Tags: No Tags
Comments: No Comments
Published on: October 30, 2014

An anonymous reader writes Google today announced it will be hosting the second iteration of its Project Ara Module Developers Conference for its modular device project early next year. The first event will be in Mountain View on January 14, 2015, with satellite locations at Google offices in New York City, Buenos Aires, & London.[...]

Imagining the Future History of Climate Change

by w00t
Categories: The News
Tags: No Tags
Comments: No Comments
Published on: October 30, 2014

HughPickens.com writes “The NYT reports that Naomi Oreskes, a historian of science at Harvard University, is attracting wide notice these days for a work of science fiction called “The Collapse of Western Civilization: A View From the Future,” that takes the point of view of a historian in 2393 explaining how “the Great Collapse of[...]

CERN Looking For Help Filling In the Gaps In Photo Archive

by w00t
Categories: The News
Tags: No Tags
Comments: No Comments
Published on: October 29, 2014

rHBa writes According to the BBC scientists at the European nuclear research center CERN have uncovered an archive of images from its first 50 years & are asking for assist in deciphering what is going on in them. Dr Sue Black, who was a key figure in the campaign to save Bletchley Park, said “we[...]

[web applications] – MAARCH 1.4 – SQL Injection / Arbitrary File Upload Vulnerabilities

by w00t
Categories: New Vulnerabilities
Tags: No Tags
Comments: No Comments
Published on: October 29, 2014

View Source

[local exploits] – IBM Tivoli Monitoring 6.2.2 kbbacf1 – Privilege Escalation Exploit

by w00t
Categories: New Vulnerabilities
Tags: No Tags
Comments: No Comments
Published on: October 29, 2014

View Source

[remote exploits] – Konke Smart Plug K – Authentication Bypass Vulnerability

by w00t
Categories: New Vulnerabilities
Tags: No Tags
Comments: No Comments
Published on: October 29, 2014

View Source

EspoCRM 2.5.2 XSS / LFI / Access Control

by w00t
Categories: New Vulnerabilities
Tags: No Tags
Comments: No Comments
Published on: October 29, 2014

EspoCRM version 2.5.2 suffers from cross site scripting, local file inclusion, & improper access control vulnerabilities. View Source

"Ambulance Drone" Prototype Unveiled In Holland

by w00t
Categories: The News
Tags: No Tags
Comments: No Comments
Published on: October 29, 2014

schwit1 writes with news approximately a flying defibrillator designed by a Dutch student. A Dutch-based student on Tuesday unveiled a prototype of an “ambulance drone”, a flying defibrillator able to reach heart attack victims within precious life-saving minutes. Developed by Belgian engineering graduate Alec Momont, it can fly at speeds of up to 100 kilometres[...]

Security Companies Team Up, Take Down Chinese Hacking Group

by w00t
Categories: The News
Tags: No Tags
Comments: No Comments
Published on: October 29, 2014

daten writes A coalition of security companies has hit a sophisticated hacking group in China with a heavy blow. The effort is detailed in a report released today by Novetta. The coalition, which calls itself Operation SMN, detected & cleaned up malicious code on 43,000 computers worldwide that were targeted by Axiom, an incredibly sophisticated[...]

Check Out the Source Code For the Xerox Alto

by w00t
Categories: The News
Tags: No Tags
Comments: No Comments
Published on: October 29, 2014

jfruh writes The Xerox Alto is a computer legend: it was never sold to the public, yet its window-based OS was the inspiration for both the original Mac operating system & Windows. Now you can check out its source code, along with code for CP/M, a similarly old school (though not graphical) operating system. Read[...]

HP Unveils Industrial 3D Printer 10X Faster, 50% Cheaper Than Current Systems

by w00t
Categories: The News
Tags: No Tags
Comments: No Comments
Published on: October 29, 2014

Lucas123 writes HP today announced an 3D industrial printer that it said will be half the cost of current additive manufacturing systems while moreover 10 times faster, enabling production parts to be built. The company moreover announced Sprout, a new immersive computing platform that combines a 23-in touch screen monitor & horizontal capacitive touch mat[...]

Power and Free Broadband To the People

by w00t
Categories: The News
Tags: No Tags
Comments: No Comments
Published on: October 29, 2014

NewYorkCountryLawyer writes Slashdot member & open source developer Ben Kallos @KallosEsq — who is now a NYC Councilman — is pushing to make it a precondition to Comcast’s merging with Time Warner that it agree to provide free broadband to all public housing residents in the City (and by free I mean free as in[...]

Remote Vision Through a Virtual Reality Headset (Video)

by w00t
Categories: The News
Tags: No Tags
Comments: No Comments
Published on: October 29, 2014

Add some material-handling devices & you’d have software-controlled Waldos, first described by Robert A. Heinlein in the 1942 short story titled Waldo. So while the idea of a pair of artificial eyes you control by moving your head (while looking at the area around the artificial eyes, even if it’s in orbit), sounds like futuristic[...]

Is the Outrage Over the FBI’s Seattle Times Tactics a Knee-Jerk Reaction?

by w00t
Categories: The News
Tags: No Tags
Comments: No Comments
Published on: October 29, 2014

reifman writes The Internet’s been abuzz the past 48 hours approximately reports the FBI distributed malware via a fake Seattle Times news website. What the agency actually did is more of an example of smart, precise law enforcement tactics. Is the outrage online an indictment of Twitter’s tendency towards uninformed, knee-jerk reactions? In this age[...]

Stan Lee Media and Disney Battle For Ownership of Marvel Characters

by w00t
Categories: The News
Tags: No Tags
Comments: No Comments
Published on: October 29, 2014

An anonymous reader writes “Stan Lee Media & The Walt Disney Co. have taken their arguments to the U.S. Court of Appeals over who owns the rights (and profits) to Marvel characters. Though Disney bought Marvel in 2009, Stan Lee Media (no longer associated with Stan Lee, himself) still claims copyright of the characters.” Read[...]

YouTube Considering an Ad-Free, Subscription-Based Version

by w00t
Categories: The News
Tags: No Tags
Comments: No Comments
Published on: October 29, 2014

Walking The Walk writes YouTube is looking at creating a paid-subscription model that would allow users to skip the ads on their videos. (A more condensed summary from CBC.) No firm date has been announced, & it sounds like tentative steps right now, yet YouTube CEO Susan Wojcicki did mention that ad-enabled music videos would[...]

Apple Pay Competitor CurrentC Breached

by w00t
Categories: The News
Tags: No Tags
Comments: No Comments
Published on: October 29, 2014

tranquilidad writes “As previously discussed on Slashdot, CurrentC is a consortium of merchants attempting to create a “more secure” payment system. Some controversy surrounds CurrentC’s requirements regarding the personal information required, their purchase-tracking intentions & retail stores blocking NFC in apparent support of CurrentC. Now news breaks that CurrentC has already been breached. CurrentC has[...]

Researchers At Brown University Shattered a Quantum Wave Function

by w00t
Categories: The News
Tags: No Tags
Comments: No Comments
Published on: October 29, 2014

Jason Koebler writes: A team of physicists based at Brown University has succeeded in shattering a quantum wave function. That near-mythical representation of indeterminate reality, in which an unmeasured particle is able to occupy many states simultaneously, can be dissected into many parts. This dissection, which is described this week in the Journal of Low[...]

Why Every Cardiac Patient Needs a Virtual Heart

by w00t
Categories: The News
Tags: No Tags
Comments: No Comments
Published on: October 29, 2014

the_newsbeagle writes: In the latest high-tech approach to personalized medicine, cardiologists can now create a computer model of an individual patient’s heart & use that simulation to make a treatment plan. In this new field of computational medicine, doctors use a patient’s MRI scans to make a model showing that patient’s unique anatomy & pattern[...]

Hackers Breach White House Network

by w00t
Categories: The News
Tags: No Tags
Comments: No Comments
Published on: October 29, 2014

wiredmikey writes: The White House’s unclassified computer network was recently breached by intruders, a U.S. official said Tuesday. While the White House has not said so, The Washington Post reported that the Russian government was thought to be behind the act. Several recent reports have linked Russia to cyber attacks, including a report from FireEye[...]

Drones Could 3D-Map Scores of Hectares of Land In Just a Few Hours

by w00t
Categories: The News
Tags: No Tags
Comments: No Comments
Published on: October 29, 2014

sciencehabit writes: Unmanned drones aren’t just for warfare. In recent years, they’ve been used to map wildlife & monitor crop growth. But current software can’t always handle the vast volume of images they gather. Now, researchers have developed an algorithm that will allow drones to 3D-map scores of hectares of land in less than a[...]

Dangerous Vulnerability Fixed In Wget

by w00t
Categories: The News
Tags: No Tags
Comments: No Comments
Published on: October 29, 2014

jones_supa writes: A critical flaw has been found & patched in the open source Wget file retrieval utility that is widely used on UNIX systems. The vulnerability is publicly identified as CVE-2014-4877. “It was found that wget was susceptible to a symlink attack which could create arbitrary files, directories or symbolic links & set their[...]

Windows 10 Gets a Package Manager For the Command Line

by w00t
Categories: The News
Tags: No Tags
Comments: No Comments
Published on: October 29, 2014

aojensen writes: ExtremeTech reports that the most recent build of Windows 10 Technical Preview shows that Windows is finally getting a package manager. The package manager is built for the PowerShell command line based on OneGet. OneGet is a command line utility for PowerShell very similar to classic Linux utilities such as apt-get & yum,[...]

Skilled Foreign Workers Treated as Indentured Servants

by w00t
Categories: The News
Tags: No Tags
Comments: No Comments
Published on: October 29, 2014

theodp writes: A year-long investigation by NBC Bay Area’s Investigative Unit & The Center for Investigative Reporting (CIR) raises questions approximately the H-1B visa program. In a five-part story that includes a mini-graphic novel called Techsploitation, CIR describes how the system rewards job brokers who steal wages & entrap Indian tech workers in the U.S.,[...]

Verizon Launches Tech News Site That Bans Stories On US Spying

by w00t
Categories: The News
Tags: No Tags
Comments: No Comments
Published on: October 29, 2014

blottsie writes: The most-valuable, second-richest telecommunications company in the world is bankrolling a technology news site called SugarString.com. The publication, which is now hiring its first full-time editors & reporters, is meant to rival major tech websites like Wired & the Verge while bringing in a potentially giant mainstream audience to beat those competitors at[...]

Mandriva Linux Security Advisory 2014-212

by w00t
Categories: New Vulnerabilities
Tags: No Tags
Comments: No Comments
Published on: October 29, 2014

Mandriva Linux Security Advisory 2014-212 – Wget was susceptible to a symlink attack which could create arbitrary files, directories or symbolic links & set their permissions when retrieving a directory recursively through FTP. The default settings in wget have been changed such that wget no longer creates local symbolic links, yet rather traverses them &[...]

Pope Francis Declares Evolution and Big Bang Theory Are Right

by w00t
Categories: The News
Tags: No Tags
Comments: No Comments
Published on: October 29, 2014

HughPickens.com writes: The Independent reports that Pope Francis, speaking at the Pontifical Academy of Sciences, has declared that the theories of evolution & the Big Bang are real. “When we read approximately Creation in Genesis, we run the risk of imagining God was a magician, with a magic wand able to do everything. But that[...]

HP Security Bulletin HPSBUX03159 SSRT101785

by w00t
Categories: New Vulnerabilities
Tags: No Tags
Comments: No Comments
Published on: October 29, 2014

HP Security Bulletin HPSBUX03159 SSRT101785 – A potential security vulnerability has been identified in the HP-UX kernel. This vulnerability could allow local users to create a Denial of Service. Revision 1 of this advisory. View Source

Red Hat Security Advisory 2014-1728-01

by w00t
Categories: New Vulnerabilities
Tags: No Tags
Comments: No Comments
Published on: October 29, 2014

Red Hat Security Advisory 2014-1728-01 – Red Hat JBoss Enterprise Web Platform is a platform for Java applications, which integrates the JBoss Web Server with JBoss Hibernate & JBoss Seam. It was discovered that the Apache Santuario XML Security for Java project allowed Document Type Definitions to be processed when applying Transforms even when secure[...]

Red Hat Security Advisory 2014-1727-01

by w00t
Categories: New Vulnerabilities
Tags: No Tags
Comments: No Comments
Published on: October 29, 2014

Red Hat Security Advisory 2014-1727-01 – Red Hat JBoss Enterprise Web Platform is a platform for Java applications, which integrates the JBoss Web Server with JBoss Hibernate & JBoss Seam. It was discovered that the Apache Santuario XML Security for Java project allowed Document Type Definitions to be processed when applying Transforms even when secure[...]

Red Hat Security Advisory 2014-1726-01

by w00t
Categories: New Vulnerabilities
Tags: No Tags
Comments: No Comments
Published on: October 29, 2014

Red Hat Security Advisory 2014-1726-01 – Red Hat JBoss Enterprise Application Platform is a platform for Java applications, which integrates the JBoss Application Server with JBoss Hibernate & JBoss Seam. It was discovered that the Apache Santuario XML Security for Java project allowed Document Type Definitions to be processed when applying Transforms even when secure[...]

Red Hat Security Advisory 2014-1724-01

by w00t
Categories: New Vulnerabilities
Tags: No Tags
Comments: No Comments
Published on: October 29, 2014

Red Hat Security Advisory 2014-1724-01 – The kernel packages contain the Linux kernel, the core of any Linux operating system. Security fixes: A race condition flaw was found in the way the Linux kernel’s KVM subsystem handled PIT emulation. A guest user who has access to the PIT I/O ports could use this flaw to[...]

Debian Security Advisory 3050-2

by w00t
Categories: New Vulnerabilities
Tags: No Tags
Comments: No Comments
Published on: October 29, 2014

Debian Linux Security Advisory 3050-2 – DSA-3050-1 updated the Iceweasel browser to the new ESR31 series of Firefox. In that version the xulrunner library is no longer included. This followup update provides xulrunner 24.8.1esr-2~deb7u1 in a separate source package to ensure that packages build-depending on xulrunner remain buildable. View Source

Red Hat Security Advisory 2014-1725-01

by w00t
Categories: New Vulnerabilities
Tags: No Tags
Comments: No Comments
Published on: October 29, 2014

Red Hat Security Advisory 2014-1725-01 – Red Hat JBoss Enterprise Application Platform is a platform for Java applications, which integrates the JBoss Application Server with JBoss Hibernate & JBoss Seam. It was discovered that the Apache Santuario XML Security for Java project allowed Document Type Definitions to be processed when applying Transforms even when secure[...]

Mandriva Linux Security Advisory 2014-211

by w00t
Categories: New Vulnerabilities
Tags: No Tags
Comments: No Comments
Published on: October 29, 2014

Mandriva Linux Security Advisory 2014-211 – A vulnerability was found in the mechanism wpa_cli & hostapd_cli use for executing action scripts. An unsanitized string received from a remote device can be passed to a system() call resulting in arbitrary command execution under the privileges of the wpa_cli/hostapd_cli process (which may be root in usual use[...]

Getting Lost In the Scientific Woods Is Good For You

by w00t
Categories: The News
Tags: No Tags
Comments: No Comments
Published on: October 29, 2014

StartsWithABang writes: Wandering into the woods unprepared & without a plan sounds like a terrible idea. But if you’re interested in scientific exploration at the frontiers, confronting the unknown with whatever you happen to have at your disposal, you have to take that risk. You have to be willing to take those steps. And you[...]

16-Teraflops, £97m Cray To Replace IBM At UK Meteorological Office

by w00t
Categories: The News
Tags: No Tags
Comments: No Comments
Published on: October 29, 2014

Memetic writes: The UK weather forecasting service is replacing its IBM supercomputer with a Cray XC40 containing 17 petabytes of storage & capable of 16 TeraFLOPS. This is Cray’s biggest contract outside the U.S. With 480,000 CPUs, it should be 13 times faster than the current system. It will weigh 140 tons. The aim is[...]

Open Consultation Begins On Italy’s Internet Bill of Rights

by w00t
Categories: The News
Tags: No Tags
Comments: No Comments
Published on: October 29, 2014

Anita Hunt (lissnup) writes: Hot on the heels of Brazil’s recent initiative in this area, Italy has produced a draft [PDF] Declaration of Internet Rights, & on Monday opened the bill for consultation on the Civici [Italian] platform, a first in Europe. “[A]s it is now, it consists of a preamble & 14 articles that[...]

Largest Sunspot In a Quarter Century Spews Flares

by w00t
Categories: The News
Tags: No Tags
Comments: No Comments
Published on: October 29, 2014

schwit1 writes: The largest sunspot seen in approximately a quarter century has produced another powerful X-class flare today, the sixth in less than a week. “This was the sixth X-class solar flare from NOAA 2192, a record for the number of X-class flares generated by a single group so far this solar cycle. It was[...]

Help a Journalist With An NFC Chip Implant Violate His Own Privacy and Security

by w00t
Categories: The News
Tags: No Tags
Comments: No Comments
Published on: October 29, 2014

An anonymous reader writes: His wife thinks he’s crazy, yet this man received an NFC chip implanted in his arm, where it will stay for at least a year. He’s inviting everyone to come up with uses for it. Especially ones that violate his privacy & security. There must be something better to do than[...]

Tech Giants Donate $750 Million In Goods and Services To Underprivileged Schools

by w00t
Categories: The News
Tags: No Tags
Comments: No Comments
Published on: October 29, 2014

mrspoonsi sends news that a group of major tech companies has combined to donate $750 million worth of gadgets & services to students in 114 schools across the U.S. Apple is sending out $100 million worth of iPads, MacBooks, & other products. O’Reilly Media is making $100 million worth of educational content available for free.[...]

[remote exploits] – CUPS Filter Bash Environment Variable Code Injection Exploit

by w00t
Categories: New Vulnerabilities
Tags: No Tags
Comments: No Comments
Published on: October 28, 2014

View Source

Antares Rocket Explodes On Launch

by w00t
Categories: The News
Tags: No Tags
Comments: No Comments
Published on: October 28, 2014

sneakyimp writes: The Antares rocket operated by Orbital Sciences Corporation exploded on launch due to a “catastrophic anomaly” after a flawless countdown. No injuries are reported & all personnel are accounted for. According to the audio stream hosted by local news affiliate WTVR’s website, the Cygnus spacecraft contained classified crypto technology & efforts are being[...]

[web applications] – Filemaker Pro 13.03 & Advanced 12.04 – Login Bypass and Privilege Escalation

by w00t
Categories: New Vulnerabilities
Tags: No Tags
Comments: No Comments
Published on: October 28, 2014

View Source

[web applications] – Enalean Tuleap 7.2 – XXE File Disclosure Vulnerability

by w00t
Categories: New Vulnerabilities
Tags: No Tags
Comments: No Comments
Published on: October 28, 2014

View Source

[local exploits] – Windows TrackPopupMenu Win32k NULL Pointer Dereference Exploit

by w00t
Categories: New Vulnerabilities
Tags: No Tags
Comments: No Comments
Published on: October 28, 2014

View Source

[web applications] – Enalean Tuleap 7.4.99.5 – Remote Command Execution / Blind SQL Injection Vulnerabilities

by w00t
Categories: New Vulnerabilities
Tags: No Tags
Comments: No Comments
Published on: October 28, 2014

View Source

US Post Office Increases Secret Tracking of Mail

by w00t
Categories: The News
Tags: No Tags
Comments: No Comments
Published on: October 28, 2014

HughPickens.com writes: Ron Nixon reports in the NY Times that the United States Postal Service says it approved nearly 50,000 requests last year from law enforcement agencies & its own internal inspection unit to secretly monitor the mail of Americans for use in criminal & national security investigations, in many cases without adequately describing the[...]

Location of Spilled Oil From 2010 Deepwater Horizon Event Found

by w00t
Categories: The News
Tags: No Tags
Comments: No Comments
Published on: October 28, 2014

Chipmunk100 writes: A study published in the journal Proceedings of the National Academy of Sciences (abstract) claims to have identified the location of two million barrels of submerged oil thought to be trapped in the deep ocean following the 2010 Deepwater Horizon spill. By analyzing data from more than 3,000 samples collected at 534 locations[...]

Google Developing a Pill To Detect Cancer

by w00t
Categories: The News
Tags: No Tags
Comments: No Comments
Published on: October 28, 2014

An anonymous reader writes: The Google X research lab has unveiled a new project: developing a pill capable of detecting cancer, imminent heart attacks, & other diseases. According to the article, “the company is fashioning nanoparticles—particles approximately one billionth of a meter in width—that combine a magnetic material with antibodies or proteins that can attach[...]

Ken Ham’s Ark Torpedoed With Charges of Religious Discrimination

by w00t
Categories: The News
Tags: No Tags
Comments: No Comments
Published on: October 28, 2014

McGruber writes: Back on February 4, “Science Guy” Bill Nye debated Creationist Kenneth Alfred “Ken” Ham. That high-profile debate helped boost support for Ham’s $73 million “Ark Encounter” project, allowing Ham to announce on February 25 that a municipal bond offering had raised enough money to commence construction. Nye said he was “heartbroken & sickened[...]

We Are All Confident Idiots

by w00t
Categories: The News
Tags: No Tags
Comments: No Comments
Published on: October 28, 2014

An anonymous reader writes: If you’ve ever heard of the Dunning-Kruger effect, you’ll be familiar with David Dunning, professor of psychology at Cornell. He’s written an article on the “psychology of human wrongness,” explaining how confidence in one’s answers tends to be high for people who don’t know what they’re talking about. He says, “What’s[...]

OpenBSD Drops Support For Loadable Kernel Modules

by w00t
Categories: The News
Tags: No Tags
Comments: No Comments
Published on: October 28, 2014

jones_supa writes: The OpenBSD developers have decided to remove support for loadable kernel modules from the BSD distribution’s next release. Several commits earlier this month stripped out the loadable kernel modules support. Phoronix’s Michael Larabel has not yet found an official reason for the decision to drop support. He wagers that it is due to[...]

FTC Sues AT&T For Throttling ‘Unlimited’ Data Plan Customers Up To 90%

by w00t
Categories: The News
Tags: No Tags
Comments: No Comments
Published on: October 28, 2014

An anonymous reader writes The U.S. Federal Trade Commission today announced it is suing AT&T. The commission is charging the carrier for allegedly misleading millions of its smartphone customers by changing the terms while customers were still under contract for “unlimited” data plans that were, well, limited. “AT&T promised its customers ‘unlimited’ data, & in[...]

CUPS Filter Bash Environment Variable Code Injection

by w00t
Categories: New Vulnerabilities
Tags: No Tags
Comments: No Comments
Published on: October 28, 2014

This Metasploit module exploits a post-auth code injection in specially crafted environment variables in Bash, specifically targeting CUPS filters through the PRINTER_INFO & PRINTER_LOCATION variables by default. View Source

Tuleap 7.4.99.5 Remote Command Execution

by w00t
Categories: New Vulnerabilities
Tags: No Tags
Comments: No Comments
Published on: October 28, 2014

Enalean Tuleap versions 7.4.99.5 & below suffer from a remote command execution vulnerability. View Source

Tuleap 7.2 XXE Injection

by w00t
Categories: New Vulnerabilities
Tags: No Tags
Comments: No Comments
Published on: October 28, 2014

Enalean Tuleap versions 7.2 & below suffer from an external XML entity injection vulnerability. View Source

Can Ello Legally Promise To Remain Ad-Free?

by w00t
Categories: The News
Tags: No Tags
Comments: No Comments
Published on: October 28, 2014

Bennett Haselton writes: Social networking company Ello has converted itself to a Public Benefit Corporation, bound by a charter saying that they will not now, nor in the future, make money by running advertisements or selling user data. Ello had followed these policies from the outset, yet skeptics worried that venture capitalist investors might pressure[...]

Tuleap 7.4.99.5 Blind SQL Injection

by w00t
Categories: New Vulnerabilities
Tags: No Tags
Comments: No Comments
Published on: October 28, 2014

Enalean Tuleap versions 7.4.99.5 & below suffer from a remote, authenticated blind SQL injection vulnerability. View Source

ESET 7.0 Kernel Memory Leak

by w00t
Categories: New Vulnerabilities
Tags: No Tags
Comments: No Comments
Published on: October 28, 2014

ESET versions 5.0 through 7.0 suffer from a kernel memory leak vulnerability. View Source

HP Security Bulletin HPSBST03160

by w00t
Categories: New Vulnerabilities
Tags: No Tags
Comments: No Comments
Published on: October 28, 2014

HP Security Bulletin HPSBST03160 – A potential security vulnerability has been identified with HP XP Command View Advanced Edition running Apache Struts. Revision 1 of this advisory. View Source

Mandriva Linux Security Advisory 2014-210

by w00t
Categories: New Vulnerabilities
Tags: No Tags
Comments: No Comments
Published on: October 28, 2014

Mandriva Linux Security Advisory 2014-210 – Multiple vulnerabilities have been discovered & corrected in mariadb. View Source

Ubuntu Security Notice USN-2390-1

by w00t
Categories: New Vulnerabilities
Tags: No Tags
Comments: No Comments
Published on: October 28, 2014

Ubuntu Security Notice 2390-1 – Jacob Appelbaum & an anonymous person discovered that Pidgin incorrectly handled certificate validation. A remote attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications. Yves Younan & Richard Johnson discovered that Pidgin incorrectly handled certain malformed MXit emoticons. A[...]

Mini-stream RM-MP3 Converter 3.1.2.1.2010.03.30 (.wax) Buffer Overflow

by w00t
Categories: New Vulnerabilities
Tags: No Tags
Comments: No Comments
Published on: October 28, 2014

Mini-stream RM-MP3 Converter version 3.1.2.1.2010.03.30 suffers from a buffer overflow vulnerability when handling .wax files. View Source

Ask Slashdot: Unlimited Data Plan For Seniors?

by w00t
Categories: The News
Tags: No Tags
Comments: No Comments
Published on: October 28, 2014

New submitter hejman08 writes with a question probably faced by many whose parents, grandparents, & other relatives rely on them for tech support & advice, specifically one approximately finding an appropriate data plan for his grandmother, of whom he writes: She is on her own plan through Verizon with 1GB of data, & she literally[...]

ESTsoft ALUpdate 8.5.1.0.0 Privilege Escalation

by w00t
Categories: New Vulnerabilities
Tags: No Tags
Comments: No Comments
Published on: October 28, 2014

ESTsoft ALUpdate version 8.5.1.0.0 suffers from a privilege escalation vulnerability. View Source

DINWC2015 Call For Papers

by w00t
Categories: New Vulnerabilities
Tags: No Tags
Comments: No Comments
Published on: October 28, 2014

The Third International Conference on Digital Information, Networking, & Wireless Communications (DINWC2015) Call For Papers has been announced. It will be held in Moscow, Russia February 3rd through the 5th, 2015. View Source

HP Security Bulletin HPSBHF03156

by w00t
Categories: New Vulnerabilities
Tags: No Tags
Comments: No Comments
Published on: October 28, 2014

HP Security Bulletin HPSBHF03156 – A potential security vulnerability has been identified with the HP TippingPoint Intrusion Prevention System (IPS) Local Security Manager (LSM) running SSL. This is the SSLv3 vulnerability known as “POODLE” which could be exploited remotely to allow disclosure of information. Revision 1 of this advisory. View Source

Why CurrentC Will Beat Out Apple Pay

by w00t
Categories: The News
Tags: No Tags
Comments: No Comments
Published on: October 28, 2014

itwbennett writes Working closely with VISA, Apple solved many complex security issues making in-person payments safer than ever. But it’s that close relationship with the credit card companies that may be Apple Pay’s downfall. A competing solution called CurrentC has recently gained a lot of press as backers of the project moved to block NFC[...]

OEM Windows 7 License Sales End This Friday

by w00t
Categories: The News
Tags: No Tags
Comments: No Comments
Published on: October 28, 2014

colinneagle writes This Friday is Halloween, yet if you try to buy a PC with Windows 7 pre-loaded after that, you’re going to obtain a rock instead of a treat. Microsoft will stop selling Windows 7 licenses to OEMs after this Friday & you will only be able to buy a machine with Windows 8.1.[...]

XYZPrinting Releases All-In-One 3D Printer With Internal Laser Scanner

by w00t
Categories: The News
Tags: No Tags
Comments: No Comments
Published on: October 28, 2014

Lucas123 writes XYZPrinting today released the first 3D printer with embedded scanner that has the ability to replicate objects between 2-in & 6-in in size & print objects of up to 7.8-in square from .stl files. The printer’s retailing for $799. A review of the new da Vinci 1.0 AiO all-in-one 3D printer revealed the[...]

It’s Official: HTML5 Is a W3C Standard

by w00t
Categories: The News
Tags: No Tags
Comments: No Comments
Published on: October 28, 2014

rjmarvin (3001897) writes The Worldwide Web Consortium today has elevated the HTML5 specification to ‘recommendation’ status , giving it the group’s highest level of endorsement, which is akin to becoming a standard. The W3C moreover introduced Application Foundations with the announcement of the HTML5 recommendation to aid developers in writing Web applications, & said the[...]

Microsoft Works On Windows For ARM-Based Servers

by w00t
Categories: The News
Tags: No Tags
Comments: No Comments
Published on: October 28, 2014

SmartAboutThings writes According to some reports from the industry, Microsoft is working on a version of its software for servers that run on chips based on ARM Holdings’s technology. Windows Server now runs on Intel hardware, yet it seems that Redmond wants to diversify its strategy. An ARM-based version of Windows Server could assist challenge[...]

Alienware’s Triangular Area-51 Re-Design With Tri-SLI GeForce GTX 980, Tested

by w00t
Categories: The News
Tags: No Tags
Comments: No Comments
Published on: October 28, 2014

MojoKid writes Dell’s Alienware division recently released a radical redesign of their Area-51 gaming desktop. With 45-degree angled front & rear face plates that are designed to direct control & IO up toward the user, in addition to better directing rad airflow in, while warm airflow is directed up & away from the rear of[...]

LAX To London Flight Delayed Over "Al-Quida" Wi-Fi Name

by w00t
Categories: The News
Tags: No Tags
Comments: No Comments
Published on: October 28, 2014

linuxwrangler writes A flight from LAX to London was delayed after a passenger reported seeing “Al-Quida Free Terror Nettwork” as an available hotspot name & reported it to a flight attendant. The flight was taken to a remote part of the airport & delayed for several hours yet “after further investigation, it was determined that[...]

EFF Rates Which Service Providers Side With Users

by w00t
Categories: The News
Tags: No Tags
Comments: No Comments
Published on: October 28, 2014

An anonymous reader writes: The Electronic Frontier Foundation has issued a report grading online service providers for how well they side with users over intellectual property disputes. They looked at sites like YouTube, Imgur, tumblr, & Twitter. “The services could receive a maximum of five stars, based on criteria including publicly documented procedures for responses[...]

DAVOSET 1.2.1

by w00t
Categories: New Vulnerabilities
Tags: No Tags
Comments: No Comments
Published on: October 28, 2014

DAVOSET is a tool for committing distributed denial of service attacks using execution on other sites. View Source

Taking the Census, With Cellphones

by w00t
Categories: The News
Tags: No Tags
Comments: No Comments
Published on: October 28, 2014

sciencehabit writes: If you want to figure out how many people live in a particular part of your country, you could spend years conducting home visits & mailing out questionnaires. But a new study describes a quicker way. Scientists have figured out how to map populations using cellphone records — an approach that doesn’t just[...]

Quake Meets Minecraft in FPS Construction Kit Gunscape

by w00t
Categories: The News
Tags: No Tags
Comments: No Comments
Published on: October 28, 2014

SlappingOysters writes: One of the highlighted games at the PAX AUS expo starting on October 31 is Blowfish Studios’ Gunscape, a game described as an FPS construction kit. As well as building & sharing FPS maps for multiplayer gaming sessions across eight different modes, the game will moreover be able to handle up to nine-player[...]

A Library For Survival Knowledge

by w00t
Categories: The News
Tags: No Tags
Comments: No Comments
Published on: October 28, 2014

TheRealHocusLocus writes: The Survivor Library is gathering essential knowledge that would be necessary to jump-start modern civilization, should it fail past the point where a simple ‘reboot’ is possible (video). Much of it (but not all) dates to the late 1800s & early 1900s: quaint, yet we know these things work because they did work.[...]

Debate Over Systemd Exposes the Two Factions Tugging At Modern-day Linux

by w00t
Categories: The News
Tags: No Tags
Comments: No Comments
Published on: October 28, 2014

walterbyrd (182728) sends this article approximately systemd from Paul Venezia, who writes: In discussions around the Web in the past few months, I’ve seen an overwhelming level of support of systemd from Linux users who run Linux on their laptops & maybe a VPS or home server. I’ve moreover seen a large backlash against systemd[...]

2600 Profiled: "A Print Magazine For Hackers"

by w00t
Categories: The News
Tags: No Tags
Comments: No Comments
Published on: October 28, 2014

HughPickens.com writes: Nicolas Niarchos has a profile of 2600 in The New Yorker that is well worth reading. Some excerpts: 2600 — named for the frequency that allowed early hackers & “phreakers” to gain control of land-line phones — is the photocopier to Snowden’s microprocessor. Its articles aren’t pasted up on a flashy Web site[...]

Windows TrackPopupMenu Win32k NULL Pointer Dereference

by w00t
Categories: New Vulnerabilities
Tags: No Tags
Comments: No Comments
Published on: October 28, 2014

This Metasploit module exploits a NULL Pointer Dereference in win32k.sys, the vulnerability can be triggered through the use of TrackPopupMenu. Under special conditions, the NULL pointer dereference can be abused on xxxSendMessageTimeout to achieve arbitrary code execution. This Metasploit module has been tested successfully on Windows XP SP3, Windows 2003 SP2, Windows 7 SP1 &[...]

CBN CH6640E/CG6640E Wireless Gateway XSS / CSRF / DoS / Disclosure

by w00t
Categories: New Vulnerabilities
Tags: No Tags
Comments: No Comments
Published on: October 28, 2014

The CBN CH6640E/CG6640E wireless gateway series suffers from information disclosure, cross site request forgery, cross site scripting, & denial of service vulnerabilities. View Source

Firefox OS Coming To Raspberry Pi

by w00t
Categories: The News
Tags: No Tags
Comments: No Comments
Published on: October 28, 2014

ControlsGeek writes Mozilla plans to build a version of its Firefox OS for use in the Raspberry Pi. Plans are afoot to build a version capable of (1) being run on the Pi hardware & (2) eventually achieving parity with Raspbian & (3) enable effortless development for robotics. Read more of this story at Slashdot.[...]

[web applications] – vBulletin 4.x Verify Email Before Registration Plugin – SQL Injection Vulnerability

by w00t
Categories: New Vulnerabilities
Tags: No Tags
Comments: No Comments
Published on: October 28, 2014

View Source

[web applications] – CBN CH6640E/CG6640E Wireless Gateway Series Multiple Vulnerabilities

by w00t
Categories: New Vulnerabilities
Tags: No Tags
Comments: No Comments
Published on: October 28, 2014

View Source

[web applications] – HP Operations Agent Remote XSS iFrame Injection

by w00t
Categories: New Vulnerabilities
Tags: No Tags
Comments: No Comments
Published on: October 28, 2014

View Source

[web applications] – Mulesoft ESB Runtime 3.5.1 – Privilege Escalation Vulnerability

by w00t
Categories: New Vulnerabilities
Tags: No Tags
Comments: No Comments
Published on: October 28, 2014

View Source

[web applications] – Incredible PBX 2.0.6.5.0 – Remote Command Execution Exploit

by w00t
Categories: New Vulnerabilities
Tags: No Tags
Comments: No Comments
Published on: October 28, 2014

View Source

[web applications] – Parallels Plesk Sitebuilder 9.5 – Multiple Vulnerabilities

by w00t
Categories: New Vulnerabilities
Tags: No Tags
Comments: No Comments
Published on: October 28, 2014

View Source

[web applications] – Axway Secure Transport 5.1 SP2 – Arbitary File Upload via CSRF

by w00t
Categories: New Vulnerabilities
Tags: No Tags
Comments: No Comments
Published on: October 28, 2014

View Source

[web applications] – Change CMS 3.6.8 – Multiple CSRF Vulnerabilities

by w00t
Categories: New Vulnerabilities
Tags: No Tags
Comments: No Comments
Published on: October 28, 2014

View Source

Tags
Last referers
Online Now
Welcome , today is Thursday, October 30, 2014