w00t!? world!? http://w00t.pro all j0r w00ts r belong to us! Wed, 22 May 2013 04:05:00 +0000 en-US hourly 1 Congressional Report: US Power Grid Highly Vulnerable To Cyberattack http://w00t.pro/2013/05/22/17213 http://w00t.pro/2013/05/22/17213#comments Wed, 22 May 2013 04:05:00 +0000 w00t http://w00t.pro/2013/05/22/17213/ An anonymous reader writes “Despite warnings that a cyberattack could cripple the nation’s power supply, a U.S. Congressional report (PDF) finds that power companies’ efforts to protect the power grid are insufficient. Attacks are apparently commonplace, with one utility claiming they fight off some 10,000 attempted attacks every month. The report moreover found that while most power companies are complying with mandatory standards for protection, few do much else above & beyond that to protect the grid. ‘For example, NERC has established both mandatory standards & voluntary measures to protect against the computer worm known as Stuxnet. Of those that responded, 91% of IOUs [Investor-Owned Utilities], 83% of municipally- or cooperatively-owned utilities, & 80% of federal entities that own major pieces of the bulk power system reported compliance with the Stuxnet mandatory standards. By contrast, of those that responded to a separate question regarding compliance with voluntary Stuxnet measures, only 21% of IOUs, 44% of municipally- or cooperatively-owned utilities, & 62.5% of federal entities reported compliance.’”
Share on Google+

Read more of this story at Slashdot.

View Source

]]> http://w00t.pro/2013/05/22/17213/feed 0 Congressional Report: US Power Grid Highly Vulnerable To Cyberattack http://w00t.pro/2013/05/22/17212 http://w00t.pro/2013/05/22/17212#comments Wed, 22 May 2013 04:05:00 +0000 w00t http://w00t.pro/2013/05/22/17212/ An anonymous reader writes “Despite warnings that a cyberattack could cripple the nation’s power supply, a U.S. Congressional report (PDF) finds that power companies’ efforts to protect the power grid are insufficient. Attacks are apparently commonplace, with one utility claiming they fight off some 10,000 attempted attacks every month. The report moreover found that while most power companies are complying with mandatory standards for protection, few do much else above & beyond that to protect the grid. ‘For example, NERC has established both mandatory standards & voluntary measures to protect against the computer worm known as Stuxnet. Of those that responded, 91% of IOUs [Investor-Owned Utilities], 83% of municipally- or cooperatively-owned utilities, & 80% of federal entities that own major pieces of the bulk power system reported compliance with the Stuxnet mandatory standards. By contrast, of those that responded to a separate question regarding compliance with voluntary Stuxnet measures, only 21% of IOUs, 44% of municipally- or cooperatively-owned utilities, & 62.5% of federal entities reported compliance.’”
Share on Google+

Read more of this story at Slashdot.

View Source

]]> http://w00t.pro/2013/05/22/17212/feed 0 Obeseus Distributed Denial Of Service Detector 7.1a http://w00t.pro/2013/05/22/17233 http://w00t.pro/2013/05/22/17233#comments Wed, 22 May 2013 03:17:14 +0000 w00t http://w00t.pro/2013/05/22/17233/ Obeseus is a light-weight, high-speed ip DDOS detector that has been designed to run on an Intel probe running an advanced 10 Gb/s FPGA card. It detects TCP floods, Fragment Floods, raw ICMP/TCP/UDP, reflected (DNS / SMURF) & BOGON misuse. It moreover detects application misuse in HTTP & UDP.

View Source

]]> http://w00t.pro/2013/05/22/17233/feed 0 Obeseus Distributed Denial Of Service Detector 7.1a http://w00t.pro/2013/05/22/17232 http://w00t.pro/2013/05/22/17232#comments Wed, 22 May 2013 03:17:14 +0000 w00t http://w00t.pro/2013/05/22/17232/ Obeseus is a light-weight, high-speed ip DDOS detector that has been designed to run on an Intel probe running an advanced 10 Gb/s FPGA card. It detects TCP floods, Fragment Floods, raw ICMP/TCP/UDP, reflected (DNS / SMURF) & BOGON misuse. It moreover detects application misuse in HTTP & UDP.

View Source

]]> http://w00t.pro/2013/05/22/17232/feed 0 WordPress Flagallery-Skins SQL Injection http://w00t.pro/2013/05/22/17231 http://w00t.pro/2013/05/22/17231#comments Wed, 22 May 2013 03:11:46 +0000 w00t http://w00t.pro/2013/05/22/17231/ WordPress Flagallery-skins plugin suffers from an SQL Injection vulnerability. Note that this advisory has site-specific information.

View Source

]]> http://w00t.pro/2013/05/22/17231/feed 0 WordPress Flagallery-Skins SQL Injection http://w00t.pro/2013/05/22/17230 http://w00t.pro/2013/05/22/17230#comments Wed, 22 May 2013 03:11:46 +0000 w00t http://w00t.pro/2013/05/22/17230/ WordPress Flagallery-skins plugin suffers from an SQL Injection vulnerability. Note that this advisory has site-specific information.

View Source

]]> http://w00t.pro/2013/05/22/17230/feed 0 Google Chrome 27 Is Out: 5% Faster Page Loads http://w00t.pro/2013/05/22/17211 http://w00t.pro/2013/05/22/17211#comments Wed, 22 May 2013 03:05:00 +0000 w00t http://w00t.pro/2013/05/22/17211/ An anonymous reader writes “Google on Tuesday released Chrome version 27 for Windows, Mac, & Linux. The new version features a huge boost to page loads (now 5 percent faster on average) as well as significant updates for developers. The speed improvement is thanks to the introduction of ‘smarter behind-the-scenes resource scheduling,’ according to Google. Starting with this release, the scheduler more aggressively uses an idle connection & demotes the priority of preloaded resources so that they don’t interfere with critical assets.”
Share on Google+

Read more of this story at Slashdot.

View Source

]]> http://w00t.pro/2013/05/22/17211/feed 0 Google Chrome 27 Is Out: 5% Faster Page Loads http://w00t.pro/2013/05/22/17210 http://w00t.pro/2013/05/22/17210#comments Wed, 22 May 2013 03:05:00 +0000 w00t http://w00t.pro/2013/05/22/17210/ An anonymous reader writes “Google on Tuesday released Chrome version 27 for Windows, Mac, & Linux. The new version features a huge boost to page loads (now 5 percent faster on average) as well as significant updates for developers. The speed improvement is thanks to the introduction of ‘smarter behind-the-scenes resource scheduling,’ according to Google. Starting with this release, the scheduler more aggressively uses an idle connection & demotes the priority of preloaded resources so that they don’t interfere with critical assets.”
Share on Google+

Read more of this story at Slashdot.

View Source

]]> http://w00t.pro/2013/05/22/17210/feed 0 Special Ops Takes Its Manhunts Into Space http://w00t.pro/2013/05/22/17209 http://w00t.pro/2013/05/22/17209#comments Wed, 22 May 2013 02:03:00 +0000 w00t http://w00t.pro/2013/05/22/17209/ Wired reports on a cluster of mini-satellites that will shortly be launched into orbit that will assist U.S. special forces personnel during manhunts. “SOCOM is putting eight miniature communications satellites, each approximately the size of a water jug, on top of the Minotaur rocket that’s getting ready to launch from Wallops Island, Virginia. They’ll sit more than 300 miles above the earth & provide a new way for the beacons to call back to their masters.” When special forces are able to tag their target, the target can be tracked & located through the use of satellites & cell towers, yet coverage is poor in many areas of the world. The satellites going up in September will assist to fill in some gaps. “This array of configurable ‘cubesats’ is designed to stay aloft for three years or more. Yes, it will serve as further research project. But ‘operators are going to use it,’ Richardson promised an industry conference in Tampa last week.”
Share on Google+

Read more of this story at Slashdot.

View Source

]]> http://w00t.pro/2013/05/22/17209/feed 0 Special Ops Takes Its Manhunts Into Space http://w00t.pro/2013/05/22/17208 http://w00t.pro/2013/05/22/17208#comments Wed, 22 May 2013 02:03:00 +0000 w00t http://w00t.pro/2013/05/22/17208/ Wired reports on a cluster of mini-satellites that will shortly be launched into orbit that will assist U.S. special forces personnel during manhunts. “SOCOM is putting eight miniature communications satellites, each approximately the size of a water jug, on top of the Minotaur rocket that’s getting ready to launch from Wallops Island, Virginia. They’ll sit more than 300 miles above the earth & provide a new way for the beacons to call back to their masters.” When special forces are able to tag their target, the target can be tracked & located through the use of satellites & cell towers, yet coverage is poor in many areas of the world. The satellites going up in September will assist to fill in some gaps. “This array of configurable ‘cubesats’ is designed to stay aloft for three years or more. Yes, it will serve as further research project. But ‘operators are going to use it,’ Richardson promised an industry conference in Tampa last week.”
Share on Google+

Read more of this story at Slashdot.

View Source

]]> http://w00t.pro/2013/05/22/17208/feed 0 Aurora Attackers Were Looking For Google’s Surveillance Database http://w00t.pro/2013/05/22/17207 http://w00t.pro/2013/05/22/17207#comments Wed, 22 May 2013 00:00:00 +0000 w00t http://w00t.pro/2013/05/22/17207/ An anonymous reader writes “When in early 2010 Google shared with the public that they had been breached in what became known as the Aurora attacks, they said that the attackers received their hands on some source code & were looking to access Gmail accounts of Tibetan activists. What they didn’t make public is that the hackers have moreover accessed a database containing information approximately court-issued surveillance orders that enabled law enforcement agencies to monitor email accounts belonging to diplomats, suspected spies & terrorists. Whether this was the primary goal of the attacks as well as how much information was exfiltrated is unknown. current & former U.S. government officials interviewed by the Washington Post say that the database in question was possibly accessed in order to discover which Chinese intelligence operatives located in the U.S. were under surveillance.”
Share on Google+

Read more of this story at Slashdot.

View Source

]]> http://w00t.pro/2013/05/22/17207/feed 0 Aurora Attackers Were Looking For Google’s Surveillance Database http://w00t.pro/2013/05/22/17206 http://w00t.pro/2013/05/22/17206#comments Wed, 22 May 2013 00:00:00 +0000 w00t http://w00t.pro/2013/05/22/17206/ An anonymous reader writes “When in early 2010 Google shared with the public that they had been breached in what became known as the Aurora attacks, they said that the attackers received their hands on some source code & were looking to access Gmail accounts of Tibetan activists. What they didn’t make public is that the hackers have moreover accessed a database containing information approximately court-issued surveillance orders that enabled law enforcement agencies to monitor email accounts belonging to diplomats, suspected spies & terrorists. Whether this was the primary goal of the attacks as well as how much information was exfiltrated is unknown. current & former U.S. government officials interviewed by the Washington Post say that the database in question was possibly accessed in order to discover which Chinese intelligence operatives located in the U.S. were under surveillance.”
Share on Google+

Read more of this story at Slashdot.

View Source

]]> http://w00t.pro/2013/05/22/17206/feed 0 Dart Is Not the Language You Think It Is http://w00t.pro/2013/05/21/17205 http://w00t.pro/2013/05/21/17205#comments Tue, 21 May 2013 23:20:00 +0000 w00t http://w00t.pro/2013/05/21/17205/ An anonymous reader writes “Seth Ladd has an superior write-up of Dart: ‘When Dart was originally launched, many developers mistook it for some sort of Java clone. In truth, Dart is inspired by a range of languages such as Smalltalk, Strongtalk, Erlang, C#, & JavaScript. Get past the semicolons & curly braces, & you’ll see a terse language without ceremony. … Dart understands that sometimes you just don’t feel like appeasing a ceremonial type checker. Dart’s inclusion of an optional type system means you can use type annotations when you want, or use dynamic when that’s easier. For example, you can explore a new idea without having to first think approximately type hierarchies. Just experiment & use var for your types. Once the idea is tested & you’re comfortable with the design, you can add type annotations.”
Share on Google+

Read more of this story at Slashdot.

View Source

]]> http://w00t.pro/2013/05/21/17205/feed 0 Dart Is Not the Language You Think It Is http://w00t.pro/2013/05/21/17204 http://w00t.pro/2013/05/21/17204#comments Tue, 21 May 2013 23:20:00 +0000 w00t http://w00t.pro/2013/05/21/17204/ An anonymous reader writes “Seth Ladd has an superior write-up of Dart: ‘When Dart was originally launched, many developers mistook it for some sort of Java clone. In truth, Dart is inspired by a range of languages such as Smalltalk, Strongtalk, Erlang, C#, & JavaScript. Get past the semicolons & curly braces, & you’ll see a terse language without ceremony. … Dart understands that sometimes you just don’t feel like appeasing a ceremonial type checker. Dart’s inclusion of an optional type system means you can use type annotations when you want, or use dynamic when that’s easier. For example, you can explore a new idea without having to first think approximately type hierarchies. Just experiment & use var for your types. Once the idea is tested & you’re comfortable with the design, you can add type annotations.”
Share on Google+

Read more of this story at Slashdot.

View Source

]]> http://w00t.pro/2013/05/21/17204/feed 0 EPA Makes a Rad Decision http://w00t.pro/2013/05/21/17203 http://w00t.pro/2013/05/21/17203#comments Tue, 21 May 2013 22:36:00 +0000 w00t http://w00t.pro/2013/05/21/17203/ New submitter QuantumPion writes “The Environmental Protection Agency released draft guidelines last month that could significantly relax radiation hazard standards in the case of a radiological event in the United States by using risk-based decisions. The goal is to have limits that make sense in an emergency that are different from the limits in day-to-day life. From the article: ‘Currently, the only guidance are the extremely strict standards that apply for EPA Superfund sites & nuclear plant decommissioning, which are as low as 0.010–0.025 rem/year, far below the natural background levels in the U.S. of 0.300 rem/year, & even well below the average amount of radioactive materials that Americans eat each year. And these guidelines aren’t really different from the 1992 PAG, except in the area of long-term cleanup standards and, perhaps, standards for resettlement. What’s the huge deal here? As radworkers, we’re allowed to obtain 5 rem/year. 2 rem/year doesn’t rate a second thought. … No one has ever been harmed by 5 rem/year, so setting emergency levels at 2 rem/year is pretty mild & more than reasonable. … Think of it this way. The situations covered by these new guidelines are similar to someone dying of thirst who has the chance to drink fresh water having 2,000 pCi per gallon of radium in it. While the safe drinking water levels are 20 pCi/gal for Ra, 2,000 pCi/gal is of no threat, especially if you’re going to die from imminent dehydration. Of course, a bag of potato chips has 3,500 picocuries, so go figure.’”
Share on Google+

Read more of this story at Slashdot.

View Source

]]> http://w00t.pro/2013/05/21/17203/feed 0 EPA Makes a Rad Decision http://w00t.pro/2013/05/21/17202 http://w00t.pro/2013/05/21/17202#comments Tue, 21 May 2013 22:36:00 +0000 w00t http://w00t.pro/2013/05/21/17202/ New submitter QuantumPion writes “The Environmental Protection Agency released draft guidelines last month that could significantly relax radiation hazard standards in the case of a radiological event in the United States by using risk-based decisions. The goal is to have limits that make sense in an emergency that are different from the limits in day-to-day life. From the article: ‘Currently, the only guidance are the extremely strict standards that apply for EPA Superfund sites & nuclear plant decommissioning, which are as low as 0.010–0.025 rem/year, far below the natural background levels in the U.S. of 0.300 rem/year, & even well below the average amount of radioactive materials that Americans eat each year. And these guidelines aren’t really different from the 1992 PAG, except in the area of long-term cleanup standards and, perhaps, standards for resettlement. What’s the huge deal here? As radworkers, we’re allowed to obtain 5 rem/year. 2 rem/year doesn’t rate a second thought. … No one has ever been harmed by 5 rem/year, so setting emergency levels at 2 rem/year is pretty mild & more than reasonable. … Think of it this way. The situations covered by these new guidelines are similar to someone dying of thirst who has the chance to drink fresh water having 2,000 pCi per gallon of radium in it. While the safe drinking water levels are 20 pCi/gal for Ra, 2,000 pCi/gal is of no threat, especially if you’re going to die from imminent dehydration. Of course, a bag of potato chips has 3,500 picocuries, so go figure.’”
Share on Google+

Read more of this story at Slashdot.

View Source

]]> http://w00t.pro/2013/05/21/17202/feed 0 Infotecs ViPNet Products Privilege Escalation http://w00t.pro/2013/05/21/17229 http://w00t.pro/2013/05/21/17229#comments Tue, 21 May 2013 22:12:31 +0000 w00t http://w00t.pro/2013/05/21/17229/ A usual local privilege escalation vulnerability has been discovered in multiple Infotecs ViPNet products. The affected versions include ViPNet Client version 3.2.10 (15632), ViPNet Coordinator version 3.2.10 (15632), ViPNet SafeDisk version 4.1 (0.5643), & ViPNet Personal Firewall version 3.1. Prior versions of these products are moreover affected.

View Source

]]> http://w00t.pro/2013/05/21/17229/feed 0 Infotecs ViPNet Products Privilege Escalation http://w00t.pro/2013/05/21/17228 http://w00t.pro/2013/05/21/17228#comments Tue, 21 May 2013 22:12:31 +0000 w00t http://w00t.pro/2013/05/21/17228/ A usual local privilege escalation vulnerability has been discovered in multiple Infotecs ViPNet products. The affected versions include ViPNet Client version 3.2.10 (15632), ViPNet Coordinator version 3.2.10 (15632), ViPNet SafeDisk version 4.1 (0.5643), & ViPNet Personal Firewall version 3.1. Prior versions of these products are moreover affected.

View Source

]]> http://w00t.pro/2013/05/21/17228/feed 0 Ask Slashdot: Can Yahoo Actually Stage a Comeback? http://w00t.pro/2013/05/21/17201 http://w00t.pro/2013/05/21/17201#comments Tue, 21 May 2013 21:54:00 +0000 w00t http://w00t.pro/2013/05/21/17201/ Nerval’s Lobster writes “Fresh off purchasing Tumblr for $1.1 billion, Yahoo has moved to the next stage of what’s becoming a company-wide reboot: fixing Flickr, the photo-sharing service that it acquired in 2005 & subsequently allowed to languish. Yahoo boosted Flickr accounts’ individual storage capacity to one free terabyte, revamped the Website’s overall look, & launched a new Flickr app for Google Android, among other tweaks. Yahoo CEO Marissa Mayer clearly wants her company to fight toe-to-toe on features with Google & Facebook, yet she faces a long road ahead of her: not only does she need to streamline Yahoo’s cumbersome corporate structure & product portfolio into something that resembles fighting shape, yet she needs to reverse the general perception that Yahoo is teetering on the edge of history’s trash-bin, with an aging customer base & unexciting features. The question is, could anyone actually pull it off? Is Yahoo capable of an Apple-style turnaround, or are its current actions merely delaying the inevitable?”
Share on Google+

Read more of this story at Slashdot.

View Source

]]> http://w00t.pro/2013/05/21/17201/feed 0 Ask Slashdot: Can Yahoo Actually Stage a Comeback? http://w00t.pro/2013/05/21/17200 http://w00t.pro/2013/05/21/17200#comments Tue, 21 May 2013 21:54:00 +0000 w00t http://w00t.pro/2013/05/21/17200/ Nerval’s Lobster writes “Fresh off purchasing Tumblr for $1.1 billion, Yahoo has moved to the next stage of what’s becoming a company-wide reboot: fixing Flickr, the photo-sharing service that it acquired in 2005 & subsequently allowed to languish. Yahoo boosted Flickr accounts’ individual storage capacity to one free terabyte, revamped the Website’s overall look, & launched a new Flickr app for Google Android, among other tweaks. Yahoo CEO Marissa Mayer clearly wants her company to fight toe-to-toe on features with Google & Facebook, yet she faces a long road ahead of her: not only does she need to streamline Yahoo’s cumbersome corporate structure & product portfolio into something that resembles fighting shape, yet she needs to reverse the general perception that Yahoo is teetering on the edge of history’s trash-bin, with an aging customer base & unexciting features. The question is, could anyone actually pull it off? Is Yahoo capable of an Apple-style turnaround, or are its current actions merely delaying the inevitable?”
Share on Google+

Read more of this story at Slashdot.

View Source

]]> http://w00t.pro/2013/05/21/17200/feed 0 Slackware Security Advisory – kernel Updates http://w00t.pro/2013/05/21/17227 http://w00t.pro/2013/05/21/17227#comments Tue, 21 May 2013 21:20:13 +0000 w00t http://w00t.pro/2013/05/21/17227/ Slackware Security Advisory – New Linux kernel packages are available for Slackware 13.37 & 14.0 to fix a security issue.

View Source

]]> http://w00t.pro/2013/05/21/17227/feed 0 Slackware Security Advisory – kernel Updates http://w00t.pro/2013/05/21/17226 http://w00t.pro/2013/05/21/17226#comments Tue, 21 May 2013 21:20:13 +0000 w00t http://w00t.pro/2013/05/21/17226/ Slackware Security Advisory – New Linux kernel packages are available for Slackware 13.37 & 14.0 to fix a security issue.

View Source

]]> http://w00t.pro/2013/05/21/17226/feed 0 Red Hat Security Advisory 2013-0847-01 http://w00t.pro/2013/05/21/17225 http://w00t.pro/2013/05/21/17225#comments Tue, 21 May 2013 21:14:16 +0000 w00t http://w00t.pro/2013/05/21/17225/ Red Hat Security Advisory 2013-0847-01 – The kernel packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way the Xen hypervisor AMD IOMMU driver handled interrupt remapping entries. By default, a single interrupt remapping table is used, & old interrupt remapping entries are not cleared, potentially allowing a privileged guest user in a guest that has a passed-through, bus-mastering capable PCI device to inject interrupt entries into others guests, including the privileged management domain, leading to a denial of service.

View Source

]]> http://w00t.pro/2013/05/21/17225/feed 0 Red Hat Security Advisory 2013-0847-01 http://w00t.pro/2013/05/21/17224 http://w00t.pro/2013/05/21/17224#comments Tue, 21 May 2013 21:14:16 +0000 w00t http://w00t.pro/2013/05/21/17224/ Red Hat Security Advisory 2013-0847-01 – The kernel packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way the Xen hypervisor AMD IOMMU driver handled interrupt remapping entries. By default, a single interrupt remapping table is used, & old interrupt remapping entries are not cleared, potentially allowing a privileged guest user in a guest that has a passed-through, bus-mastering capable PCI device to inject interrupt entries into others guests, including the privileged management domain, leading to a denial of service.

View Source

]]> http://w00t.pro/2013/05/21/17224/feed 0 Red Hat Security Advisory 2013-0848-01 http://w00t.pro/2013/05/21/17223 http://w00t.pro/2013/05/21/17223#comments Tue, 21 May 2013 21:13:43 +0000 w00t http://w00t.pro/2013/05/21/17223/ Red Hat Security Advisory 2013-0848-01 – Red Hat Network Satellite is a system management tool for Linux-based infrastructures. It allows for provisioning, monitoring, & remote management of multiple Linux deployments with a single, centralized tool. It was discovered that Red Hat Network Satellite did not fully check the authenticity of a client beyond the initial authentication check during an Inter-Satellite Sync operation. If a remote attacker were to modify the satellite-sync client to skip the initial authentication call, they could obtain all channel content from any Red Hat Network Satellite server that could be reached, even if Inter-Satellite Sync support was disabled.

View Source

]]> http://w00t.pro/2013/05/21/17223/feed 0 Red Hat Security Advisory 2013-0848-01 http://w00t.pro/2013/05/21/17222 http://w00t.pro/2013/05/21/17222#comments Tue, 21 May 2013 21:13:43 +0000 w00t http://w00t.pro/2013/05/21/17222/ Red Hat Security Advisory 2013-0848-01 – Red Hat Network Satellite is a system management tool for Linux-based infrastructures. It allows for provisioning, monitoring, & remote management of multiple Linux deployments with a single, centralized tool. It was discovered that Red Hat Network Satellite did not fully check the authenticity of a client beyond the initial authentication check during an Inter-Satellite Sync operation. If a remote attacker were to modify the satellite-sync client to skip the initial authentication call, they could obtain all channel content from any Red Hat Network Satellite server that could be reached, even if Inter-Satellite Sync support was disabled.

View Source

]]> http://w00t.pro/2013/05/21/17222/feed 0 Ubuntu Security Notice USN-1832-1 http://w00t.pro/2013/05/21/17221 http://w00t.pro/2013/05/21/17221#comments Tue, 21 May 2013 21:13:31 +0000 w00t http://w00t.pro/2013/05/21/17221/ Ubuntu Security Notice 1832-1 – Emmanuel Bouillon discovered that LibTIFF incorrectly handled certain malformed images when using the tiff2pdf tool. If a user or automated system were tricked into opening a specially crafted TIFF image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges.

View Source

]]> http://w00t.pro/2013/05/21/17221/feed 0 Ubuntu Security Notice USN-1832-1 http://w00t.pro/2013/05/21/17220 http://w00t.pro/2013/05/21/17220#comments Tue, 21 May 2013 21:13:31 +0000 w00t http://w00t.pro/2013/05/21/17220/ Ubuntu Security Notice 1832-1 – Emmanuel Bouillon discovered that LibTIFF incorrectly handled certain malformed images when using the tiff2pdf tool. If a user or automated system were tricked into opening a specially crafted TIFF image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges.

View Source

]]> http://w00t.pro/2013/05/21/17220/feed 0 Mandriva Linux Security Advisory 2013-166 http://w00t.pro/2013/05/21/17219 http://w00t.pro/2013/05/21/17219#comments Tue, 21 May 2013 21:13:09 +0000 w00t http://w00t.pro/2013/05/21/17219/ Mandriva Linux Security Advisory 2013-166 – The kpasswd service provided by kadmind was vulnerable to a UDP ping-pong attack. The updated packages have been patched to correct this issue.

View Source

]]> http://w00t.pro/2013/05/21/17219/feed 0 Mandriva Linux Security Advisory 2013-166 http://w00t.pro/2013/05/21/17218 http://w00t.pro/2013/05/21/17218#comments Tue, 21 May 2013 21:13:09 +0000 w00t http://w00t.pro/2013/05/21/17218/ Mandriva Linux Security Advisory 2013-166 – The kpasswd service provided by kadmind was vulnerable to a UDP ping-pong attack. The updated packages have been patched to correct this issue.

View Source

]]> http://w00t.pro/2013/05/21/17218/feed 0 3-D Printable Food Gets Funding From NASA http://w00t.pro/2013/05/21/17199 http://w00t.pro/2013/05/21/17199#comments Tue, 21 May 2013 21:12:00 +0000 w00t http://w00t.pro/2013/05/21/17199/ cervesaebraciator writes “According to Quartz, ‘[Anjan Contractor's] Systems & Materials Research Corporation just received a six month, $125,000 grant from NASA to create a prototype of his universal food synthesizer. But Contractor, a mechanical engineer with a background in 3-D printing, envisions a much more mundane — & ultimately more significant — use for the technology. He sees a day when every kitchen has a 3-D printer, & the earth’s 12 billion people feed themselves customized, nutritionally-appropriate meals synthesized one layer at a time, from cartridges of powder & oils they buy at the corner grocery store. Contractor’s vision would mean the end of food waste, because the powder his system will use is shelf-stable for up to 30 years, so that each cartridge, whether it contains sugars, complex carbohydrates, protein or some other basic building block, would be fully exhausted before being returned to the store.’ No word yet on whether anyone other than the man trying to sell the technology thinks it’ll make palatable food.”
Share on Google+

Read more of this story at Slashdot.

View Source

]]> http://w00t.pro/2013/05/21/17199/feed 0 3-D Printable Food Gets Funding From NASA http://w00t.pro/2013/05/21/17198 http://w00t.pro/2013/05/21/17198#comments Tue, 21 May 2013 21:12:00 +0000 w00t http://w00t.pro/2013/05/21/17198/ cervesaebraciator writes “According to Quartz, ‘[Anjan Contractor's] Systems & Materials Research Corporation just received a six month, $125,000 grant from NASA to create a prototype of his universal food synthesizer. But Contractor, a mechanical engineer with a background in 3-D printing, envisions a much more mundane — & ultimately more significant — use for the technology. He sees a day when every kitchen has a 3-D printer, & the earth’s 12 billion people feed themselves customized, nutritionally-appropriate meals synthesized one layer at a time, from cartridges of powder & oils they buy at the corner grocery store. Contractor’s vision would mean the end of food waste, because the powder his system will use is shelf-stable for up to 30 years, so that each cartridge, whether it contains sugars, complex carbohydrates, protein or some other basic building block, would be fully exhausted before being returned to the store.’ No word yet on whether anyone other than the man trying to sell the technology thinks it’ll make palatable food.”
Share on Google+

Read more of this story at Slashdot.

View Source

]]> http://w00t.pro/2013/05/21/17198/feed 0 Transporting a 15-Meter-Wide, 600-Ton Magnet Cross Country http://w00t.pro/2013/05/21/17197 http://w00t.pro/2013/05/21/17197#comments Tue, 21 May 2013 20:29:00 +0000 w00t http://w00t.pro/2013/05/21/17197/ necro81 writes “Although its Tevatron particle accelerator has gone dark, Fermi Laboratory outside Chicago is still doing physics. A new experiment, called muon g-2 will investigate quantum mechanical behavior of the electron’s heavier sibling: the muon. Fermi needs a large ring chamber to store the muons it produces & investigates, & it just so happens that Brookhaven National Laboratory outside NYC has one to spare. But how do you transport a delicate, 15-m diameter, 600-ton superconducting magnet halfway across the country? Very carefully.”
Share on Google+

Read more of this story at Slashdot.

View Source

]]> http://w00t.pro/2013/05/21/17197/feed 0 Transporting a 15-Meter-Wide, 600-Ton Magnet Cross Country http://w00t.pro/2013/05/21/17196 http://w00t.pro/2013/05/21/17196#comments Tue, 21 May 2013 20:29:00 +0000 w00t http://w00t.pro/2013/05/21/17196/ necro81 writes “Although its Tevatron particle accelerator has gone dark, Fermi Laboratory outside Chicago is still doing physics. A new experiment, called muon g-2 will investigate quantum mechanical behavior of the electron’s heavier sibling: the muon. Fermi needs a large ring chamber to store the muons it produces & investigates, & it just so happens that Brookhaven National Laboratory outside NYC has one to spare. But how do you transport a delicate, 15-m diameter, 600-ton superconducting magnet halfway across the country? Very carefully.”
Share on Google+

Read more of this story at Slashdot.

View Source

]]> http://w00t.pro/2013/05/21/17196/feed 0 House Bill Would Mandate Smart Gun Tech By U.S. Manufacturers http://w00t.pro/2013/05/21/17195 http://w00t.pro/2013/05/21/17195#comments Tue, 21 May 2013 19:46:00 +0000 w00t http://w00t.pro/2013/05/21/17195/ Lucas123 writes “U.S. Rep. John Tierney (D-Mass) is pushing a bill that would require all U.S. handgun manufacturers to include ‘personalization technology’ in their weapons. Tierney said he received the idea for The Personalized Handgun Safety Act of 2013 from the latest James Bond film, Skyfall. In it Bond escapes death when his handgun, which is equipped with technology that recognizes his fingerprints, becomes inoperable when a offensive man picks it up. ‘This technology, however, isn’t just for the movies — it’s a reality,’ Tierney said. Tierney pointed to a myriad of cases where the smart gun tech could prevent children from being harmed or killed in firearms accidents. Jim Wallace, executive director of the Massachusetts Gun Owners Action League, the official state association of the NRA, said he knows of no gun owners who would want smart gun technology on their weapons. Wallace said any technology that may impede the proper function of a weapon is a problem. He pointed to the fact that any integrated processor technology would moreover require a battery of some kind, which could pose a system failure if it lost power.”
Share on Google+

Read more of this story at Slashdot.

View Source

]]> http://w00t.pro/2013/05/21/17195/feed 0 House Bill Would Mandate Smart Gun Tech By U.S. Manufacturers http://w00t.pro/2013/05/21/17194 http://w00t.pro/2013/05/21/17194#comments Tue, 21 May 2013 19:46:00 +0000 w00t http://w00t.pro/2013/05/21/17194/ Lucas123 writes “U.S. Rep. John Tierney (D-Mass) is pushing a bill that would require all U.S. handgun manufacturers to include ‘personalization technology’ in their weapons. Tierney said he received the idea for The Personalized Handgun Safety Act of 2013 from the latest James Bond film, Skyfall. In it Bond escapes death when his handgun, which is equipped with technology that recognizes his fingerprints, becomes inoperable when a offensive man picks it up. ‘This technology, however, isn’t just for the movies — it’s a reality,’ Tierney said. Tierney pointed to a myriad of cases where the smart gun tech could prevent children from being harmed or killed in firearms accidents. Jim Wallace, executive director of the Massachusetts Gun Owners Action League, the official state association of the NRA, said he knows of no gun owners who would want smart gun technology on their weapons. Wallace said any technology that may impede the proper function of a weapon is a problem. He pointed to the fact that any integrated processor technology would moreover require a battery of some kind, which could pose a system failure if it lost power.”
Share on Google+

Read more of this story at Slashdot.

View Source

]]> http://w00t.pro/2013/05/21/17194/feed 0 [dos / poc] – win32k!EPATHOBJ::pprFlattenRec Uninitialized Next Pointer Testcase http://w00t.pro/2013/05/21/17171 http://w00t.pro/2013/05/21/17171#comments Tue, 21 May 2013 19:06:19 +0000 w00t http://w00t.pro/2013/05/21/17171/ View Source

]]> http://w00t.pro/2013/05/21/17171/feed 0 [dos / poc] – win32k!EPATHOBJ::pprFlattenRec Uninitialized Next Pointer Testcase http://w00t.pro/2013/05/21/17170 http://w00t.pro/2013/05/21/17170#comments Tue, 21 May 2013 19:06:19 +0000 w00t http://w00t.pro/2013/05/21/17170/ View Source

]]> http://w00t.pro/2013/05/21/17170/feed 0 [local exploits] – Ophcrack 3.5.0 – Local Code Execution BOF http://w00t.pro/2013/05/21/17169 http://w00t.pro/2013/05/21/17169#comments Tue, 21 May 2013 19:05:19 +0000 w00t http://w00t.pro/2013/05/21/17169/ View Source

]]> http://w00t.pro/2013/05/21/17169/feed 0 [local exploits] – Ophcrack 3.5.0 – Local Code Execution BOF http://w00t.pro/2013/05/21/17168 http://w00t.pro/2013/05/21/17168#comments Tue, 21 May 2013 19:05:19 +0000 w00t http://w00t.pro/2013/05/21/17168/ View Source

]]> http://w00t.pro/2013/05/21/17168/feed 0 Do Developers Need Free Perks To Thrive? http://w00t.pro/2013/05/21/17193 http://w00t.pro/2013/05/21/17193#comments Tue, 21 May 2013 19:04:00 +0000 w00t http://w00t.pro/2013/05/21/17193/ jammag writes “Free sodas, candy & energy bars can be surprisingly significant to developers, says longtime coder Eric Spiegel. They need the perks, not to mention the caffeine boost. More important, free sodas from management are like the canary in the coal mine. If they obtain cut, then layoffs might be next. ‘The sodas are just the wake-up call. If the culture changes to be focused more on cost-cutting than on innovation & creativity, then would you still want to work here? I wouldn’t.’ Are free perks really that important?”
Share on Google+

Read more of this story at Slashdot.

View Source

]]> http://w00t.pro/2013/05/21/17193/feed 0 Do Developers Need Free Perks To Thrive? http://w00t.pro/2013/05/21/17192 http://w00t.pro/2013/05/21/17192#comments Tue, 21 May 2013 19:04:00 +0000 w00t http://w00t.pro/2013/05/21/17192/ jammag writes “Free sodas, candy & energy bars can be surprisingly significant to developers, says longtime coder Eric Spiegel. They need the perks, not to mention the caffeine boost. More important, free sodas from management are like the canary in the coal mine. If they obtain cut, then layoffs might be next. ‘The sodas are just the wake-up call. If the culture changes to be focused more on cost-cutting than on innovation & creativity, then would you still want to work here? I wouldn’t.’ Are free perks really that important?”
Share on Google+

Read more of this story at Slashdot.

View Source

]]> http://w00t.pro/2013/05/21/17192/feed 0 [remote exploits] – Linksys WRT160nv2 apply.cgi Remote Command Injection http://w00t.pro/2013/05/21/17167 http://w00t.pro/2013/05/21/17167#comments Tue, 21 May 2013 19:03:46 +0000 w00t http://w00t.pro/2013/05/21/17167/ View Source

]]> http://w00t.pro/2013/05/21/17167/feed 0 [remote exploits] – Linksys WRT160nv2 apply.cgi Remote Command Injection http://w00t.pro/2013/05/21/17166 http://w00t.pro/2013/05/21/17166#comments Tue, 21 May 2013 19:03:46 +0000 w00t http://w00t.pro/2013/05/21/17166/ View Source

]]> http://w00t.pro/2013/05/21/17166/feed 0 So You’ve Always Wanted a Hovercraft… (Video) http://w00t.pro/2013/05/21/17191 http://w00t.pro/2013/05/21/17191#comments Tue, 21 May 2013 18:22:00 +0000 w00t http://w00t.pro/2013/05/21/17191/ What little boy or girl never wanted a hovercraft? Something loud that could travel over water, pavement, maybe even over a plowed field or through a swamp? Ben King obviously wanted one, so after he grew up & received his PhD in physics & found a satisfactory job, he founded Lone Star Hovercraft. Timothy Lord interviewed Ben at the Austin Mini Maker Faire, & we moreover found some video of Ben flying (is that the right word?) one of his hovercraft on a lake that we spliced into the interview to liven it up a little. Vroom!
Share on Google+

Read more of this story at Slashdot.

View Source

]]> http://w00t.pro/2013/05/21/17191/feed 0 So You’ve Always Wanted a Hovercraft… (Video) http://w00t.pro/2013/05/21/17190 http://w00t.pro/2013/05/21/17190#comments Tue, 21 May 2013 18:22:00 +0000 w00t http://w00t.pro/2013/05/21/17190/ What little boy or girl never wanted a hovercraft? Something loud that could travel over water, pavement, maybe even over a plowed field or through a swamp? Ben King obviously wanted one, so after he grew up & received his PhD in physics & found a satisfactory job, he founded Lone Star Hovercraft. Timothy Lord interviewed Ben at the Austin Mini Maker Faire, & we moreover found some video of Ben flying (is that the right word?) one of his hovercraft on a lake that we spliced into the interview to liven it up a little. Vroom!
Share on Google+

Read more of this story at Slashdot.

View Source

]]> http://w00t.pro/2013/05/21/17190/feed 0 Microsoft Unveils Xbox One http://w00t.pro/2013/05/21/17189 http://w00t.pro/2013/05/21/17189#comments Tue, 21 May 2013 17:41:00 +0000 w00t http://w00t.pro/2013/05/21/17189/ Today at a press conference leading up to E3, Microsoft unveiled its next-gen games/entertainment console, the Xbox One. Their stated goal for the Xbox One is to have a single device provide “all of your entertainment.” One of the huge changes is increased support for voice & and gesture input. You can turn the console on by voice, & it will recognize you & automatically login. Swiping to the side with your hand will browse through menu pages, & saying “Watch TV” will bring up the TV app very quickly. The same with music, internet, & movies. The new console moreover supports multitasking — for example, while watching a movie, you can bring up your web browser in a side panel & surf the web at the same time. There is moreover a built-in TV listings app that responds to channel names — saying “Watch CBS” will switch to CBS without giving it an actual channel number. By this point, you’re probably asking: does it play games? Yes. Hardware specs: 8-core CPU/GPU, 8GB RAM, a Blu-ray drive, a 500GB HDD, USB 3.0, & Wi-fi Direct. (They didn’t provide the CPU frequency, instead saying it had 5 billion transistors.) The Kinect sensor received an upgrade: 2Gbps of data capture has finer skeletal visibility, can detect minor orientation changes in hands & fingers, & can even calculate your balance & weight distribution. The new controller looks slightly bigger, & is designed to play well with Kinect. They’ve moreover updated Smartglass, the remote control software that runs on mobile devices, yet they didn’t explain much approximately it. The new Xbox Live will have 300,000 servers powering it, up from 15,000 this year — though, of course, no details were provided approximately server specs. The console will have native game capture & editing tools — essentially, a game DVR. Saved games will be stored in the cloud, & they have new matchmaking capabilities that operate in the background. Update: 05/21 17:50 GMT by S : Halo is getting its own live-action TV show, for some reason. They’ll be collaborating with Steven Spielberg. Microsoft is moreover partnering with the NFL for live broadcasts & interactive experiences, such as split-screen Skype chats & fantasy league updates. Xbox One will be out “later this year.” No price information. it will not be backward-compatible with Xbox 360 games.
Share on Google+

Read more of this story at Slashdot.

View Source

]]> http://w00t.pro/2013/05/21/17189/feed 0 Microsoft Unveils Xbox One http://w00t.pro/2013/05/21/17188 http://w00t.pro/2013/05/21/17188#comments Tue, 21 May 2013 17:41:00 +0000 w00t http://w00t.pro/2013/05/21/17188/ Today at a press conference leading up to E3, Microsoft unveiled its next-gen games/entertainment console, the Xbox One. Their stated goal for the Xbox One is to have a single device provide “all of your entertainment.” One of the huge changes is increased support for voice & and gesture input. You can turn the console on by voice, & it will recognize you & automatically login. Swiping to the side with your hand will browse through menu pages, & saying “Watch TV” will bring up the TV app very quickly. The same with music, internet, & movies. The new console moreover supports multitasking — for example, while watching a movie, you can bring up your web browser in a side panel & surf the web at the same time. There is moreover a built-in TV listings app that responds to channel names — saying “Watch CBS” will switch to CBS without giving it an actual channel number. By this point, you’re probably asking: does it play games? Yes. Hardware specs: 8-core CPU/GPU, 8GB RAM, a Blu-ray drive, a 500GB HDD, USB 3.0, & Wi-fi Direct. (They didn’t provide the CPU frequency, instead saying it had 5 billion transistors.) The Kinect sensor received an upgrade: 2Gbps of data capture has finer skeletal visibility, can detect minor orientation changes in hands & fingers, & can even calculate your balance & weight distribution. The new controller looks slightly bigger, & is designed to play well with Kinect. They’ve moreover updated Smartglass, the remote control software that runs on mobile devices, yet they didn’t explain much approximately it. The new Xbox Live will have 300,000 servers powering it, up from 15,000 this year — though, of course, no details were provided approximately server specs. The console will have native game capture & editing tools — essentially, a game DVR. Saved games will be stored in the cloud, & they have new matchmaking capabilities that operate in the background. Update: 05/21 17:50 GMT by S : Halo is getting its own live-action TV show, for some reason. They’ll be collaborating with Steven Spielberg. Microsoft is moreover partnering with the NFL for live broadcasts & interactive experiences, such as split-screen Skype chats & fantasy league updates. Xbox One will be out “later this year.” No price information. it will not be backward-compatible with Xbox 360 games.
Share on Google+

Read more of this story at Slashdot.

View Source

]]> http://w00t.pro/2013/05/21/17188/feed 0 Ask Neil Gaiman and Amber Benson About Their Kickstarter Vampire Movie http://w00t.pro/2013/05/21/17187 http://w00t.pro/2013/05/21/17187#comments Tue, 21 May 2013 16:57:00 +0000 w00t http://w00t.pro/2013/05/21/17187/ Writer & novelist Neil Gaiman & Amber Benson of Buffy the Vampire Slayer fame have teamed up to star in a new vampire movie called, Blood Kiss. Kickstarted by ST:TNG & Emmy-winning writer Michael Reaves, Blood Kiss is a film noir vampire movie set in Golden Age Hollywood. Of his acting debut Gaiman says, “I’m willing to pretend that the prospect of acting doesn’t terrify me in order to assist Michael Reaves make his film.” The trio have agreed to take a break from the blood & answer any questions you have approximately the new project or their past work. As usual, ask as many as you’d like, yet please, one per post.
Share on Google+

Read more of this story at Slashdot.

View Source

]]> http://w00t.pro/2013/05/21/17187/feed 0 Ask Neil Gaiman and Amber Benson About Their Kickstarter Vampire Movie http://w00t.pro/2013/05/21/17186 http://w00t.pro/2013/05/21/17186#comments Tue, 21 May 2013 16:57:00 +0000 w00t http://w00t.pro/2013/05/21/17186/ Writer & novelist Neil Gaiman & Amber Benson of Buffy the Vampire Slayer fame have teamed up to star in a new vampire movie called, Blood Kiss. Kickstarted by ST:TNG & Emmy-winning writer Michael Reaves, Blood Kiss is a film noir vampire movie set in Golden Age Hollywood. Of his acting debut Gaiman says, “I’m willing to pretend that the prospect of acting doesn’t terrify me in order to assist Michael Reaves make his film.” The trio have agreed to take a break from the blood & answer any questions you have approximately the new project or their past work. As usual, ask as many as you’d like, yet please, one per post.
Share on Google+

Read more of this story at Slashdot.

View Source

]]> http://w00t.pro/2013/05/21/17186/feed 0 Kimai 0.9.2.1306-3 SQL Injection http://w00t.pro/2013/05/21/17217 http://w00t.pro/2013/05/21/17217#comments Tue, 21 May 2013 16:51:11 +0000 w00t http://w00t.pro/2013/05/21/17217/ Kimai version 0.9.2.1306-3 suffers from a remote SQL injection vulnerability.

View Source

]]> http://w00t.pro/2013/05/21/17217/feed 0 Kimai 0.9.2.1306-3 SQL Injection http://w00t.pro/2013/05/21/17216 http://w00t.pro/2013/05/21/17216#comments Tue, 21 May 2013 16:51:11 +0000 w00t http://w00t.pro/2013/05/21/17216/ Kimai version 0.9.2.1306-3 suffers from a remote SQL injection vulnerability.

View Source

]]> http://w00t.pro/2013/05/21/17216/feed 0 Immigration Reform May Spur Software Robotics http://w00t.pro/2013/05/21/17185 http://w00t.pro/2013/05/21/17185#comments Tue, 21 May 2013 16:12:00 +0000 w00t http://w00t.pro/2013/05/21/17185/ dcblogs writes “The Senate’s immigration bill may force the large offshore outsourcing firms to reduce their use of H-1B visa-holding staff, forcing them to hire more local workers & raising their costs. But one large Indian firm, Infosys, will try to offset cost increases with software robotics. Infosys recently announced a partnership with IPsoft, a New York-based provider of autonomic IT services. With IPsoft’s tools, work that is now done by human beings, mostly Level 1 support, could be done by a software machine. Infosys says that IPsoft tools can ‘reduce human intervention.’ More colorfully, Chandrashekar Kakal, global head of Infosys’s business IT services, told the Times of India, that ‘what robotics did for the auto assembly line, we are now doing for the IT engineering line.’ James Slaby, a research director of HFS Research who has been following the use of autonomics closely, wrote in a recent report that the IPsoft partnership may assist Infosys ‘reap fatter margins by augmenting & replacing expensive, human IT support engineers with cheaper, more accurate, efficient automated processes,’ & by improving service delivery.”
Share on Google+

Read more of this story at Slashdot.

View Source

]]> http://w00t.pro/2013/05/21/17185/feed 0 Immigration Reform May Spur Software Robotics http://w00t.pro/2013/05/21/17183 http://w00t.pro/2013/05/21/17183#comments Tue, 21 May 2013 16:12:00 +0000 w00t http://w00t.pro/2013/05/21/17183/ dcblogs writes “The Senate’s immigration bill may force the large offshore outsourcing firms to reduce their use of H-1B visa-holding staff, forcing them to hire more local workers & raising their costs. But one large Indian firm, Infosys, will try to offset cost increases with software robotics. Infosys recently announced a partnership with IPsoft, a New York-based provider of autonomic IT services. With IPsoft’s tools, work that is now done by human beings, mostly Level 1 support, could be done by a software machine. Infosys says that IPsoft tools can ‘reduce human intervention.’ More colorfully, Chandrashekar Kakal, global head of Infosys’s business IT services, told the Times of India, that ‘what robotics did for the auto assembly line, we are now doing for the IT engineering line.’ James Slaby, a research director of HFS Research who has been following the use of autonomics closely, wrote in a recent report that the IPsoft partnership may assist Infosys ‘reap fatter margins by augmenting & replacing expensive, human IT support engineers with cheaper, more accurate, efficient automated processes,’ & by improving service delivery.”
Share on Google+

Read more of this story at Slashdot.

View Source

]]> http://w00t.pro/2013/05/21/17183/feed 0 Hollywood Studios Use DMCA To Censor Pirate Bay Documentary http://w00t.pro/2013/05/21/17184 http://w00t.pro/2013/05/21/17184#comments Tue, 21 May 2013 15:33:00 +0000 w00t http://w00t.pro/2013/05/21/17184/ First time accepted submitter Aaron B Lingwood writes “As reported by TorrentFreak, Viacom, Paramount, Fox & Lionsgate have all asked Google to take down links pointing to the Pirate Bay documentary ‘TPB-AFK.’ The film, created by Simon Klose, is available for no cost & has already been watched by millions of people. The public response to this free release model has been overwhelmingly positive, yet it’s now meeting resistance from Hollywood, TPB’s arch rival. Pirate Party Australia opines ‘Hollywood is using takedown notices to censor Pirate Bay doco, is it incompetence or malice? Always complex to tell.’ Whichever the answer, the system is unquestionably broken.”
Share on Google+

Read more of this story at Slashdot.

View Source

]]> http://w00t.pro/2013/05/21/17184/feed 0 Hollywood Studios Use DMCA To Censor Pirate Bay Documentary http://w00t.pro/2013/05/21/17181 http://w00t.pro/2013/05/21/17181#comments Tue, 21 May 2013 15:33:00 +0000 w00t http://w00t.pro/2013/05/21/17181/ First time accepted submitter Aaron B Lingwood writes “As reported by TorrentFreak, Viacom, Paramount, Fox & Lionsgate have all asked Google to take down links pointing to the Pirate Bay documentary ‘TPB-AFK.’ The film, created by Simon Klose, is available for no cost & has already been watched by millions of people. The public response to this free release model has been overwhelmingly positive, yet it’s now meeting resistance from Hollywood, TPB’s arch rival. Pirate Party Australia opines ‘Hollywood is using takedown notices to censor Pirate Bay doco, is it incompetence or malice? Always complex to tell.’ Whichever the answer, the system is unquestionably broken.”
Share on Google+

Read more of this story at Slashdot.

View Source

]]> http://w00t.pro/2013/05/21/17181/feed 0 Inside the Microsoft Digital Crimes Unit http://w00t.pro/2013/05/21/17182 http://w00t.pro/2013/05/21/17182#comments Tue, 21 May 2013 14:51:00 +0000 w00t http://w00t.pro/2013/05/21/17182/ Trailrunner7 writes “The Microsoft Digital Crimes Unit has been spearheading botnet takedowns & other anti-cybercrime operations for many years, & it has had remarkable success. But the cybercrime problem isn’t going away anytime soon, so the DCU is in the process of building a new cybercrime center here, & shortly will roll out a new threat intelligence service to assist ISPs & CERT teams obtain better data approximately ongoing attacks. Dennis Fisher sat down with TJ Campana, director of security at the DCU, to discuss the unit’s work & what threats could be next on the target list.”
Share on Google+

Read more of this story at Slashdot.

View Source

]]> http://w00t.pro/2013/05/21/17182/feed 0 Inside the Microsoft Digital Crimes Unit http://w00t.pro/2013/05/21/17179 http://w00t.pro/2013/05/21/17179#comments Tue, 21 May 2013 14:51:00 +0000 w00t http://w00t.pro/2013/05/21/17179/ Trailrunner7 writes “The Microsoft Digital Crimes Unit has been spearheading botnet takedowns & other anti-cybercrime operations for many years, & it has had remarkable success. But the cybercrime problem isn’t going away anytime soon, so the DCU is in the process of building a new cybercrime center here, & shortly will roll out a new threat intelligence service to assist ISPs & CERT teams obtain better data approximately ongoing attacks. Dennis Fisher sat down with TJ Campana, director of security at the DCU, to discuss the unit’s work & what threats could be next on the target list.”
Share on Google+

Read more of this story at Slashdot.

View Source

]]> http://w00t.pro/2013/05/21/17179/feed 0 Working Handgun Printed On a Sub-$2,000 3D Printer http://w00t.pro/2013/05/21/17180 http://w00t.pro/2013/05/21/17180#comments Tue, 21 May 2013 14:12:00 +0000 w00t http://w00t.pro/2013/05/21/17180/ Just a few weeks after Cody Wilson & friends successfully fired an instance of their own 3-D printed handgun design, Sparrowvsrevolution writes, “a couple of Wisconsin hobbyist gunsmiths have already managed to adapt Defense Distributed’s so-called Liberator firearm & print it on a $1,725 Lulzbot 3D printer, a consumer grade machine that’s far cheaper than the industrial quality Stratasys machine Defense Distributed used. They then proceeded to record their cheaper gun (dubbed the ‘Lulz Liberator’) firing nine .380 rounds without any signs of cracking or melting. Eight of the rounds were fired from a single plastic barrel. (Defense Distributed only fired one through its prototype.) In total, the Lulz Liberator’s materials cost around $25 & were printed over just 48 hours.”
Share on Google+

Read more of this story at Slashdot.

View Source

]]> http://w00t.pro/2013/05/21/17180/feed 0 Working Handgun Printed On a Sub-$2,000 3D Printer http://w00t.pro/2013/05/21/17177 http://w00t.pro/2013/05/21/17177#comments Tue, 21 May 2013 14:12:00 +0000 w00t http://w00t.pro/2013/05/21/17177/ Just a few weeks after Cody Wilson & friends successfully fired an instance of their own 3-D printed handgun design, Sparrowvsrevolution writes, “a couple of Wisconsin hobbyist gunsmiths have already managed to adapt Defense Distributed’s so-called Liberator firearm & print it on a $1,725 Lulzbot 3D printer, a consumer grade machine that’s far cheaper than the industrial quality Stratasys machine Defense Distributed used. They then proceeded to record their cheaper gun (dubbed the ‘Lulz Liberator’) firing nine .380 rounds without any signs of cracking or melting. Eight of the rounds were fired from a single plastic barrel. (Defense Distributed only fired one through its prototype.) In total, the Lulz Liberator’s materials cost around $25 & were printed over just 48 hours.”
Share on Google+

Read more of this story at Slashdot.

View Source

]]> http://w00t.pro/2013/05/21/17177/feed 0 Goodbye, Lotus 1-2-3 http://w00t.pro/2013/05/21/17178 http://w00t.pro/2013/05/21/17178#comments Tue, 21 May 2013 13:31:00 +0000 w00t http://w00t.pro/2013/05/21/17178/ walterbyrd writes “In 2012, IBM started retiring the Lotus brand. Now 1-2-3, the core product that brought Lotus its fame, takes its turn on the chopping block. IBM stated, ‘Effective on the dates listed below, [June 11, 2013] IBM will withdraw from marketing part numbers from the following product release(s) licensed under the IBM International Program License Agreement:’ IBM Lotus 123 Millennium Edition V9.x, IBM Lotus SmartSuite 9.x V9.8.0, & Organizer V6.1.0. Further, IBM stated, ‘Customers will no longer be able to receive support for these offerings after September 30, 2014. No service extensions will be offered. There will be no replacement programs.’”
Share on Google+

Read more of this story at Slashdot.

View Source

]]> http://w00t.pro/2013/05/21/17178/feed 0 Goodbye, Lotus 1-2-3 http://w00t.pro/2013/05/21/17176 http://w00t.pro/2013/05/21/17176#comments Tue, 21 May 2013 13:31:00 +0000 w00t http://w00t.pro/2013/05/21/17176/ walterbyrd writes “In 2012, IBM started retiring the Lotus brand. Now 1-2-3, the core product that brought Lotus its fame, takes its turn on the chopping block. IBM stated, ‘Effective on the dates listed below, [June 11, 2013] IBM will withdraw from marketing part numbers from the following product release(s) licensed under the IBM International Program License Agreement:’ IBM Lotus 123 Millennium Edition V9.x, IBM Lotus SmartSuite 9.x V9.8.0, & Organizer V6.1.0. Further, IBM stated, ‘Customers will no longer be able to receive support for these offerings after September 30, 2014. No service extensions will be offered. There will be no replacement programs.’”
Share on Google+

Read more of this story at Slashdot.

View Source

]]> http://w00t.pro/2013/05/21/17176/feed 0 Australia Makes Asian Language Learning a Priority http://w00t.pro/2013/05/21/17175 http://w00t.pro/2013/05/21/17175#comments Tue, 21 May 2013 12:50:00 +0000 w00t http://w00t.pro/2013/05/21/17175/ An anonymous reader writes “The Australian government came a step closer to formalising its plans to make Asian language study compulsory for schools this week. It has released a draft curriculum for public consultation which reveals plans to include Indonesian, Korean & french language in the curriculum. Australian Prime Minister Julia Gillard publicly stated in September 2012 that in response to the “staggering growth” in the region, the government would be instigating 25 key measures to strengthen & exploit links with Asia. The plan includes the requirement that one third of civil servants & company directors have a “deep knowledge,” thousands of scholarships for Asian students, & the opportunity for every schoolchild to learn one of four “priority” languages- Chinese, Hindi, Japanese or Indonesian.”
Share on Google+

Read more of this story at Slashdot.

View Source

]]> http://w00t.pro/2013/05/21/17175/feed 0 Australia Makes Asian Language Learning a Priority http://w00t.pro/2013/05/21/17174 http://w00t.pro/2013/05/21/17174#comments Tue, 21 May 2013 12:50:00 +0000 w00t http://w00t.pro/2013/05/21/17174/ An anonymous reader writes “The Australian government came a step closer to formalising its plans to make Asian language study compulsory for schools this week. It has released a draft curriculum for public consultation which reveals plans to include Indonesian, Korean & french language in the curriculum. Australian Prime Minister Julia Gillard publicly stated in September 2012 that in response to the “staggering growth” in the region, the government would be instigating 25 key measures to strengthen & exploit links with Asia. The plan includes the requirement that one third of civil servants & company directors have a “deep knowledge,” thousands of scholarships for Asian students, & the opportunity for every schoolchild to learn one of four “priority” languages- Chinese, Hindi, Japanese or Indonesian.”
Share on Google+

Read more of this story at Slashdot.

View Source

]]> http://w00t.pro/2013/05/21/17174/feed 0 Web of Tax Shelters Saved Apple Billions, Inquiry Finds http://w00t.pro/2013/05/21/17173 http://w00t.pro/2013/05/21/17173#comments Tue, 21 May 2013 12:06:00 +0000 w00t http://w00t.pro/2013/05/21/17173/ mspohr writes with news that Apple might be in a bit of hot water over its policy of offshoring revenues to favorable tax jurisdictions. Only they take it a step further, from the article: “Apple relied on a ‘complex web of offshore entities’ & U.S. tax loopholes to avoid paying billions of dollars in U.S. taxes on $44 billion in offshore income over the past four years … The maker of iPhones & iPads used at least three foreign subsidiaries that it claims are not ‘tax resident in any nation’ to assist it avoid paying billions in ‘otherwise taxable offshore income,’ the Senate Permanent Subcommittee on Investigations said in a statement yesterday.”
Share on Google+

Read more of this story at Slashdot.

View Source

]]> http://w00t.pro/2013/05/21/17173/feed 0 Web of Tax Shelters Saved Apple Billions, Inquiry Finds http://w00t.pro/2013/05/21/17172 http://w00t.pro/2013/05/21/17172#comments Tue, 21 May 2013 12:06:00 +0000 w00t http://w00t.pro/2013/05/21/17172/ mspohr writes with news that Apple might be in a bit of hot water over its policy of offshoring revenues to favorable tax jurisdictions. Only they take it a step further, from the article: “Apple relied on a ‘complex web of offshore entities’ & U.S. tax loopholes to avoid paying billions of dollars in U.S. taxes on $44 billion in offshore income over the past four years … The maker of iPhones & iPads used at least three foreign subsidiaries that it claims are not ‘tax resident in any nation’ to assist it avoid paying billions in ‘otherwise taxable offshore income,’ the Senate Permanent Subcommittee on Investigations said in a statement yesterday.”
Share on Google+

Read more of this story at Slashdot.

View Source

]]> http://w00t.pro/2013/05/21/17172/feed 0 Ophcrack 3.50 Buffer Overflow / Code Execution http://w00t.pro/2013/05/21/17215 http://w00t.pro/2013/05/21/17215#comments Tue, 21 May 2013 11:12:13 +0000 w00t http://w00t.pro/2013/05/21/17215/ Ophcrack version 3.5.0 suffers from stack based buffer overflow vulnerability that leads to local code execution.

View Source

]]> http://w00t.pro/2013/05/21/17215/feed 0 Ophcrack 3.50 Buffer Overflow / Code Execution http://w00t.pro/2013/05/21/17214 http://w00t.pro/2013/05/21/17214#comments Tue, 21 May 2013 11:12:13 +0000 w00t http://w00t.pro/2013/05/21/17214/ Ophcrack version 3.5.0 suffers from stack based buffer overflow vulnerability that leads to local code execution.

View Source

]]> http://w00t.pro/2013/05/21/17214/feed 0 German Researchers Hit 40 Gbps On Wireless Link http://w00t.pro/2013/05/21/17165 http://w00t.pro/2013/05/21/17165#comments Tue, 21 May 2013 09:04:00 +0000 w00t http://w00t.pro/2013/05/21/17165/ judgecorp writes “German researchers from the Fraunhover & Karlsruhe institutes have achieved 40Gbps transfers over 1km using a wireless link. The new record raises the hope that point-to-point wireless could be used instead of expensive fibers in some rural broadband applications.” Partially thanks to transmitting between 200GHz & 280GHz.
Share on Google+

Read more of this story at Slashdot.

View Source

]]> http://w00t.pro/2013/05/21/17165/feed 0 German Researchers Hit 40 Gbps On Wireless Link http://w00t.pro/2013/05/21/17164 http://w00t.pro/2013/05/21/17164#comments Tue, 21 May 2013 09:04:00 +0000 w00t http://w00t.pro/2013/05/21/17164/ judgecorp writes “German researchers from the Fraunhover & Karlsruhe institutes have achieved 40Gbps transfers over 1km using a wireless link. The new record raises the hope that point-to-point wireless could be used instead of expensive fibers in some rural broadband applications.” Partially thanks to transmitting between 200GHz & 280GHz.
Share on Google+

Read more of this story at Slashdot.

View Source

]]> http://w00t.pro/2013/05/21/17164/feed 0 The Hunt For LulzSec’s Missing Sixth Member http://w00t.pro/2013/05/21/17163 http://w00t.pro/2013/05/21/17163#comments Tue, 21 May 2013 07:13:00 +0000 w00t http://w00t.pro/2013/05/21/17163/ DavidGilbert99 writes “LulzSec’s star burnt brightly in the short period it was active, yet things quickly turned sour when its core members began getting arrested. Last week three of the six core members were sentenced in the UK, yet this only served to highlight the fact that one member of the group, known as Avunit, has been able to remain unidentified despite the FBI having turned the group’s leader Sabu into an informant. Who is Avunit? And does he hold the purse strings of the group’s Bitcoin wallet which could have up to $180,000 in it?” As usual, be warned of the horrendous autoplaying video ads surrounding satisfactory content at the primary link.
Share on Google+

Read more of this story at Slashdot.

View Source

]]> http://w00t.pro/2013/05/21/17163/feed 0 The Hunt For LulzSec’s Missing Sixth Member http://w00t.pro/2013/05/21/17162 http://w00t.pro/2013/05/21/17162#comments Tue, 21 May 2013 07:13:00 +0000 w00t http://w00t.pro/2013/05/21/17162/ DavidGilbert99 writes “LulzSec’s star burnt brightly in the short period it was active, yet things quickly turned sour when its core members began getting arrested. Last week three of the six core members were sentenced in the UK, yet this only served to highlight the fact that one member of the group, known as Avunit, has been able to remain unidentified despite the FBI having turned the group’s leader Sabu into an informant. Who is Avunit? And does he hold the purse strings of the group’s Bitcoin wallet which could have up to $180,000 in it?” As usual, be warned of the horrendous autoplaying video ads surrounding satisfactory content at the primary link.
Share on Google+

Read more of this story at Slashdot.

View Source

]]> http://w00t.pro/2013/05/21/17162/feed 0 Linksys WRT160n apply.cgi Remote Command Injection http://w00t.pro/2013/05/21/17123 http://w00t.pro/2013/05/21/17123#comments Tue, 21 May 2013 04:40:09 +0000 w00t http://w00t.pro/2013/05/21/17123/ Some Linksys Routers are vulnerable to an authenticated OS command injection on their web interface where default credentials are admin/admin or admin/password. Since it is a blind OS command injection vulnerability, there is no output for the executed command when using the cmd generic payload. This Metasploit module has been tested on a Linksys WRT160n version 2 – firmware version v2.0.03. A ping command against a controlled system could be used for testing purposes. The exploit uses the tftp client from the device to stage to native payloads from the command injection.

View Source

]]> http://w00t.pro/2013/05/21/17123/feed 0 Linksys WRT160n apply.cgi Remote Command Injection http://w00t.pro/2013/05/21/17122 http://w00t.pro/2013/05/21/17122#comments Tue, 21 May 2013 04:40:09 +0000 w00t http://w00t.pro/2013/05/21/17122/ Some Linksys Routers are vulnerable to an authenticated OS command injection on their web interface where default credentials are admin/admin or admin/password. Since it is a blind OS command injection vulnerability, there is no output for the executed command when using the cmd generic payload. This Metasploit module has been tested on a Linksys WRT160n version 2 – firmware version v2.0.03. A ping command against a controlled system could be used for testing purposes. The exploit uses the tftp client from the device to stage to native payloads from the command injection.

View Source

]]> http://w00t.pro/2013/05/21/17122/feed 0 Sony PS3 Firmware 4.31 Code Execution http://w00t.pro/2013/05/21/17121 http://w00t.pro/2013/05/21/17121#comments Tue, 21 May 2013 04:21:29 +0000 w00t http://w00t.pro/2013/05/21/17121/ A local code execution vulnerability is detected in the official PlayStation 3 v4.31 Firmware. The vulnerability allows local attackers to inject & execute code out of vulnerable PlayStation 3 menu main web context.

View Source

]]> http://w00t.pro/2013/05/21/17121/feed 0 Sony PS3 Firmware 4.31 Code Execution http://w00t.pro/2013/05/21/17120 http://w00t.pro/2013/05/21/17120#comments Tue, 21 May 2013 04:21:29 +0000 w00t http://w00t.pro/2013/05/21/17120/ A local code execution vulnerability is detected in the official PlayStation 3 v4.31 Firmware. The vulnerability allows local attackers to inject & execute code out of vulnerable PlayStation 3 menu main web context.

View Source

]]> http://w00t.pro/2013/05/21/17120/feed 0 Trend Micro DirectPass 1.5.0.1060 Command Injection / Denial Of Service http://w00t.pro/2013/05/21/17119 http://w00t.pro/2013/05/21/17119#comments Tue, 21 May 2013 04:09:28 +0000 w00t http://w00t.pro/2013/05/21/17119/ Trend Micro DirectPass 1.5.0.1060 suffers from local command/path injection, persistent code injection, & a denial of service vulnerability.

View Source

]]> http://w00t.pro/2013/05/21/17119/feed 0 Trend Micro DirectPass 1.5.0.1060 Command Injection / Denial Of Service http://w00t.pro/2013/05/21/17118 http://w00t.pro/2013/05/21/17118#comments Tue, 21 May 2013 04:09:28 +0000 w00t http://w00t.pro/2013/05/21/17118/ Trend Micro DirectPass 1.5.0.1060 suffers from local command/path injection, persistent code injection, & a denial of service vulnerability.

View Source

]]> http://w00t.pro/2013/05/21/17118/feed 0 Latvian Police Raid Teacher’s Home for Uploading $4.00 Textbook http://w00t.pro/2013/05/21/17161 http://w00t.pro/2013/05/21/17161#comments Tue, 21 May 2013 04:06:00 +0000 w00t http://w00t.pro/2013/05/21/17161/ richlv writes “Latvian police recently raided the home of a history teacher & confiscated his computer. The crime? Scanning a history book & making it available on his website covering various topics on history. The raid was based on a complaint from the publisher (Google Translate to English), which has a near-monopoly on educational materials in Latvia, often linked with shady connections in the Ministry of Education.”
Share on Google+

Read more of this story at Slashdot.

View Source

]]> http://w00t.pro/2013/05/21/17161/feed 0 Latvian Police Raid Teacher’s Home for Uploading $4.00 Textbook http://w00t.pro/2013/05/21/17160 http://w00t.pro/2013/05/21/17160#comments Tue, 21 May 2013 04:06:00 +0000 w00t http://w00t.pro/2013/05/21/17160/ richlv writes “Latvian police recently raided the home of a history teacher & confiscated his computer. The crime? Scanning a history book & making it available on his website covering various topics on history. The raid was based on a complaint from the publisher (Google Translate to English), which has a near-monopoly on educational materials in Latvia, often linked with shady connections in the Ministry of Education.”
Share on Google+

Read more of this story at Slashdot.

View Source

]]> http://w00t.pro/2013/05/21/17160/feed 0 EFF Resumes Accepting Bitcoin Donations After Two Year Hiatus http://w00t.pro/2013/05/21/17159 http://w00t.pro/2013/05/21/17159#comments Tue, 21 May 2013 01:56:00 +0000 w00t http://w00t.pro/2013/05/21/17159/ hypnosec writes “The Electronic Frontier Foundation (EFF) has started accepting donations in the form of Bitcoins again after a two year hiatus, stating that the legal uncertainty hovering over the digital currency has all yet disappeared. On their blog the EFF noted that a report from U.S. Treasury Department’s Financial Crimes Enforcement Network (FinCEN), in addition to their own findings, ‘have confirmed that, as a user of Bitcoin or any virtual currency, EFF itself is likely not subject to regulation.’”
Share on Google+

Read more of this story at Slashdot.

View Source

]]> http://w00t.pro/2013/05/21/17159/feed 0 EFF Resumes Accepting Bitcoin Donations After Two Year Hiatus http://w00t.pro/2013/05/21/17158 http://w00t.pro/2013/05/21/17158#comments Tue, 21 May 2013 01:56:00 +0000 w00t http://w00t.pro/2013/05/21/17158/ hypnosec writes “The Electronic Frontier Foundation (EFF) has started accepting donations in the form of Bitcoins again after a two year hiatus, stating that the legal uncertainty hovering over the digital currency has all yet disappeared. On their blog the EFF noted that a report from U.S. Treasury Department’s Financial Crimes Enforcement Network (FinCEN), in addition to their own findings, ‘have confirmed that, as a user of Bitcoin or any virtual currency, EFF itself is likely not subject to regulation.’”
Share on Google+

Read more of this story at Slashdot.

View Source

]]> http://w00t.pro/2013/05/21/17158/feed 0 Google Drops XMPP Support http://w00t.pro/2013/05/21/17157 http://w00t.pro/2013/05/21/17157#comments Tue, 21 May 2013 00:18:00 +0000 w00t http://w00t.pro/2013/05/21/17157/ Cbs228 writes “During last week’s Google I/O conference, the company announced a replacement for its aging Talk instant messenger: Google Hangouts. Hangouts, which is only available for Android, iOS, & Chrome, offers closer integration with Google+. Unfortunately, the new product drops support for the XMPP instant messaging protocol, which has been an integral part of Talk for over ten years. XMPP delivers instant messages to desktop clients, like Pidgin, & enables communication between users on different instant messaging networks. Hangouts users attempting to communicate with contacts on non-Google servers, such as jabber.org, have found that all communications have been suddenly & inexplicably severed. A Google account is now required to communicate with Hangouts users. Google Hangouts joins the ranks of an already-crowded ecosystem of closed, incompatible chat products like Skype.” Interesting, because Google Wave was based on XMPP & Google was integral to the creation of the Jingle extension that enabled video chatting over XMPP. Note that no end date has been set for Talk yet, yet the end must surely be nigh given Google’s recent history of axing products like Reader & CalDAV support from their calendar app without much notice.
Share on Google+

Read more of this story at Slashdot.

View Source

]]> http://w00t.pro/2013/05/21/17157/feed 0 Google Drops XMPP Support http://w00t.pro/2013/05/21/17156 http://w00t.pro/2013/05/21/17156#comments Tue, 21 May 2013 00:18:00 +0000 w00t http://w00t.pro/2013/05/21/17156/ Cbs228 writes “During last week’s Google I/O conference, the company announced a replacement for its aging Talk instant messenger: Google Hangouts. Hangouts, which is only available for Android, iOS, & Chrome, offers closer integration with Google+. Unfortunately, the new product drops support for the XMPP instant messaging protocol, which has been an integral part of Talk for over ten years. XMPP delivers instant messages to desktop clients, like Pidgin, & enables communication between users on different instant messaging networks. Hangouts users attempting to communicate with contacts on non-Google servers, such as jabber.org, have found that all communications have been suddenly & inexplicably severed. A Google account is now required to communicate with Hangouts users. Google Hangouts joins the ranks of an already-crowded ecosystem of closed, incompatible chat products like Skype.” Interesting, because Google Wave was based on XMPP & Google was integral to the creation of the Jingle extension that enabled video chatting over XMPP. Note that no end date has been set for Talk yet, yet the end must surely be nigh given Google’s recent history of axing products like Reader & CalDAV support from their calendar app without much notice.
Share on Google+

Read more of this story at Slashdot.

View Source

]]> http://w00t.pro/2013/05/21/17156/feed 0 Motion To Delay Sanctions Against Prenda Lawyers Denied http://w00t.pro/2013/05/20/17155 http://w00t.pro/2013/05/20/17155#comments Mon, 20 May 2013 23:40:00 +0000 w00t http://w00t.pro/2013/05/20/17155/ rudy_wayne writes with news that the Prenda lawyers recently sanctioned by a federal judge are starting to face consequences. From the article: “On Friday, Paul Hansmeier, a Minnesota attorney who has been pointed to as one of the masterminds of the Prenda copyright-trolling scheme, filed an emergency motion to stay the $81,000 sanctions order while he & his colleagues could mount an appeal. Today the appeals court flatly denied his motion. Two appellate judges signed this order, & it gives Hansmeier the option to make a plea for delay with the district court judge. That would be U.S. District Judge Otis Wright, the judge who sanctioned Hansmeier in the first place. Hansmeier is moreover getting kicked off a case he was working on that was totally unrelated to Prenda’s scheme of making copyright accusations over alleged pornography downloads. On Friday, the 9th Circuit Commissioner ordered Hansmeier, in no uncertain terms, to withdraw a the case involving Groupon since he has been referred to the Minnesota State Bar for investigation. The commissioner has delayed Hansmeier’s admission to the 9th Circuit because of Wright’s order, which refers to Wright’s finding of ‘moral turpitude.’”
Share on Google+

Read more of this story at Slashdot.

View Source

]]> http://w00t.pro/2013/05/20/17155/feed 0 Motion To Delay Sanctions Against Prenda Lawyers Denied http://w00t.pro/2013/05/20/17154 http://w00t.pro/2013/05/20/17154#comments Mon, 20 May 2013 23:40:00 +0000 w00t http://w00t.pro/2013/05/20/17154/ rudy_wayne writes with news that the Prenda lawyers recently sanctioned by a federal judge are starting to face consequences. From the article: “On Friday, Paul Hansmeier, a Minnesota attorney who has been pointed to as one of the masterminds of the Prenda copyright-trolling scheme, filed an emergency motion to stay the $81,000 sanctions order while he & his colleagues could mount an appeal. Today the appeals court flatly denied his motion. Two appellate judges signed this order, & it gives Hansmeier the option to make a plea for delay with the district court judge. That would be U.S. District Judge Otis Wright, the judge who sanctioned Hansmeier in the first place. Hansmeier is moreover getting kicked off a case he was working on that was totally unrelated to Prenda’s scheme of making copyright accusations over alleged pornography downloads. On Friday, the 9th Circuit Commissioner ordered Hansmeier, in no uncertain terms, to withdraw a the case involving Groupon since he has been referred to the Minnesota State Bar for investigation. The commissioner has delayed Hansmeier’s admission to the 9th Circuit because of Wright’s order, which refers to Wright’s finding of ‘moral turpitude.’”
Share on Google+

Read more of this story at Slashdot.

View Source

]]> http://w00t.pro/2013/05/20/17154/feed 0 Red Hat Security Advisory 2013-0834-02 http://w00t.pro/2013/05/20/17117 http://w00t.pro/2013/05/20/17117#comments Mon, 20 May 2013 23:11:43 +0000 w00t http://w00t.pro/2013/05/20/17117/ Red Hat Security Advisory 2013-0834-02 – JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. This release serves as a replacement for JBoss Enterprise Application Platform 6.0.1, & includes bug fixes & enhancements.

View Source

]]> http://w00t.pro/2013/05/20/17117/feed 0 Red Hat Security Advisory 2013-0834-02 http://w00t.pro/2013/05/20/17116 http://w00t.pro/2013/05/20/17116#comments Mon, 20 May 2013 23:11:43 +0000 w00t http://w00t.pro/2013/05/20/17116/ Red Hat Security Advisory 2013-0834-02 – JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. This release serves as a replacement for JBoss Enterprise Application Platform 6.0.1, & includes bug fixes & enhancements.

View Source

]]> http://w00t.pro/2013/05/20/17116/feed 0 Red Hat Security Advisory 2013-0829-01 http://w00t.pro/2013/05/20/17115 http://w00t.pro/2013/05/20/17115#comments Mon, 20 May 2013 23:11:22 +0000 w00t http://w00t.pro/2013/05/20/17115/ Red Hat Security Advisory 2013-0829-01 – Security fixes: It was found that the kernel-rt update RHBA-2012:0044 introduced an integer conversion issue in the Linux kernel’s Performance Events implementation. This led to a user-supplied index into the perf_swevent_enabled array not being validated properly, resulting in out-of-bounds kernel memory access. A local, unprivileged user could use this flaw to escalate their privileges. A public exploit for CVE-2013-2094 that affects Red Hat Enterprise MRG 2 is available. Refer to Red Hat Knowledge Solution 373743, linked to in the References, for further information & mitigation instructions for users who are unable to immediately apply this update.

View Source

]]> http://w00t.pro/2013/05/20/17115/feed 0 Red Hat Security Advisory 2013-0829-01 http://w00t.pro/2013/05/20/17114 http://w00t.pro/2013/05/20/17114#comments Mon, 20 May 2013 23:11:22 +0000 w00t http://w00t.pro/2013/05/20/17114/ Red Hat Security Advisory 2013-0829-01 – Security fixes: It was found that the kernel-rt update RHBA-2012:0044 introduced an integer conversion issue in the Linux kernel’s Performance Events implementation. This led to a user-supplied index into the perf_swevent_enabled array not being validated properly, resulting in out-of-bounds kernel memory access. A local, unprivileged user could use this flaw to escalate their privileges. A public exploit for CVE-2013-2094 that affects Red Hat Enterprise MRG 2 is available. Refer to Red Hat Knowledge Solution 373743, linked to in the References, for further information & mitigation instructions for users who are unable to immediately apply this update.

View Source

]]> http://w00t.pro/2013/05/20/17114/feed 0 Red Hat Security Advisory 2013-0833-01 http://w00t.pro/2013/05/20/17113 http://w00t.pro/2013/05/20/17113#comments Mon, 20 May 2013 23:11:02 +0000 w00t http://w00t.pro/2013/05/20/17113/ Red Hat Security Advisory 2013-0833-01 – JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. This release serves as a replacement for JBoss Enterprise Application Platform 6.0.1, & includes bug fixes & enhancements.

View Source

]]> http://w00t.pro/2013/05/20/17113/feed 0 Red Hat Security Advisory 2013-0833-01 http://w00t.pro/2013/05/20/17112 http://w00t.pro/2013/05/20/17112#comments Mon, 20 May 2013 23:11:02 +0000 w00t http://w00t.pro/2013/05/20/17112/ Red Hat Security Advisory 2013-0833-01 – JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. This release serves as a replacement for JBoss Enterprise Application Platform 6.0.1, & includes bug fixes & enhancements.

View Source

]]> http://w00t.pro/2013/05/20/17112/feed 0 Red Hat Security Advisory 2013-0839-02 http://w00t.pro/2013/05/20/17111 http://w00t.pro/2013/05/20/17111#comments Mon, 20 May 2013 23:10:52 +0000 w00t http://w00t.pro/2013/05/20/17111/ Red Hat Security Advisory 2013-0839-02 – JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. This release serves as a replacement for JBoss Enterprise Application Platform 6.0.1, & includes bug fixes & enhancements.

View Source

]]> http://w00t.pro/2013/05/20/17111/feed 0 Red Hat Security Advisory 2013-0839-02 http://w00t.pro/2013/05/20/17110 http://w00t.pro/2013/05/20/17110#comments Mon, 20 May 2013 23:10:52 +0000 w00t http://w00t.pro/2013/05/20/17110/ Red Hat Security Advisory 2013-0839-02 – JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. This release serves as a replacement for JBoss Enterprise Application Platform 6.0.1, & includes bug fixes & enhancements.

View Source

]]> http://w00t.pro/2013/05/20/17110/feed 0 Red Hat Security Advisory 2013-0840-01 http://w00t.pro/2013/05/20/17109 http://w00t.pro/2013/05/20/17109#comments Mon, 20 May 2013 23:10:37 +0000 w00t http://w00t.pro/2013/05/20/17109/ Red Hat Security Advisory 2013-0840-01 – The kernel packages contain the Linux kernel, the core of any Linux operating system. It was found that the Red Hat Enterprise Linux 6.1 kernel update introduced an integer conversion issue in the Linux kernel’s Performance Events implementation. This led to a user-supplied index into the perf_swevent_enabled array not being validated properly, resulting in out-of-bounds kernel memory access. A local, unprivileged user could use this flaw to escalate their privileges.

View Source

]]> http://w00t.pro/2013/05/20/17109/feed 0 Red Hat Security Advisory 2013-0840-01 http://w00t.pro/2013/05/20/17108 http://w00t.pro/2013/05/20/17108#comments Mon, 20 May 2013 23:10:37 +0000 w00t http://w00t.pro/2013/05/20/17108/ Red Hat Security Advisory 2013-0840-01 – The kernel packages contain the Linux kernel, the core of any Linux operating system. It was found that the Red Hat Enterprise Linux 6.1 kernel update introduced an integer conversion issue in the Linux kernel’s Performance Events implementation. This led to a user-supplied index into the perf_swevent_enabled array not being validated properly, resulting in out-of-bounds kernel memory access. A local, unprivileged user could use this flaw to escalate their privileges.

View Source

]]> http://w00t.pro/2013/05/20/17108/feed 0 Red Hat Security Advisory 2013-0841-01 http://w00t.pro/2013/05/20/17107 http://w00t.pro/2013/05/20/17107#comments Mon, 20 May 2013 23:10:10 +0000 w00t http://w00t.pro/2013/05/20/17107/ Red Hat Security Advisory 2013-0841-01 – The kernel packages contain the Linux kernel, the core of any Linux operating system. It was found that the Red Hat Enterprise Linux 6.1 kernel update introduced an integer conversion issue in the Linux kernel’s Performance Events implementation. This led to a user-supplied index into the perf_swevent_enabled array not being validated properly, resulting in out-of-bounds kernel memory access. A local, unprivileged user could use this flaw to escalate their privileges.

View Source

]]> http://w00t.pro/2013/05/20/17107/feed 0 Red Hat Security Advisory 2013-0841-01 http://w00t.pro/2013/05/20/17106 http://w00t.pro/2013/05/20/17106#comments Mon, 20 May 2013 23:10:10 +0000 w00t http://w00t.pro/2013/05/20/17106/ Red Hat Security Advisory 2013-0841-01 – The kernel packages contain the Linux kernel, the core of any Linux operating system. It was found that the Red Hat Enterprise Linux 6.1 kernel update introduced an integer conversion issue in the Linux kernel’s Performance Events implementation. This led to a user-supplied index into the perf_swevent_enabled array not being validated properly, resulting in out-of-bounds kernel memory access. A local, unprivileged user could use this flaw to escalate their privileges.

View Source

]]> http://w00t.pro/2013/05/20/17106/feed 0 NSA Data Center the Focus of Tax Controversy http://w00t.pro/2013/05/20/17153 http://w00t.pro/2013/05/20/17153#comments Mon, 20 May 2013 22:59:00 +0000 w00t http://w00t.pro/2013/05/20/17153/ Nerval’s Lobster writes “Location is everything when choosing the site of a data center. Firms such as Microsoft & Google & Facebook spend a lot of time looking into the costs of land, power, regulation & taxes before placing their respective data centers in a particular place. Sometimes, that local tax bill comes into play in a huge way. Just ask the National Security Agency which learned it faces a multimillion-dollar annual state tax on the power consumed by its new data center in Camp Williams, south of Salt Lake City. The Salt Lake Tribune obtained a series of email exchanges between the feds & the state, with the NSA protesting a $2.4 million tax on its annual power expenditure, pegged at approximately $40 million. Harvey Davis, director of installations & logistics for the NSA, sent a letter (subsequently quoted by the newspaper) to state officials that made the logistics argument: ‘Long-term stability in the utility rates was a major factor in Utah being selected as our site for our $1.5bn construction at Camp Williams. HP325 [the new law] runs counter to what we expected.’” This would be the data center William Binney et al claim is logging almost all domestic communication.
Share on Google+

Read more of this story at Slashdot.

View Source

]]> http://w00t.pro/2013/05/20/17153/feed 0 NSA Data Center the Focus of Tax Controversy http://w00t.pro/2013/05/20/17152 http://w00t.pro/2013/05/20/17152#comments Mon, 20 May 2013 22:59:00 +0000 w00t http://w00t.pro/2013/05/20/17152/ Nerval’s Lobster writes “Location is everything when choosing the site of a data center. Firms such as Microsoft & Google & Facebook spend a lot of time looking into the costs of land, power, regulation & taxes before placing their respective data centers in a particular place. Sometimes, that local tax bill comes into play in a huge way. Just ask the National Security Agency which learned it faces a multimillion-dollar annual state tax on the power consumed by its new data center in Camp Williams, south of Salt Lake City. The Salt Lake Tribune obtained a series of email exchanges between the feds & the state, with the NSA protesting a $2.4 million tax on its annual power expenditure, pegged at approximately $40 million. Harvey Davis, director of installations & logistics for the NSA, sent a letter (subsequently quoted by the newspaper) to state officials that made the logistics argument: ‘Long-term stability in the utility rates was a major factor in Utah being selected as our site for our $1.5bn construction at Camp Williams. HP325 [the new law] runs counter to what we expected.’” This would be the data center William Binney et al claim is logging almost all domestic communication.
Share on Google+

Read more of this story at Slashdot.

View Source

]]> http://w00t.pro/2013/05/20/17152/feed 0