Slashdot Mirror

Bismillah (993337) writes 'The British government wants life in prison for hackers who cause disruption to computer networks, resulting in loss of life or threat to the country's national security. From the article: "The UK government will seek to amend the 1990 Computer Misuse Act "to ensure sentences for attacks on computer systems fully reflect the damage they cause. Currently, the law provides for a maximum sentence of ten years' imprisonment for those who commit the offence of impairing a computer. A new, aggravated offence of unauthorised access to a computer will be introduced into the Computer Misuse Act by the government, carrying far longer sentences."'

Bismillah (993337) writes "An interesting study by WilmerHale lawyers and Intel's assistant general counsel Ann Armstrong looked into how much royalty payments and demands actually amount to per device, and found the cost so high it threatens industry profitability and competitiveness. 'As the bank robber Willie Sutton is reported to have said, he robbed banks 'because that's where the money is' - so too of smartphones for patent holders,' the authors wrote."

Bismillah (993337) writes "Once again, after the Red Flag Linux effort that petered out this year, China is considering Linux to sort out its pressing Windows XP issue. The Windows 8 ban by China's government procurement agency and promises of official support may help."

First time accepted submitter TechyImmigrant (175943) writes "Following the focus on government mass surveillance resulting from the information revealed by Edward Snowden, many organizations involved in security and communications put out statements essentially repudiating that surveillance. As of yesterday (May 15th 2014) the IACR (International Association for Cryptologic Research) who one might expect to have a position on this, has finally one year after the anniversary of the leaks, got around to making a position statement. 'The membership of the IACR repudiates mass surveillance and the undermining of cryptographic solutions and standards. Population-wide surveillance threatens democracy and human dignity. We call for expediting research and deployment of effective techniques to protect personal privacy against governmental and corporate overreach.' So the crypto guys don't like it either. Now we know." They're not the only ones: reader Juha Saarinen (2822817) writes "Stung by concerns that the NSA may have introduced deliberately weakened crypto algorithms, NIST is embarking on a review of its existing standards and developments."

Bismillah (993337) writes "The new Telecommunications (Interception Capability and Security) Act of 2013 is in effect in New Zealand and brings in several drastic changes for ISPs, telcos and service providers. One of the country's spy agencies, the GCSB, gets to decide on network equipment procurement and design decisions (PDF), plus operators have to register with the police and obtain security clearance for some staff. Somewhat illogically, the NZ government pushed through the law combining mandated communications interception capabilities for law enforcement, with undefined network security requirements as decided by the GCSB. All network operators are subject to the new law, including local providers as well as the likes of Facebook, Google, Microsoft, who have opposed it, saying the new statutes clash with overseas privacy legislation."

Hugh Pickens DOT Com (2995471) writes "Chris Bowlby reports at BBC that medical research has been building up for a while now, suggesting constant sitting is harming our health — potentially causing cardiovascular problems or vulnerability to diabetes. Advocates of sit-stand desks say more standing would benefit not only health, but also workers' energy and creativity. Some big organizations and companies are beginning to look seriously at reducing 'prolonged sitting' among office workers. 'It's becoming more well known that long periods of sedentary behavior has an adverse effect on health,' says GE engineer Jonathan McGregor, 'so we're looking at bringing in standing desks.' The whole concept of sitting as the norm in workplaces is a recent innovation, points out Jeremy Myerson, professor of design at the Royal College of Art. 'If you look at the late 19th Century,' he says, Victorian clerks could stand at their desks and 'moved around a lot more'. 'It's possible to look back at the industrial office of the past 100 years or so as some kind of weird aberration in a 1,000-year continuum of work where we've always moved around.' What changed things in the 20th Century was 'Taylorism' — time and motion studies applied to office work. 'It's much easier to supervise and control people when they're sitting down,' says Myerson. What might finally change things is if the evidence becomes overwhelming, the health costs rise, and stopping employees from sitting too much becomes part of an employer's legal duty of care. 'If what we are creating are environments where people are not going to be terribly healthy and are suffering from diseases like cardiovascular disease and diabetes,' says Prof Alexi Marmot, a specialist on workplace design, 'it's highly unlikely the organization benefits in any way.'"

Bismillah (993337) writes "A potentially very serious bug in OpenSSL 1.0.1 and 1.0.2 beta has been discovered that can leak just about any information, from keys to content. Better yet, it appears to have been introduced in 2011, and known since March 2012." Quoting the security advisory: "A missing bounds check in the handling of the TLS heartbeat extension can be used to reveal up to 64k of memory to a connected client or server." The attack may be repeated and it appears trivial to acquire the host's private key. If you were running a vulnerable release, it is even suggested that you go as far as revoking all of your keys. Distributions using OpenSSL 0.9.8 are not vulnerable (Debian Squeeze vintage). Debian Wheezy, Ubuntu 12.04.4, Centos 6.5, Fedora 18, SuSE 12.2, OpenBSD 5.4, FreeBSD 8.4, and NetBSD 5.0.2 and all following releases are vulnerable. OpenSSL released 1.0.1g today addressing the vulnerability. Debian's fix is in incoming and should hit mirrors soon, Fedora is having some trouble applying their patches, but a workaround patch to the package .spec (disabling heartbeats) is available for immediate application.

mask.of.sanity writes: "A security researcher says he has developed a method to score free flights across Europe by generating fake boarding passes designed for Apple's Passbook app. The 18-year-old computer science undergrad didn't reveal the 'bypass' which gets the holder of the fraudulent ticket past the last scanner and onto the jetway; he's saving that for his talk at Hack in the Box in Amsterdam next month."

mask.of.sanity (1228908) writes "eBay Japan created passwords for accounts based on a combination of a username plus a static salt, allowing anyone with knowledge of it to access any account, a researcher reported. The salt, which should have been random, used was the combination '123456', which was reported as last year's worst password." Complete with visual aids.

An anonymous reader writes "GitHub contains thousands of 'secret keys', which are stored in plain text and can be used by miscreants to access AWS accounts and either run up huge bills or even delete/damage the users files. Amazon is urging users of the coding community site to clean up their act."

Bismillah (993337) writes "The re-routing of Google's public DNS servers last weekend was yet another example of how easy it is to 'steal the Internet' by abusing today's trust-based networks. Problem is, ISPs don't seem to care about that, or securing DNS which is another attack vector that doesn't require compromising end users' systems. Why isn't more done to secure routing and DNS then?" The route announcement was likely unintentional. The chief scientist at APNIC noted that implementing RPKI would solve the problem, but far too few ISPs bother with it.

Bismillah (993337) writes "The re-routing of Google's public DNS servers last weekend was yet another example of how easy it is to 'steal the Internet' by abusing today's trust-based networks. Problem is, ISPs don't seem to care about that, or securing DNS which is another attack vector that doesn't require compromising end users' systems. Why isn't more done to secure routing and DNS then?" The route announcement was likely unintentional. The chief scientist at APNIC noted that implementing RPKI would solve the problem, but far too few ISPs bother with it.

Bismillah writes "If Attorney-General Brandis gets his way in the process of revising Australia's Telecommunications Interception Act, users and providers of VPNs and other encrypted services will by law be required to decrypt government intercepted data. Because, 'sophisticated criminals and terrorists.' New Zealand already has a similar law, the Telecommunications Interception and Computer Security Act. Apparently, large Internet service providers such as Microsoft and Facebook won't be exempt from the TICSA and must facilitate interception of traffic."

In a followup to our story yesterday, Bismillah writes "It seems US prosecutors agree that just publishing a link doesn't amount to transmitting actual files. Brown is not out of the legal woods yet though, and still faces further charges. The EFF released this statement about the decision: 'We are relieved that federal prosecutors have decided to drop these charges against Barrett Brown. In prosecuting Brown, the government sought to criminalize a routine practice of journalism—linking to external sources—which is a textbook violation of free speech protected by the First Amendment. Although this motion is good news for Brown, the unnecessary and unwarranted prosecution has already done much damage; not only has it harmed Brown, the prosecution—and the threat of prosecution it raised for all journalists—has chilled speech on the Internet. We hope that this dismissal of charges indicates a change in the Department of Justice priorities. If not, we will be ready to step in and defend free speech.'"

Bismillah writes "The Vodafone Foundation's Mini Instant Network cellular access site is deployable in ten minutes and can be carried on as hand luggage on commercial airliners. It's only 2G, but hey ..." This reminds me a bit of the Gargoyles in Neal Stephenson's Snow Crash, and useful for more than just emergencies.

mask.of.sanity writes "CloudFlare has been hit by what appears to be the world's largest denial of service attack, in an assault that exploits an emerging and frightening threat vector. The Network Time Protocol Reflection attack exploits a timing mechanism that underpins a way the Internet works to greatly amplify the power of what would otherwise be a small and ineffective assault. CloudFlare said the attack tipped 400Gbps, 100Gbps higher than the previous record DDoS attack which used DNS reflective amplification."

mask.of.sanity writes "Russia has banned digital currency Bitcoin under existing laws and dubbed use of the crypto-currency as 'suspicious'. The Central Bank of Russia considers Bitcoin as a form of 'money substitute' or 'money surrogate' (statement in Russian) which is restricted under Russian law. However, unlike use of restricted foreign currencies, Bitcoin has been outright banned. The US Library of Congress has issued a report examining the regulatory approaches national financial authorities have taken to the currency."

littlekorea writes "Australia's weather bureau has racked up bills of $38 million for a water data system, based on Red Hat Linux, MySQL and Java, that was originally scheduled to cost somewhere between $2 million and $5 million. The Bureau's supplier, an ASX-listed IT services provider SMS Management and Technology, did a good job of embedding itself in the bureau, with all changes having to be made by the original consultant that built it."

mask.of.sanity writes "Facebook has paid out its largest bug bounty of $33,500 for a serious remote code execution vulnerability which also returned Facebook's etc/passwd. The researcher could change Facebook's use of Gmail as an OpenID provider to a URL he controlled, and then sent a request carrying malicious XML code. The Facebook response included its etc/passwd which contained essential login information such as system administrator data and user IDs. The company quickly patched the flaw and awarded him for the proof of concept remote code execution which he quietly disclosed to them."

littlekorea writes "Data analysts in the U.S. and Australia have come up with alternative means to predict the world's largest music vote, Triple J's Hottest 100. The Warmest 100 was close to spot on last year after analysts mined data from social posts auto-generated during the voting process. This year, with that avenue shut off, they relied on data extracted using the Instagram API, among others, and hope to achieve similar results."

mask.of.sanity writes "Researchers have found holes in industrial control systems that they say grant full control of systems running energy, chemical and transportation systems. They also identified more than 150 zero day vulnerabilities of varying degrees of severity affecting the control systems and some 60,000 industrial control system devices exposed to the public internet."

Bismillah writes "Evad3rs' new iOS 7 jailbreak featured a Chinese app store that sold pirated software, and which was pulled from Evasi0n7 soon after launch. Latest rumors say that the exploit used for Evasi0n7 was stolen by a certain person, offered up for sale, so the Evad3rs did a deal with TaiG instead. Jay 'Saurik' Freeman of Cydia meanwhile isn't happy about the whole thing, saying he was given no time to test Evasi0n7."

Bismillah writes "At the MIT Technology Review EmTech conference, Qualcomm announced that the company and partners will design and make neural processing units or NPUs starting next year. NPUs mimic the neural structures and how the brain processes information in a massively parallel way, while being extremely power efficient, and may end up in self-learning devices."

Bismillah writes "University of Bristol researchers have come up with a way to make touch screens more touchy-feely so to speak, using ultrasound waves to produce haptic feedback. You don't need to touch the screen even, as the UltraHaptics waves can be felt mid-air. Very Minority Report, but cooler." The researchers built an ultrasonic transducer grid behind an acoustically transparent display. Using acoustic modeling of a volume above the screen, they can create multiple movable control points with varying properties. A Leap Motion controller was used to detect the hand movements.

aesoteric writes "Yahoo is set to launch its first formal bug bounty system after Swiss pen testers complained about the $12.50 vouchers offered for locating XSS vulnerabilities. The web giant also said the voucher rewards were informal and actually funded out of the pockets of the company's own IT security staff."

Hugh Pickens DOT Com writes "ZDNet reports that Oracle's Larry Elison kicked off Oracle OpenWorld 2013 promising a 100x speed-up querying OTLP database or data warehouse batches by means of a 'dual format' for both row and column in-memory formats for the same data and table. Using Oracle's 'dual-format in-memory database' option, every transaction is recorded in row format simultaneously with writing the same data into a columnar database. 'This is pure in-memory columnar technology,' said Ellison, explaining that means no logging and very little overhead on data changes while the CPU core scans local in-memory columns. Ellison followed up with the introduction of Oracle's new M6-32 'Big Memory Machine,' touted to be the fastest in-memory machine in the world, hosting 32 terabytes of DRAM memory and up to 384 processor cores with 8-threads per core."

littlekorea writes "The world's largest web-scale users of MySQL have committed to one further upgrade to the Oracle-controlled database — but Facebook and Twitter are also eyeing off more open options from MariaDB and cheaper options from the NoSQL community. Who will pay for MySQL enterprise licenses into the future?"

Bismillah writes "Biometrics is hot stuff, not just for Apple but cleaning companies like the UK division of Denmark's IIS which tidies the London Underground railway network. However, the cleaners aren't happy about having to clock in and out with biometric fingerprint sensors, and are taking industrial action to stop the practice."

Bismillah writes "Graduated response regimes that warn and then penalize users for infringing file sharing do not appear to work, new research from Monash University in Australia has found. The paper studied 'three strikes' laws (abstract, freely downloadable as a PDF from there) in France, New Zealand, South Korea, Taiwan and the UK, as well as other anti-filesharing regimes in the U.S. and Ireland, but found scant evidence that they're effective."

Dan B. writes "After Australia's Conservative party (LNP) quietly posted a policy [PDF] to impose mandatory internet filtering just one day prior to the country's election, local premiere internet forum Whirlpool has gone in to overdrive with the fastest 50 page thread ever. At 8:30pm, both sides of politics were busy running media releases, with the Conservatives hastily back-pedalling on the policy, and the Government attacking it, accusing them of hypocrisy after voting down their own proposed filter 3 years prior, stating there was no proof filtering works."

AlbanX writes in with this story about Paypal's use of OpenStack. "PayPal's IT team has taken control of its technology release cycle by shifting key components of its IT infrastructure onto OpenStack. For PayPal, the decision to use components of OpenStack was based around speed to market. It allows the payments provider to untether its release cycle from those of vendor partners. 'PayPal has not historically been known for its fast reactions,' PayPal senior engineer Scott Carlson conceded to attendees at the VMworld conference in San Francisco this week. 'It has taken us six to nine months sometimes to react to our competitors.'"

Bismillah writes "Police affidavits show that the New Zealand Police requested and received assistance from the country's signals intelligence agency, the GCSB, which appears to have used PRISM to intercept Kim and Mona Dotcom and the Megaupload associates' communications."

AlbanX writes "A gang of suspected Romanian criminals is using 3D printers and computer-aided design (CAD) to manufacture 'sophisticated' ATM skimming devices to fleece Sydney residents. One Romanian national has been charged by NSW Police. The state police found one gang that had allegedly targeted 15 ATMs across metropolitan Sydney, affecting tens of thousands of people and nabbing around $100,000."

Bismillah writes "CAPTCHA may be popular with webmasters and others running different sites, but it's a source of annoyance to blind and partially sighted people — and dyslexic people and older ones — who often end up being locked out of important websites as they can't read wonky, obfuscated letters any more than spambots can. A campaign in Australia has started to rid sites of CAPTCHA to improve accessibility for everyone."

Bismillah writes "Australia's national science and research agency, the Commonwealth Scientific and Industrial Research Organization or CSIRO, has netted hundreds of millions on developing the near-ubiquitous Wi-Fi technology — and patenting it. Now however the patent is about to expire in the United States and eighteen other markets and the question is, can CSIRO come up with anything similarly successful in the future?"

Bismillah writes "Following the example of the Dutch, who enacted laws supporting network neutrality, the European Union is now looking at doing the same. They are pushing for an end to the throttling and blocking of services such as Skype and Whatsapp by providers hoping to drive users to their own competing services. The EU also wants a service transparency requirement for ISPs, so people know what they're buying — like minimum speed. It'll be interesting to see how this pans out."

aesoteric writes "A man's backyard beer fridge in Australia has been busted interfering with the cellular network of major carrier Telstra. Engineers used an internally-developed software 'robot' to crawl log files from the network and sent a field team out to pinpoint the cause of the interference."

Bismillah writes "The developer of ArcGIS, Esri, has dropped its bid to have the GeoServices REST API recognized as an open standard by the Open Geospatial Consortium, after a community backlash against 'providing a vendor with significant market advantage, erring on the creation of a state-sanctioned monopoly.'"

Bismillah writes "The Australian government chief technical officer wants some views on proposals for the official standard operating environment, which features OpenDocument as the proposed document format. Otherwise, the Aussie government is pretty much a Microsoft shop, with Windows 7 x64 and IE10 as the standard platform. 'Interoperability and support for several versions of Microsoft Office is cited by the AGCTO as reasons to go with ODF, along with flexibility and the fact that the format is continously updated and developed. Spreadsheet formulae are now included in the ODF 1.2 specification as well and the AGTO believes that this, along with Microsoft Office 2013 supporting the format, will help to reliably transfer formulae between applications.' According to the CTO's call for opinions, 'Standardizing on a format supported by a wide range of office suites provides for the greatest possible degree of interoperability without mandating the use of a specific product, as well as providing the best basis for reliable interchange of information between agencies deploying differing office productivity suites.'"

Bismillah writes about NATO's annual Locked Shields cyber defense exercises. "The Western European and North American mutual defence pact organisation NATO has concluded an annual cyber defence exercise, defending a fictitious network against incoming attacks. Called Locked Shields 2013, the exercise involved 250 people in eleven locations around Europe, under the auspices of the NATO Cooperative Cyber Defence Centre of Excellence (CCD-COE), the Finnish and Estonian Defence Forces and two government IT security organisations in the Baltic country."

New submitter AlbanX writes "An IT professional working in Sydney has been arrested for hacking a government website as part of the LulzSec movement. The 24-year-old man, residing in Point Clare, was arrested at his workplace late yesterday. He claimed to be the leader of the hacker movement. 'Police say he was in a "position of trust" within the company and had access to information on government clients. The AFP says its investigation began less than two weeks ago when investigators found a government website had been compromised. The man has been charged with two counts of unauthorised modification of data to cause impairment and one count of unauthorised access to a restricted computer system. He faces a maximum of 12 years in jail.'"

Bismillah writes "Excite Mobile in South Australia also set up a fake debt collection agency, and a fictional complaints body for late-paying customers. The company sent fake debt collection letters to 1074 customers, even going so far as threatening to confiscate the toys of their customers' kids if they didn't pay up. From the article: 'South Australian mobile phone provider Excite Mobile has been found guilty of false, misleading and unconscionable conduct by the Federal Court after the ACCC took action against the company for faking a debt collection agency, creating a fictional complaints body, and misrepresenting scope of mobile coverage.'"

Bismillah writes "The ABS has released the census data for the country under a Creative Commons license, but instead of making it easy to get, they've put in Javascript to obfuscate file paths and more. All commented in the source code of course." At first glance, it's an attempt to get people to pay $250 for a DVD with the data instead.

An anonymous reader writes "In one year today exactly, Microsoft will shut down support for Windows XP. The deadline will prove a challenge for many of Australia's largest users of IT, all struggling to migrate to new Microsoft environments." Net Applications' chart of current OS market share figures shows XP only slightly behind Windows 7, even now.

littlekorea writes "Mining companies are developing new systems for automating blasting of iron ore using the same open source physics engines adapted for games such as Grand Theft Auto IV and Red Dead Redemption. The same engine that determines 3D collision detection and soft body/rigid body dynamics in gaming will be applied to building 3D blast movement models — which will predict where blasted materials will land and distinguish between ore and waste. Predictive blast fragmentation models used in the past have typically been either numerical or empirical, [mining engineer Alan Cocker] said. Numerical models such as discrete element method, he noted, are onerous to configure and demanding of resources — both computing and human — and are generally not appropriate for operational use at mines. 'The problem with empirical models, by contrast, is that they tend to operate at a scale too coarse to give results useful for optimizations,' he added, noting typical Kuz-Ram-based fragmentation models (PDF) (widely used to estimate fragmentation from blasting) assume homogeneous geology (the same type of materials) throughout a blast."

An anonymous reader writes "Australian researchers have successfully connected a Tasmanian colony of fairy penguins to the internet. The research effort was part of the Interspecies Internet initiative, promoted by Google's chief internet evangelist Vint Cerf and former Genesis lead singer Peter Gabriel in a TED talk earlier this year."

angry tapir writes "It's been a long-running joke that it's cheaper for Australians to get a plane ticket to the U.S. if they want to buy Adobe's Creative Suite instead of paying local prices. But appearing before a parliamentary inquiry into the disparity between IT prices in Australia and elsewhere, Adobe's local chief appeared to suggest just that." Other companies gave their responses to the inquiry as well. Microsoft said they'll simply charge what the market will bear. Apple tossed out a host of reasons for the price difference; its retail partners, digital content owners, exchange rates, taxes, import duties, and an apparent inability to alter the price set by its U.S. parent company.

Juha Saarinen sends news that the Electronic Frontier Foundation has proposed a fix for software patents in general and patent trolls in particular: requiring applicants to provide specifics about their solution. They say the applications should include working code, or at least "detailed, line-by-line notations explaining how their code works." "And if they do get a patent, they should be limited to the invention they claimed. We think software patents are bad news, and incredibly harmful to our society and economy. We wish we didn’t have to deal with them at all. But by fixing the functional claiming problem, and limiting patentees to a narrow invention that they actually came up with, we would also limit the amount of harm those patents could cause. The Patent Office does not (yet) have the power to get rid of software patents entirely, but it can fix the functional claiming problem."

Juha Saarinen sends news that the Electronic Frontier Foundation has proposed a fix for software patents in general and patent trolls in particular: requiring applicants to provide specifics about their solution. They say the applications should include working code, or at least "detailed, line-by-line notations explaining how their code works." "And if they do get a patent, they should be limited to the invention they claimed. We think software patents are bad news, and incredibly harmful to our society and economy. We wish we didn’t have to deal with them at all. But by fixing the functional claiming problem, and limiting patentees to a narrow invention that they actually came up with, we would also limit the amount of harm those patents could cause. The Patent Office does not (yet) have the power to get rid of software patents entirely, but it can fix the functional claiming problem."

mask.of.sanity writes "Thousands of New Zealand frontline police will be armed with smartphones and tablets from this year in an efficiency initiative that the force hopes will save millions of dollars. NZ Police say the devices are Apple iPhones and iPads. These will be password protected and can be wiped remotely if lost. Police declined to say if the devices and their communications will be encrypted."