Slashdot Mirror

"According to Palo Alto Networks, on December 24, 2015, India's Ambassador to Afghanistan received a spear-phishing email that contained a new malware variant" ref

See subject: On any OS w/ a normal BSD derived IP stack (99% of devices & OS are) on most any hardware platform!

* Now, you have a point on my program... HOWEVER?

I could EASILY PORT IT, easily (for the MOST part, other than avoiding drive letters vs. mounted devices & I've along ago abstracted away the sockets diffs between *NIX socketry & WinSock2 in the code) via the BEST DEVELOPMENT TOOL ever created which my program is coded in:

Delphi -> http://www.embarcadero.com/pro...

Back in the "Top 10" development languages as I knew it would be per the TIOBE index http://www.tiobe.com/tiobe_ind...

AND

Not one of the "Big security & bug issue" generating languages either -> http://news.softpedia.com/news...

Which you can see ports to just about *ANYTHING* out there (of the major platforms)!

(For Linux, there's FreePascal + its LAZARUS IDE which is an almost EXACT CLONE of Delphi's Object Pascal (which whipped even MSVC++ in 4/6 tests, tying 1 with C++ & losing as C++ even did on ActiveX form loads to VB (a dead tech on VB & ActiveX))).

In fact, MORE THAN DOUBLING C++ in Math & Strings work in fact - which, face it, EVERY program does work on, in of ALL places, a competing languages' trade journal no less (VBPJ Sept./Oct. issue 1997 titled "Inside the VB5 Compiler")!

APK

P.S.=> So, before you ask it: Why don't I port it to OTHER platforms? Well, ok:

I am just not in the habit of "helping the competition", to be blatantly forthright honest about it (I'm a "Windows man", albeit Win7 & below, not the VISTA onwards wannabe Google garbage from MS)... apk

Cook is absolutely right to be concerned about precedent. If they are forced to create a crack for this phone, it will just open the flood gates. The FBI has already admitted they have about 12 other phones they need Apple to crack for them. And another LEO agent told an ABC news reporter that he has been holding on to about 150 phones that would also be entering the pipeline.

So maybe "undue burden" might be hard to argue in this one particular case, but setting the precedent absolutely creates a whole new business process that Apple will need to take care of, and one that is nothing but cost and bad press for them.

http://www.dshield.org/diary/C...
http://www.dshield.org/diary/C...
http://www.dshield.org/diary/C...
http://www.dshield.org/diary/C...
http://www.dshield.org/diary/C...
http://www.dshield.org/diary/C...
http://www.dshield.org/diary/C...
http://www.dshield.org/diary/C...
http://www.dshield.org/diary/C...
http://www.dshield.org/diary/C...
http://www.dshield.org/diary/C...
http://www.dshield.org/diary/C...
http://www.dshield.org/diary/D...
http://www.dshield.org/diary/D...
http://news.softpedia.com/news...

APK

P.S.=> So much for your faith in routers alone stupid (225 in total, 15 posts with 15 items each)... apk

For users, âoeAdaptable Storage Devicesâ entails that they can move an appâ(TM)s code plus its private data to external storage without having to turn to third-party tools or OEM hacks. Looking at a technical aspect, the setup will format the external storage to be in league with the internal one and will wrap it in a layer of specific encryption. So to Android, it becomes a part of a greater storage layout. In laymanâ(TM)s terms, Android M will treat an external storage device like an SD card as if it were internal storage, letting users move apps and other data between storage devices.

Android M Offers Support for External Storage Devices

Bingo, they have a list of existing software that they recommend.

symantec.com is an all-javascript garbage site that is broken by design.

Here's a slightly less bad source, from the useless spam site softpedia.com http://news.softpedia.com/news/android-ransomware-threatens-to-share-your-browsing-history-with-your-friends-499508.shtml

Choose your poison.

Nothing desperate about it. Provide a "free" upgrade to Windows 10 for people who would have bought a new computer instead for at least 2x the cost of an upgrade license to another company, then sell out all of their personal info via built in telemetry to recoup costs? Sounds like a good business strategy to me.

As a bonus any new computer they do buy still has the telemetry built in, so Microsoft still gets money from selling the user's personal info WHILE getting a payment on the Windows tax from the manufacturer.

Also, Microsoft has long used end of support to scare consumers and companies into upgrading. That's nothing new. See also KB2934207 and KB2949787 (Microsoft doesn't have a support page for this one anymore.) which provided scare tactics for the end of XP.

Don't get me wrong, I agree that if anything will displace Microsoft, it's the lack of trust that it's hell bent on pursuing. But to say that they need to do this to stay competitive is wrong. The only reason they can get away with it currently is the level of entrenchment that they have. It's very costly for both consumers and companies to switch to other products. As many people have been trained to use only Microsoft's products.

Go look at any class on "How to use a computer" and you'll find two Microsoft products proudly on display: Windows and Office. Most classes don't teach generic GUI concepts to people. They teach how to use Microsoft Windows. Most classes don't teach how to use generic office suite programs. They teach how to use the special features of Microsoft Office(365. "Now FREE to use ONLINE INTEGRATED WITH THE AZURE CLOUD!") Microsoft has spent a lot of time and money making their products the ONLY recognizable (via muscle memory) way to use a computer. They have leveraged that with their proprietary addons to various standards, and their own proprietary formats that don't inter-operate well with other solutions. (Like any other company would to ensure future profits.) That lock-in is the only reason they are getting away with their current business model for Windows 10. That and the fact it's being given away for free, and guess what? As long as people don't know about Microsoft's business plan, or don't feel any consequences from it (no pressure to switch to something else), Microsoft will stay on top of the pack just fine.

Firefox is extraordinarily buggy, both in absolute terms and relative terms.

Then why did Chrome have more security flaws in 2015 than Firefox. And why was Chrome the product with the most security bugs in 2010, 2011, and 2012 if it too is not "extraordinarily buggy"?

No matter what security improvements Microsoft and Google have helped Adobe make to Flash, it's better to uninstall Flash. It reduces the attack surface and avoids the security problems in the first place. Flash had 316 security bugs in 2015 as compared to Firefox's 178. So why take the risk of 494 security bugs when it's so simple to reduce the risk to 178?

How ironic. If you look on Softpedia's Security news section you see that Malwarebytes also had a security bug fixed, just one day earlier: http://news.softpedia.com/news...

> Yes, it is too hard for the actual whiners we have, but it would be easy, beyond simply "trivial," for any Jr Sysadmin or even a Jr Software Developer if they've ever used make

I'm afraid that's not true. Take a look at the Fedora work going on right now to try to segregate systemd components, described at http://news.softpedia.com/news... .

Oh my, you say it's not true, then post a link that proves you wrong.
Are you even understanding what you're talking about?
The problem Fedora faces with their two sub packages, is that they have to add functionalities that then would not be in the default systemd package.
If they were already in the main systemd package, their sub packages would not make sense anymore, it would defat their purpose.

These are components that should never have been integrated into an over sized and aggressive systemd in the first place. I've taken a few stabs at segregating systemd components myself, and it's a very large octopus of dependent code.

You sound like an emotional clueless person, not like a developer. What is an over sized systemd? What is an aggressive systemd?
Systemd reduced the size of my hand made systems (I've removed at least sysvinit + tons of scripts and several binary helpers + xinetd + dhcpcd at least) so to me it is not over sized, and it has never actually been aggressive to me, on the contrary, I've fixed several long time invisible misconfigurations by myself thanks to it.

> Yes, it is too hard for the actual whiners we have, but it would be easy, beyond simply "trivial," for any Jr Sysadmin or even a Jr Software Developer if they've ever used make

I'm afraid that's not true. Take a look at the Fedora work going on right now to try to segregate systemd components, described at http://news.softpedia.com/news... .These are components that should never have been integrated into an over sized and aggressive systemd in the first place. I've taken a few stabs at segregating systemd components myself, and it's a very large octopus of dependent code.

Interview with the malware's creator: http://news.softpedia.com/news...

We were corrected by Mr. Frohoff that said the vulnerability is in how developers treat user-supplied serialized data, and not the library itself.

http://news.softpedia.com/news/the-vulnerability-that-will-rock-the-entire-java-world-495840.shtml

This is an issue with how some users use a 3rd party library Apache Commons Collections. Java doesn't have to be fixed. And Apache Commons-Collection doesn't have to be fixed, except maybe stating the obvious...

Do not deserialize objects with executable code from the internet.

Well, sunspider certainly doesn't have the most reliable name:
http://news.softpedia.com/news...

Don't read too much into sunspider scores. Octane v2 isn't perfect either, but it's a lot better. Mozilla's kraken is probably even better, but it's much more focused on what CPU-intensive JS can do than on what normal JS actually does. I wouldn't call it a general purpose JS benchmark.

I'm curious to see the data set that you're pulling from.

Citations: Geek.com (2011); Softpedia (2012); Humble Bundle (October 2014)

Generally it's a small percentage of Linux users who actually pay for software, most prefer to use Open Source/free software.

The business case for developing free software for productivity has not historically extended to video games.

For games though, there are still far more (and better) web games for Flash than there are for noFlash.

I'd agree with more but not better. What's an example of a Flash game that's better than HTML5 games like DeadTrigger 2 or AngryBots or HexGL or Bejeweled or Browser Quest or the GA.ME games. I don't think Flash games have any technical edge over HTML5 games these days.

The PS4's user interface is implemented in WebGL. Don Olmstead gave a talk on its development and optimization.

when it comes to animation and gaming HTML V5 isn't anywhere as good as Flash

Uh, dude? The PS4's user interface is implemented on top of WebKit using WebGL. Don Olmstead gave a good talk on the development and optimization of the PS4's UI. If HTML5 is so terrible, then why is the PS4 the most successful console in this generation?

HTML5 is better. Primarily one for one reason alone... Malware can't hide in the file.

Nope, already been proven to be possible.

HTML5 Can Be Used to Hide Malware in Drive-by Download Attacks: http://news.softpedia.com/news...

"Improved scrolling, graphics, and video playback performance with off main thread compositing (GNU/Linux only)," the release notes say.

Via Softmedia

Don't forget, John McAfee himself said that McAfee software is the worst software on the planet. Why would anyone want to buy a company that the company's founder has publicly disparaged so badly?

The recent release of firefox 38.0.5 on june 2 has been below the radar of many news sites, including Slashdot, because it was only a "patch" release.

However, 38.0.5 included real feature changes, meaning the inclusion of a proprietary web service. I not just hate that firefox added a proprietary web service prominently to its browser, also they smuggled this in in a patch release, avoiding press attention.

Firefox isn't a randy bitch dog that every dog inside the SV startup neighbourhood springs on, its a major web browser which respects its users. At least it was until 38.0.5.

I accepted that they added the social API, I understood their EME changes, I've thought firefox hello was a good addition. But for 38.0.5 pocket integration, I'm heavily disappointed by mozilla.

I tried hard to switch to Googles Chrome and Chromium (Linux), but every page presented by the latter were loaded with trackers. What I learned with using Privacy Badger from the EFF, was a good justification to return to FF. So, it takes a fraction of a second or two to render a page. Can I take the time that I would save using Google's product and extend by life by the few hundred milliseconds per day of time-savings?

The recent release of firefox 38.0.5 on june 2 has been below the radar of many news sites, including Slashdot, because it was only a "patch" release.

However, 38.0.5 included real feature changes, meaning the inclusion of a proprietary web service. I not just hate that firefox added a proprietary web service prominently to its browser, also they smuggled this in in a patch release, avoiding press attention.

Firefox isn't a randy bitch dog that every dog inside the SV startup neighbourhood springs on, its a major web browser which respects its users. At least it was until 38.0.5.

I accepted that they added the social API, I understood their EME changes, I've thought firefox hello was a good addition. But for 38.0.5 pocket integration, I'm heavily disappointed by mozilla.

Well, among other things, he revealed that:

1) The NSA intercepts and stores virtually all communications sent on electronic networks anywhere it can reach. Not just metadata. In the case of phone calls, they also speech->text them and make that archive searchable.

http://rt.com/news/172284-nsa-...
http://www.globalresearch.ca/n...
http://www.theguardian.com/wor...

2) The NSA constantly works at ways to break into encrypted communications, including hacking into the VPNs of supposedly friendly governments.

http://www.spiegel.de/internat...

3) The NSA listens to the cell calls of friendly foreign leaders. (hopefully, also, unfriendly ones).

http://www.spiegel.de/internat...

4) The NSA may have worked to weaken encryption standards in order to make their task easier.

http://www.theverge.com/2013/9...
http://www.scientificamerican....

5) The NSA has physically broken into the fiber plants of major public Internet companies (ie. Google), supposedly without their knowledge, in order to steal data sent only internally.

http://www.extremetech.com/int...

6) Major Internet companies, and all telcos, have willingly shared much or all of their client's communications with the NSA.

http://www.bloomberg.com/bw/ar...

7) The NSA and foreign intelligence agencies share data in order to evade domestic spying restrictions.

https://www.techdirt.com/artic...

8) The NSA has hacked into at least one major supplier of SIM cards, in order to spy on calls made from the phones made with them.

http://news.softpedia.com/news...

T-800 Terminator Runs Linux Kernel 4.1 ..

And in the latest instalment, a Terminator comes back and persuades NORAD to upgrade it's systems to Windows :)

It turns out that the talks about ditching Patch Tuesday were just some speculation as well. It could live on.

My fingertip is the size of a dime. It can't be done. Stop trying to do it, it's not going to happen.

Seriously. The concept that is out dated is the watch. I want one of these: http://games.softpedia.com/scr...

Good luck matching that to a formal business suit jacket.

My fingertip is the size of a dime. It can't be done. Stop trying to do it, it's not going to happen.

Seriously. The concept that is out dated is the watch. I want one of these: http://games.softpedia.com/scr...

Incorrect. "Primatologist Jane Goodall was the first to observe this infamous female behavior in 1976 in a cannibalistic mother-daughter duo, the chimpanzees being named Passion and Pom."

They will also wage war.

It doesn't seem fishy to me at all. I am sure Microsoft is tired of the stories about how their old operating systems are more popular than their current one. Their last two releases (8.0 & 8.1) have flopped. Windows XP is still more popular than both of them combined! A fair amount of this stems from people running old operating systems on old hardware and they hope a free upgrade on the software side will create the appearance of a win.

This story should be marked as SOLVED! http://news.softpedia.com/news...

When you come back from the bathroom, you want to regain access to your own computer. Think about exactly how you do that. Do you press the power button and reboot, and then enter your authentication credentials into a dialog that you know is your login screen, because you know that every step from boot to login, is intended to protect your interests?

You're stuck there anyways because you can never be sure someone didn't reboot the system, run a keylogger designed to act like the lock screen, and then send your password and reboot the machine.

As the guy you're replying to said, "you know that every step from boot to login, is intended to protect your interests." If you're concerned about someone rebooting the system and running some malware, you should make use of the various features designed to mitigate against that. All PCs these days let you password-protect the BIOS settings, so if you've configured it to only boot from the HD, it's not as simple as an attacker putting in a CD or plugging in a USB flash drive with their keylogger. And for even more protection, you can get a computer with more "enterprisey" features, such as a physical case lock and a chassis intrusion detection switch. If the attacker thinks they'll just open the box up and do a quick hard drive swap or something like that, that's not gonna work. And these days, there's also UEFI Secure Boot. Sure, there are ways to attack all of this, but a BIOS password plus case lock is sufficient for the vast majority of people. If you need more than that, you should probably focus on keeping intruders from getting access to your computer in the first place.

Whether it's user mode per se or not, there are tools to change the behavior of ctrl-alt-delete.

As far as I can tell, that's just a utility that changes the options that are already available in Windows--they're normally controlled via Group Policy. It's not actually running any new code, it's just changing behavior in a way that MS has already allowed. It actually is possible to write your own code that runs when the user presses Ctrl+Alt+Del though; it's called a custom GINA DLL. Of course, if an intruder already has Admin access to install their GINA DLL, it's already too late... The point of Ctrl+Alt+Del is to thwart malware running as an unprivileged user.

PS - The other major thing is that Ctrl-Alt-Delete was originally a DOS-ism that had more to do with dealing with misbehaving, yet not malicious, programs and trying to regain some level of control.

That key combo was selected because no application uses it. Other than that, there's no relation to its use in DOS. Bill Gates has said that he (or Microsoft in general) had wanted a dedicated key for it, but IBM (which was a major keyboard manufacturer at the time) didn't want to add a key for MS. I guess MS eventually had enough clout to get everyone to add the Windows and Context Menu keys, but it wasn't worth changing Ctrl+Alt+Del to use the new keys.

When you come back from the bathroom, you want to regain access to your own computer. Think about exactly how you do that. Do you press the power button and reboot, and then enter your authentication credentials into a dialog that you know is your login screen, because you know that every step from boot to login, is intended to protect your interests?

If you're gone a short enough amount of time, it shouldn't be possible to compromise the X11 screen lock prompt any more than the Windows lock prompt. But, given enough time, both are inherently insecure if the person has physical access to the machine.

Or do you just give your authentication credentials to whatever program happens to be running and is asking for them, and is thereby assumed to probably be your screen locker?

You're stuck there anyways because you can never be sure someone didn't reboot the system, run a keylogger designed to act like the lock screen, and then send your password and reboot the machine. Really, if you're paranoid enough, you never leave your computer alone.

Windows users are all computer experts; you pretty much have to be, to get by. One of the first things they learn is that ctrl-alt-delete isn't maskable in user mode, so they are able to use those keys to authenticate the kernel and be sure they aren't being MitMed when they enter their password.

Whether it's user mode per se or not, there are tools to change the behavior of ctrl-alt-delete. Besides that, if someone has already bypassed the lock screen and pwned the system, you're already pretty much too late to worry about them then installing and running a fake lock screen. Honestly, they can just install a keyboard kernel sniffer at that point.

X users, on the other hand, don't generally know of a way, when sitting at their keyboard/monitor, to authenticate exactly what software they're communicating with. So if they give their password to a screenlocker, they might be giving their password to anyone or anything.

Read above. It's the exact same scenario as with Windows. If the system is already pwned and a malicious app may be running, you're already too late.

Isn't the point of a screen locker to keep a person from accessing my computer

Within certain limited bounds. In fact, what you're more discussing is the ctrl-alt-delete function and really the issue of the initial login prompt on a shared system. That's the major vector for password sniffing. Once you're already logged in and only away a short while, you presume a certain level of confidence that the machine wasn't compromised while you were away. But, again, if the system was already compromised or is so easily compromised, you've already lost.

The fact that you don't want adversarial persons accessing your stuff, suggests that X screen lockers aren't the right tool for you.

If I don't want sufficiently adversarial persons to access my stuff, I keep my stuff on me at all times and sleep very lightly. Baring that, I have to put a lot of trust that vendors patch bugs quickly, installed apps aren't inherently malicious, and that people don't have the real desire to hack my computer physically.

PS - The other major thing is that Ctrl-Alt-Delete was originally a DOS-ism that had more to do with dealing with misbehaving, yet not malicious, programs and trying to regain some level of control. That it was later co-opted as a security system doesn't change the point that it isn't inherently a security feature and is quite possibly co-optable if one has kernel access--a fact that sadly is too readily reachable once you have Windows access because UAC is still too opaque and users can't reasonable defend against it. Now, this would possibly c

Google Images search for windows 10 continuum brings up images such as this one from this page. It looks like a small chunk of a Windows 8 Start screen and part of a Windows 7 Start menu put together. I'm assuming that the appearance of the new Continuum start menu didn't change when Microsoft removed the option to use full-screen Start screen.

If I compare that to the Gnome 3.14, I think I would prefer Gnome 3.14. with two supported and freely available tweaks.

Google Images search for windows 10 continuum brings up images such as this one from this page. It looks like a small chunk of a Windows 8 Start screen and part of a Windows 7 Start menu put together. I'm assuming that the appearance of the new Continuum start menu didn't change when Microsoft removed the option to use full-screen Start screen.

Windows 8 has HEAP Protection via "Guard Pages", as well as "Chunk Randomization" -> http://news.softpedia.com/news...

Pus lastly for performance' sake, "Self-Terminating Services" (& 13 less services starting "automatic" vs. "manual" too, for memory & CPU resources conservation).

* It truly IS that UI that "killed it", so I agree with you there...

APK

P.S.=> We all KNEW it would fail (even myself an MS fanboy for decades since 1991) - you can't make folks suddenly not be able to drive their cars, by replacing the steering wheel & pedals with forklift controls, for Pete's sake... apk

It's already on the InterWebs and just a matter of time before it's everywhere.

Except that it's not on the torrents yet:

http://www.vocativ.com/culture/tvmovies/anyone-finds-legit-torrent-interview-hit-us/

http://news.softpedia.com/news/The-Interview-Torrent-Downloads-Exist-but-They-re-Not-What-You-d-Expect-467819.shtml

The only people we know for sure who have the movie are Sony (who aren't releasing it) and the hackers (who definitely aren't releasing it)

Highly doubtful, based on history.

Pins can be read from the POS keypad with rather low tech, minimal effort, particularly the ones using metallic keys.

Can you please save your systemd frustrations for posting on soylentnews? We don't quite have enough of those yet.

I don't think you can put much blame about systemd on Linus. At least the first search I made on "linus torvalds systemd" was an article reporting a somewhat annoyed comment by Linus regarding the inability of systemd developers to fix their own bugs.

Have you read this ? http://news.softpedia.com/news...

No, I haven't. That's good news. I'm not holding my breath, though. I want emerald back. That together with gnome-do and awn provided me everything I wanted.

Have you read this ? http://news.softpedia.com/news...

"If you want to use Gnome, you have to use systemd. " - i think they working to get rid that dependency http://news.softpedia.com/news...

All for nothing?

linux.softpedia.com

osnews.com

Linux Today

Linux Weekly News

"Are there any comparable websites? (Listing releases of open source projects)"

http://linux.softpedia.com/
http://www.opensourcesoftwaredirectory.com/
http://directory.fsf.org/wiki/Main_Page

http://news.softpedia.com/news...

Feel free to look up a CVE for it yourself. This is just one example. Other long-standing MS security holes include the infamous WMF bug. Plenty of such things exist in the wild.

Note: I am not the grandparent.

hardware manufacturers could just write the Linux driver once for the lifetime of the ABI just like they do for Windows.

Until you install a service pack and then it breaks, as it has for me.

An unstable kernel API

The kernel API is generally stable. Generally, when it's broken, this is unfavourable.

Free and proprietary ideologies can co-operate, the problem is the free side doesn't want to make any concessions in order to foster that co-operation and then they get upset when the proprietary side just gives them the finger.

Except that the kernel licensed by Linus allows use of proprietary binary blobs to make this possible, so concessions have been made. In fact, because the kernel contains some binary blob, some people have provided tools to remove the blobs from the kernel.

Stop being such a religious absolutist and realize that not everybody bends to your point of view

This may come as a surprise, but your view clearly isn't exactly absolute or accurate.

FOSS world does exactly that, a culture of exclusion based on ideology.

I don't really have a problem with this difference to exclude something using ideology as opposed to legal licensing or company interests. It's obvious that FOSS is ideology based, but I don't really see what the point is you're trying to drive forward by identifying this, especially when compared to other software in the industry.

but not another. Problem machine was AMD based, I think that my have something to do with it. This seemed to finally fix it for me. I also used the standalone installer.

The Inhell machine updted no problems.