Slashdot Mirror

prisoninmate writes: Canonical released a patch for the Raspberry Pi 2 Linux kernel 4.2 packages of the Ubuntu 15.10 (Wily Werewolf) operating system, fixing four critical security issues. Canonical urges all users of the Ubuntu 15.10 operating system for Raspberry Pi 2 single-board computers to update the kernel packages to version linux-image-4.2.0-1016-raspi2 4.2.0-1016.23 as soon as possible.

prisoninmate writes: Canonical released a patch for the Raspberry Pi 2 Linux kernel 4.2 packages of the Ubuntu 15.10 (Wily Werewolf) operating system, fixing four critical security issues. Canonical urges all users of the Ubuntu 15.10 operating system for Raspberry Pi 2 single-board computers to update the kernel packages to version linux-image-4.2.0-1016-raspi2 4.2.0-1016.23 as soon as possible.

An anonymous reader writes: A few naughty users have started spamming Reddit with Star Wars 7 spoilers, but also hoaxes. Some known Star Wars fans with Reddit accounts were even bombarded with PMs about the upcoming film, with trolls trying to ruin the movie before they saw it. As a result, Reddit is now banning any user that posts Star Wars 7 spoilers. The movie officially launches tomorrow; do you plan to see it? Do you care about spoilers?

An anonymous reader writes: Last year on Christmas, the LizardSquad hacking group took down PSN and Xbox Live for many hours via DDoS attacks. This year another group, called Phantom Squad, is planning the same thing. The group has been launching small test attacks on PSN, Xbox, Reddit, SWOTR, and other game servers over the past few days.

prisoninmate writes: A zero-day security flaw was discovered by developers Ismael Ripoll and Hector Marco in the upstream GRUB2 packages. GRUB2 did not correctly handle the backspace key when the bootloader was configured to use password protected authentication, thus allowing a local attacker to bypass GRUB's password protection. Versions from 1.98 (December, 2009) to 2.02 (December, 2015) are affected. At the moment, it looks like only a few distributions received the patched GRUB2 versions, including Ubuntu, Debian (Squeeze LTS only) and Red Hat Enterprise Linux 7.

An anonymous reader writes: Joomla just issued a emergency security patch after Sucuri observed a large number of attacks on Joomla sites using malicious user-agent strings. Attackers were adding malicious code to custom-made user-agent strings, which were not sanitized and stored in the database. These allowed attackers to trigger remote code on the site and grant them a backdoor into targeted websites. Even if Joomla doesn't care about older versions, the bug was so critical that it issued security patches even for EOL versions going back to 1.5.x.

An anonymous reader writes with word that MIT researchers "created an alternative to Tor, a network messaging system called Vuvuzela that pollutes the network with dummy data so the NSA won't know who's talking to who." Initial tests show the systems overhead adding a 44-second delay, but the network can work fine and preserve anonymity even it has more than 50% of servers compromised.

An anonymous reader writes: After in September Google discovered SSL certificates issued in its name by Symantec, and after in October the company discovered over 2,500 more certificates issued for non-existent domains, also by Symantec, Google has now decided to ban Symantec's dodgy certificates from Android and Chrome. "Symantec has decided that this root will no longer comply with the CA/Browser Forum's Baseline Requirements," said Ryan Sleevi, Google Software Engineer. "As these requirements reflect industry best practice and are the foundation for publicly trusted certificates, the failure to comply with these represents an unacceptable risk to users of Google products." Apparently Symantec hasn't been very careful of where and to whom it issues SSL certificates from a particular root branch.

jones_supa writes: One in three torrent sites is spreading malware, claims a recent joint report (PDF) from Digital Citizens Alliance and RiskIQ, which compiled data from over 800 sites. Most of the time, the sites expose visitors to drive-by attacks that silently download malicious files on computers without any user interaction. These types of attacks are usually carried out through malvertising campaigns. It turns out that this is actually a good business for the operators of the pirate sites: depending on traffic, they can make between $200 and $5,000 per day. In total it is estimated that this type of covert agreement between malware distributors and pirate site operators has pocketed the latter about $70 million per year.

An anonymous reader writes: Basic ASLR was not implemented in 3 major antivirus makers, allowing attackers to use the antivirus itself towards attacking Windows PCs. The bug, in layman terms, is: the antivirus would select the same memory address space every time it would run. If attackers found out the memory space's address, they could tell their malicious code to execute in the same space, at the same time, and have it execute with root privileges, which most antivirus have on Windows PCs. It's a basic requirement these days for software programmers to use ASLR (Address Space Layout Randomization) to prevent their code from executing in predictable locations. Affected products: AVG, McAfee, Kaspersky. All "quietly" issued fixes.

An anonymous reader writes: ISC-CERT is warning of a critical vulnerability (score 9.8 out of 10) in Internet-enabled XZERES 442SR wind turbines. According to CERT, the Web administration portal of these portals is subject to the simplest XSS attacks (modifying IDs for admin access), which even the most basic n00b-level hackers can perform. This is yet another security bug in critical IoT equipment, like the Midas gas detector.

An anonymous reader writes: Instead of creating their own exploits, some lazy Chinese hackers took the Root Assistant Android rooting toolkit and remodeled it into a trojan, which they packed inside copies of legitimate apps (distributed via unofficial app stores). Until now, only seven apps were repackaged, and only 600 users infected. A weird thing: there's a XML file in the trojan that prevents it from infecting Chinese users.

prisoninmate sends news that Linux Mint 17.3 "Rosa" has been officially released. Following a few technical problems with their website, the Mint developers posted release announcements for both the Cinnamon and MATE flavors of the operating system. "Both Linux Mint 17.3 "Rosa" editions ship with the same improvements for some of the operating system's core components and in-house built apps, such as Software Sources, which is now more reliable, responsive, and fast, Update Manager, which can perform more checks, Driver Manager, which is now more robust, and Login Screen." Here are the release notes (Cinnamon, MATE), and the summaries of new features (Cinnamon, MATE).

An anonymous reader writes: Veracode has put together a report after static analysis of over 200,000 apps, and its results show that Classic ASP, ColdFusion, and PHP generated the most security bugs in scanned applications. Ignoring the first two, which are almost extinct languages, PHP, used for Drupal, Joomla, and WordPress (which recently announced it runs a quarter of the Internet) is the programming language with the most security woes.

An anonymous reader writes: After a long wait web developers can finally start migrating their code to PHP 7. The new version comes with minimal syntax modifications, and is more focused on improving performance and upgrading PHP's core interpreter. Softpedia reports: "As mentioned above, PHP 7 is focused on speed, and benchmarks carried out over the past few months, have shown it to be almost twice as fast as older PHP 5.x releases, and neck in neck with Facebook's HHVM project, a Just-In-Time compiler for PHP code." A full list of new features is available here.

An anonymous reader writes: After a long wait web developers can finally start migrating their code to PHP 7. The new version comes with minimal syntax modifications, and is more focused on improving performance and upgrading PHP's core interpreter. Softpedia reports: "As mentioned above, PHP 7 is focused on speed, and benchmarks carried out over the past few months, have shown it to be almost twice as fast as older PHP 5.x releases, and neck in neck with Facebook's HHVM project, a Just-In-Time compiler for PHP code." A full list of new features is available here.

An anonymous reader writes: Researchers have discovered a large number of zero-day flaws in 8 routers/modems from 4 manufacturers (ZTE, Huawei, Gemtek, Quanta) that would allow attackers to build a huge botnet by leveraging just a few exploits. Vulnerabilities include remote code execution, firmware rewrites, XSS, and CSRF. All these allow attackers to intercept both HTTP and HTTPS Web traffic, infect computers beyond the modem, intercept SMS messages, and detect the modem's geographical location. After six months, manufacturers have failed to fix the issues.

jones_supa writes: Canonical has announced that a new kernel update is now live in the default software repositories for the Ubuntu 14.04 operating system. According to the security notice, two Linux kernel vulnerabilities have been fixed. The first security flaw was discovered in the SCTP (Stream Control Transmission Protocol) implementation, which conducted a wrong sequence of protocol-initialization steps. The second kernel vulnerability (discovered by Dmitry Vyukov) was in the Linux kernel's keyring handler, which tried to garbage collect incompletely instantiated keys. Both vulnerabilities allow a local attacker to crash the system by causing a denial of service. To fix the issues mentioned above, Canonical urges all users of Ubuntu 14.04 to update their kernel packages on all platforms.

prisoninmate writes: Google announces that its Google Chrome web browser will no longer be available for 32-bit hardware platforms. Additionally, Google Chrome will no longer be supported on the Ubuntu 12.04 LTS (Precise Pangolin) and Debian GNU/Linux 7 (Wheezy) operating systems. Users are urged to update to the Ubuntu 14.04 LTS (Trusty Tahr) release and Debian GNU/Linux 8 (Jessie) respectively. Google will continue to support the 32-bit build configurations for those who want to build the open-source Chromium web browser on various Linux kernel-based operating systems. Reader SmartAboutThings writes, on a similar note, that: Microsoft is tolling the death knell for Internet Explorer with an announcement that it will end support for all older versions next year. Microsoft says that all versions older than the latest one will no longer be supported starting Jan. 12, 2016. After this date, Microsoft will no longer provide security updates or technical support for older Internet Explorer versions. Furthermore, Internet Explorer 11 will be the last version of Internet Explorer as Microsoft shifts its focus on its next web browser, Microsoft Edge.

An anonymous reader writes: In the never-ending series of hackable, improperly protected IoT devices, today we hear about an IoT smart home alarm system that works over IP. Made by RSI Videofied, the W Panel features no encryption, no integrity protection, no sequence numbers for packets, and a predictable authentication system. Security researchers who investigated the devices say, "The RSI Videofied system has a level of security that is worthless. It looks like they tried something and used a common algorithm – AES – but messed it up so badly that they may as well have stuck with plaintext."

An anonymous reader writes: Emsisoft has launched a new tool capable of decrypting files compromised by the DecryptorMax (CryptInfinite) ransomware. The tool is quite easy to use, and will generate a decryption key. For best results users should compare an encrypted and decrypted file, but the tool can also get the decryption key by comparing an encrypted PNG with a random PNG downloaded off the Internet.

An anonymous reader writes: LinkedIn has fixed a security bug that allowed attackers to use its own CSS code for clickjacking attacks. Basically attackers can create blog posts and load CSS classes from LinkedIn's own stylesheets. If a reader lands on that blog post, then a malicious link can be shown for the entire area of the page. Not something "unique" since this type of method is quite well-known, but you don't generally expect to find these kind of attacks on LinkedIn's own platform. (Here's a link to the LinkedIn security blog. Sorry for not linking to the particular blog — LinkedIn has a weird URL policy. It's the first one.)

prisoninmate writes: The current daily build of the Ubuntu 16.04 LTS (Xenial Xerus) remains based on the Linux 4.2 kernel packages of the stable Ubuntu 15.10 (Wily Werewolf) operating system, while the latest and most advanced Linux 4.3 kernel is tracked on the master-next branch of the upcoming operating system. In the meantime, the Ubuntu Kernel Team announced plans for moving to Linux kernel 4.4 for the final release of the Ubuntu 16.04 LTS (Xenial Xerus) operating system.

An anonymous reader writes: A judge allowed a software pirate to make a anti-piracy PSA and get away from paying a $373,000 / €351,000 fine he owed Microsoft and other software manufacturers. The only condition was that his video should get over 200,000 views on YouTube. From the BBC's coverage of the trial's unusual outcome: [The defendant, known only as Jakub F] came to the out-of-court settlement with a host of firms whose software he pirated after being convicted by a Czech court. In return, they agreed not to sue him. ... The firms, which included Microsoft, HBO Europe, Sony Music and Twentieth Century Fox, estimated that the financial damage amounted to 5.7m Czech Crowns (£148,000). But the Business Software Alliance (BSA), which represented Microsoft, acknowledged that Jakub could not pay that sum. Instead, the companies said they would be happy to receive only a small payment and his co-operation in the production of the video. In order for the firms' promise not to sue to be valid, they said, the video would have to be viewed at least 200,000 times within two months of its publication this week. ... But, if the video did not reach the target, the spokesman said that — "in theory" — the firms would have grounds to bring a civil case for damages."

An anonymous reader writes: Apparently even the easiest-to-remove ransomware is painfully hard to uninstall from smart TVs, if they're running on the Android TV platform, and many are. This didn't happen in a real-world scenario (yet), and was only a PoC test by Symantec. The researcher managed to remove the ransomware only because he enabled the Android ADB tool beforehand, knowing he would infect the TV with the ransomware. "Without this option enabled, and if I was less experienced user, I'd probably still be locked out of my smart TV, making it a large and expensive paper weight," said the researcher.

An anonymous reader writes: An exploit vendor published a price list for the zero-day bugs it's willing to buy. The highest paid bugs are for remote jailbreaks for iOS. Second is Android and Windows Phone. Third there are remote code execution bugs for Chrome, Flash, and Adobe's PDF Reader. This is the same company that just paid $1 million to a hacker for the first iOS9 jailbreak.

BarbaraHudson writes: Softpedia is reporting that Anonymous, along with social media users, have identified several thousand Twitter accounts allegedly linked to ISIS members. "Besides scanning for ISIS Twitter accounts themselves, the hacking group has also opened access to the [takedown operation] site to those interested. Anyone who comes across ISIS social media accounts can easily search the database and report any new terrorists and supporters. The website is called #opIceISIS [slow right now, but it does load] and will index ISIS members based on their real name, location, picture, Twitter, Facebook, and YouTube accounts." Anonymous crowdsourcing their operations... welcome to the brave new world, ISIS. An article at The Independent reminds everyone that this information has not been independently confirmed, and that Anonymous is certainly capable of misidentifying people. It's also worth exploring the question of why Twitter hasn't already disabled these accounts, and why intelligence agencies haven't done anything about them, if they're so easy to find.

An anonymous reader writes: The healthcare sector gets a hand from Microsoft, who will release a new encryption algorithm which will allow developers to handle genomic data in encrypted format, without the need of decryption, and by doing so, minimizing security risks. The new algorithm is dubbed SEAL (Simple Encrypted Arithmetic Library) and is based on homomorphic encryption, which allows mathematical operations to be run on encrypted data, yielding the same results as if it would run on the cleartext version. Microsoft will create a new tool and offer it as a free download. They've also published the theoretical research. For now, the algorithm can handle only genomic data.

An anonymous reader writes: As usual, Anonymous members are quicker to respond to threats than investigators and have announced #OpParis as revenge for the Paris attacks. Their action is similar to #OpISIS from this spring, launched after the Charlie Hebdo attacks. Previously Anonymous ousted thousands of ISIS Twitter accounts in #OpISIS. In a more conventional response, the government of France has been bombarding ISIS positions in Syria with airstrikes, and hunting for suspect Salah Abdeslam in connection with Friday's killings.

An anonymous reader writes: The old Conficker worm was found on new police body cameras that were taken out of the box by security researchers from iPower Technologies. The worm is detected by almost all security vendors, but it seems that it is still being used because modern day IoT devices can't yet run security products. This allows the worm to spread, and propagate to computers when connected to an unprotected workstation. One police computer is enough to allow attackers to steal government data. The source of the infection is yet unknown. It is highly unlikely that the manufacturer would do this. Middleman involved in the shipping are probably the cause.

An anonymous reader writes: Anonymous hackers breached the servers of the Brazilian Army, and later leaked the personal details of around 7,000 officers. The incident seems to stem from CTF games where security teams try to hack each other. Apparently the Brazilian Army team used forbidden tactics to win its games, and the hackers responded by doxxing some of their officers. A snippet: According to the hackers' statement, the Brazilian Army team used a forbidden technique to win their CTF matches in a local CTF tournament. The technique they used is WiFi deauth, a simplistic attack that jams WiFi traffic, incapacitating the other team. The hackers also seemed upset at the fact that the Brazilian army was bragging about their accomplishments, being particularly angry at the usage of the word "elite."

AmiMoJo writes: Mozilla's engineers have announced the removal of Firefox complete themes as a way to lighten the browser core and remove a feature they don't see as heavily used any more. "Personas", or lightweight themes that are basically just wallpaper images, will remain. The Firefox community did not respond well to this piece of news, most seeing it as the engineers "chromifying Firefox." The change is part of Mozilla's Great-or-Dead initiative, which plans to simplify the Firefox codebase and remove features that are not popular.

An anonymous reader writes: Chinese and Russian spies have attempted to hack into the top secret details of Australia's future submarines (paywalled), with both Beijing and Moscow believed to have mounted repeated cyber attacks in recent months. One of the companies working on a bid for Australia's new submarine project said it records between 30 and 40 cyberattacks per night.

An anonymous reader writes: A new ransomware family was not tested by its developer and is encrypting user files and then throwing away the encryption key because of an error in its programming. The ransomware author wanted to cut down costs by using a static encryption key for all users, but the ransomware kept generating random keys which it did not store anywhere. The only way to recover files is if users had a previous backup. You can detect it by the ransom message which has the same ID:qDgx5Bs8H

An anonymous reader writes: A new piece of ransomware has been discovered that targets Linux servers, looking to encrypt only files that are related to Web hosting, Web servers, MySQL, Subversion, Git, and other technologies used in Web development and HTTP servers. Weirdly, despite targeting business environments, the ransomware only asks for 1 Bitcoin, a fairly low amount compared to other ransomware.

An anonymous reader writes: Hackers have put on sale OmniRAT, a remote access trojan that can target Androids, Linux, Mac, and Windows PCs. The tool costs $25-$50, which is only a fraction of $200-$300,the price of DroidJack, another Android RAT. Avast is currently reporting that the RAT was used this summer in Germany, spread to victims via SMS messages. The Softpedia article about OmniRAT includes a video, but declined to post the tool's homepage. You can easily find it via a Google search.

An anonymous reader writes: In July, the Permanent Court of Arbitration in The Hague conducted a hearing on the territorial dispute in the South China Sea between the Philippines and China. On the third day of the hearing, the Court's website was suddenly knocked offline. The attack reportedly originated from China and infected the page with malware, leaving anyone interested in the landmark legal case at risk of data theft. "By infecting the computers of journalists, diplomats, lawyers, and others who are involved or interested in the case, Chinese cyber units may be able to find out the names of people who are following the case and anticipate what their response might be if the court rules against China. For example, if Vietnamese or Japanese diplomats visited the website and their computers were infected, China could have access to internal documents and understand that country’s next moves over the disputed islands."

campuscodi writes to note that the World Wide Web Consortium has launched a Working Group to help streamline the online "check-out" process and make payment by internet easier and more secure. The proposed standards will support a wide array of existing and future payment methods, including debit, credit, mobile payment systems, escrow, and Bitcoin and other distributed ledger technologies. The group estimates that the new payments API will reach browsers by the end of 2017. For more details, you can consult the Web Payments Working Group Charter, and the group's wiki FAQ page.

New submitter campuscodi writes: Security researchers at Pen Test Partners have found a security vulnerability in the iKettle Wi-Fi Electric Kettle that allows attackers to crack the password of the WiFi network to which the kettle is connected. Researchers say that using this simple trick and information about iKettles, they drove around London, cracked home WiFi networks, and created a map of insecure WiFi networks across the city. The same researchers cracked a Samsung smart-fridge this summer to disclose Gmail passwords. If you have 6 minutes, there's a YouTube video you can watch.

An anonymous reader writes: Carnegie Mellon University's CERT security vulnerabilities database has issued an alert regarding the current status of LTE (Long-Term Evolution) mobile networks, which are plagued by four vulnerabilities that allow attackers to spoof phone numbers, overbill clients, create DoS (Denial of Service) states on the phone and network, and even obtain free data transfers without being charged. The vulnerabilities were discovered by 8 scientists which documented them in their research.

An anonymous reader writes: Two French researchers have discovered a way to use the Siri and Google Now voice assistant software to relay malicious commands to smartphones without the user's consent or knowledge. This method relies on a special hardware rig that can send radio waves to smartphones with earphones plugged into them. The radio waves get picked up by the earphone cable, get transformed into electrical signals and then to software commands. The research is accompanied by a YouTube video as well. Note that this attack, as the article explains, so far relies on some bulky dedicated equipment, and on the attacker being close to the system he wants to disrupt.

prisoninmate writes: Believe it or not, it has been 19 long years since Matthias Ettrich announced his new project, the Kool Desktop Environment (KDE). "Unix popularity grows thanks to the free variants, mostly Linux. But still a consistent, nice looking free desktop-environment is missing. There are several nice either free or low-priced applications available so that Linux/X11 would almost fit everybody needs if we could offer a real GUI," wrote the developer back in October 14, 1996.

An anonymous reader writes with this story at Softpedia about Google Project Zero security researcher Tavis Ormandy's latest find. A vulnerability that allowed abuse by attackers was discovered and quickly fixed in the Kaspersky Internet Security antivirus package, one which allowed hackers to spoof traffic and use the antivirus product against the user and itself. Basically, by spoofing a few TCP packets, attackers could have tricked the antivirus into blocking services like Windows Update, Kaspersky's own update servers, or any other IPs which might cripple a computer's defenses, allowing them to carry out further attacks later on.

jones_supa writes: Linus Torvalds took the stage at LinuxCon Europe in Dublin, Ireland, and talked about a number of things, including security and the future for Linux on ARM hardware. There is nothing that will blow your mind, but there are a couple of interesting statements nonetheless. Chromebooks are slowly taking over the world, and a large number of those Chromebooks are powered by ARM processors. "I'm happy to see that ARM is making progress. One of these days, I will actually have a machine with ARM. They said it would be this year, but maybe it'll be next year. 2016 will be the year of the ARM laptop," said Linus excitedly. He also explained that one of the problems now is actually finding people to maintain Linux. It's not a glorious job, and it usually entails answering emails seven days a week. Finding someone with the proper set of skills and the time to do this job is difficult.

An anonymous reader writes: A Russian man that calls himself "Alister Maclin" has been disrupting the Bitcoin network for over a week, creating duplicate transactions, and annoying users. According to Bitcoin experts, the attack was not dangerous and is the equivalent of "spam" on the Bitcoin blockchain servers, known in the industry as a "malleability attack," creating duplicate transactions, but not affecting Bitcoin funds. Maclin recently gave an interview to Vice.

jones_supa writes: According to Enlightenment 0.19.12's release notes, it's an important release that fixes over 40 issues, which is quite something, considering that previous versions had only a few improvements, with most of them being minor. However, the big news is that 0.19.12 drops support for the Wayland display server. Unfortunately, the Enlightenment developers have omitted to mention why they decided to remove any form of support for Wayland from this release, and if it will return in upcoming releases of the software.

An anonymous reader writes: Dutch IT security expert Sijmen Ruwhof has found a pretty big blunder on the part of Danske Bank, Denmark's biggest bank, which exposed sensitive user session information in the form of an encoded data dump, in their banking portal's JavaScript files. The data contained client IP addresses, user agent strings, cookie information, details about the bank's internal IT network, and more. He contacted the bank, who fixed the issue, but later denied it ever happened.

Ars Technica and scads of other tech hardware sites are reporting that the big news so far from this morning's Microsoft product launch event in New York is that the company's Hololens development kit will begin shipping in the first quarter of next year, and at a price that puts the units out of the hands of typical consumers: $3000. At that level, developers are more likely to make the plunge, which Ars applauds.

The company also announced three new smartphones: two of them, the Lumia 950, 950XL, are worth designating "flagships," while the 550, notably, will sell for $139, putting it in the territory of cheap grey-market Android phones. More interesting than spec bumps, though, is Continuum for Windows, a Window 10 feature which made its official debut at the event. Continuum is one manifestation of the pocket-computer idea that others have had as well in various forms: it means that with an adapter, a phone can be used as the CPU and graphics engine when connected to a screen and keyboard: "The adapter features a Microsoft Display Dock, an HDMI and Display Port, plus 3 USB ports to provide productivity on the go and let you plug in additional peripherals, such as mice and keyboards. Other accessories can be connected too, Microsoft said."

Microsoft also demo'd the Surface 4. Its improved screen is 12.3" at 2160x1440, for a pixel density of 267 PPI. The new pro has a Skylake 6th-gen processor, which they say provides a 30% performance boost over the Surface Pro 3, and a 50% boost over the MacBook Air. The SP4 goes up to 1TB of storage, and up to 16GB of RAM. The Type Cover was improved as well — the touchpad is 40% larger and supports 5-point multi-touch, while the keys have better travel and pitch.

On top of this, Microsoft also unveiled the Surface Book laptop. Its defining feature is that you can unclip the 13.5" touchscreen and use it separately as a tablet. The keyboard dock has a dedicated GPU that will boost performance when attached. Microsoft is using a new type of hinge that bends and extends at multiple points, so you can also reattach the screen backward if you want to use it as a tablet while keeping the extra GPU power available. They claim a 12-hour battery life for the Surface Book.

An anonymous reader writes: QuarksLAB, a security research company, has stumbled upon two kernel vulnerabilities for Samsung Galaxy S4 devices, which Samsung has decided to patch only for recent devices running Android Lollipop, but not Jelly Bean or KitKat. The two vulnerabilities (kernel memory disclosure and kernel memory corruption) were discovered in February 2014 and reported to Samsung in August 2014, affecting the samsung_extdisp driver of Samsung S4 (GT-I9500) devices. Bugs break ASLR and lead to denial of service (DoS) state or even elevating attacker privileges.

prisoninmate writes: In this release, GNOME improves the general user experience for users and new developers alike. GNOME 3.18 adds a feature called "Automatic Brightness," which, when enabled, it will make use of your laptop's light sensor to dim or increase the screen's brightness depending on the surrounding lighting. GNOME 3.18 also improves the touch screen experience, especially when selecting and modifying text, implements a new view in the Nautilus (Files) sidebar, which collects all the remote and internal locations in a single place.