Slashdot Mirror

hypnosec writes "Eric S. Raymond, co-founder of the Open Source Initiative, has recommended that Emacs should move to another version control system like GitHub, as bzr is dying. In an email, Raymond highlighted the key reasons why he believes that Emacs should move. Raymond said that bzr is moribund; its dev list has flatlined; and most of Canonical's in-house projects have already abandoned bzr and moved to GitHub. ESR believes that bzr's codebase is sufficiently mature to be used as a production tool, but he does mention that continuing to use the revision control system will have 'social and signaling effects damaging to Emacs's prospects.'" Update: 01/06 20:50 GMT by U L : ESR did not suggest Github the proprietary hosting platform for git, but rather git the version control system. Which is actually already available on Savannah (the bazaar repository is automatically synced with the git repository).

hypnosec writes "Just days after Australia-based Gibson Security disclosed two vulnerabilities in Snapchat that could allow hackers to gain access to personal data of its users, hackers managed to get their hands onto basic information of 4.6 million Snapchat users and have leaked it online, partially censored.The database dump is available on SnapchatDB and allows anyone to grab it as a SQL dump or CSV text file. ... 'This information was acquired through the recently patched Snapchat exploit and is being shared with the public to raise awareness on the issue,' reads a statement on SnapchatDB."

hypnosec writes "The Chinese government has officially banned Battlefield 4, stating that Electronic Arts has developed a game that not only threatens national security of the country, but is also a form of cultural invasion. The country's Ministry of Culture has issued a notice banning all material retailed to the game in any form, including the game itself, related downloads, demos, patches and even news reports. According to PCGames.com.cn [Chinese language], Battlefield 4 has been characterized as illegal game on the grounds that the game endangers national security and cultural aggression."

hypnosec writes "The Reserve Bank of India (RBI) has cautioned users of virtual currencies like Bitcoin, Litecoin, and Dogecoin on the risks associated with them and said that it is looking at the use and trading of these currencies. They noted that there are quite a few risks including: theft of digital wallets that are used to store the digital currency, absence of any frameworks to tackle customer problems, disputes and charge backs; exposure to potential losses because of high volatility in value of the virtual currencies, legal and financial risks, and breach of anti-money laundering laws because of lack of complete information on counterparts in a peer-to-peer anonymous / pseudonymous systems."

hypnosec writes "Evad3rs, the famous iOS jailbreak team, has announced an iOS 7 jailbreak that will work in all iDevices including iPhone 5S, iPhone 5C and iPad Air running iOS 7.0 through to iOS 7.0.4. The iOS 7 jailbreak was announced without much of a hype, unlike the one for iOS 6. 'Merry Christmas! The iOS 7 jailbreak has been released at http://evasi0n.com/! All donations will go to @publicknowledge, @eff and @ffii,' tweeted evad3rs." Reader FrogBlastTheVentCore adds a note of caution: "They recommend restoring your device to iOS 7.0.4 if it has received OTA updates before attempting to jailbreak."

hypnosec writes "Researchers have developed and open-sourced a low-cost 3D metal printer capable of printing metal tools and objects that can be build for under £1,000. A team of researchers led by Associate Professor Joshua Pearce at the Michigan Technological University developed the firmware and the plans for the printer and have made it available freely. The open source 3D printer is definitely a huge leap forward as the starting price of commercial counterparts is around £300,000. Pearce claimed that their technology will not only allow smaller companies and start-ups to build inexpensive prototypes, but it will allow other scientists and researchers to build tools and objects required for their research without having to shell out thousands, and could be used to print parts for machines such as windmills." It's a modified RepRap; looks like we're getting closer to the RepRap being able to print all of its parts.

hypnosec writes "Bitcoin miners are being integrated with third party potentially unwanted programs (PUPs) that come bundled with legitimate applications. These miners surreptitiously carry out Bitcoin mining operations on the user's system consuming valuable CPU time without explicitly asking for user's consent. Malwarebytes, the company which found evidence of these miners, first came across such an instance of a Bitcoin miner when one of the users of its software requested for assistance on November 22 through a forum post. The user revealed that 'jh1d.exe' was taking up over 50 percent of the CPU resource and even after manual deletion the executable was re-appearing. Malwarebytes dug deeper into this and found traces of a miner 'jhProtominer,' a popular mining software that runs via the command line". However, it seems that the company behind the application has a specific clause 3 in EULA that talks about mathematical calculations similar to Bitcoin mining operation. This means that the company behind the software can and will install Bitcoin miners and use system resources to perform operations as required to mine Bitcoins and keep the rewards for themselves."

hypnosec writes "A white hat hacker managed to break into multiple email accounts thereby forcing the European Parliament to cutoff its public Wi-Fi access. The French security researcher apparently performed man-in-the-middle attacks on multiple email accounts in a bid to expose the poor security at the Parliament. Through an internal mailer, members of the Parliament were informed that a 'hacker has captured the communication between private smartphones and the public Wi-Fi of the Parliament (EP-EXT Network).' The public Wi-Fi has been cut-off indefinitely and users at located at Brussels, Strasbourg and Luxembourg have been advised to apply for certificates and switch to more secure networks."

hypnosec writes "The European Commission has outlined steps it believes will pave the way for restoring faith in EU-U.S. data flows following revelations about NSA spying activities under its PRISM program. The EC notes that spying on its citizens, companies, and leaders is unacceptable; and that citizens of U.S. and EU need to be reassured about protection of their data, while companies need to be reassured that the existing agreements between the two regions are respected and enforced. The Commission outlined a total of six areas that it believes require action including swift adoption of the EU's data protection reforms; making Safe Harbor safer; strengthening data protection safeguards in the law enforcement area; commitment from the U.S. for making use of a legal framework; addressing European concerns in the on-going U.S. reform process; and promoting privacy standards internationally."

hypnosec writes "The movie industry in the UK is having a ball, as far as blocking of sites allegedly involved in piracy is concerned, as courts have asked UK ISPs to enforce a blockade on Project Free TV, YIFY, PrimeWire and others. Getting a torrent or steaming site blocked in the UK is a mere paperwork formality, since ISPs have completely stopped defending against these orders. As it stands, a total of 33 sites have been blocked in the UK, including The Pirate Bay, BitSnoop, ExtraTorrent, Torrentz, 1337x, Fenopy, H33T, KickAssTorrents, among others."

hypnosec writes "The movie industry in the UK is having a ball, as far as blocking of sites allegedly involved in piracy is concerned, as courts have asked UK ISPs to enforce a blockade on Project Free TV, YIFY, PrimeWire and others. Getting a torrent or steaming site blocked in the UK is a mere paperwork formality, since ISPs have completely stopped defending against these orders. As it stands, a total of 33 sites have been blocked in the UK, including The Pirate Bay, BitSnoop, ExtraTorrent, Torrentz, 1337x, Fenopy, H33T, KickAssTorrents, among others."

New submitter BitVulture writes "The hardcore Bitcoin community is abuzz with news of the closure of Inputs.io, a supposedly secure online Bitcoin wallet, after an attack resulted in the loss of 4100 Bitcoins. A PGP-signed message at the home page of the now mostly non-operational site briefly explains the situation: 'Two hacks totalling about 4100 BTC have left Inputs.io unable to pay all user balances. The attacker compromised the hosting account through compromising email accounts (some very old, and without phone numbers attached, so it was easy to reset). The attacker was able to bypass 2FA due to a flaw on the server host side.' There's no word yet whether Inputs.io will eventually resume operations or whether the security breach will force the Bitcoin bank out of business."

hypnosec writes "The MPAA and Gary Fung, owner of IsoHunt.com, have settled their case out of court, with the torrent indexing site closing as part of the deal. The judge presiding over the MPAA vs. IsoHunt.com case, Jacqueline Chooljian, canceled the hearing which was planned after she was informed that both the parties have settled outside court. 'The website isoHunt.com today agreed to halt all operations worldwide in connection with a settlement of the major movie studios' landmark copyright lawsuit against the site and its operator Gary Fung' reads the press release." Only a few days after the MPAA was accosted by the judge for seeking damages several times the total worth of isoHunt: "But if you strip him of all his assets — and you’re suggesting that a much lesser number of copyright infringements would accomplish that, where is the deterrence by telling the world that you took someone’s resources away because of illegal conduct entirely or 50 times over?" Still, the settlement seems unfair: The MPAA has asked the court for $110 million, when the MPAA itself admitted that isoHunt only has $5 or $6 million. So much for the optimism for isoHunt's successor.

hypnosec writes "Microsoft paid out over $28,000 in rewards under its first ever bug-bounty program that went on for a month during the preview release of Internet Explorer 11 (IE11). The preview bug bounty program started on June 26 and went on till July 26 with Microsoft revealing at the time that it will pay out a maximum of $11,000 for each IE 11 vulnerability that was reported. Microsoft paid out the $28k to a total of six researchers for reporting 15 different bugs. According to Microsoft's 'honor roll' page, they paid $9,400 to James Forshaw of Context Security for pointing out design level vulnerabilities in IE11 as well as four IE11 flaws. Independent researcher Masato Kinugawa was paid $2,200 for reporting two bugs. Jose Antonio Vazquez Gonzalez of Yenteasy Security Research walked off with $5,500 for reporting five bugs while Google engineers Ivan Fratric and Fermin J. Serna were each handed out $1,100 and $500 respectively."