New Flash Vulnerability Being Exploited In the Wild ( 36

An anonymous reader writes: Researchers from Trend Micro report a new attack on fully-patched versions of Adobe Flash. The attacks originate from an espionage campaign run by the group known as Pawn Storm, and seem to target only government agencies. "Ministries of Foreign Affairs have become a particular focus of interest for Pawn Storm recently. Aside from malware attacks, fake Outlook Web Access (OWA) servers were also set up for various ministries. These are used for simple, but extremely effective, credential phishing attacks. One Ministry of Foreign Affairs got its DNS settings for incoming mail compromised. This means that Pawn Storm has been intercepting incoming e-mail to this organization for an extended period of time in 2015."

Clinton Home Servers Had Ports Open ( 269

Jim Efaw writes: Hillary Clinton's home servers had more than just the e-mail ports open directly to the Internet. The Associated Press discovered, by using scanning results from 2012 "widely available online", that the server also had the RDP port open; another machine on her network had the VNC port open, and another one had a web server open even though it didn't appear to be configured for a real site. Clinton previously said that her server featured "numerous safeguards," but hasn't explained what that means. Apparently, requiring a VPN wasn't one of them.
The Internet

Playboy Drops Nudity As Internet Fills Demand 171 writes: Ravi Somaiya reports in the NY Times that as part of a redesign that will be unveiled next March, the print edition of Playboy Magazine will still feature women in provocative poses but they will no longer be fully nude. "That battle has been fought and won," says CEO Scott Flanders. "You're now one click away from every sex act imaginable for free. And so it's just passé at this juncture." According to Somaiya, for a generation of American men, reading Playboy was a cultural rite, an illicit thrill consumed by flashlight. Now every teenage boy has an Internet-connected phone instead. Pornographic magazines, even those as storied as Playboy, have lost their shock value, their commercial value and their cultural relevance. The magazine will adopt a cleaner, more modern style. There will still be a Playmate of the Month, but the pictures will be "PG-13" and less produced — more like the racier sections of Instagram. "A little more accessible, a little more intimate," says Flancers. It is not yet decided whether there will still be a centerfold.

Australian ISPs Not Ready For Mandatory Data Retention ( 81 writes: October 13 marks the day Australian ISPs are required by law to track all web site visits and emails of their users, but according to an article on the Australian Broadcasting Corporation's news site the majority of ISPs are not ready to begin mandatory data retention. The article's author, Will Ockenden, had previously released his own metadata to readers in an experiment to see how effectively this kind of data reveals personal habits of online users. The majority of Australians appear unconcerned with this level of scrutiny of their lives, given the minimal reaction to this and proposed tougher legislation designed to deal with the threats of crime and terrorism.

Star Trek: New Voyages, The Fan-Based Star Trek Series ( 90

An anonymous reader writes: The New York Times has published an article on Star Trek: New Voyages, a fan production that's based on TOS. “People come from all over the world to take part in this — Germany, the United Kingdom, Australia and every state in the union,” said James Cawley, the show’s executive producer. “That’s the magic of Star Trek. It’s spawned this whole generation of fans who went on to professional careers — doctors, lawyers, engineers — who are now participating in that shared love here.” With TOS fans generally being less than enamored with the movie reboots, are fan produced web series the wave of the future?

The Pepsi P1 Smartphone Takes Consumer Lock-In Beyond the App ( 153

An anonymous reader writes: On the 20th of October Pepsi will launch its own smartphone in China. The P1 is not just a cowling brand, but a custom-made device running Android 5.1 and costing approximately $205. At that price it's almost a burner, but even so it represents new possibilities for a brand to truly control the digital space for its eager consumers in a period where mobile content-blocking is becoming a marketing obstruction, and where there is increasing resistance on Google's part to allow publishers to push web-users from the internet to 'the app'.

Fenno-German 'Sea Lion' Telecom Cable Laying Begins ( 39

jones_supa writes: A couple of years ago, details began to unfold of a government-backed high capacity data cable between Germany and Finland, which would be routed through the Baltic Sea. The cable has now been nicknamed "Sea Lion," and the work started Monday in Santahamina coastal area, outside Helsinki. The cable was built by Alcatel Lucent and is operated by the Finnish firm Cinia Group. The Finnish government, along with the banking and insurance sector, have together invested €100M into the project. That investment is expected to pay for itself many times over once the business sector gets a boost from the new telecom jump. The new cable also makes Finland independent of the Øresund Bridge, through which all of the country's Internet traffic is currently routed, via Denmark and Sweden. Eventually the new link can reach Asia as well, via the Northeast Passage shipping route.

Why Many CSS Colors Have Goofy Names ( 74

An anonymous reader writes: Take a look at the list of named colors within the CSS Color Module Level 4. The usual suspects are there, like 'red,' 'cyan,' and 'gold,' as well as some slightly more descriptive ones: 'lightgrey,' 'yellowgreen,' and 'darkslateblue.' But there are also some really odd names: 'burlywood,' 'dodgerblue,' 'blanchedalmond,' and more. An article at Ars walks through why these strange names became part of a CSS standard. Colors have been added to the standard piece by piece over the past 30 years — here's one anecdote: "The most substantial release, created by Paul Raveling, came in 1989 with X11R4. This update heralded a slew of light neutral tones, and it was a response to complaints from Raveling's coworkers about color fidelity. ... Raveling drew these names from an unsurprising source: the (now-defunct) paint company Sinclair Paints. It was an arbitrary move; after failing to receive sanctions from the American National Standards Institute (ANSI), which issued standards for Web color properties, Raveling decided to take matters into his own hands. He calibrated the colors for his own HP monitor. 'Nuts to ANSI & "ANSI standards,"' he complained."

Cryptome Accidentally Leaks Its Own Visitor IP Addresses ( 40

An anonymous reader writes with this Daily Dot story about an accidental leak of user info from Cryptome. Cryptome, the Internet's oldest document-exposure site, inadvertently leaked months worth of its own IP logs and other server information, potentially exposing details about its privacy-conscious users. The data, which specifically came from the Cartome sub-directory on, according to Cryptome co-creator John Young, made their way into the wild when the site logs were included on a pair of USB sticks sent out to a supporter.

Kaspersky Fixes Bug That Allowed Attackers To Block Windows Update & Others ( 33

An anonymous reader writes with this story at Softpedia about Google Project Zero security researcher Tavis Ormandy's latest find. A vulnerability that allowed abuse by attackers was discovered and quickly fixed in the Kaspersky Internet Security antivirus package, one which allowed hackers to spoof traffic and use the antivirus product against the user and itself. Basically, by spoofing a few TCP packets, attackers could have tricked the antivirus into blocking services like Windows Update, Kaspersky's own update servers, or any other IPs which might cripple a computer's defenses, allowing them to carry out further attacks later on.
Open Source

Linux Foundation: Security Problems Threaten 'Golden Age' of Open Source ( 74

Mickeycaskill writes: Jim Zemlin, executive director of the Linux Foundation, has outlined the organization's plans to improve open source security. He says failing to do so could threaten a "golden age" which has created billion dollar companies and seen Microsoft, Apple, and others embrace open technologies. Not long ago, the organization launched the Core Infrastructure Initiative (CII), a body backed by 20 major IT firms, and is investing millions of dollars in grants, tools, and other support for open source projects that have been underfunded. This was never move obvious than following the discovery of the Heartbleed Open SSL bug last year. "Almost the entirety of the internet is entirely reliant on open source software," Zemlin said. "We've reached a golden age of open source. Virtually every technology and product and service is created using open source. Heartbleed literally broke the security of the Internet. Over a long period of time, whether we knew it or not, we became dependent on open source for the security and Integrity of the internet."

BBC Optimizing UHD Video Streaming Over IP ( 71

johnslater writes: A friend at the BBC has written a short description of his project to deliver UHD video over IP networks. The application bypasses the OS network stack, and constructs network packets directly in a buffer shared with the network hardware, achieving a ten-fold throughput improvement. He writes: "Using this technique, we can send or receive uncompressed UHD 2160p50 video (more than 8 Gbps) using a single CPU core, leaving all the rest of the server's cores free for video processing." This is part of a broader BBC project to develop an end-to-end IP-based studio system.

First Successful Collision Attack On the SHA-1 Hashing Algorithm ( 87

Artem Tashkinov writes: Researchers from Dutch and Singapore universities have successfully carried out an initial attack on the SHA-1 hashing algorithm by finding a collision at the SHA1 compression function. They describe their work in the paper "Freestart collision for full SHA-1". The work paves the way for full SHA-1 collision attacks, and the researchers estimate that such attacks will become reality at the end of 2015. They also created a dedicated web site humorously called The SHAppening.

Perhaps the call to deprecate the SHA-1 standard in 2017 in major web browsers seems belated and this event has to be accelerated.


MIT Master's Program To Use MOOCs As 'Admissions Test' ( 112

jyosim writes: In what could usher a new way of doing college admissions at elite colleges, MIT is experimenting with weighing MOOC performance as proof that students should be accepted to on-campus programs. The idea is to fix the "inexact science" of sorting through candidates from all over the world. And it gives students a better sense of what they're getting into: "When you buy a car, you take a test drive. Wouldn't it be a great value for prospective students to take a test course before they apply?" said one academic blogger.

ESR On Why the FCC Shouldn't Lock Down Device Firmware ( 143

An anonymous reader writes: We've discussed some proposed FCC rules that could restrict modification of wireless routers in such a way that open source firmware would become banned. Eric S. Raymond has published the comment he sent to the FCC about this. He argues, "The present state of router and wireless-access-point firmware is nothing short of a disaster with grave national-security implications. ... The effect of locking down router and WiFi firmware as these rules contemplate would be to lock irreparably in place the bugs and security vulnerabilities we now have. To those like myself who know or can guess the true extent of those vulnerabilities, this is a terrifying possibility. I believe there is only one way to avoid a debacle: mandated device upgradeability and mandated open-source licensing for device firmware so that the security and reliability problems can be swarmed over by all the volunteer hands we can recruit. This is an approach proven to work by the Internet ubiquity and high reliability of the Linux operating system."

IP Address May Associate Lyft CTO With Uber Data Breach ( 103

An anonymous reader writes: According to two unnamed Reuters sources the IP address of Lyft CTO Chris Lambert has been revealed by Uber's investigations to be associated with the accessing of a security key that was accidentally deposited on GitHub in 2014 and used to access 50,000 database records of Uber drivers later that year. However, bearing in mind that the breach was carried out through a fiercely protectionist Scandinavian VPN, and that Lambert was a Google software engineer before become CTO of a major technology company, it does seem surprising that he would have accessed such sensitive data with his own domestic IP address.
United States

NSF Awards $74.5 Million To Support Interdisciplinary Cybersecurity Research ( 9

aarondubrow writes: The National Science Foundation announced $74.5 million in grants for basic research in cybersecurity. Among the awards are projects to understand and offer reliability to cryptocurrencies; invent technologies to broadly scan large swaths of the Internet and automate the detection and patching of vulnerabilities; and establish the science of censorship resistance by developing accurate models of the capabilities of censors. According to NSF, long-term support for fundamental cybersecurity research has resulted in public key encryption, software security bug detection, spam filtering and more.

Ask Slashdot: Where Can I Find "Nuts and Bolts" Info On Cookies & Tracking Mechanisms? 84

New submitter tanstaaf1 writes: I was thinking about the whole tracking and privacy train-wreck and I'm wondering why specific information on how it is done, and how it can be micromanaged or undone by a decent programmer (at least), isn't vastly more accessible? By searching, I can only find information on how to erase cookies using the browser. Browser level (black box) solutions aren't anywhere near good enough; if it were, the exploits would be few and far between instead everywhere everyday. Read below for the rest of tanstaaf1's question.

Wealth of Personal Data Found On Used Electronics Purchased Online 70

An anonymous reader writes: After examining 122 used mobile devices, hard disk drives and solid state drives purchased online, Blancco Technology Group and Kroll Ontrack found 48% contained residual data. In addition, 35% of mobile devices contained emails, texts/SMS/IMs, and videos. From the article: "Upon closer examination, Blancco Technology Group and Kroll Ontrack discovered that a deletion attempt had been made on 57 percent of the mobile devices and 75 percent of the drives that contained residual data. Even more compelling was the discovery that those deletion attempts had been unsuccessful due to common, but unreliable methods used, leaving sensitive information exposed and potentially accessible to cyber criminals. The residual data left on two of the second-hand mobile devices were significant enough to discern the original users' identities. Whether it's a person's emails containing their contact information or media files involving a company's intellectual property, lingering data can have serious consequences."
The Internet

Yale Makes Available Online 170,000 Photographs From WWII Period 49

schwit1 writes: Yale University had posted online 170,000 Library of Congress photographs taken in the United States from 1935 to 1945. The photos come from all over the U.S., and can be accessed with this easy-to-use interactive map. They also used the original captions allowing the viewer to get an honest feel for the time period.