Bismillah (993337) writes "A potentially very serious bug in OpenSSL 1.0.1 and 1.0.2 beta has been discovered that can leak just about any information, from keys to content. Better yet, it appears to have been introduced in 2011, and known since March 2012." Quoting the security advisory: "A missing bounds check in the handling of the TLS heartbeat extension can be used to reveal up to 64k of memory to a connected client or server." The attack may be repeated and it appears trivial to acquire the host's private key. If you were running a vulnerable release, it is even suggested that you go as far as revoking all of your keys. Distributions using OpenSSL 0.9.8 are not vulnerable (Debian Squeeze vintage). Debian Wheezy, Ubuntu 12.04.4, Centos 6.5, Fedora 18, SuSE 12.2, OpenBSD 5.4, FreeBSD 8.4, and NetBSD 5.0.2 and all following releases are vulnerable. OpenSSL released 1.0.1g today addressing the vulnerability. Debian's fix is in incoming and should hit mirrors soon, Fedora is having some trouble applying their patches, but a workaround patch to the package .spec (disabling heartbeats) is available for immediate application.

First time accepted submitter ControlsGeek (156589) writes "The Raspberry Pi Foundation has developed a new product. It is basically a Raspberry Pi model A processor, memory, and flash memory on a DDR2-style SODIMM connector. Also available will be a development board that breaks out all the internal connections. The board design will be open sourced so you can develop your own devices using the BCM2835 processor. No network, but support for 2 HDMI displays and 2 cameras, so 3D TV is a possibility.

An anonymous reader writes "Despite whispers of growing dissatisfaction among consumers, there are still very few ISP start-ups popping up in communities all over the U.S. There are two main reasons for this: up-front costs and legal obstacles. The first reason discourages anyone who doesn't have Google's investors or the local government financially supporting them from even getting a toe in the business. 'Financial analysts last year estimated that Google had to spend $84 million to build a fiber network that passed 149,000 homes in Kansas City, with the cost per home at $500 to $674.' The second reason will keep any new start-up defending itself in court against frivolous lawsuits incumbent ISP providers have been known to file to bleed the newcomers dry in legal fees. There are also ISP lobbyists working to pass laws that prevent local governments from either entering the ISP market themselves or partnering with private companies to provide ISP alternatives. Given these set-backs and growing dissatisfaction with the status quo, one has to wonder how long before the U.S. recognizes the internet as a utility and passes laws and regulations accordingly."