Forgot your password?

Close
typodupeerror

SlashBI: Your dashboard for the latest in business-intelligence news and analysis.

Bug

Recently Exposed PHP Hole's Official Fix Ineffective 240

Posted by timothy
from the considered-busted dept.
wiredmikey writes "On Wednesday, a remote code execution vulnerability in PHP was accidentally exposed to the Web, prompting fears that it may be used to target vulnerable websites on a massive scale. The bug itself was traced back to 2004, and came to light during a recent CTF competition. 'When PHP is used in a CGI-based setup (such as Apache's mod_cgid), the php-cgi receives a processed query string parameter as command line arguments which allows command-line switches, such as -s, -d or -c to be passed to the php-cgi binary, which can be exploited to disclose source code and obtain arbitrary code execution,' a CERT advisory explains. PHP developers pushed a fix for the flaw, resulting in the release of PHP 5.3.12 and 5.4.2, but as it turns out it didn't actually remove the vulnerability."
OS X

Microsoft: Macs 'Not Safe From Malware, Attacks Will Increase' 290

Posted by timothy
from the what-a-huge-surprise dept.
An anonymous reader writes "Microsoft researchers have analyzed a new piece of Mac malware that uses a multi-stage attack similar to typical Windows malware infection routines. In a post titled 'An interesting case of Mac OSX malware' the Microsoft Malware Protection Center closed with this statement: 'In conclusion, we can see that Mac OSX is not safe from malware. Statistically speaking, as this operating system gains in consumer usage, attacks on the platform will increase. Exploiting Mac OSX is not much different from other operating systems. Even though Mac OSX has introduced many mitigation technologies to reduce risk, your protection against security vulnerabilities has a direct correlation with updating installed applications.'"
Privacy

Rand Paul Has a Quick Fix For TSA: Pull the Plug 1051

Posted by Soulskill
from the might-increase-their-efficacy dept.
suraj.sun quotes from Politico: "Rand Paul has a reform plan for the Transportation Security Administration: Scrap the whole thing. A personal message from Paul (R-Ky.) came atop emails this week from the Campaign for Liberty Vice President Matt Hawes, asking for readers to sign a petition in support of Paul's 'End the TSA' bill. A Paul spokeswoman said that legislation is being finalized next week. 'Every inch of our person has become fair game for government thugs posing as "security" as we travel around the country. Senator Rand Paul has a plan to do away with the TSA for good, but he needs our help,' reads the petition, which also asks signers to 'chip in a contribution to help C4L mobilize liberty activists across America to turn the heat up on Congress and end the TSA's abuse of our rights.' 'The American people shouldn't be subjected to harassment, groping, and other public humiliation simply to board an airplane. As you may have heard, I have some personal experience with this, and I've vowed to lead the charge to fight back,' Paul wrote at the top of a C4L fundraising pitch, according to blogs that received the email. 'Campaign for Liberty is leading the fight to pressure Congress to act now and restore our liberty. It's time to END the TSA and get the government's hands back to only stealing our wallets instead of groping toddlers and grandmothers.'"
Government

Syrian Government Uses Skype To Push Malware To Activists 139

Posted by Soulskill
from the call-was-coming-from-inside-the-internet dept.
judgecorp writes "The Syrian government is using Skype as a channel to infect activists' systems with malware, installing Trojans and backdoors, according to security firm F-Secure. The evidence comes from a hard drive sent for analysis. 'The activist's system had become infected as a result of a Skype chat. The chat request came from a fellow activist. The problem was that the fellow activist had already been arrested and could not have started the chat. Initial infection occurred when the activist accepted a file called MACAddressChanger.exe over the chat. This utility was supposed to change the hardware MAC address of the system in order to bypass some monitoring tools. Instead, it dropped a file called silvia.exe which was a backdoor — a backdoor called "Xtreme RAT." Xtreme Rat is a full-blown malicious Remote Access Tool.'"
Security

Verifying a User By Following the Movements of Their Mouse 101

Posted by samzenpus
from the tracking-the-pad dept.
Harperdog writes "Tom Jacobs has a very cool little story about an Israeli research team introducing a novel way of verifying a computer is being operated by its rightful user. Its method, described in the journal Information Sciences, 'continuously verifies users according to characteristics of their interaction with the mouse.'"
Security

Symantec: Religious Sites "Riskier Than Porn For Viruses" 343

Posted by samzenpus
from the surfing-dirty dept.
First time accepted submitter kongshem writes "According to Symantec's annual Internet Security Threat Report, religious and ideological websites have far more security threats per infected site than adult/pornographic sites. Why is that? Symantec's theory: 'We hypothesize that this is because pornographic Web site owners already make money from the Internet and, as a result, have a vested interested in keeping their sites malware-free — it's not good for repeat business,'"
Security

Osama Bin Laden Didn't Encrypt His Files 333

Posted by samzenpus
from the not-so-secret dept.
An anonymous reader writes "If you're running a terrorist organization, it might make sense to encrypt your files. Clearly Osama Bin Laden didn't realize that — as some of the documents seized during the raid on his hideout in Pakistan have been made public for the first time. 17 electronic documents, which were found on USB sticks, memory cards and computer hard drives after US Navy Seals killed the terrorist chief in the May 2011 raid, are being released in their original Arabic alongside English translations by the Combating Terrorism Center, reports Sophos."
Security

NY Judge Rules IP Addresses Insufficient To Identify Pirates 268

Posted by timothy
from the that-pesky-proof-thing dept.
milbournosphere writes "New York Judge Gary Brown has found that IP addresses don't provide enough evidence to identify pirates, and wrote an extensive argument explaining his reasoning. A quote from the judge's order: 'While a decade ago, home wireless networks were nearly non-existent, 61% of U.S. homes now have wireless access. As a result, a single IP address usually supports multiple computer devices – which unlike traditional telephones can be operated simultaneously by different individuals. Different family members, or even visitors, could have performed the alleged downloads. Unless the wireless router has been appropriately secured (and in some cases, even if it has been secured), neighbors or passersby could access the Internet using the IP address assigned to a particular subscriber and download the plaintiff's film.' Perhaps this will help to stem the tide of frivolous mass lawsuits being brought by the RIAA and other rights-holders where IP addresses are the bulk of the 'evidence' suggested."
NASA

NASA Boss Accused of Breaking Arms Trade Laws 88

Posted by timothy
from the what-part-of-regulation-XXIII-459823(aiii)-don't-you-understand? dept.
ananyo writes "The head of NASA Ames Research Center may have fallen victim to restrictive arms regulations — just as a US government report recommends changing them to help the space industry. Simon 'Pete' Worden, who recently announced that Mars exploration would be done by private companies, has been accused of giving foreign citizens access to information that falls under the International Traffic in Arms Regulations (ITAR). ITAR has hampered U.S. firms seeking to export satellite technology. The allegations against Worden come just as the new report recommends moving oversight of many commercial satellites and related activities from the State department to the Commerce department, and some fear they could provide lawmakers with reasons to not ease export controls."
Censorship

B&N Pulls Linux Format Magazine Over Feature On 'Hacking' 301

Posted by timothy
from the I-miss-borders dept.
New accepted submitter super_rancid writes that issue 154 of the "UK-based Linux Format magazine was pulled from Barnes and Noble bookstores in the U.S. after featuring an article called 'Learn to Hack'. They used 'hack' in the populist security sense, rather than the traditional sense, and the feature — which they put online — was used to illustrate how poor your server's security is likely to be by breaking into it."
Facebook

Open Compute Developing Wider Rack Standard 237

Posted by timothy
from the so-many-to-choose-from dept.
1sockchuck writes "Are you ready for wider servers? The Open Compute Project today shared details on Open Rack, a new standard for hyperscale data centers, which will feature 21-inch server slots, rather than the traditional 19 inches. "We are ditching the 19-inch rack standard," said Facebook's Frank Frankovsky, who said the wider design offered better heat removal and a unified approach to power, including a 12 volt busbar. The Open Compute Project, developed by Facebook to advance open source hardware design, believes an open approach can avoid the mistakes of blade server chassis design."
The Gimp

Gimp 2.8 Finally Released 737

Posted by timothy
from the they-brought-out-the-gimp-again-and-again dept.
Cryophallion writes "After many years of development, GIMP 2.8 is finally released. Among its features: the oft-desired single-window mode, layer groups, and many other massive improvements, including some of the GIMP UI team's work. This might be the release that helps make The GIMP a much more user friendly experience for newcomers, and has features that are rivaling those of certain exceptionally expensive commercial programs. While the porting of GEGL is still ongoing (and recently reported to have made massive advances made), this is a major step forward for one of the premier open source projects." Here are the official release notes.
Microsoft

Microsoft Raises UK Prices By a Third and Can't Rule Out Future Hikes 185

Posted by timothy
from the such-small-portions dept.
New submitter DerekduPreez writes "Microsoft has revealed that it will increase volume licencing prices in the UK by an average of 29 percent to adjust for the 'sustained currency differences between European countries'. UK businesses have until 1st July to place their orders under the current prices before the changes take effect. Microsoft claims that because of sustained differences between the British Pound and the Euro, price spikes are necessary to maintain consistency across the region. Microsoft also confirmed that it could not rule out future increases, as it will continue to monitor currency movements and may make further adjustments if there are large fluctuations."
Privacy

Mozilla Calls CISPA an "Alarming" Threat to Privacy 107

Posted by samzenpus
from the do-not-like dept.
Sparrowvsrevolution writes "Mozilla has taken a public stand against the controversial Cyber Intelligence Sharing and Protection Act, saying that it has a 'broad and alarming reach' that 'infringes on our privacy.' That makes it the first major tech firm to speak out against CISPA. Facebook, Microsoft, IBM, Intel, Oracle and Symantec are all included among the companies that support the bill, which passed the House late last month and is now being considered in the Senate. Google has so far declined to take a stand supporting or opposing the bill."

No one wants war. -- Kirk, "Errand of Mercy", stardate 3201.7

Close