Trailrunner7 writes: Researchers at HP's Zero Day Initiative have disclosed full details and proof-of-concept exploit code for a series of bugs they discovered that allow attackers to bypass a key exploit mitigation in Internet Explorer. The disclosure is a rarity for ZDI. The company typically does not publish complete details and exploit code for the bugs it reports to vendors until after the vulnerabilities are fixed. But in this case, Microsoft has told the researchers that the company doesn't plan to fix the vulnerabilities, even though the bugs were serous enough to win ZDI's team a $125,000 Blue Hat Bonus from Microsoft. The reason: Microsoft doesn't think the vulnerabilities affect enough users.

The vulnerabilities that the ZDI researchers submitted to Microsoft enable an attacker to fully bypass ASLR (address space layout randomization), one of the many mitigations in IE that help prevent successful exploitation of certain classes of bugs. ZDI reported the bugs to Microsoft last year and disclosed some limited details of them in February. The researchers waited to release the full details until Microsoft fixed all of the flaws, but Microsoft later informed them that they didn't plan to patch the remaining bugs because they didn't affect 64-bit systems.

darthcamaro writes: The great schism in the container world is now at an end. Today, Docker and CoreOS, announced along with Amazon Web Services, Apcera, Cisco, EMC, Fujitsu, Goldman Sachs, Google, HP, Huawei, IBM, Intel, Joyent, the Linux Foundation, Mesosphere, Microsoft, Pivotal, Rancher Labs, Red Hat and VMware the Open Container Project, as a Linux Foundation Collaborative Project. The new effort will focus specifically on libcontainer — providing a baseline for a container runtime. "By participating with Docker and all the other folks in the OCP, we're getting the best of all worlds," Alex Polvi, CEO of CoreOS told eWEEK. "We're getting the contributions from Docker with the format and runtime that underpin container usage, and then we're also getting the shared standard and vendor neutrality aspects that we've designed with app container."

itwbennett writes: Although it 'believes the action has no merit,' HP today announced it will pay $100 million in a settlement with PGGM Vermogensbeheer B.V., the lead plaintiff in the securities class action arising from the impairment charge taken by HP following its acquisition of Autonomy. This is just the latest episode in the fallout from HP's Autonomy acquisition.

On May 29, Steven J. Vaughan Nichols (known far and wide as SJVN) wrote an article for ZDNet headlined, Now more than ever, the Internet belongs to cord-cutters. A few days before that, he wrote another one headlined, Mary Meeker's Internet report: User growth slowing, but disruption full speed ahead. And last December he wrote one titled, Reports show it's becoming a cord cutter's world. SJVN obviously sees a trend here. So do a lot of other people, including cable TV and local TV executives who are biting their nails and asking themselves, "Whatever shall we do?" So far, says SJVN, the answers they've come up with are not encouraging.

NOTE from Roblimo: We're trying something different with this video, namely keeping it down to about 4 minutes but running a text transcript that covers our 20+ minute conversation with SJVN. Is this is a good idea? Please let us know.

seven of five writes: According to Reuters, "Former Hewlett-Packard Co Chief Executive Carly Fiorina announced on Monday she is running for president, becoming the only woman in the pack of Republican candidates for the White House in 2016. ... Fiorina registers near the bottom of polls of the dozen or so Republican hopefuls and has never held public office. But she has already attracted warm receptions at events in the early voting state of Iowa where she is positioning herself as a conservative, pro-business Republican highly critical of Democratic candidate Hillary Clinton. Fiorina was forced by HP to resign in 2005 as the tech company struggled to digest Compaq after a $19 billion merger."

As part of her announcement, she said, "I think I'm the best person for the job because I understand how the economy actually works. I understand the world, who's in it, how the world works." I'm sure we'll soon begin hearing from all the HP employees, current and former, who have nothing but love for Carly F.

jones_supa writes: SOHO routers from manufacturers including at least Trendnet and D-Link allow attackers anywhere in the world to execute malicious code on the devices, according to a security advisory issued over the weekend. The remote command-injection vulnerability resides in the "miniigd SOAP service" as implemented by the RealTek SDK. Before someone asks, there is no comprehensive list of manufacturers or models that are affected. Nerds may be able to spot them by using the Metasploit framework to query their router. If the response contains "RealTek/v1.3" or similar, the device is likely vulnerable. For now, the vulnerable routers should be restricted to communicate only with trusted devices. HP's Zero Day Initiative reported the bug confidentially to RealTek in August 2013, but the issue was disclosed 20 months later as no fix has been provided.

HughPickens.com (3830033) writes "David Knowles reports at Bloomberg that former Hewlett-Packard CEO and potential 2016 presidential candidate Carly Fiorina called out Apple CEO Tim Cook as a hypocrite for criticizing Indiana and Arkansas over their Religious Freedom Restoration Acts while at the same time doing business in countries where gay rights are non-existent. "When Tim Cook is upset about all the places that he does business because of the way they treat gays and women, he needs to withdraw from 90% of the markets that he's in, including China and Saudi Arabia," Fiorina said. "But I don't hear him being upset about that."

In similar criticism of Hillary Clinton on the Fox News program Hannity, Fiorina argued that Clinton's advocacy on behalf of women was tarnished by donations made to the Clinton Foundation from foreign governments where women's rights are not on par with those in America. ""I must say as a woman, I find it offensive that Hillary Clinton travels the Silicon Valley, a place where I worked for a long time, and lectures Silicon Valley companies on women's rights in technology, and yet sees nothing wrong with taking money from the Algerian government, which really denies women the most basic human rights. This is called, Sean, hypocrisy." While Hillary Clinton hasn't directly addressed Fiorina's criticisms, her husband has. "You've got to decide, when you do this work, whether it will do more good than harm if someone helps you from another country," former president Bill Clinton said in March. "And I believe we have done a lot more good than harm. And I believe this is a good thing.""

New submitter MotoJ writes: A Latvian company has announced plans to race a one megawatt all-electric race car. It has a 50 kWh lithium-ion battery pack and is propelled by six YASA-400 electric motors. It provides 1020 kW (1368 hp) and a top speed of 260 km/h. It has a real chance to become the first overall winner of the Pikes Peak International Hill Climb competition with an electric vehicle. That's something to look forward to and curious who will pilot this machine. The race is on June 28, 2015. The same company has an equally interesting all-electric off-road racer.

Rambo Tribble writes Former Hewlett-Packard CEO Carly Fiorina announced on Fox News Sunday that she stood a 'higher than 90 percent' chance of running as a presidential candidate in 2016. Fiorina's tenure at HP was marked by controversy over her leadership, and it is unclear what level of name recognition she enjoys. Her only previous political experience appears to be a failed U.S. Senate seat effort in 2010, as the Republican candidate challenging sitting Democrat Barbara Boxer, in California. Fiorina lost by 10%.

An anonymous reader writes in with this story about the latest weapon used by ISIS: doxing. "Middle East terrorist organization Islamic State (ISIS) has called on its followers take the fight to 100 members of the United States military residing in the US. A group calling itself the 'Islamic State Hacking Division' has posted names, addresses, and photographs of soldiers, sailors, and airmen online, asking its 'brothers residing in America' to murder them, according to Reuters. Although the posting purports to come from the 'Hacking Division,' US Department of Defense officials say that none of their systems appear to have been breached by the group. Instead, the personal data was almost certainly culled from publicly available sources, a DoD official told the New York Times on the condition of anonymity."

Mark Wilson writes Two minutes is all it takes to completely destroy a computer. In a presentation entitled 'How many million BIOSes would you like to infect?' at security conference CanSecWest, security researchers Corey Kallenberg and Xeno Kovah revealed that even an unskilled person could use an implant called LightEater to infect a vulnerable system in mere moments. The attack could be used to render a computer unusable, but it could also be used to steal passwords and intercept encrypted data. The problem affects motherboards from companies including Gigabyte, Acer, MSI, HP and Asus. It is exacerbated by manufactures reusing code across multiple UEFI BIOSes and places home users, businesses and governments at risk.

darthcamaro writes: Every year, browser vendors patch their browsers ahead of the annual HP Pwn2own browser hacking competition in a bid to prevent exploitation. The sad truth is that it's never enough. This year, security researchers were able to exploit fully patched versions of Mozilla Firefox, Google Chrome, Microsoft Internet Explorer 11 and Apple Safari in record time. For their efforts, HP awarded researchers $557,500. Is it reasonable to expect browser makers to hold their own in an arms race against exploits? "Every year, we run the competition, the browsers get stronger, but attackers react to changes in defenses by taking different, and sometimes unexpected, approaches," Brian Gorenc manager of vulnerability research for HP Security Research said.

HughPickens.com writes: Chris Matyszczyk reports at Cnet that a new scientific study concludes there are too many scientific studies — scientists simply can't keep track of all the studies in their field. The paper, titled "Attention Decay in Science," looked at all publications (articles and reviews) written in English till the end of 2010 within the database of the Thomson Reuters (TR) Web of Science. For each publication they extracted its year of publication, the subject category of the journal in which it is published and the corresponding citations to that publication. The 'decay' the researchers investigated is how quickly a piece of research is discarded measured by establishing the initial publication, the peak in its popularity and, ultimately, its disappearance from citations in subsequent publications.

"Nowadays papers are forgotten more quickly. Attention, measured by the number and lifetime of citations, is the main currency of the scientific community, and along with other forms of recognition forms the basis for promotions and the reputation of scientists," says the study. "Typically, the citation rate of a paper increases up to a few years after its publication, reaches a peak and then decreases rapidly. This decay can be described by an exponential or a power law behavior, as in ultradiffusive processes, with exponential fitting better than power law for the majority of cases (PDF). The decay is also becoming faster over the years, signaling that nowadays papers are forgotten more quickly." Matyszczyk says,"If publication has become too easy, there will be more and more of it."

angry tapir writes: The Open Compute Project, which wants to open up hardware the same way Linux opened up software, is starting to tackle its forklift problem. You can't download boxes or racks, so open-source hardware needs a supply chain, said OCP President and Chairman Frank Frankovsky, kicking off the Open Compute Project Summit in San Jose. The companies looking to adopt this kind of gear include some blue-chip names: Bank of America, Goldman Sachs and Capital One are members. The idea is that if a lot of vendors build hardware to OCP specifications, IT departments will have more suppliers to choose from offering gear they can easily bring into their data centers. Standard hardware can also provide more platforms for innovative software, Frankovsky said. Now HP and other vendors are starting to deliver OCP systems in a way the average IT department understands. At the same time, the organization is taking steps to make sure new projects are commercially viable rather than just exercises in technology.

msm1267 writes: A five-year-old Microsoft patch for the .LNK vulnerability exploited by Stuxnet failed to properly protect Windows machines, leaving them exposed to exploits since 2010. Microsoft today is expected to release a security bulletin, MS15-020, patching the vulnerability (CVE-2015-0096). It is unknown whether there have been public exploits of patched machines. The original LNK patch was released Aug. 2, 2010. "That patch didn't completely address the .LNK issue in the Windows shell, and there were weaknesses left behind that have been resolved in this patch," said Brian Gorenc, manager of vulnerability research with HP's Zero Day Initiative. Gorenc said the vulnerability works on Windows machines going back to Windows XP through Windows 8.1, and the proof of concept exploit developed by Heerklotz and tweaked by ZDI evades the validation checks put in place by the original Microsoft security bulletin, CVE-2010-2568.

MojoKid writes Laptops with fully articulating hinges are starting to show up from more vendors than just Lenovo, though the company certainly got some mileage out of their Yoga brand of machines. Now it appears HP is getting in on the action as well, with the new HP Spectre X360 that's powered by Intel's new Core i5-5200U Broadwell-based processor with integrated Intel HD 5500 series graphics, along with 8GB of DDR3-1600 memory, a 256GB Solid State Drive (a Samsung M.2 PCIe SSD), 802.11ac WiFi, and a 13.3" Full HD (1920x1080) multi-touch screen. The Spectre X360 has a geared and spring-assisted hinges. The hinges swing open easily, and then offer more resistance as the screen is moved into an upright position, or swung around into tent, stand, or tablet modes. What's also interesting about this new breed of convertibles, beyond just its ability to contort into tablet mode and various other angles, is that performance for these ultralight platforms is scaling up nicely, with faster, low-power processors and M.2 PCIe Solid State Drives offering up a very responsive experience and under 10 second boot times. It has gotten to the point that 3 pound and under notebooks feel every bit as nimble as desktop machines, at least for mainstream productivity and media consumption usage models.

mdsolar points out this report in the NY Times: An overwhelming majority of the American public, including nearly half of Republicans, support government action to curb global warming, according to a poll conducted by The New York Times, Stanford University and the nonpartisan environmental research group Resources for the Future. In a finding that could have implications for the 2016 presidential campaign, the poll also found that two-thirds of Americans say they are more likely to vote for political candidates who campaign on fighting climate change. They are less likely to vote for candidates who question or deny the science of human-caused global warming.

Among Republicans, 48 percent said they are more likely to vote for a candidate who supports fighting climate change, a result that Jon A. Krosnick, a professor of political science at Stanford University and an author of the survey, called "the most powerful finding" in the poll. Many Republican candidates either question the science of climate change or do not publicly address the issue.

TechCurmudgeon writes According to The Register, "Mozilla has given the Tor network a capacity kick with the launch of 14 relays that will help distribute user traffic. Engineers working under the Foundation's Polaris Project inked in November pulled Mozilla's spare and decommissioned hardware out of the cupboard for dedicated use in the Tor network. It included a pair of Juniper EX4200 switches and three HP SL170zG6 (48GB ram, 2*Xeon L5640, 2*1Gbps NIC) servers, along with a dedicated existing IP transit provider (2 X 10Gbps). French Mozilla engineer Arzhel Younsi (@xionoxfr) said its network was designed to fall no lower than half of its network capacity in the event of maintenance or failure. The Polaris initiative was a effort of Mozilla, the Tor Project and the Centre for Democracy and Technology to help build more privacy controls into technology."

An anonymous reader writes: VentureBeat is running an indictment of the tech industry's penchant for laying off huge numbers of people, which they say is responsible for creating a culture of "disposable employees." According to recent reports, layoffs in the tech sector reached over 100,000 last year, the highest total since 2009. Of course, there are always reasons for layoffs: "Companies buy other companies and need to rationalize headcount. And there's all that disruption. Big companies, in particular, are seeing their business models challenged by startups, so they need to shed employees with skills they no longer need, and hire people with the right skills."

But the article argues that this is often just a smokescreen. "The notion here is that somehow these companies are backed into a corner, with no other option than to fire people. And that's just not true. These companies are making a choice. They're deciding that it's faster and cheaper to chuck people overboard and find new ones than it is to retrain them. The economics of cutting rather than training may seem simple, but it's a more complex calculation than most people believe. ... Many of these companies are churning through employees, laying off hundreds on one hand, while trying to hire hundreds more."

mrspoonsi sends up an update on the investigation into Autonomy, a software company acquired by HP in 2011. HP paid a staggering $11.7 billion in the deal, then later wrote off $8.8 billion and claimed Autonomy's management intentionally defrauded them. The UK Serious Fraud Office opened a case on the matter in 2013, but that investigation has now been dropped. According to the Office's press release, they felt there was "insufficient evidence for a realistic prospect of conviction," given the information they had to work with. Autonomy is not off the hook, however — the case has now been entirely ceded to U.S. authorities.