Linux fréttir

Chap uncovers privilege escalation vuln in Steam only to be told by Valve that bug is 'not applicable'

TheRegister - Thu, 2019-08-08 16:10
Exploit allows any app to run with full local admin rights on Windows

A security researcher has disclosed a vulnerability in Valve Corporation's Steam client, used by millions of Windows PC gamers, even though it has not been fixed because his report was rejected as "not applicable".…

Categories: Linux fréttir

AMD Lands Google, Twitter as Customers With Newest Server Chip

Slashdot - Thu, 2019-08-08 16:02
Advanced Micro Devices on Wednesday released the second generation of its processor chip for data centers and said that it had landed Alphabet's Google and Twitter as customers. From a report: AMD competes against Intel to supply chips for data centers that power internet-based services. Both firms have come to rely on data center chips for growth because personal computer sales have stagnated as users shifted to mobile devices. AMD's newest generation of server chip, called EPYC, uses a new chip-making technology from its contract manufacturers that helps the chips have better performance while consuming less power. Intel, which makes chips in its own factories instead of relying on contractors, is behind schedule delivering chips made with its own newer manufacturing process. It plans to release them next year.

Read more of this story at Slashdot.

Categories: Linux fréttir

WordPress Team Working on Daring Plan To Forcibly Update Old Websites

Slashdot - Thu, 2019-08-08 15:24
The developers behind the WordPress open-source content management system (CMS) are working on a plan to forcibly auto-update older versions of the CMS to more recent releases. From a report: The goal of this plan is to improve the security of the WordPress ecosystem, and the internet as a whole, since WordPress installations account for more than 34% of all internet websites. Officially supported versions include only the last six WordPress major releases, which currently are all the versions between v4.7 and v5.2. The plan is to slowly auto-update old WordPress sites, starting with v3.7, to the current mimum supported version, which is the v4.7 release. The WordPress team said it plans to monitor this tiered forced auto-update process for errors and site breakage. If there's something massively wrong, then auto-update can be stopped altogether. If only a few individual sites break, than those site will be rolled back to their previous versions and the owner will be notified via email.

Read more of this story at Slashdot.

Categories: Linux fréttir

Y'know how everyone hated it when tuition fees went up? Cutting them now could harm science, say UK Lords

TheRegister - Thu, 2019-08-08 15:04
STEM subjects already lose universities £1,400 per student

Funding for scientific research could be in jeopardy if the UK government implements plans to cap tuition fees, peers have warned.…

Categories: Linux fréttir

Google Attempts To Solve Podcasting's Discovery Problem By Embedding Playable Episodes in Search

Slashdot - Thu, 2019-08-08 14:43
From a report: Looking for a specific podcast has always been a straightforward process: Plug in the title or the host's name in an app store or search engine and you're golden. But when you're not sure what you're looking for or just want to peruse your options based on a topic, you've had to rely on articles with roundups of different shows, random Twitter recommendations, or bounce from platform to platform with your query. Sites like Listen Notes and Audiosear.ch (until it shut down in 2017), among many other startups determined to crack podcast discovery, were created to solve this problem by aspiring to be the Google for podcasts. But now Google wants to be the Google for podcasts. Starting today, the company announced that it's updating its search function to include playable episodes within the search results around a topic. So if you're looking for "podcasts about grilling" or "knitting podcasts," results will surface with relevant episodes "based on Google's understanding of what's being talked about on a podcast," according to a Google blog post, "so you can find even more relevant information about a topic in audio form."

Read more of this story at Slashdot.

Categories: Linux fréttir

Ransomware attackers have gone from 'spray and pray' to 'slayin' prey'

TheRegister - Thu, 2019-08-08 14:00
Don't believe the numbers, say security watchers, it's worse than ever

Black Hat Ransomware infections may be down, but only because attackers are getting better at targeting them.…

Categories: Linux fréttir

Linux Journal Ceases Publication

Slashdot - Thu, 2019-08-08 14:00
Not too long after Linus Torvalds wrote his own Unix kernel, which he called Linux, in the summer of 1991, a magazine was founded by enthusiasts to focus on the operating system. For nearly three decades Linux Journal has been an authority magazine on all things Linux, but it is now shuttering doors, it said late Wednesday. The announcement comes about two years after the periodical said it would cease to exist, but it was able to find some backing -- from Privacy Internet Access group -- to resume operations later on. The team said on Wednesday that all staff members had been laid off and the company was left with no operating funds to continue in any capacity. It remains committed to keeping the website afloat for another few weeks.

Read more of this story at Slashdot.

Categories: Linux fréttir

How powerful are Russian hackers? One new law could transform global crime operations

TheRegister - Thu, 2019-08-08 13:00
Moscow's 'sovereign internet' effort means new rules for the bad guys too

Black Hat The introduction of Russia's Sovereign Internet rules is having an impact on the way criminal hackers around the world do business.…

Categories: Linux fréttir

Broadcom Close To Buying Symantec's Enterprise Business

Slashdot - Thu, 2019-08-08 13:00
phalse phace writes: Broadcom's on-again, off-again talks to buy Symantec are on again, but this time Broadcom is just interested in Symantec's Enterprise Business. According to the Wall Street Journal: "Broadcom is nearing a deal to buy Symantec's enterprise business after its attempted purchase of the entire cybersecurity firm fell apart. A deal for the Symantec business could be announced as early as Thursday, when Symantec reports its results, according to people familiar with the matter. The deal could value the Symantec division at around $10 billion, one of the people said. Broadcom had previously been in late-stage discussions to buy all of Symantec before the talks collapsed last month. Since then, the two sides have restarted discussions, with Broadcom zeroing in on the Symantec business that serves businesses and accounts for roughly half its $5 billion in annual revenue. The consumer segment accounts for the rest. The deal would be big for Symantec. Its entire market value is about $12.6 billion -- it has more than $2 billion of net debt -- compared with about $107.6 billion for Broadcom."

Read more of this story at Slashdot.

Categories: Linux fréttir

Top 5 greatest anime crossovers: Samsung deploys Microsoft at Note 10 hootenanny

TheRegister - Thu, 2019-08-08 12:30
No headphone jack, a 5G model and a whole lotta dollars

Samsung surprised nobody by unveiling a pair of eye-wateringly expensive smartphones – the Galaxy Note 10 and Note 10+ – while talking up best buddy Microsoft at an event last night in New York City.…

Categories: Linux fréttir

Transport for London Oyster system pulled offline after miscreants enter customers' accounts

TheRegister - Thu, 2019-08-08 11:38
Public sector bods blame users recycling logins

Exclusive Transport for London's online Oyster travel smartcard system has been accessed by miscreants using customer credentials, The Reg can reveal, as the transport authority keeps the website offline for a second day.…

Categories: Linux fréttir

Linux Journal runs <code>shutdown -h now</code> for a second time: Mag editor fires parting shot at proprietary software

TheRegister - Thu, 2019-08-08 10:53
We are letting the tech giants win, says Kyle Rankin

Linux Journal has closed with "no operating funds to continue in any capacity", according to a notice on its site.…

Categories: Linux fréttir

AMD Launches Rome Second Generation EPYC CPUs

Slashdot - Thu, 2019-08-08 10:00
"Today, AMD launched its Rome Second Generation EPYC CPUs, the AMD EPYC 7001 & 7002 series," writes Slashdot reader SolarAxix. "Was the hype real? According to Anandtech's review of the top-of-the-line EPYC 7742 with 64 cores and 128 threads (for a total of 128 cores and 256 threads), it seems to be the case." From the report: ...So has AMD done the unthinkable? Beaten Intel by such a large margin that there is no contest? For now, based on our preliminary testing, that is the case. The launch of AMD's second generation EPYC processors is nothing short of historic, beating the competition by a large margin in almost every metric: performance, performance per watt and performance per dollar. "

Read more of this story at Slashdot.

Categories: Linux fréttir

Shopaholic Salesforce flashes $1.35bn, sucks up field service biz ClickSoftware into cloudy arm

TheRegister - Thu, 2019-08-08 09:49
Greased Field Service Lightning

Cloudy CRM giant Salesforce has splashed $1.35bn acquiring Israeli software company ClickSoftware, its latest spending-spree purchase.…

Categories: Linux fréttir

Virgin Media's Project Lightning now at 1.8m connections. Just 2.2m to go before year's end, right?

TheRegister - Thu, 2019-08-08 09:19
And yes, broadband flinger appears to shift focus to hybrid

Virgin Media has reported adding 130,000 premises to its £3bn full-fibre Project Lightning connections in its second quarter, bringing the total to 1.8 million.…

Categories: Linux fréttir

1Gbps, 4K streaming, buffering a thing of the past – but do Brits really even want full fibre?

TheRegister - Thu, 2019-08-08 08:04
Over to you, Betteridge's law of headlines*

Analysis As a nation, Brits feel starved of full-fibre connectivity and look hungrily at the availability of 1Gbps on the continent, says prime minister Boris Johnson. Except evidence suggests that they don't.…

Categories: Linux fréttir

Scientists Develop 'Artificial Tongue' To Detect Fake Whiskies

Slashdot - Thu, 2019-08-08 07:00
Scientists have developed an "artificial tongue" that can differentiate a young whisky from an 18-year-old single malt. "The team, based in Scotland, say their device can be used to tell apart a host of single malts -- a move they say might help in the fight against counterfeit products," reports The Guardian. From the report: Writing in the journal Nanoscale, the team describe how their artificial tongue is based on a glass wafer featuring three separate arrays, each composed of 2 million tiny "artificial taste buds" -- squares about 500 times smaller than a human taste bud, with sides just 100nm long. There are six different types of these squares in the device, three types made from gold and three from aluminum. While one type of gold and one of aluminum are essentially bare, the surface of the other types are coated in different chemical substances. Each of the three arrays contain one type of gold and one type of aluminum square. When light is shone on an array, it interacts with the electrons at the surface of the squares, resulting in dips in the reflected light which can be measured. These dips appear at slightly different wavelengths depending on which type of square the light interacts with. Crucially, these dips shift depending on the liquid surrounding the arrays. The upshot is that each liquid gives rise to its own "fingerprint" of measurements. That means the device can be used to tell apart different liquids -- and even identify them if they have been recorded before -- without revealing their makeup, rather like our own tongues do.

Read more of this story at Slashdot.

Categories: Linux fréttir

WTF is Boeing on? Not just customer databases lying around on the web. 787 jetliner code, too, security bugs and all

TheRegister - Thu, 2019-08-08 06:56
Fears of cyber-hijackings? That's plane crazy, says Dreamliner maker

Black Hat A Black Hat presentation on how to potentially hijack a 787 – by exploiting bugs found in internal code left lying around on a public-facing server – was last night slammed as "irresponsible and misleading" by Boeing.…

Categories: Linux fréttir

FBI, NSA to hackers: Let us be blunt. Weed need your help. We'll hire you even if you've smoked a little pot in the past

TheRegister - Thu, 2019-08-08 04:21
Now that's what we call a joint task force: Uncle Sam chills out, relaxes recruitment rules on drugs

Black Hat America's crime-fighters, desperate to recruit white-hat hackers to collar spies and cyber-crooks, have been quietly and slightly relaxing the ban on hiring anyone who has used illegal drugs.…

Categories: Linux fréttir

Skype, Slack, Other Electron-Based Apps Can Be Easily Backdoored

Slashdot - Thu, 2019-08-08 03:30
An anonymous reader quotes a report from Ars Technica: The Electron development platform is a key part of many applications, thanks to its cross-platform capabilities. Based on JavaScript and Node.js, Electron has been used to create client applications for Internet communications tools (including Skype, WhatsApp, and Slack) and even Microsoft's Visual Studio Code development tool. But Electron can also pose a significant security risk because of how easily Electron-based applications can be modified without triggering warnings. At the BSides LV security conference on Tuesday, Pavel Tsakalidis demonstrated a tool he created called BEEMKA, a Python-based tool that allows someone to unpack Electron ASAR archive files and inject new code into Electron's JavaScript libraries and built-in Chrome browser extensions. The vulnerability is not part of the applications themselves but of the underlying Electron framework -- and that vulnerability allows malicious activities to be hidden within processes that appear to be benign. Tsakalidis said that he had contacted Electron about the vulnerability but that he had gotten no response -- and the vulnerability remains. While making these changes required administrator access on Linux and MacOS, it only requires local access on Windows. Those modifications can create new event-based "features" that can access the file system, activate a Web cam, and exfiltrate information from systems using the functionality of trusted applications -- including user credentials and sensitive data. In his demonstration, Tsakalidis showed a backdoored version of Microsoft Visual Studio Code that sent the contents of every code tab opened to a remote website. The problem lies in the fact that Electron ASAR files themselves are not encrypted or signed, allowing them to be modified without changing the signature of the affected applications. A request from developers to be able to encrypt ASAR files was closed by the Electron team without action.

Read more of this story at Slashdot.

Categories: Linux fréttir

Pages

Subscribe to netserv.is aggregator - Linux fréttir