advertising – Page 14

Microsoft Yanks Three Bad Patches Of Their Last Outlook Patch

An anonymous reader quotes ComputerWorld’s Woody Leonhard: I just received word from Gunter Born that Microsoft has pulled three of its Outlook patches… There’s no specific recommendation that you uninstall the yanked patches — indeed, there’s no description of the problems caused by the latest round — but earlier versions of the bad patches-of-patches had a nasty habit of crashing Outlook… Microsoft still hasn’t fixed any of the Office 2007 bugs it introduced in the June security patches. If you’re keeping score at home, the yanked patches are: KB 4011042 – July 5, 2017, update for Outlook 2010 KB 3191849 – June 27, 2017, update for Outlook 2013 KB 3213654 – June 30, 2017, update for Outlook 2016 Read more of this story at Slashdot.

Read the original:
Microsoft Yanks Three Bad Patches Of Their Last Outlook Patch

‘Severe’ Systemd Bug Allowed Remote Code Execution For Two Years

ITWire reports: A flaw in systemd, the init system used on many Linux systems, can be exploited using a malicious DNS query to either crash a system or to run code remotely. The vulnerability resides in the daemon systemd-resolved and can be triggered using a TCP payload, according to Ubuntu developer Chris Coulson. This component can be tricked into allocating less memory than needed for a look-up. When the reply is bigger it overflows the buffer allowing an attacker to overwrite memory. This would result in the process either crashing or it could allow for code execution remotely. “A malicious DNS server can exploit this by responding with a specially crafted TCP payload to trick systemd-resolved in to allocating a buffer that’s too small, and subsequently write arbitrary data beyond the end of it, ” is how Coulson put it. Affected Linux vendors have pushed out patches — but the bug has apparently been present in systemd code since June of 2015. And long-time Slashdot reader walterbyrd also reports a recently-discovered bug where systemd unit files that contain illegal usernames get defaulted to root. Read more of this story at Slashdot.

More:
‘Severe’ Systemd Bug Allowed Remote Code Execution For Two Years

Equal Rights Center Sues Uber For Denying Equal Access To People Who Use Wheelchairs

The Equal Rights Center is suing Uber, alleging that the company has chosen not to include wheelchair-accessible cars as an option in its standard UberX fleet of vehicles, and excludes people who use wheelchairs in Washington, D.C. According to the lawsuit, Uber is in violation of Title 3 of the Americans with Disabilities Act and the D.C. Human Rights Act. TechCrunch reports: After conducting its own investigation of Uber’s services for people in wheelchairs, the ERC found that passengers had to wait an average of eight times longer for an accessible car to arrive. They also had to pay twice as much in fares, according to the ERC’s study. Ultimately, the ERC wants Uber to integrate wheelchair accessible cars into its UberX fleet so that people who use wheelchairs don’t have to wait longer and pay more to use the car service. Uber said in a statement provided to TechCrunch: “We take this issue seriously and are committed to continued work with the District, our partners, and stakeholders toward expanding transportation options and freedom of movement for all residents throughout the region.” Read more of this story at Slashdot.

View the original here:
Equal Rights Center Sues Uber For Denying Equal Access To People Who Use Wheelchairs

Seattle’s $15 Minimum Wage May Be Hurting Workers, Report Finds

As companies look for ways to cut costs, Seattle’s $15 minimum wage law may be hurting hourly workers instead of helping them, according to a new report. From a USA Today article: A report (PDF) from the University of Washington (UW), found that when wages increased to $13 in 2016, some companies may have responded by cutting low-wage workers’ hours. The study, which was funded in part by the city of Seattle, found that workers clocked 9 percent fewer hours on average, and earned $125 less each month after the most recent increase. “If you’re a low-skilled worker with one of those jobs, $125 a month is a sizable amount of money, ” Mark Long, a UW public-policy professor and an author of the report told the Seattle Times. “It can be the difference between being able to pay your rent and not being able to pay your rent.” Read more of this story at Slashdot.

More:
Seattle’s $15 Minimum Wage May Be Hurting Workers, Report Finds

Hacker Behind Massive Ransomware Outbreak Can’t Get Emails From Victims Who Paid

Joseph Cox, reporting for Motherboard: On Tuesday, a new, worldwide ransomware outbreak took off, infecting targets in Ukraine, France, Spain, and elsewhere. The hackers hit everything from international law firms to media companies. The ransom note demands victims send bitcoin to a predefined address and contact the hacker via email to allegedly have their files decrypted. But the email company the hacker happened to use, Posteo, says it has decided to block the attacker’s account, leaving victims with no obvious way to unlock their files. The hacker tells victims to send $300 worth of bitcoin. But to determine who exactly has paid, the hacker also instructs people to email their bitcoin wallet ID, and their “personal installation key.” This is a 60 character code made up of letters and digits generated by the malware, which is presumably unique to each infection of the ransomware. That process is not possible now, though. “Midway through today (CEST) we became aware that ransomware blackmailers are currently using a Posteo address as a means of contact, ” Posteo, the German email provider the hacker had an account with, wrote in a blog post. “Our anti-abuse team checked this immediately — and blocked the account straight away. Read more of this story at Slashdot.

Originally posted here:
Hacker Behind Massive Ransomware Outbreak Can’t Get Emails From Victims Who Paid

Anthem To Pay $115 Million In The Largest Data Breach Settlement Ever

An anonymous reader quotes CNET: Anthem, the largest health insurance company in the U.S., has agreed to settle a class action lawsuit over a 2015 data breach for a record $115 million, according to lawyers for the plaintiffs. The settlement still has to be approved by US District Court Judge Lucy Koh, who is scheduled to hear the case on August 17 in San Jose, California. And Anthem, which didn’t immediately respond to a request for confirmation and comment, isn’t admitting any admitting any wrongdoing, according to a statement it made to CyberScoop acknowledging the settlement. But if approved, it would be the largest data breach settlement in history, according to the plaintiffs’ lawyers, who announced the agreement Friday. The funds would be used to provide victims of the data breach at least two years of credit monitoring and to reimburse customers for breach-related expenses. The settlement would also guarantee a certain level of funding for “information security to implement or maintain numerous specific changes to its data security systems, including encryption of certain information and archiving sensitive data with strict access controls, ” the plaintiff attorneys said. The breach compromised data for 80 million people, including their social security numbers, birthdays, street addresses (and email addresses) as well as income data. The $115 million settlement averages out to $1.43 for every person who was affected. Read more of this story at Slashdot.

Los Angeles Tests Reflective ‘Cool Pavement’ On Streets

mikeebbbd writes: As reported in the Los Angeles Daily News, during the current heatwave various officials swooped down on streets coated with an experimental light-gray sealer that makes the old asphalt into a “cool street” — and it works, with average temperature differences between coated streets and adjacent old asphalt around 10F. At a large parking lot, the temperature reduction was over 20F. If the material holds up and continues to meet other criteria, LA plans to use it on more pavement rehab projects, which could eventually make a difference in the heat island effect. The “CoolSeal” coating is apparently proprietary to a company named GuardTop LLC, costs $25-40K/mile, and lasts 5-7 years. At that price, it’s might not be used a lot, at least at first; typical slurry seals run $15-30K/mile. Read more of this story at Slashdot.

View the original here:
Los Angeles Tests Reflective ‘Cool Pavement’ On Streets

90 Cities Install A Covert Technology That Listens For Gunshots

An anonymous reader quotes Business Insider: In more than 90 cities across the US, including New York, microphones placed strategically around high-crime areas pick up the sounds of gunfire and alert police to the shooting’s location via dots on a city map… ShotSpotter also sends alerts to apps on cops’ phones. “We’ve gone to the dot and found the casings 11 feet from where the dot was, according to the GPS coordinates, ” Capt. David Salazar of the Milwaukee Police Dept. told Business Insider. “So it’s incredibly helpful. We’ve saved a lot of people’s lives.” When three microphones pick up a gunshot, ShotSpotter figures out where the sound comes from. Human analysts in the Newark, California, headquarters confirm the noise came from a gun (not a firecracker or some other source). The police can then locate the gunshot on a map and investigate the scene. The whole process happens “much faster” than dialing 911, Salazar said, though he wouldn’t disclose the exact time. The company’s CEO argues their technology deters crime by demonstrating to bad neighborhoods that police will respond quickly to gunshots. (Although last year Forbes discovered that in 30% to 70% of cases, “police found no evidence of a gunshot when they arrived.”) And in a neighborhood where ShotSpotter is installed, one 60-year-old man is already complaining, “I don’t like Big Brother being in all my business.” Read more of this story at Slashdot.

See more here:
90 Cities Install A Covert Technology That Listens For Gunshots

32TB of Windows 10 Internal Builds, Core Source Code Leak Online

According to an exclusive report via The Register, “a massive trove of Microsoft’s internal Windows operating system builds and chunks of its core source code have leaked online.” From the report: The data — some 32TB of installation images and software blueprints that compress down to 8TB — were uploaded to betaarchive.com, the latest load of files provided just earlier this week. It is believed the data has been exfiltrated from Microsoft’s in-house systems since around March. The leaked code is Microsoft’s Shared Source Kit: according to people who have seen its contents, it includes the source to the base Windows 10 hardware drivers plus Redmond’s PnP code, its USB and Wi-Fi stacks, its storage drivers, and ARM-specific OneCore kernel code. Anyone who has this information can scour it for security vulnerabilities, which could be exploited to hack Windows systems worldwide. The code runs at the heart of the operating system, at some of its most trusted levels. In addition to this, hundreds of top-secret builds of Windows 10 and Windows Server 2016, none of which have been released to the public, have been leaked along with copies of officially released versions. Read more of this story at Slashdot.

View the original here:
32TB of Windows 10 Internal Builds, Core Source Code Leak Online

Sci-Hub Ordered To Pay $15 Million In Piracy Damages

An anonymous reader quotes a report from TorrentFreak: Two years ago, academic publisher Elsevier filed a complaint (PDF) against Sci-Hub and several related “pirate” sites. It accused the websites of making academic papers widely available to the public, without permission. While Sci-Hub is nothing like the average pirate site, it is just as illegal according to Elsevier’s legal team, who obtained a preliminary injunction from a New York District Court last fall. The injunction ordered Sci-Hub’s founder Alexandra Elbakyan to quit offering access to any Elsevier content. However, this didn’t happen. Instead of taking Sci-Hub down, the lawsuit achieved the opposite. Sci-Hub grew bigger and bigger up to a point where its users were downloading hundreds of thousands of papers per day. Although Elbakyan sent a letter to the court earlier, she opted not engage in the U.S. lawsuit any further. The same is true for her fellow defendants, associated with Libgen. As a result, Elsevier asked the court for a default judgment and a permanent injunction which were issued this week. Following a hearing on Wednesday, the Court awarded Elsevier $15, 000, 000 in damages, the maximum statutory amount for the 100 copyrighted works that were listed in the complaint. In addition, the injunction, through which Sci-Hub and LibGen lost several domain names, was made permanent. Read more of this story at Slashdot.

Visit site:
Sci-Hub Ordered To Pay $15 Million In Piracy Damages

Ken May

Tag: advertising