(credit: Hanno Böck ) There’s a bug in the widely used Apache Web Server that causes servers to leak pieces of arbitrary memory in a way that could expose passwords or other secrets, a freelance journalist has disclosed . The vulnerability can be triggered by querying a server with what’s known as an OPTIONS request. Like the better-known GET and POST requests, OPTIONS is a type of HTTP method that allows users to determine which HTTP requests are supported by the server. Normally, a server will respond with GET, POST, OPTIONS, and any other supported methods. Under certain conditions, however, responses from Apache Web Server include the data stored in computer memory. Patches are available here and here . The best-known vulnerability to leak potentially serious server memory was the Heartbleed bug located in the widely used OpenSSL cryptography library . Within hours of Heartbleed’s disclosure in April 2014, attackers were exploiting it to obtain passwords belonging to users of Yahoo, Ars , and other sites. Heartbleed could also be exploited to bleed websites’ private encryption keys and to hack networks with multifactor authentication . Read 3 remaining paragraphs | Comments
Read the original post:
Apache bug leaks contents of server memory for all to see—Patch now
An anonymous reader quotes a report from Tom’s Hardware: Qualcomm and its Qualcomm Datacenter Technologies subsidiary announced today that the company has already begun sampling its first 10nm server processor. The Centriq 2400 is the second generation of Qualcomm server SOCs, but it is the first in its new family of 10nm FinFET processors. The Centriq 2400 features up to 48 custom Qualcomm ARMv8-compliant Falkor cores and comes a little over a year after Qualcomm began developing its first-generation Centriq processors. Qualcomm’s introduction of a 10nm server chip while Intel is still refining its 14nm process appears to be a clear shot across Intel’s bow–due not only to the smaller process, but also its sudden lead in core count. Intel’s latest 14nm E7 Broadwell processors top out at 24 cores. Qualcomm isn’t releasing more information, such as clock speeds or performance specifications, which would help to quantify the benefit of its increased core count. The server market commands the highest margins, which is certainly attractive for the mobile-centric Qualcomm, which found its success in the relatively low-margin smartphone segment. However, Intel has a commanding lead in the data center with more than a 99% share of the world’s server sockets, and penetrating the segment requires considerable time, investment, and ecosystem development. Qualcomm unveiled at least a small portion of its development efforts by demonstrating Apache Spark and Hadoop on Linux and Java running on the Centriq 2400 processor. The company also notes that Falkor is SBSA compliant, which means that it is compatible with any software that runs on an ARMv8-compliant server platform. Read more of this story at Slashdot. 
An anonymous reader writes: IBM is purchasing a company called Merge Healthcare for $1 billion. The company specializes in medical imaging software, and it will be a key new resource for IBM’s Watson AI. Big blue’s researchers estimate that 90% of all medical data is contained within images. Having a trove of them and the software to mine that data should help Watson learn how to make more accurate diagnoses. IBM thinks it’ll also provide better context for run-of-the-mill medical imaging. “[A] radiologist might examine thousands of patient images a day, but only looking for abnormalities on the images themselves rather than also taking into account a person’s medical history, treatments and drug regimens.” They can program Watson to do both. The AI is already landing contracts to assist with medical issues: “Last week, IBM announced a partnership with CVS Health, the large pharmacy chain, to develop data-driven services to help people with chronic ailments like diabetes and heart disease better manage their health.” Read more of this story at Slashdot. 
jones_supa (887896) writes “Canonical, through John Zannos, VP Cloud Alliances, has proudly announced that the first ever Microsoft Azure hosted service will be powered by Ubuntu Linux. This piece of news comes from the Strata + Hadoop World Conference, which takes place this week in California. The fact of the matter is that the news came from Microsoft who announced the preview of Azure HDInsight (an Apache Hadoop-based hosted service) on Ubuntu clusters yesterday at the said event. This is definitely great news for Canonical, as their operating system is getting recognized for being extremely reliable when handling Big Data. Ubuntu is now the leading cloud and scale-out Linux-based operating system.” Read more of this story at Slashdot. 
Zothecula writes: As one of the contenders in the race to win a $100 billion contract from the U.S. government for the next generation of attack helicopter in the Army’s Joint Multi-Role Technology Demonstrator (JMR-TD) program, AVX Aircraft Company has conceived a futuristic machine kitted out with coaxial rotors, ducted fans and a retractable undercarriage that could hit speeds of over 270 mph (435 km/h). Read more of this story at Slashdot. 
itwbennett (1594911) writes “ActiveLink, which is 80% owned by Panasonic, is building heavy-duty strength-boosting suits that the company says can help workers shoulder the burden of heavy gear and protective clothing and could be useful at nuclear plants. ‘Our powered suits could be used to assist and support remote-controlled robots in emergencies, ‘ ActiveLink President Hiromichi Fujimoto said in an interview. ‘Workers could wear the suits to carry PackBots to their deployment point and to work in low-radiation areas.'” Read more of this story at Slashdot. 
From Motherboard comes this description of what may turns out to be the newest entry on the periodic table, newly synthesized element 117, created by researchers at the GSI Helmholtz Centre for Heavy Ion Research of Darmstadt, Germany, and described in results published this week in Physical Review Letters. From the article: “Element 117 has been temporarily given the very literal name ununseptium (one-one-seven in Latin), and will only honored with a real name once the the International Union of Pure and Applied Physics and Chemistry (IUPAPC) confirms its synthesis at the GSI accelerator. Ununseptium is 40 percent heavier than lead, making it on par with the heaviest atoms ever observed. … Its properties seem to confirm that the existence of the so-called “island of stability”—a theory suggesting that the half-lives of superheavy isotopes will lengthen as their atomic numbers increase further away from uranium. Any element with an atomic number greater than 103 is considered superheavy (or in the ‘transactinide class, ‘ if you prefer the scientific jargon). Transactinides can only be observed artificially in a laboratory, and synthesizing them is no easy task.” Note: that “real name” process isn’t a mere formality; just a few years ago, another attempt to synthesize a 117th element looked promising enough to be declared done, but could not be confirmed with the IUPAPC’s tests. Read more of this story at Slashdot.