california – Page 84

Star Within a Star: Thorne-Zytkow Object Discovered

astroengine writes: “A weird type of ‘hybrid’ star has been discovered nearly 40 years since it was first theorized — but until now has been curiously difficult to find. In 1975, renowned astrophysicists Kip Thorne, of the California Institute of Technology (Caltech) in Pasadena, Calif., and Anna Zytkow, of the University of Cambridge, UK, assembled a theory on how a large dying star could swallow its neutron star binary partner, thus becoming a very rare type of stellar hybrid, nicknamed a Thorne-Zytkow object (or TZO). The neutron star — a dense husk of degenerate matter that was once a massive star long since gone supernova — would spiral into the red supergiant’s core, interrupting normal fusion processes. According to the Thorne-Zytkow theory, after the two objects have merged, an excess of the elements rubidium, lithium and molybdenum will be generated by the hybrid. So astronomers have been on the lookout for stars in our galaxy, which is thought to contain only a few dozen of these objects at any one time, with this specific chemical signature in their atmospheres. Now, according to Emily Levesque of the University of Colorado Boulder and her team, a bona fide TZO has been discovered and their findings have been accepted for publication in the Monthly Notices of the Royal Astronomical Society Letters.” Read more of this story at Slashdot.

See more here:
Star Within a Star: Thorne-Zytkow Object Discovered

Bugs in widely used WordPress plug-in leave sites vulnerable to hijacking

Security researchers have discovered vulnerabilities in a widely used WordPress extension that leaves sites susceptible to remote hijacking. WordPress-powered sites that use the All in One SEO Pack should promptly install an update that fixes the privilege escalation vulnerabilities, Marc-Alexandre Montpas, a researcher with security firm Sucuri wrote in a blog post published Saturday . Administrators can upgrade by logging in to the admin panel, selecting plug-ins, and choosing the All in One title. The just-released version that fixes the vulnerabilities is 2.1.6. The worst of the attacks made possible by the bugs can allow attackers to inject malicious code into the admin control panel, Montpas warned. Malicious hackers could then change an admin’s password or insert backdoor code into the underlying websites. People could also remotely tamper with a site’s search engine optimization settings. To exploit the bugs, attackers need only an unprivileged account on the site, such as one for posting reader comments. In some cases, the privilege escalation and cross-site scripting bugs in All in One SEO are combined with another vulnerability that Montpas didn’t elaborate on. Read 2 remaining paragraphs | Comments

View article:
Bugs in widely used WordPress plug-in leave sites vulnerable to hijacking

Meet “Cupid,” the Heartbleed attack that spawns “evil” Wi-Fi networks

A packet capture showing Cupid attacking a wireless network. SysValue It just got easier to exploit the catastrophic Heartbleed vulnerability against wireless networks and the devices that connect to them thanks to the release last week of open source code that streamlines the process of plucking passwords, e-mail addresses, and other sensitive information from vulnerable routers and connected clients. Dubbed Cupid, the code comes in the form of two software extensions. The first gives wireless networks the ability to deploy “evil networks” that surreptitiously send malicious packets to connected devices. Client devices relying on vulnerable versions of the OpenSSL cryptography library can then be forced to transmit contents stored in memory. The second extension runs on client devices. When connecting to certain types of wireless networks popular in corporations and other large organizations, the devices send attack packets that similarly pilfer data from vulnerable routers. The release of Cupid comes eight weeks after the disclosure of Heartbleed , one of the most serious vulnerabilities to ever hit the Internet. The flaw, which existed for more than two years in OpenSSL, resides in “heartbeat” functions designed to keep a transport layer security (TLS) connection alive over an extended period of time. Read 5 remaining paragraphs | Comments

See more here:
Meet “Cupid,” the Heartbleed attack that spawns “evil” Wi-Fi networks

OS X Yosemite unveiled at WWDC, features big UI overhaul

Photo by DAVID ILIFF. License: CC-BY-SA 3.0 This morning at Apple’s 2014 Worldwide Developer’s Conference, Apple SVP Craig Federighi gave us our first official look at the upcoming version of the Macintosh desktop operating system. This is the tenth formal release of OS X (which is pronounced “oh ess ten,” never “oh ess ecks”); Apple’s naming convention uses “OS X” as the brand, separate from the version, and so the brand and version of this release is indeed “OS X 10.10″—”oh ess ten ten dot ten” (or “ten point ten,” if you insist). Starting with OS X 10.9, though, Apple has given the OS California-themed names—10.9 was “OS X Mavericks,” after a famous surfing location, and this new version is “OS X Yosemite,” named after California’s Yosemite National Park. Mavericks’ branding and banners were all wave-related, after the surf theme; Yosemite’s desktop features the famous slab-sided southwest face of Half Dome , one of the park’s most recognizable rock formations. (PC gamers who cut their teeth in the late 80s and 90s will also recognize Half Dome from its role as the logo of the legendary adventure gaming company Sierra On-Line .) Translucency and new Dock icons. “Translucency” is the name of the day, with trandlucent panels and sidebars popping up all in all windows. The icons in the Dock have also gotten a big overhaul, gaining a very iOS-like appearance across the board. “You wouldn’t believe how much time we spent crafting that trash can,” joked Federighi. The revised interface can also be shifted to a “dark” mode, where windows and menus shift to light text on a smoky background instead of the Mac’s more typical black-on-white. Read 6 remaining paragraphs | Comments

Read the original:
OS X Yosemite unveiled at WWDC, features big UI overhaul

Payback time: First patent troll ordered to pay “extraordinary case” fees

FindTheBest CEO Kevin O’Connor and Director of Operations Danny Seigle. FindTheBest When Santa Barbara startup FindTheBest (FTB) was sued by a patent troll called Lumen View last year, it vowed to fight back rather than pay up the $50,000 licensing fee Lumen was asking for. Company CEO Kevin O’Connor made it personal, pledging $1 million of his own money to fight the legal battle. Once FindTheBest pursued the case, the company dismantled the troll in short order. In November, the judge invalidated Lumen’s patent, finding it was nothing more than a description of computer-oriented “matchmaking.” At that point, FindTheBest had spent about $200,000 on its legal fight—not to mention the productivity lost in hundreds of work hours spent by top executives on the lawsuit, and three all-company meetings. Read 10 remaining paragraphs | Comments

TrueCrypt security audit presses on, despite developers jumping ship

ZEISS Microscopy TrueCrypt, the whole-disk encryption tool endorsed by National Security Agency leaker Edward Snowden and used by millions of privacy and security enthusiasts around the world, will receive a second round of safety audits despite being declared unsafe and abruptly abandoned by its anonymous developers two days ago. Phase II of the security audit was already scheduled to commence when Wednesday’s bombshell advisory dropped on the TrueCrypt SourceForge page. After 24 hours to reflect on the unexpected move, an organizer with the Open Crypto Audit Project said he saw no reason to scrub those plans. Online fundraisers to bankroll the project have raised about $70,000, well past the $25,000 organizers had initially aimed for . “We have conferred and we are firmly going forward on schedule with the audit regardless of yesterday’s circumstances,” Kenn White, a North Carolina-based computer scientist and audit organizer told Ars Thursday. “We don’t want there to remain all sorts of questions or scenarios or what ifs in people’s minds. TrueCrypt has been around for 10 years and it’s never received a proper formal security analysis. People are going to continue to use it for better or worse, and we feel like we owe the community the proper analysis.” Read 5 remaining paragraphs | Comments

More:
TrueCrypt security audit presses on, despite developers jumping ship

Photonic crystals used to make optical RAM

This photonic lattice created at Sandia National Laboratories acts like a crystal in guiding light because of its tiny, regularly placed silicon “logs.” Japanese researchers have shown how to use photonic crystals like this as optical RAM. Sandia National Labs Most high-speed networking is done using optical fibers. The hardware on each end of these fibers has to convert the optical signals to electronic ones in order to figure out a packet’s destination and will often return it to optical form before sending it on toward its destination. Researchers at the Japanese telecom NTT find all that converting a bit wasteful and are working on ways to avoid it. They’ve recently published a paper that includes a description of a working 115-bit optical Random Access Memory device, made of a carefully structured series of photonic crystals, each of which can store light of a different wavelength. Photonic crystals are made of layered semiconductors, with the precise structure (the thickness and spacing of the layers) determining how they interact with light—it’s possible to make photonic crystals that selectively block or transmit a narrow frequency range. Read 8 remaining paragraphs | Comments

Prosecutors: ex-LulzSec hacker “Sabu” helped authorities stop 300+ cyberattacks

The much delayed sentencing of former LulzSec hacker-turned-FBI informant Hector “Sabu” Monsegur is set to take place next week. But before any decisions are made public, new court documents (PDF) show Monsegur has helped the feds disrupt more than 300 attacks against targets ranging from the US military to NASA, Congress to private companies. “The amount of loss prevented by Monsegur’s actions is difficult to fully quantify, but even a conservative estimate would yield a loss prevention figure in the millions of dollars,” the document stated. The tale of Sabu’s arrest and LulzSec’s fall: FBI still needs Hector “Sabu” Monsegur, sentencing delayed (again) “Literally” the day he was arrested, hacker “Sabu” helped the FBI LulzSec leader “Sabu” worked with FBI since last summer FBI names, arrests Anon who infiltrated its secret conference call Inside the hacking of Stratfor: the FBI’s case against Antisec member Anarchaos All the latest on the unmasking of LulzSec leader “Sabu,” arrests Stakeout: how the FBI tracked and busted a Chicago Anon Doxed: how Sabu was outed by former Anons long before his arrest Anonymous attacks security firm as revenge for LulzSec arrests “Everything incriminating has been burned”: Anons fight panic after Sabu betrayal Monsegur assisted in high-profile hacks of security firm HBGary and others as a member of LulzSec, a sect of Anonymous. He began cooperating with the FBI in June 2011 after his arrest at the Jacob Riis public housing complex in New York City. His work for the feds began immediately . Eventually Monsegur helped the government build cases against numerous Anonymous hackers, including Stratfor hacker Jeremy Hammond . He apparently also assisted the government in its investigation of Wikileaks . According to the New York Times , prosecutors filed the new documents because they are asking Judge Loretta A. Preska for leniency in light of Monsegur’s “extraordinary cooperation.” Sentencing in Monsegur’s case is currently scheduled for Tuesday in a Federal District Court in Manhattan. But while some of the other hackers in the LulzSec saga have faced steep penalties (for example, Hammond is serving a 10-year sentence), the government has asked for Monsegur to only be sentenced to time served— just seven months . Read 1 remaining paragraphs | Comments

Read this article:
Prosecutors: ex-LulzSec hacker “Sabu” helped authorities stop 300+ cyberattacks

Wireless broadband can reach the moon, and maybe Mars

Prescott Pym Aside from air, water and fresh vegetables, what would need to survive on the moon? One thing that would likely of feature high on the list is a decent, reliable wireless internet. And thanks to a group of researches from MIT and Nasa this kind of connectivity could be within the realms of possibility. Between them, the two organizations have demonstrated for the first time that data communication technology is capable of providing those in space with the same kind of connectivity we enjoy on Earth, and can even facilitate large data transfers and high-definition video streaming. To do this it uses four separate telescopes based at a ground terminal in New Mexico to send the uplink signal to the moon. A laser transmitter that can send information as coded pulses of invisible infrared light feeds into each of the telescopes, which results in 40 watts of transmitter power. Read 7 remaining paragraphs | Comments

More:
Wireless broadband can reach the moon, and maybe Mars

Apple will fix iMessage bug that makes it harder to leave the service

Andrew Cunningham iPhone users (and ex-iPhone users) attempting to sign out of Apple’s iMessage service recently began running into a nasty bug. Signing out of iMessage means that iPhones trying to text your number should seamlessly switch back to using SMS. However, this hasn’t been happening lately—instead, these iMessages continue to be sent as iMessages. They never actually make it to their destination, and neither the sender nor the receiver is given any indication that the message has failed. Apple acknowledged the bug in a statement to Re/code this morning , noting that it has “recently fixed a server-side iMessage bug which was causing an issue for some users,” and that an additional software update was being planned to fix more problems. Signing out of the iMessage service has always been more difficult than enabling it, and I say that as someone who recently disabled iMessage to make jumping between iOS, Android, Windows Phone, and other mobile operating systems easier. In my case, iMessages sent to my newly disconnected number would simply fail to send, and the problem only worked itself out after I changed my Apple ID password (thereby signing all of my devices out of the service), disassociating my phone number from my Apple ID, and then calling Apple support about the problem. This new bug sounds worse, since message senders don’t even know that the texts aren’t arriving at their destination. Read 1 remaining paragraphs | Comments

More:
Apple will fix iMessage bug that makes it harder to leave the service

Ken May

Tag: california