Richard Chirgwin, writing for The Register: Consider this an item for the watch-list, rather than a reason to hit the panic button: a math error in the Go language could potentially affect cryptographic libraries. Security researcher Guido Vranken (who earlier this year fuzzed up some bugs in OpenVPN) found an exponentiation error in the Go math/big package. Big numbers — particularly big primes — are the foundation of cryptography. Vranken posted to the oss-sec mailing list that he found the potential issue during testing of a fuzzer he wrote that “compares the results of mathematical operations (addition, subtraction, multiplication, …) across multiple bignum libraries.” Vranken and Go developer Russ Cox agreed that the bug needs specific conditions to be manifest: “it only affects the case e = 1 with m != nil and a pre-allocated non-zero receiver.” Read more of this story at Slashdot.
More here:
Devs Working To Stop Go Math Error Bugging Crypto Software
An anonymous reader quotes a report from Ars Technica: The Wisconsin Assembly voted 59-30 on Thursday to approve a bill to give incentives worth $3 billion to Taiwan-based Foxconn so that the company would open its first U.S. plant in the state. Foxconn, best known for supplying parts of Apple’s iPhones, will open the $10 billion liquid-crystal display plant in 2020, according to Reuters. The bill still has to be approved by a joint finance committee and the state Senate. Both houses of Wisconsin’s legislature are controlled by Republicans, and the deal is supported by Wisconsin Governor Scott Walker, a Republican who negotiated the deal. The vote was largely, but not entirely, along party lines. Three Democrats joined 56 Republicans in supporting the deal. Two Republicans and 28 Democrats voted against it. Opponents said the deal wasn’t a good use of taxpayer funds. The $3 billion incentives package includes about $2.85 billion in cash payments from taxpayers and tax breaks valued at about $150 million. The state is also waiving certain environmental rules. Read more of this story at Slashdot. 
An anonymous reader quotes Bleeping Computer: Chrome 55, released earlier this week, now blocks all Adobe Flash content by default, according to a plan set in motion by Google engineers earlier this year… While some of the initial implementation details of the “HTML5 By Default” plan changed since then, Flash has been phased out in favor of HTML5 as the primary technology for playing multimedia content in Chrome. Google’s plan is to turn off Flash and use HTML5 for all sites. Where HTML5 isn’t supported, Chrome will prompt users and ask them if they want to run Flash to view multimedia content. The user’s option would be remembered for subsequent visits, but there’s also an option in the browser’s settings section, under Settings > Content Settings > Flash > Manage Exceptions, where users can add the websites they want to allow Flash to run by default. Exceptions will also be made automatically for your more frequently-visited sites — which, for many users, will include YouTube. And Chrome will continue to ship with Flash — as well as an option to re-enable Flash on all sites. Read more of this story at Slashdot. 
An anonymous reader quotes a report from USA Today: Facebook employees pushed to remove some of Republican presidential candidate Donald Trump’s Facebook posts — such as one proposing the ban of Muslims from entering the U.S. — from the service as hate speech that violated the giant social network’s policies, the Wall Street Journal reported Friday. The decision not to remove the Trump posts was made by Facebook CEO Mark Zuckerberg, the newspaper reported. Employees complained that Facebook was changing the rules for Trump and some who review content on Facebook threatened to quit. “When we review reports of content that may violate our policies, we take context into consideration. That context can include the value of political discourse, ” Facebook said in an emailed statement. “Many people are voicing opinions about this particular content and it has become an important part of the conversation around who the next U.S. president will be. For those reasons, we are carefully reviewing each report and surrounding context relating to this content on a case by case basis.” Senior members of Facebook’s policy team posted more details on its policy on Friday: “In the weeks ahead, we’re going to begin allowing more items that people find newsworthy, significant, or important to the public interest — even if they might otherwise violate our standards.” Read more of this story at Slashdot. 
An anonymous reader tips an Associated Press report saying that Healthcare.gov is sending users’ personal data to private companies. The information involved is typical ad-related analytic data: “…it can include age, income, ZIP code, whether a person smokes, and if a person is pregnant. It can include a computer’s Internet address, which can identify a person’s name or address when combined with other information collected by sophisticated online marketing or advertising firms.” The Electronic Frontier Foundation confirmed the report, saying that data is being sent from Healthcare.gov to at least 14 third-party domains. The EFF says, “Sending such personal information raises significant privacy concerns. A company like Doubleclick, for example, could match up the personal data provided by healthcare.gov with an already extensive trove of information about what you read online and what your buying preferences are to create an extremely detailed profile of exactly who you are and what your interests are. It could do all this based on a tracking cookie that it sets which would be the same across any site you visit. Based on this data, Doubleclick could start showing you smoking ads or infer your risk of cancer based on where you live, how old you are and your status as a smoker. Doubleclick might start to show you ads related to pregnancy, which could have embarrassing and potentially dangerous consequences such as when Target notified a woman’s family that she was pregnant before she even told them. ” Read more of this story at Slashdot. 
An anonymous reader writes Twitch today announced that the Justin.tv website, mobile apps, and APIs are no longer in service. A very simple explanation is given for the shutdown: since rebranding the company to Twitch Interactive in February 2014, all resources are now focused on Twitch.tv. The news today will almost certainly further fuel the rumors that Google is acquiring, or has already acquired, Twitch. Purchases are often followed by consolidation, as well as cutting off any excess limbs. Read more of this story at Slashdot. 
alphadogg (971356) writes with news that the SSA has joined the long list of federal agencies with giant failed IT projects. From the article: “Six years ago the Social Security Administration embarked on an aggressive plan to replace outdated computer systems overwhelmed by a growing flood of disability claims. Nearly $300 million later, the new system is nowhere near ready and agency officials are struggling to salvage a project racked by delays and mismanagement, according to an internal report commissioned by the agency. In 2008, Social Security said the project was about two to three years from completion. Five years later, it was still two to three years from being done, according to the report by McKinsey and Co., a management consulting firm. Today, with the project still in the testing phase, the agency can’t say when it will be completed or how much it will cost. Read more of this story at Slashdot. 
