Tag: digest-golf

Google drops three OS X 0days on Apple

Don’t look now, but Google’s Project Zero vulnerability research program may have dropped more zero-day vulnerabilities—this time on Apple’s OS X platform. In the past two days, Project Zero has disclosed OS X vulnerabilities here , here , and here . At first glance, none of them appear to be highly critical, since all three appear to require the attacker to already have some access to a targeted machine. What’s more, the first vulnerability, the one involving the “networkd ‘effective_audit_token’ XPC,” may already have been mitigated in OS X Yosemite, but if so the Google advisory doesn’t make this explicit and Apple doesn’t publicly discuss security matters with reporters. Still, the exploits could be combined with a separate attack to elevate lower-level privileges and gain control over vulnerable Macs. And since the disclosures contain proof-of-concept exploit code, they provide enough technical detail for experienced hackers to write malicious attacks that target the previously unknown vulnerabilities. The security flaws were privately reported to Apple on October 20, October 21, and October 23, 2014. All three advisories appear to have been published after the expiration of the 90-day grace period Project Zero gives developers before making reports public. Read 1 remaining paragraphs | Comments

Visit link:
Google drops three OS X 0days on Apple

4chan founder Chris “moot” Poole steps down

On Wednesday, 4chan founder Christopher Poole, better known by the moniker “moot,” announced his retirement from running the site. moot started 4chan 11 and a half years ago when he was 15, and the image-based bulletin board has grown into a staunch supporter of anonymity for its posters since. That notoriety has drawn some of the best and also a lot of the very, very worst to its 63 boards. In his post today, moot explained the decision: 4chan has faced numerous challenges over the years, including how to continuously satisfy a community of millions, and ensure the site has the human, technical, and financial resources to continue operating. But the biggest hurdle it’s had to overcome is myself. As 4chan’s sole administrator, decision maker, and keeper of most of its institutional knowledge, I’ve come to represent an uncomfortably large single point of failure. moot continued to say that he has made sure the site will be financially secure in the foreseeable future and has delegated the tasks of running the site to “a few senior volunteers.” Read 3 remaining paragraphs | Comments

More:
4chan founder Chris “moot” Poole steps down

Hard disk reliability examined once more: HGST rules, Seagate is alarming

A year ago we got some insight into hard disk reliability when cloud backup provider Backblaze published its findings for the tens of thousands of disks that it operated. Backblaze uses regular consumer-grade disks in its storage because of the cheaper cost and good-enough reliability, but it also discovered that some kinds of disks fared extremely poorly when used 24/7. A year later on and the company has collected even more data , and drawn out even more differences between the different disks it uses. For a second year, the standout reliability leader was HGST. Now a wholly-owned subsidiary of Western Digital, HGST inherited the technology and designs from Hitachi (which itself bought IBM’s hard disk division). Across a range of models from 2 to 4 terabytes, the HGST models showed low failure rates; at worse, 2.3 percent failing a year. This includes some of the oldest disks among Backblaze’s collection; 2TB Desktop 7K2000 models are on average 3.9 years old, but still have a failure rate of just 1.1 percent. Read 4 remaining paragraphs | Comments

Read this article:
Hard disk reliability examined once more: HGST rules, Seagate is alarming

British spy agency captured 70,000 e-mails of journalists in 10 minutes

The Government Communications Headquarters (GCHQ), the British sister agency of the National Security Agency, captured 70,000 e-mails of journalists in 10 minutes during a November 2008 test. According to The Guardian , which on Monday cited some of its Snowden documents as its source (but did not publish them), the e-mails were scooped up as part of the intelligence agency’s direct fiber taps . Journalists from the BBC, Reuters, The Guardian, The New York Times, Le Monde, The Sun , NBC, and The Washington Post were apparently targeted. Read 2 remaining paragraphs | Comments

More here:
British spy agency captured 70,000 e-mails of journalists in 10 minutes

Pirates defeating watermarks, releasing torrents of Oscar movie screeners

When an incomplete and early version of the X-Men Origins: Wolverine leaked to torrent sites in 2009, Twentieth Century Fox announced that the uploader “will be prosecuted to the fullest extent of the law.” “We forensically mark our content so we can identify sources that make it available or download it,” the studio said in a statement. Nabbed by a watermark, a New York man subsequently pleaded guilty to making the movie available on Megaupload. Gilberto Sanchez was sentenced to a year in prison in 2011. A triumphant US Attorney Andre Birotte Jr . said  that  “sentence handed down in this case sends a strong message of deterrence to would-be Internet pirates.” Read 6 remaining paragraphs | Comments

View article:
Pirates defeating watermarks, releasing torrents of Oscar movie screeners

Google drops more Windows 0-days. Something’s gotta give

Google’s security researchers have published another pair of Windows security flaws that Microsoft hasn’t got a fix for, continuing the disagreement between the companies about when and how to disclose security bugs. The first bug affects Windows 7 only and results in minor information disclosure. Microsoft says, and Google agrees, that this does not meet the threshold for a fix. Windows 8 and up don’t suffer the same issue. The second bug is more significant. In certain situations, Windows doesn’t properly check the user identity when performing cryptographic operations, which results in certain shared data not being properly encrypted. Microsoft has developed a fix for this bug, and it was originally scheduled for release this past Tuesday. However, the company discovered a compatibility issue late in testing, and so the fix has been pushed to February. Read 7 remaining paragraphs | Comments

See the original post:
Google drops more Windows 0-days. Something’s gotta give

Why DNS in OS X 10.10 is broken, and what you can do to fix it

Recently, there has been a lot of  discussion about the current state of Apple’s software quality. Anyone with even a passing familiarity with development knows that bugs are par for the course, and most people aren’t bothered by small, day-to-day bugs that are fixed within a reasonable timeframe. Obviously, like everyone else, Apple’s software has its share of those. But there’s another category of bug—glaring, perplexing bugs that couldn’t possibly have escaped the attention of the software engineers in question, let alone the quality assurance department. Such issues exist, and sometimes they go unfixed for months. Or years. Or ever. Hopefully, the set of network issues with OS X 10.10 described below won’t fall into this column, but they do raise an obvious question: why? For 12 years, the mDNSResponder service managed a surprisingly large part of our Mac’s networking, and it managed this task well. But as of OS X 10.10, the mDNSResponder has been replaced with discoveryd, which does the same thing. Mostly. Here are some strange networking problems we’ve observed since installing 10.10: Read 18 remaining paragraphs | Comments

View article:
Why DNS in OS X 10.10 is broken, and what you can do to fix it

Red light camera vendor Redflex freaked out it may lose contracts

In a new Friday filing with the Australian Securities Exchange, Redflex, a prominent red light camera vendor, said that it could be facing an immediate net book value loss of $3.2 million if it permanently loses contracts in New Jersey and Ohio. In November 2014, the company told investors that the North American market is a “low/no-growth market.” Since 2009, the Garden State has operated a pilot program with Redflex cameras, but that program expired on December 16, 2014. The New Jersey Department of Transportation is now set to analyze its five years’ worth of data, write a report, and recommend whether to permanently halt the program or resurrect it. Meanwhile, in Ohio, even after the state’s Supreme Court upheld their use, Governor John Kasich signed into law in December 2014 a new bill that requires a police officer’s physical presence for tickets that are issued from traffic cameras. The law takes effect 90 days after the governor’s signature, and it could mean that cities will have less of a reason to maintain their camera systems. Read 3 remaining paragraphs | Comments

See the original article here:
Red light camera vendor Redflex freaked out it may lose contracts

The 100 billion frames per second camera that can image light itself

High-speed cameras produce some of the most fascinating imagery in the world. They reveal hidden details and turn the everyday into the extraordinary. But these cameras, which generally top out at around 100,000 frames per second, have nothing on a camera reported last month in Nature . This beast can manage a massive 100 billion frames per second . If you want a high frame rate, you generally use stroboscopic imaging. In normal filming, the illumination is always on, and the camera shutter is operated as fast as possible. However, as the frame rate increases, the shutter time reduces and less light falls on the sensor. The result is a noisy image. In the embedded video, you can see the difference between normal filming and stroboscopic imaging. Stroboscopic imaging builds up an image by pulsing the light source while the camera shutter remains open. Using it, you can capture single images from an event that repeats periodically. The temporal resolution is now given by the duration and timing of the light pulse. Light pulses can be less than a femtosecond (10 -15 s) in duration, while timing can be controlled with femtosecond precision. This allows stop-motion photography with frame rates of trillions per second. Read 15 remaining paragraphs | Comments

See more here:
The 100 billion frames per second camera that can image light itself

Only 25Mbps and up will qualify as broadband under new FCC definition

FCC Chairman Tom Wheeler today is proposing to raise the definition of broadband from 4Mbps downstream and 1Mbps upstream to 25Mbps down and 3Mbps up. As part of the Annual Broadband Progress Report mandated by Congress , the Federal Communications Commission has to determine whether broadband “is being deployed to all Americans in a reasonable and timely fashion.” The FCC’s latest report, circulated by Wheeler in draft form to fellow commissioners, “finds that broadband is not being deployed to all Americans in a reasonable and timely fashion, especially in rural areas, on Tribal lands, and in US Territories,” according to a fact sheet the FCC provided to Ars. The FCC also gets to define what speeds qualify as broadband, or “advanced telecommunications capability,” as it’s called in policy documents. The FCC last updated that definition in 2010 , raising it from 200Kbps to the current 4/1 standard. The Telecommunications Act of 1996 said that advanced telecommunications capability must “enable users to originate and receive high-quality voice, data, graphics, and video telecommunications using any technology.” Wheeler’s proposed annual report says the 4/1 definition adopted in 2010 “is inadequate for evaluating whether broadband capable of supporting today’s high-quality voice, data, graphics, and video is being deployed to all Americans in a timely way.” (Despite the annual requirement, this would be the first such report since 2012 .) Read 6 remaining paragraphs | Comments

More here:
Only 25Mbps and up will qualify as broadband under new FCC definition