Tag: fnself-program1

Large Hadron Collider restarts after 2 years of maintenance

After being shut down for two years, the Large Hadron Collider (LHC) is back online, CERN announced Sunday. “Today at 10:41am [local time], a proton beam was back in the 27-kilometer ring, followed at 12:27pm by a second beam rotating in the opposite direction,” the European Organization for Nuclear Research reported in a statement . “These beams circulated at their injection energy of 450 GeV. Over the coming days, operators will check all systems before increasing energy of the beams.” Read 8 remaining paragraphs | Comments

See original article:
Large Hadron Collider restarts after 2 years of maintenance

Change.org springs a leak, exposes private e-mail addresses

Online petitions service Change.org has a website bug that’s disclosing as many as 40,000 e-mail addresses that presumably belong to current or former subscribers. The disclosure bug was active at the time this post was being prepared and is exploitable using the search box provided on the site or via Google or Bing. The number of results returned ranged from 40,000 to 65,000, although not every result included an e-mail address. Still, a large number of them returned pages like the one above, which Ars has redacted out of fairness to the affected e-mail user. The leak appears to be the result of Change.org Web links that contain valid GET request tokens used to validate users after they have successfully entered their password. A bug appears to be adding the tokens automatically, even when the viewer hasn’t been authenticated. The following screenshot shows a portion of the token in the address bar: Read 2 remaining paragraphs | Comments

See the original article here:
Change.org springs a leak, exposes private e-mail addresses

TrueCrypt security audit is good news, so why all the glum faces?

The ongoing audit of the TrueCrypt whole-disk encryption tool used by millions of privacy and security enthusiasts has reached an important milestone—a detailed review of its cryptographic underpinnings that found no backdoors or fatal flaws. The 21-page Open Cryptographic review published Thursday uncovered four vulnerabilities, the most serious of which involved the use of a Windows programming interface to generate random numbers used by cryptographic keys. While that’s a flaw that cryptographers say should be fixed, there’s no immediate indication that the bug undermines the core security promise of TrueCrypt. To exploit it and the other bugs, attackers would most likely have to compromise the computer running the crypto program. None of the vulnerabilities appear to allow the leaking of plaintext or secret key material or allow attackers to use malformed inputs to subvert TrueCrypt. The report was produced by researchers from information security consultancy NCC Group . “The TL;DR is that based on this audit, TrueCrypt appears to be a relatively well-designed piece of crypto software,” Matt Green, a Johns Hopkins University professor specializing in cryptography and an audit organizer, wrote in a blog post accompanying Thursday’s report . “The NCC audit found no evidence of deliberate backdoors, or any severe design flaws that will make the software insecure in most instances.” Read 7 remaining paragraphs | Comments

Visit site:
TrueCrypt security audit is good news, so why all the glum faces?

OnLive shuts down streaming games service, sells patents to Sony

The first company to try to make a business out of streaming gameplay over the Internet will soon be shutting down its service. OnLive announced today that its servers will go offline on April 30, and that the company is selling its portfolio of patents to Sony Computer Entertainment America. The announcement comes almost exactly six years after OnLive first announced its plans in the nascent streaming gaming space. The idea was to take in user input over the Internet, put it through a game running on high-end hardware at a centralized server location, then send back video and audio to end user hardware that could be significantly cheaper and less powerful. The service and a $100 microconsole launched in late 2010 , but suffered from noticeable latency and image quality issues in our initial tests. With its pay-per-game service and a limited subscription-based streaming model failing to connect with many consumers, OnLive faced massive layoffs and a drastic business restructuring in 2012. The company soldiered on to launch a new hybrid streaming/downloadable game plan last year, though. Players who took part in that hybrid plan will still be able to play their purchased games through Steam, but streaming games purchased through Cloudlift or the older Playpass subscriptions will no longer be usable after the end of the month. OnLive will continue to exist as a corporate entity to manage remaining unsold assets such as trademarks, copyrights, and product designs. Read 4 remaining paragraphs | Comments

Visit link:
OnLive shuts down streaming games service, sells patents to Sony

Google Chrome will banish Chinese certificate authority for breach of trust

Google’s Chrome browser will stop trusting all digital certificates issued by the China Internet Network Information Center following a major trust breach last week that led to the issuance of unauthorized credentials for Gmail and several other Google domains . The move could have major consequences for huge numbers of Internet users as Chrome, the world’s most widely used browser, stops recognizing all website certificates issued by CNNIC. To give affected website operators time to obtain new credentials from a different certificate authority, Google will wait an unspecified period of time before implementing the change. Once that grace period ends, Google engineers will blacklist both CNNIC’s root and extended-validation certificates in Chrome and all other Google software. The unauthorized certificates were issued by Egypt-based MCS Holdings , an intermediate certificate authority that operated under the authority of CNNIC. MCS used the certificates in a man-in-the-middle proxy, a device that intercepts secure connections by masquerading as the intended destination. Such devices are sometimes used by companies to monitor employees’ encrypted traffic for legal or human resources reasons. Read 2 remaining paragraphs | Comments

Visit link:
Google Chrome will banish Chinese certificate authority for breach of trust

Uber driver arrested for trying to burglarize passenger’s house

An Uber driver was arrested Tuesday on suspicion of attempting to break in to the residence of a woman he had just brought to the Denver International Airport. Gerald Montgomery The 51-year-old driver, Gerald Montgomery, allegedly used what the police described as “burglary tools” to try to open the back door of the Colorado woman’s house. The victim’s roommate was home and confronted Montgomery, the Denver Police Department said. Uber said it has “deactivated” Montgomery’s “access to the platform, pending a full investigation.” Read 5 remaining paragraphs | Comments

View article:
Uber driver arrested for trying to burglarize passenger’s house

10% of Americans have a smartphone but no other Internet at home

One out of 10 Americans owns a smartphone but has no other Internet service at home, with the poor far more likely to find themselves in this situation than those who are well off, according to a  Pew Research Center report released today . “10 percent of Americans own a smartphone but do not have broadband at home, and 15 percent own a smartphone but say that they have a limited number of options for going online other than their cell phone,” Pew Senior Researcher Aaron Smith wrote. “Those with relatively low income and educational attainment levels, younger adults, and non-whites are especially likely to be ‘smartphone-dependent.’” Pew said that 7 percent of Americans are in both categories—a smartphone is their only option for using the Internet at home, and they have few easily available options for going online when away from home. Pew refers to these Americans as “smartphone-dependent.” Read 9 remaining paragraphs | Comments

Continue Reading:
10% of Americans have a smartphone but no other Internet at home

Zynga investors can sue FarmVille creator for alleged IPO fraud, judge says

Earlier this week, a judge ruled  (PDF) that Zynga would have to face a revised lawsuit over allegations that it defrauded investors by offering overly-zealous news about the company’s future at the time of its Initial Public Offering (IPO). The investors allege that Zynga knew that an upcoming platform change at Facebook would decrease the company’s ability to rake in revenue, but executives concealed that information. After the successful IPO, the complaint says, the executives sold off their Zynga shares before the stock price collapsed . The investors applied for a class-action lawsuit in July 2012 , just after Zynga shares tumbled to $3 per share from a price peak of $15.91 per share. US District Judge Jeffrey White dismissed an earlier version of the lawsuit a year ago, but ruled that the game company would have to face a revised complaint from the same investors. Although Zynga denies the investors’ claims, the plaintiffs say they have at least six confidential witnesses who had access to daily reports on Zynga’s bookings before the IPO. Those witnesses say the company was in decline before the IPO. “Although the company may have reported large bookings after the fact,” the judge’s order writes, “Plaintiff contends that the bookings declined significantly during the class period and yet Defendants continued to represent to the public that the bookings were strong.” Read 2 remaining paragraphs | Comments

More:
Zynga investors can sue FarmVille creator for alleged IPO fraud, judge says

Dark Web vendors offer up “thousands” of Uber logins starting at $1 each

Two vendors on a relatively new Dark Web marketplace are selling active Uber usernames and passwords. On Saturday, Ars verified that “Courvoisier” is claiming to sell these logins for $1 each on the AlphaBay Market, which launched in late 2014. Another vendor, “ThinkingForward,” sells the same items for $5 each. As Courvoisier writes: “The credentials provided will be a valid login for the Uber website for which you can use to order phones from completely free. (You can find the guide in our store if you’re unaware on the how-to).” Read 5 remaining paragraphs | Comments

Visit link:
Dark Web vendors offer up “thousands” of Uber logins starting at $1 each

NASA announces details of its asteroid redirection mission

Today, NASA held a press conference in which it described the latest developments in its plan to return an asteroid to an orbit close enough to Earth that it could easily be studied by a manned mission. Gone is the idea of returning an entire asteroid. In its place, a robotic probe will pluck a boulder from the surface of an asteroid and return that, testing our ability to redirect similar rocks if they threaten Earth. In fact, the entire mission is generally focused on technology development. Once the asteroid is placed in a cis-lunar orbit (orbiting Earth and closer than the Moon), it will be visited by a crewed Orion capsule that will allow detailed study and a return of samples to Earth. But the focus of this mission will be testing technology that will allow extended manned missions in space. The current timeline involves further studies of potential targets for extracting a boulder in the years leading up to 2019. Right now, three asteroids are on the menu: Itokawa (which was visited by the Japanese spacecraft Hayabusa), Bennu (which is planned for a sample return mission called OSIRIS-REx), and 2008 EV5. In each case, the orbit and composition are well-known, making them relatively low risk. Read 4 remaining paragraphs | Comments

Continued here:
NASA announces details of its asteroid redirection mission