funny – Page 176

Falcon 9 Explodes On Pad

Reader Mysticalfruit writes: NPR is reporting that a Falcon9 carrying the AMOS-6 satellite that was supposed to launch on Sat exploded during it’s scheduled static fire. No injuries are reported. They’re reporting that this was going to be the first reflown first stage. The Verge adds:SpaceX’s Falcon 9 rocket, meant to launch a satellite this weekend, exploded on the launch pad at Cape Canaveral, Florida this morning. The explosion occurred during the preparation for the static fire test of the rocket’s engines, NASA told the Associated Press. The blast reportedly shook buildings “several miles away.” The company confirmed to The Verge the loss of the Falcon 9 an hour later: “SpaceX can confirm that in preparation for today’s static fire, there was an anomaly on the pad resulting in the loss of the vehicle and its payload. Per standard procedure, the pad was clear and there were no injuries.” Read more of this story at Slashdot.

See the article here:
Falcon 9 Explodes On Pad

400,000 GitHub Repositories, 1 Billion Files, 14TB of Code: Spaces or Tabs?

Here’s a debate that refuses to die: given a choice, would you rather use spaces or tabs? An episode of Silicon Valley last season had a bit on this. Now we have more data to analyze people’s behavior. A Google developer has looked into 400, 000 GitHub repositories — 1 billion files, 14 terabytes to find that programmers with interest in specific languages do seem to prefer either tabs or spaces. Spoiler alert: space wins, like all the time. Read more of this story at Slashdot.

Continued here:
400,000 GitHub Repositories, 1 Billion Files, 14TB of Code: Spaces or Tabs?

Staff Breach At OneLogin Exposes Password Storage Feature

River Tam quotes a report from CSO Australia: Enterprise access management firm OneLogin has suffered an embarrassing breach tied to a single employee’s credentials being compromised. OneLogin on Tuesday revealed the breach affected a feature called Secure Notes that allowed its users to “store information.” That feature however is pitched to users as a secure way to digitally jot down credentials for access to corporate firewalls and keys to software product licenses. The firm is concerned Secure Notes was exposed to a hacker for at least one month, though it may have been from as early as July 2 through to August 25, according to a post by the firm. Normally these notes should have been encrypted using “multiple levels of AES-256 encryption, ” it said in a blog post. Several thousand enterprise customers, including high profile tech startups, use OneLogin for single sign-on to access enterprise cloud applications. The company has championed the SAML standard for single sign-on and promises customers an easy way to enable multi-factor authentication from devices to cloud applications. But it appears the company wasn’t using multi-factor authentication for its own systems. OneLogin’s CISO Alvaro Hoyos said a bug in its software caused Secure Notes to be “visible in our logging system prior to being encrypted and stored in our database.” The firm later found out that an employees compromised credentials were used to access this logging system. The company has since fixed the bug on the same day it detected the bug. CSO adds that the firm “also implemented SAML-based authentication for its log management system and restricted access to a limited set of IP addresses.” Read more of this story at Slashdot.

Excerpt from:
Staff Breach At OneLogin Exposes Password Storage Feature

Half Of People Click Anything Sent To Them

Want to know why phishing continues to be one of the most common security issue? Half of the people will click on anything without thinking twice ArsTechnica reports: A study by researchers at a university in Germany found that about half of the subjects in a recent experiment clicked on links from strangers in e-mails and Facebook messages — even though most of them claimed to be aware of the risks. The researchers at the Friedrich-Alexander University (FAU) of Erlangen-Nuremberg, Germany, led by FAU Computer Science Department Chair Dr Zinaida Benenson, revealed the initial results of the study at this month’s Black Hat security conference. Simulated “spear phishing” attacks were sent to 1, 700 test subjects — university students — from fake accounts. The e-mail and Facebook accounts were set up with the ten most common names in the age group of the targets. The Facebook profiles had varying levels of publicly accessible profile and timeline data — some with public photos and profile photos, and others with minimal data. The messages claimed the links were to photos taken at a New Year’s Eve party held a week before the study. Two sets of messages were sent out: in the first, the targets were addressed by their first name; in the second, they were not addressed by name, but more general information about the event allegedly photographed was given. Links sent resolved to a webpage with the message “access denied, ” but the site logged the clicks by each student. Read more of this story at Slashdot.

More here:
Half Of People Click Anything Sent To Them

Google Login Bug Allows Credential Theft

Trailrunner7 writes from a report via On the Wire: Attackers can add an arbitrary page to the end of a Google login flow that can steal users’ credentials, or alternatively, send users an arbitrary file any time a login form is submitted, due to a bug in the login process. A researcher in the UK identified the vulnerability recently and notified Google of it, but Google officials said they don’t consider it a security issue. The bug results from the fact that the Google login page will take a specific, weak GET parameter. Using this bug, an attacker could add an extra step to the end of the login flow that could steal a user’s credentials. For example, the page could mimic an incorrect password dialog and ask the user to re-enter the password. [Aidan Woods, the researcher who discovered the bug, ] said an attacker also could send an arbitrary file to the target’s browser any time the login form is submitted. In an email interview, Woods said exploiting the bug is a simple matter. “Attacker would not need to intercept traffic to exploit — they only need to get the user to click a link that they have crafted to exploit the bug in the continue parameter, ” Woods said. Google told Woods they don’t consider this a security issue. Read more of this story at Slashdot.

Continued here:
Google Login Bug Allows Credential Theft

European Commission To Issue Apple An Irish Tax Bill of $1.1 Billion, Says Report

An anonymous reader quotes a report from Reuters: The European Commission will rule against Ireland’s tax dealings with Apple on Tuesday, two source familiar with the decision told Reuters, one of whom said Dublin would be told to recoup over 1 billion euros in back taxes. The European Commission accused Ireland in 2014 of dodging international tax rules by letting Apple shelter profits worth tens of billions of dollars from tax collectors in return for maintaining jobs. Apple and Ireland rejected the accusation; both have said they will appeal any adverse ruling. The source said the Commission will recommend a figure in back taxes that it expects to be collected, but it will be up to Irish authorities to calculate exactly what is owed. A bill in excess of 1 billion euros ($1.12 billion) would be far more than the 30 million euros each the European Commission previously ordered Dutch authorities to recover from U.S. coffee chain Starbucks and Luxembourg from Fiat Chrysler for their tax deals. When it opened the Apple investigation in 2014, the Commission told the Irish government that tax rulings it agreed in 1991 and 2007 with the iPhone maker amounted to state aid and might have broken EU laws. The Commission said the rulings were “reverse engineered” to ensure that Apple had a minimal Irish bill and that minutes of meetings between Apple representatives and Irish tax officials showed the company’s tax treatment had been “motivated by employment considerations.” Read more of this story at Slashdot.

View original post here:
European Commission To Issue Apple An Irish Tax Bill of $1.1 Billion, Says Report

Roku’s next players reportedly deliver HDR, more 4K support

If you held off on last year’s Roku 4 , the company’s next batch of media players might be for you. The big upgrade this time around is the addition of HDR support in the high-end “Roku Ultra” and “Roku Premiere Plus” (which replaces the Roku 3), Zats Not Funny reports from a few leaks. And, as you can probably tell, it looks like Roku is giving up on its numbered naming scheme in exchange for something more obtuse (I’m already dreading explaining the differences to confused shoppers). While the Roku 4 was last year’s only model to include 4K support, it looks like the Premiere (replacing the Roku 2), Premiere Plus and Ultra models will all include it this year. That makes sense, now that 4K TVs are getting significantly cheaper. At the same time, it makes the argument for the company’s highest end player harder to accept. The Ultra will reportedly be the only model to include optical out and a remote control finder, but it sounds like the Premiere Plus with HDR and 4K will be best buy for most. On the low-end, the $50 Roku 1 will be replaced by the Roku Express and Express Plus. It’s unclear what will differentiate these models, but I wouldn’t be surprised to find faster processors than before and a voice-controlled remote in the Express Plus. And, as Zats mentions, these models will likely be the only ones to retain analog RCA ports for connecting to old TVs. Source: Zats Not Funny

Visit link:
Roku’s next players reportedly deliver HDR, more 4K support

New Ransomware Poses As A Windows Update

Slashdot reader MojoKid quotes an article from Hot Hardware: A security researcher for AVG has discovered a new piece of ransomware called Fantom that masquerades as a critical Windows update. Victims who fall for the ruse will see a Windows screen acting like it’s installing the update, but what’s really happening is that the user’s documents and files are being encrypted in the background… The scam starts with a pop-up labeled as a critical update from Microsoft. Once a user decides to apply the fake update, it extracts files and executes an embedded program called WindowsUpdate.exe… As with other EDA2 ransomware, Fantom generates a random AES-128 key, encrypts it using RSA, and then uploads it to the culprit. From there, Fantom targets specific file extensions and encrypts those files using AES-128 encryption… Users affected by this are instructed to email the culprit for payment instructions. While the ransomware is busy encrypting your files, it displays Microsoft’s standard warning about not turning off the computer while the “update” is in progress. Pressing Ctrl+F4 closes that window, according to the article, “but that doesn’t stop the ransomware from encrypting files in the background.” Read more of this story at Slashdot.

Floating Solar Device Boils Water Without Mirrors

An anonymous reader quotes a report from Ars Technica: Researchers from MIT and the Masdar Institute of Science and Technology, led by George Ni, describe a prototype design that boils water under ambient sunlight. Central to their floating solar device is a “selective absorber” — a material that both absorbs the solar portion of the electromagnetic spectrum well and emits little back as infrared heat energy. For this, the researchers turn to a blue-black commercial coating commonly used in solar photovoltaic panels. The rest of the puzzle involves further minimizing heat loss from that absorber, either through convection of the air above it or conduction of heat into the water below the floating prototype. The construction of the device is surprisingly simple. At the bottom, there is a thick, 10-centimeter-diameter puck of polystyrene foam. That insulates the heating action from the water and makes the whole thing float. A cotton wick occupies a hole drilled through the foam, which is splayed and pinned down by a square of thin fabric on the top side. This ensures that the collected solar heat is being focused into a minute volume of water. The selective absorber coats a disc of copper that sits on top of the fabric. Slots cut in the copper allow water vapor from the wick to pass through. And the crowning piece of this technological achievement? Bubble wrap. It insulates the top side of the absorber, with slots cut through the plastic to let the water vapor out. Tests in the lab and on the MIT roof showed that, under ambient sunlight, the absorber warmed up to 100 degrees Celsius in about five minutes and started making steam. That’s a first. The study has been published in two separate Nature articles: “Steam by thermal concentration” and “Steam generation under one sun enabled by a floating structure with thermal concentration.” Read more of this story at Slashdot.

Read this article:
Floating Solar Device Boils Water Without Mirrors

Dyson Will Spend $1.4 Billion, Enlist 3,000 Engineers To Build a Better Battery

An anonymous reader quotes a report from Digital Trends: Among the 100 new products the company founder James Dyson wants to invent by 2020, the greatest investment in people and money is to improve rechargeable lithium-ion batteries, as reported by Forbes (Warning: paywalled). And Dyson is not planning incremental improvements. His opinion is that current Li-ion batteries don’t last long enough and aren’t safe enough — the latter as evidenced by their propensity to spontaneously catch on fire, which is rare but does happen. Dyson believes the answer lies in using ceramics to create solid-state lithium-ion batteries. Dyson says he intended to spend $1.4 billion in research and development and in building a battery factory over the next five years. Last year Dyson bought Ann Arbor, Michigan-based Sakti3, which focuses on creating advanced solid-state batteries, for $90 million. The global lithium-ion battery market accounts for $40 billion in annual sales, according to research firm Lux as cited by Forbes. Dyson’s company (which is an accurate description since he has 100-percent ownership) currently employs 3, 000 engineers worldwide. He intends to hire another 3, 000 by 2020. Their average age is 26. Dyson values young engineers, saying, “The enthusiasm and lack of fear is important. Not taking notice of experts and plowing on because you believe in something is important. It’s much easier to do when you’re young.” Read more of this story at Slashdot.

View article:
Dyson Will Spend $1.4 Billion, Enlist 3,000 Engineers To Build a Better Battery

Ken May

Tag: funny