Bruce66423 points out an analysis at The Guardian of North Korea’s Red Star Linux-based OS, based on a presentation Sunday to the Chaos Communication Congress in Berlin : The features of their Fedora based OS include a watermarking system to enable tracking of files — even if unopened. The operating system is not just the pale copy of western ones that many have assumed, said Florian Grunow and Niklaus Schiess of the German IT security company ERNW, who downloaded the software from a website outside North Korea and explored the code in detail. … This latest version, written around 2013, is based on a version of Linux called Fedora and has eschewed the previous version’s Windows XP feel for Apple’s OS X – perhaps a nod to the country’s leader Kim Jong-un who, like his father, has been photographed near Macs. The OS, unsurprisingly, allowed only tightly fettered access to web sites, using a whitelist approach that gives access to government-controlled or approved sites. Read more of this story at Slashdot.
Tag: funny
Google Joins Mozilla, Microsoft In Pushing For Early SHA-1 Crypto Cutoff
itwbennett writes: Due to recent research showing that SHA-1 is weaker than previously believed, Mozilla, Microsoft and now Google are all considering bringing the deadline forward by six months to July 1, 2016. Websites like Facebook and those protected by CloudFlare have implemented a SHA-1 fallback mechanism. Both companies have argued that there are millions of people in developing countries that still use browsers and operating systems that do not support SHA-2, the replacement function for SHA-1, and will therefore be cut off from encrypted websites that move to SHA-2 certificates. Read more of this story at Slashdot.
Read More:
Google Joins Mozilla, Microsoft In Pushing For Early SHA-1 Crypto Cutoff
Vivendi Takes Over Radionomy, Winamp Relaunch Now Possible
SmartAboutThings writes: Winamp could once again be brought back to life after Vivendi Group took over the majority stake in Radionomy, the previous owner of the app who purchased it from AOL in early 2014. AOL originally planned to discontinue both Winamp and Shoutcast, but instead the company decided to sell the software to Belgian online radio service, Radionomy. The new owners initially promised that they’ll keep Winamp alive, but no updates have been released since the takeover, which made most people think that Winamp era has ended for good. Vivendi Group, which owns or is involved in famous companies such as Dailymotion, Ubisoft, and Deezer, could help relaunch Winamp, although the press release announcing the acquisition offers no suggestion in this regard. The company, however, does mention Winamp and Shoutcast as two of the most important assets that will join its portfolio following the takeover. Read more of this story at Slashdot.
Visit link:
Vivendi Takes Over Radionomy, Winamp Relaunch Now Possible
Juniper’s Backdoor Password Disclosed, Likely Added In Late 2013
itwbennett writes: In a blog post on Rapid7’s community portal Sunday, HD Moore posted some notes on the Juniper ScreenOS incident, notably that his team discovered the backdoor password that enables the Telnet and SSH bypass. Quoting: “Although most folks are more familiar with x86 than ARM, the ARM binaries are significantly easier to compare due to minimal changes in the compiler output. … Once the binary is loaded, it helps to identify and tag common functions. Searching for the text “strcmp” finds a static string that is referenced in the sub_ED7D94 function. Looking at the strings output, we can see some interesting string references, including auth_admin_ssh_special and auth_admin_internal. … The argument to the strcmp call is
Continue Reading:
Juniper’s Backdoor Password Disclosed, Likely Added In Late 2013
Facebook Replaces Flash With HTML5 For Videos
An anonymous reader writes: Facebook announced that it officially replaced Flash with HTML5 for its video player. They made the change because of security reasons, but developers also found it easier to work with — it led to quicker turnarounds for site-wide changes, and had better integration with code testing platforms. Facebook reports that user engagement has gone up since the switch was made. Read more of this story at Slashdot.
Femto Fairy Lights – Touchable Holograms
mikejuk writes with this story about a Japanese team working on creating touchable holograms. I Programmer reports: “One method of creating a volumetric, i.e. true 3D, display, is to use a high power laser and focus it on a small spot in space. The air in that spot will be heated to the point where it ionizes and glows with a bright blue light. Scan the laser really fast and you can make a full 3D arrangement of glowing points of light — not exactly a hologram but as good as. Of course, the big problem is that you have a lot of energy being focused on small areas and human interaction could be a problem. You might well get burned by the laser if you attempted to touch or interact with the display. The solution is to use a really fast laser, a femtosecond laser, that heats a small spot to a high temperature but only for a very short time. This is much safer because the total energy involved is smaller. This is the reason you can touch sparks without getting burned.” Read more of this story at Slashdot.
‘Unauthorized Code’ In Juniper Firewalls Could Decrypt VPN Traffic
m2pc writes: Ars Technica reports that Juniper Networks firewalls have been discovered to include “unauthorized code” inserted into their ScreenOS software. Juniper has has published an advisory addressing the matter, with instructions to patch the affected devices. From the Ars article: “NetScreen firewalls using ScreenOS 6.2.0r15 through 6.2.0r18 and 6.3.0r12 through 6.3.0r20 are affected and require immediate patching. Release notes published by Juniper suggest the earliest vulnerable versions date back to at least 2012 and possibly earlier. … The first flaw allows unauthorized remote administrative access to an affected device over SSH or telnet. Exploits can lead to complete compromise. ‘The second issue may allow a knowledgeable attacker who can monitor VPN traffic to decrypt that traffic, ‘ the advisory said.” The rogue code was discovered during a recent internal source code review conducted by Juniper. Read more of this story at Slashdot.
View original post here:
‘Unauthorized Code’ In Juniper Firewalls Could Decrypt VPN Traffic
iPhone Hacker Geohot Builds Self-Driving Car AI
An anonymous reader writes: George Hotz, known for unlocking early iPhones and the PlayStation 3, has developed an autonomous driving system in his garage. “Hotz’s approach isn’t simply a low-cost knockoff of existing autonomous vehicle technology. He says he’s come up with discoveries—most of which he refuses to disclose in detail—that improve how the AI software interprets data coming in from the cameras.” The article has a video with Hotz demonstrating some basic autonomous driving similar to what Tesla rolled out earlier this year. He’s clearly brimming with confidence about what the system can accomplish with more training. Read more of this story at Slashdot.
See more here:
iPhone Hacker Geohot Builds Self-Driving Car AI
Go To Jail For Visiting a Web Site? Top Law Prof Talks Up the Idea
David Rothman writes: Eric Posner, the fourth most-cited law professor in the U.S., says the government may need to jail you if you even visit an ISIS site after enough warnings. He says, “Never before in our history have enemies outside the United States been able to propagate genuinely dangerous ideas on American territory in such an effective way—and by this I mean ideas that lead directly to terrorist attacks that kill people. The novelty of this threat calls for new thinking about limits on freedom of speech. The law would provide graduated penalties. After the first violation, a person would receive a warning letter from the government; subsequent violations would result in fines or prison sentences. The idea would be to get out the word that looking at ISIS-related websites, like looking at websites that display child pornography, is strictly forbidden” There would be exemptions for Washington-blessed journalists and others. Whew! Alas, this man isn’t Donald Trump — he is a widely respected University of Chicago faculty member writing in Slate. Read more of this story at Slashdot.
Visit link:
Go To Jail For Visiting a Web Site? Top Law Prof Talks Up the Idea
Universal Remote Desktop Coming To Windows 10 Soon
jones_supa writes: For those using the Continuum feature of Windows and who work from home or in the office, you’ll be pleased to know that the Remote Desktop Universal app is not only happening but will be released soon as a Technical Preview. This follows up on the Remote Desktop preview, which is already available for PC. The news came from Jason of the Microsoft Continuum team: “We’ve heard a lot of buzz around being able to connect to a remote desktop from Continuum for phone. We are excited to share that the Remote Desktop Universal Windows Platform (UWP) app will be released very soon in Technical Preview.” Read more of this story at Slashdot.
View original post here:
Universal Remote Desktop Coming To Windows 10 Soon