Tag: open source

Texting While Driving Now Legal In Colorado — In Some Cases

Fines for texting and driving in Colorado have jumped to $300, but according to the fine print, the increased fine only applies to drivers who are texting in “a careless or imprudent manner.” Therefore, drivers who are texting in any other manner are still within the law. FOX31 Denver reports: Before the new legislation, any texting while driving was illegal. Tim Lane of the Colorado District Attorney’s Office confirmed the softening crackdown on all texting and driving. “The simple fact is that if you are texting while driving but not being careless, it’s no longer illegal, ” he said. What constitutes “careless” driving is up to the discretion of each individual law enforcement officer. Cellphone use of any kind is still banned for drivers younger than 18. Teens caught with a phone in hand while driving will be slapped with a $50 fine. Read more of this story at Slashdot.

Read More:
Texting While Driving Now Legal In Colorado — In Some Cases

32TB of Windows 10 Internal Builds, Core Source Code Leak Online

According to an exclusive report via The Register, “a massive trove of Microsoft’s internal Windows operating system builds and chunks of its core source code have leaked online.” From the report: The data — some 32TB of installation images and software blueprints that compress down to 8TB — were uploaded to betaarchive.com, the latest load of files provided just earlier this week. It is believed the data has been exfiltrated from Microsoft’s in-house systems since around March. The leaked code is Microsoft’s Shared Source Kit: according to people who have seen its contents, it includes the source to the base Windows 10 hardware drivers plus Redmond’s PnP code, its USB and Wi-Fi stacks, its storage drivers, and ARM-specific OneCore kernel code. Anyone who has this information can scour it for security vulnerabilities, which could be exploited to hack Windows systems worldwide. The code runs at the heart of the operating system, at some of its most trusted levels. In addition to this, hundreds of top-secret builds of Windows 10 and Windows Server 2016, none of which have been released to the public, have been leaked along with copies of officially released versions. Read more of this story at Slashdot.

View the original here:
32TB of Windows 10 Internal Builds, Core Source Code Leak Online

Cisco Subdomain Private Key Found in Embedded Executable

Earlier this month, a developer accidentally discovered the private key of a Cisco subdomain. An anonymous reader shares the post: Last weekend, in an attempt to get Sky’s NOW TV video player (for Mac) to work on my machine, I noticed that one of the Cisco executables contains a private key that is associated with the public key in a trusted certificate for a cisco.com sub domain. This certificate is used in a local WebSocket server, presumably to allow secure Sky/NOW TV origins to communicate with the video player on the users’ local machines. I read the Baseline Requirements document (version 1.4.5, section 4.9.1.1), but I wasn’t entirely sure whether this is considered a key compromise. I asked Hanno Bock on Twitter, and he advised me to post the matter to this mailing list. The executable containing the private key is named ‘CiscoVideoGuardMonitor’, and is shipped as part of the NOW TV video player. In case you are interested, the installer can be found here (SHA-256: 56feeef4c3d141562900f9f0339b120d4db07ae2777cc73a31e3b830022241e6). I would recommend to run this installer in a virtual machine, because it drops files all over the place, and installs a few launch items (agents/daemons). The executable ‘CiscoVideoGuardMonitor’ can be found at ‘$HOME/Library/Cisco/VideoGuardPlayer/VideoGuardMonitor/ VideoGuardMonitor.bundle/Contents/MacOS/CiscoVideoGuardMonitor’. Certificate details: Serial number: 66170CE2EC8B7D88B4E2EB732E738FE3A67CF672, DNS names: drmlocal.cisco.com, Issued by: HydrantID SSL ICA G2. The issuer HydrantID has since communicated with the certificate holder Cisco, and the certificate has been revoked. Read more of this story at Slashdot.

Link:
Cisco Subdomain Private Key Found in Embedded Executable

NASA Finds Evidence Of 10 New Earth-sized Planets

NASA said Monday it has found new evidence of 219 planets outside our Solar System. Ten of those exoplanets appear to be similar to the size of the Earth and orbit their stars in the habitable zone. From a report: The new planets’ existence must still be double-checked. But Kepler’s latest haul — which includes a planet that is only slightly larger than Earth and receives the same amount of energy from its sun as Earth — is the latest triumph for Kepler, which has spotted roughly 80 percent of the planets orbiting stars other than our sun. Because of their potential for hosting life, the 10 Earth-size planets are the most glamorous of the newly announced planets from Kepler. But those 10 were joined by an additional 209 more garden-variety planets that are unlikely to be hospitable to life because they are too gassy, too hot, too cold or otherwise unlike the only known planet to host life: Earth. Read more of this story at Slashdot.

Link:
NASA Finds Evidence Of 10 New Earth-sized Planets

You Can Hack Some Mazda Cars With a USB Flash Drive

An anonymous reader writes: “Mazda cars with next-gen Mazda MZD Connect infotainment systems can be hacked just by plugging in a USB flash drive into their dashboard, thanks to a series of bugs that have been known for at least three years, ” reports Bleeping Computer. “The issues have been discovered and explored by the users of the Mazda3Revolution forum back in May 2014. Since then, the Mazda car owner community has been using these ‘hacks’ to customize their cars’ infotainment system to tweak settings and install new apps. One of the most well-designed tools is MZD-AIO-TI (MZD All In One Tweaks Installer).” Recently, a security researcher working for Bugcrowd has put together a GitHub repository that automates the exploitation of these bugs. The researcher says an attacker can copy the code of his GitHub repo on a USB flash drive, add malicious scripts and carry out attacks on Mazda cars. Mazda said the issues can’t be exploited to break out of the infotainment system to other car components, but researchers disagreed with the company on Twitter. In the meantime, the car maker has finally plugged the bugs via a firmware update released two weeks ago. Read more of this story at Slashdot.

See the original article here:
You Can Hack Some Mazda Cars With a USB Flash Drive

Samsung Left Millions Vulnerable To Hackers Because It Forgot To Renew a Domain

An anonymous reader writes: Samsung cellphones used to have a stock app called S Suggest. The company apparently discontinued the app recently, and then forgot to renew a domain that was used to control it. This snafu left millions of smartphone users vulnerable to hackers who could’ve registered the domain and installed malicious apps on the phones. Read more of this story at Slashdot.

Originally posted here:
Samsung Left Millions Vulnerable To Hackers Because It Forgot To Renew a Domain

Cook Says Apple Is Focusing on Making an Autonomous Car System

An anonymous reader shares a Bloomberg report: After years toiling away in secret on its car project, Apple Chief Executive Officer Tim Cook has for the first time laid out exactly what the company is up to in the automotive market: It’s concentrating on self-driving technology. “We’re focusing on autonomous systems, ” Cook said in an interview on Bloomberg Television. “It’s a core technology that we view as very important. We sort of see it as the mother of all AI projects, ” Cook said in his most detailed comments to date on Apple’s plans in the car space. “It’s probably one of the most difficult A.I. projects actually to work on.” “There is a major disruption looming there, ” Cook said on Bloomberg Television, citing self-driving technology, electric vehicles and ride-hailing. “You’ve got kind of three vectors of change happening generally in the same time frame.” Cook was also bullish about the prospects for electric vehicles, a market which last week helped Tesla become the world’s fourth-biggest carmaker by market capitalization, even as it ranks well outside the top 10 by unit sales.”It’s a marvelous experience not to stop at the filling station or the gas station, ” Cook said. Read more of this story at Slashdot.

Visit site:
Cook Says Apple Is Focusing on Making an Autonomous Car System

Developer Accidentally Deletes Production Database On Their First Day On The Job

An anonymous reader quotes Quartz: “How screwed am I?” asked a recent user on Reddit, before sharing a mortifying story. On the first day as a junior software developer at a first salaried job out of college, his or her copy-and-paste error inadvertently erased all data from the company’s production database. Posting under the heartbreaking handle cscareerthrowaway567, the user wrote, “The CTO told me to leave and never come back. He also informed me that apparently legal would need to get involved due to severity of the data loss. I basically offered and pleaded to let me help in someway to redeem my self and i was told that I ‘completely fucked everything up.'” The company’s backups weren’t working, according to the post, so the company is in big trouble now. Though Qz adds that “the court of public opinion is on the new guy’s side. In a poll on the tech site the Register, less than 1% of 5, 400 respondents thought the new developer should be fired. Forty-five percent thought the CTO should go.” Read more of this story at Slashdot.

More here:
Developer Accidentally Deletes Production Database On Their First Day On The Job

Verizon Expected To Cut Up To 1,000 Yahoo, AOL Jobs After Acquisition

Verizon’s acquisition and merger of AOL and Yahoo will result in many job cuts. According to Recode, up to 1, 000 AOL and Yahoo jobs are expected to take place across the two companies as the merger is completed. From the report: This action is not unexpected, given that both companies have a lot of redundancies, including in human resources, finance, marketing and general administration. The merger between the two companies — after Verizon bought both in succession to add tech and content to its mobile services — is expected to be completed in the next week. The shareholder meeting to approve the deal takes place tomorrow. Plans to combine both companies have been in the works for a while, as the pair attempt to make a cohesive unit out of two entities that have multiple assets and also multiple problems. It will be headed by AOL CEO Tim Armstrong, who will become the CEO of Oath, the new name for the Verizon subsidiary. Read more of this story at Slashdot.

See the article here:
Verizon Expected To Cut Up To 1,000 Yahoo, AOL Jobs After Acquisition

Russian Malware Communicates Using Britney Spears’s Instagram Account

JustAnotherOldGuy writes: A key weakness in malicious software is the “Command and Control” (C&C) system — a central server that the malware-infected systems contact to receive updates and instructions, and to send stolen data. Anti-malware researchers like to reverse engineer malicious code, discover the C&C server’s address, and then shut it down. Turla is an “advanced persistent threat” hacking group based in Russia with a long history of attacking states in ways that advance Russian state interests. A new analysis by Eset shows that Turla is solving its C&C problems by using Britney Spears’ Instagram account as a cut-out for its C&C servers. Turla moves the C&C server around, then hides the current address of the server in encrypted comments left on Britney Spears’s image posts. The compromised systems check in with Spears’ Instagram whenever they need to know where the C&C server is currently residing. Read more of this story at Slashdot.

Continue reading here:
Russian Malware Communicates Using Britney Spears’s Instagram Account