open source – Page 164

France Becomes First Federal Postal Service To Use Drones To Deliver Mail

An anonymous reader quotes a report from Motherboard: The French postal service is beginning an experimental drone delivery program to deliver parcels on a nine mile route once a week. After the program gets approval from the French aviation regulatory authority, the federal postal service will be the first to ever use drone delivery on a regular route. The drones used in the French postal service experiment have the capacity to fly up to 12 miles carrying about two pounds maximum, going around 19 miles per hour. They are also equipped with parachutes for safe emergency landing in case something disrupts the flight. The eventual goal is to reach rural or mountainous regions that are otherwise difficult and expensive to get to using cars. The drone mail delivery program has been a project of the DPDgroup, Europe’s second largest international parcel delivery network, operating as a subsidiary under the French national postal service. The DPDgroup had been working on this program with Atechsys, a French drone company, since 2014 in the south of France. “The first commercial line represents a new step in the program, ” DPDgroup said in a press release. With the testing phase now over, the experimentation phase is all set to begin. Currently, those participating in the experiment to receive parcels are non-residential, including over ten tech companies. The done routes stretch over the southeastern region of Provence, going between Saint-Maximin-La-Sainte-Beaume and Pourrieres. Read more of this story at Slashdot.

See the original article here:
France Becomes First Federal Postal Service To Use Drones To Deliver Mail

Russian Hackers Stole $5 Million Per Day From Advertisers With Bots and Fake Websites

Russian hackers have used fake websites and bots to steal millions of dollars from advertisers. According to researchers, the fraud has siphoned more than $180 million from the online ad industry. CNNMoney reports: Dubbed “Methbot, ” it is a new twist in an increasingly complex world of online crime, according to White Ops, the cybersecurity firm that discovered the operation. Methbot, so nicknamed because the fake browser refers to itself as the “methbrowser, ” operates as a sham intermediary advertising ring: Companies would pay millions to run expensive video ads. Then they would deliver those ads to what appeared to be major websites. In reality, criminals had created more than 250, 000 counterfeit web pages no real person was visiting. White Ops first spotted the criminal operation in October, and it is making up to $5 million per day — by generating up to 300 million fake “video impressions” daily. According to White Ops, criminals acquired massive blocks of IP addresses — 500, 000 of them — from two of the world’s five major internet registries. Then they configured them so that they appeared to be located all over the United States. They built custom software so that computers (at those legitimate data centers) acted like real people viewing those ads. These “people” even appeared to have Facebook accounts (they didn’t), so that premium ads were served. Hackers fooled ad fraud blockers because they figured out how to build software that mimicked a real person who only surfed during the daytime — using the Google Chrome web browser on a Macbook laptop. Read more of this story at Slashdot.

Linux Mint 18.1 ‘Serena’ Is Here For Christmas

Long time reader BrianFagioli writes: if you love Linux Mint and use it regularly, I have very good news — version 18.1 ‘Serena’ is finally here. There are two desktop environments from which to choose — Cinnamon and Mate. Regardless of which version you choose, please know that it is based on Ubuntu 16.04, which offers long-term support (LTS). In other words, Linux Mint 18.1 will be supported until 2021. Linux Mint 18.1 comes with the updated Cinnamon 3.2 which looks to be wonderful. The Mint team touts a new screensaver/ login screen in the desktop environment, and yeah, it looks good. Read more of this story at Slashdot.

5-Year-Old Critical Linux Vulnerability Patched

msm1267 quotes Kaspersky Lab’s ThreatPost: A critical, local code-execution vulnerability in the Linux kernel was patched more than a week ago, continuing a run of serious security issues in the operating system, most of which have been hiding in the code for years. Details on the vulnerability were published Tuesday by researcher Philip Pettersson, who said the vulnerable code was introd in August 2011. A patch was pushed to the mainline Linux kernel December 2, four days after it was privately disclosed. Pettersson has developed a proof-of-concept exploit specifically for Ubuntu distributions, but told Threatpost his attack could be ported to other distros with some changes. The vulnerability is a race condition that was discovered in the af_packet implementation in the Linux kernel, and Pettersson said that a local attacker could exploit the bug to gain kernel code execution from unprivileged processes. He said the bug cannot be exploited remotely. “Basically it’s a bait-and-switch, ” the researcher told Threatpost. “The bug allows you to trick the kernel into thinking it is working with one kind of object, while you actually switched it to another kind of object before it could react.” Read more of this story at Slashdot.

View original post here:
5-Year-Old Critical Linux Vulnerability Patched

‘Star In a Jar’ Fusion Reactor Works, Promises Infinite Energy

An anonymous reader quotes a report from Space.com: For several decades now, scientists from around the world have been pursuing a ridiculously ambitious goal: They hope to develop a nuclear fusion reactor that would generate energy in the same manner as the sun and other stars, but down here on Earth. Incorporated into terrestrial power plants, this “star in a jar” technology would essentially provide Earth with limitless clean energy, forever. And according to new reports out of Europe this week, we just took another big step toward making it happen. In a study published in the latest edition of the journal Nature Communications, researchers confirmed that Germany’s Wendelstein 7-X (W7-X) fusion energy device is on track and working as planned. The space-age system, known as a stellerator, generated its first batch of hydrogen plasma when it was first fired up earlier this year. The new tests basically give scientists the green light to proceed to the next stage of the process. It works like this: Unlike a traditional fission reactor, which splits atoms of heavy elements to generate energy, a fusion reactor works by fusing the nuclei of lighter atoms into heavier atoms. The process releases massive amounts of energy and produces no radioactive waste. The “fuel” used in a fusion reactor is simple hydrogen, which can be extracted from water. The W7-X device confines the plasma within magnetic fields generated by superconducting coils cooled down to near absolute zero. The plasma — at temperatures upwards of 80 million degrees Celsius — never comes into contact with the walls of the containment chamber. Neat trick, that. David Gates, principal research physicist for the advanced projects division of PPPL, leads the agency’s collaborative efforts in regard to the W7-X project. In an email exchange from his offices at Princeton, Gates said the latest tests verify that the W7-X magnetic “cage” is working as planned. “This lays the groundwork for the exciting high-performance plasma operations expected in the near future, ” Gates said. Read more of this story at Slashdot.

Researchers Point Out ‘Theoretical’ Security Flaws In AMD’s Upcoming Zen CPU

An anonymous reader writes from a report via BleepingComputer: The security protocol that governs how virtual machines share data on a host system powered by AMD Zen processors has been found to be insecure, at least in theory, according to two German researchers. The technology, called Secure Encrypted Virtualization (SEV), is designed to encrypt parts of the memory shared by different virtual machines on cloud servers. AMD, who plans to ship SEV with its upcoming line of Zen processors, has published the technical documentation for the SEV technology this past April. The German researchers have analyzed the design of SEV, using this public documentation, and said they managed to identify three attack channels, which work, at least in theory. [In a technical paper released over the past weekend, the researchers described their attacks:] “We show how a malicious hypervisor can force the guest to perform arbitrary read and write operations on protected memory. We describe how to completely disable any SEV memory protection configured by the tenant. We implement a replay attack that uses captured login data to gain access to the target system by solely exploiting resource management features of a hypervisor.” AMD is scheduled to ship SEV with the Zen processor line in the first quarter of 2017. Read more of this story at Slashdot.

The Libreboot C201 from Minifree is really really really ridiculously open source

Open source laptops – ones not running any commercial software whatsoever – have been the holy grail for free software fans for years. Now, with the introduction of libreboot, a truly open source boot firmware, the dream is close to fruition. The $730 laptop is a bog standard piece of hardware but it contains only open source software. The OS, Debian, is completely open source and… Read More

View the original here:
The Libreboot C201 from Minifree is really really really ridiculously open source

New Stegano Exploit Kit Hides Malvertising Code In Banner Pixels

An anonymous reader quotes a report from BleepingComputer: For the past two months, a new exploit kit has been serving malicious code hidden in the pixels of banner ads via a malvertising campaign that has been active on several high profile websites. Discovered by security researchers from ESET, this new exploit kit is named Stegano, from the word steganography, which is a technique of hiding content inside other files. In this particular scenario, malvertising campaign operators hid malicious code inside PNG images used for banner ads. The crooks took a PNG image and altered the transparency value of several pixels. They then packed the modified image as an ad, for which they bought ad displays on several high-profile websites. Since a large number of advertising networks allow advertisers to deliver JavaScript code with their ads, the crooks also included JS code that would parse the image, extract the pixel transparency values, and using a mathematical formula, convert those values into a character. Since images have millions of pixels, crooks had all the space they needed to pack malicious code inside a PNG photo. When extracted, this malicious code would redirect the user to an intermediary ULR, called gate, where the host server would filter users. This server would only accept connections from Internet Explorer users. The reason is that the gate would exploit the CVE-2016-0162 vulnerability that allowed the crooks to determine if the connection came from a real user or a reverse analysis system employed by security researchers. Additionally, this IE exploit also allowed the gate server to detect the presence of antivirus software. In this case, the server would drop the connection just to avoid exposing its infrastructure and trigger a warning that would alert both the user and the security firm. If the gate server deemed the target valuable, then it would redirect the user to the final stage, which was the exploit kit itself, hosted on another URL. The Stegano exploit kit would use three Adobe Flash vulnerabilities (CVE-2015-8651, CVE-2016-1019 or CVE-2016-4117) to attack the user’s PC, and forcibly download and launch into execution various strains of malware. Read more of this story at Slashdot.

Read the original post:
New Stegano Exploit Kit Hides Malvertising Code In Banner Pixels

Virginia Police Spent $500K For An Ineffective Cellphone Surveillance System

Cell-site simulators can intercept phone calls and even provide locations (using GPS data). But Virginia’s state police force just revealed details about their actual use of the device — and it’s not pretty. Long-time Slashdot reader v3rgEz writes: In 2014, the Virginia State Police spent $585, 265 on a specially modified Suburban outfitted with the latest and greatest in cell phone surveillance: the DRT 1183C, affectionately known as the DRTbox. But according to logs uncovered by public records website MuckRock, the pricey ride was only used 12 times — and only worked seven of those times. According to Virginia’s ACLU director, “each of the 12 uses cost almost $50, 000, and only 4 of them resulted in an arrest [raising] a significant question whether the more than half million dollars spent on the device and the vehicle…was a wise investment of public funds.” Read more of this story at Slashdot.

Read the original post:
Virginia Police Spent $500K For An Ineffective Cellphone Surveillance System

Chrome 55 Now Blocks Flash, Uses HTML5 By Default

An anonymous reader quotes Bleeping Computer: Chrome 55, released earlier this week, now blocks all Adobe Flash content by default, according to a plan set in motion by Google engineers earlier this year… While some of the initial implementation details of the “HTML5 By Default” plan changed since then, Flash has been phased out in favor of HTML5 as the primary technology for playing multimedia content in Chrome. Google’s plan is to turn off Flash and use HTML5 for all sites. Where HTML5 isn’t supported, Chrome will prompt users and ask them if they want to run Flash to view multimedia content. The user’s option would be remembered for subsequent visits, but there’s also an option in the browser’s settings section, under Settings > Content Settings > Flash > Manage Exceptions, where users can add the websites they want to allow Flash to run by default. Exceptions will also be made automatically for your more frequently-visited sites — which, for many users, will include YouTube. And Chrome will continue to ship with Flash — as well as an option to re-enable Flash on all sites. Read more of this story at Slashdot.

Read this article:
Chrome 55 Now Blocks Flash, Uses HTML5 By Default

Ken May

Tag: open source