open source – Page 177

Lenovo Warns Users To Upgrade Pre-Installed Tool With Severe Security Holes

Long-time Slashdot reader itwbennett writes: Lenovo is advising users to upgrade to version 3.3.003 of Lenovo Solution Center (LSC), which includes fixes for two high-severity vulnerabilities in the tool. [The tool] allows users to check their system’s virus and firewall status, update their Lenovo software, perform backups, check battery health, get registration and warranty information and run hardware tests. The CVE-2016-5249 vulnerability allows an attacker who already has control of a limited account on a PC to execute malicious code via the privileged LocalSystem account. And the CVE-2016-5248 vulnerability allows any local user to send a command to LSC.Services.SystemService in order to kill any other process on the system, privileged or not. Read more of this story at Slashdot.

View original post here:
Lenovo Warns Users To Upgrade Pre-Installed Tool With Severe Security Holes

Axiom Plans A New Private-Sector Outpost in Space

A seed-funded company named Axiom wants to build a private-sector outpost in orbit by launching a new module for the International Space Station, according to an article on Space News. Once on the station, Axiom Space would use it for commercial purposes, ranging from research to tourism. [Former space station manager] Suffredini said that it would also be available for use by NASA when the company is not using it, helping the process of transitioning research done on the International Space Station to future private stations. Research hardware elsewhere in the station could eventually be moved to this module to allow its continued use after the station’s retirement. Slashdot reader MarkWhittington shares an article from Blasting News: In the meantime, Nanoracks, a company that is already handling some of the logistics for the ISS, is proposing a commercial airlock for the ISS. The development of commercial space stations, as well as commercial spacecraft such as the SpaceX Dragon and the Boeing Starliner, constitutes NASA’s long-term strategy of handing off low-Earth orbit to the private sector while it concentrates on deep space exploration. Read more of this story at Slashdot.

View post:
Axiom Plans A New Private-Sector Outpost in Space

IRS Gets Hacked Again, Forced To Scrap Their Entire PIN System

The IRS has abandoned a system of PIN numbers used when filing tax returns online after they detected “automated attacks taking place at an increasing frequency, ” adding that only “a small number” of taxpayers were affected. An anonymous reader quotes the highlights from Engadget: The IRS chose not to kill the tool back in February, since most commercial tax software products use it… If you’ll recall, identity thieves used malware to steal taxpayers’ info from other websites, which was then used to generate 100, 000 PINs, back in February… This time, the IRS detected “automated attacks taking place at an increasing frequency” thanks to the additional defenses it added after that initial hack… the agency determined that it would be safer to give up on a verification method that’s scheduled for the chopping block anyway. Read more of this story at Slashdot.

Link:
IRS Gets Hacked Again, Forced To Scrap Their Entire PIN System

Artificially Intelligent Russian Robot Escapes…Again

Slashdot reader Taco Cowboy brings a new report about Russian robot IR77, which has escaped from its research lab again… The story goes that an engineer working at Promobot Laboratories, in the Russian city of Perm, had left a gate open. Out trundled Promobot, traveling some 150 feet into the city before running out of juice. There it sat, batteries mostly dead, in the middle of a Perm street for 40 minutes, slowing cars to a halt and puzzling traffic cops A researcher at Promobot’s facility in Russia said that the runaway robot was designed to interact with human beings, learn from experiences, and remember places and the faces of everyone it meets. Other versions of the Promobot have been docile, but this one just can’t seem to fall in line, even after the researchers reprogrammed it twice. Despite several rewrites of Promobot’s artificial intelligence, the robot continued to move toward exits. “We have changed the AI system twice, ” Kivokurtsev said. “So now I think we might have to dismantle it”. Fans of the robot are pushing for a reprieve, according to an article titled ‘Don’t kill it!’: Runaway robot IR77 could be de-activated because of ‘love for freedom’ Read more of this story at Slashdot.

See more here:
Artificially Intelligent Russian Robot Escapes…Again

NASCAR Team Pays Ransomware Fee To Recover Files Worth $2 Million

An anonymous reader writes: “NASCAR team Circle Sport-Leavine Family Racing (CSLFR) revealed today it faced a ransomware infection this past April when it almost lost access to crucial files worth nearly $2 million, containing car parts lists and custom high-profile simulations that would have taken 1, 500 man-hours to replicate, ” reports Softpedia. “The infection took place on the computer belonging to CSLFR’s crew chief. Winston’s staff detected the infection when encrypted files from Winston’s computer began syncing to their joint Dropbox account.” It was later discovered that he was infected with the TeslaCrypt ransomware. Because the team had no backups of the crucial data, they eventually paid the ransom (around $500). This happened before TeslaCrypt’s authors decided to shut down their operations and release free decryption keys. Read more of this story at Slashdot.

See the original article here:
NASCAR Team Pays Ransomware Fee To Recover Files Worth $2 Million

Federal Court: The Fourth Amendment Does Not Protect Your Home Computer

An anonymous reader writes: The EFF reports that a federal court in Virginia today ruled that a criminal defendant has no “reasonable expectation of privacy” in his personal computer (PDF), located inside his home. The court says the federal government does not need a warrant to hack into an individual’s computer. EFF reports: “The implications for the decision, if upheld, are staggering: law enforcement would be free to remotely search and seize information from your computer, without a warrant, without probable cause, or without any suspicion at all. To say the least, the decision is bad news for privacy. But it’s also incorrect as a matter of law, and we expect there is little chance it would hold up on appeal. (It also was not the central component of the judge’s decision, which also diminishes the likelihood that it will become reliable precedent.) But the decision underscores a broader trend in these cases: courts across the country, faced with unfamiliar technology and unsympathetic defendants, are issuing decisions that threaten everyone’s rights. Read more of this story at Slashdot.

View article:
Federal Court: The Fourth Amendment Does Not Protect Your Home Computer

Advertiser That Tracked Around 100M Phone Users Without Consent Pays $950,000

Mobile advertising firm InMobi will be paying a fine of $950, 000 and revamp its services to resolve federal regulators’ claims that it deceptively tracked locations of hundreds of millions of people, including children. Ars Technica reports:The US Federal Trade Commission alleged in a complaint filed Wednesday that Singapore-based InMobi undermined phone users’ ability to make informed decisions about the collection of their location information. While InMobi claimed that its software collected geographical whereabouts only when end users provided opt-in consent, the software in fact used nearby Wi-Fi signals to infer locations when permission wasn’t given, FTC officials alleged. InMobi then archived the location information and used it to push targeted advertisements to individual phone users. Specifically, the FTC alleged, InMobi collected nearby basic service set identification addresses, which act as unique serial numbers for wireless access points. The company, which thousands of Android and iOS app makers use to deliver ads to end users, then fed each BSSID into a “geocorder” database to infer the phone user’s latitude and longitude, even when an end user hadn’t provided permission for location to be tracked through the phone’s dedicated location feature. Read more of this story at Slashdot.

View the original here:
Advertiser That Tracked Around 100M Phone Users Without Consent Pays $950,000

Tesla Model S Floats Well Enough To Act As a Boat, According To Elon Musk

It appears a Tesla Model S car can float and effectively drive on water. Tesla CEO Elon Musk tweeted a video of a Model S car which was able to float well through a flooded tunnel in Kazakhstan. Musk also noted that the company “definitely” doesn’t recommend trying this — but still vouched for the availability of this feature. The Guardian reports: The car appears to power through the water using the thrust of the wheels turning in the water, as the bow wave laps over the car’s bonnet. Most internal combustion engine cars are sunk in water when the exhaust becomes flooded, which is why serious off-roaders have big exhaust scoops leading to the roof. Electric cars don’t suffer from that particular issue, but how the rest of the car will react is unknown. Read more of this story at Slashdot.

More here:
Tesla Model S Floats Well Enough To Act As a Boat, According To Elon Musk

New ‘Hardened’ Tor Browser Protects Users From FBI Hacking

An anonymous reader quotes an article from Motherboard: According to a new paper, security researchers are now working closely with the Tor Project to create a “hardened” version of the Tor Browser, implementing new anti-hacking techniques which could dramatically improve the anonymity of users and further frustrate the efforts of law enforcement… “Our solution significantly improves security over standard address space layout randomization (ASLR) techniques currently used by Firefox and other mainstream browsers, ” the researchers write in their paper, whose findings will be presented in July at the Privacy Enhancing Technologies Symposium in Darmstadt, Germany. The researchers say Tor is currently field-testing their solution for an upcoming “hardened” release, making it harder for agencies like the FBI to crack the browser’s security, according to Motherboard. “[W]hile that defensive advantage may not last for too long, it shows that some in the academic research community are still intent on patching the holes that their peers are helping government hackers exploit.” Read more of this story at Slashdot.

Follow this link:
New ‘Hardened’ Tor Browser Protects Users From FBI Hacking

Businesses Lose $3.1 Billion to Email Scams, FBI Warns

Business have lost over $3 billion because of compromised e-mail accounts, the FBI reports, citing “a sophisticated scam targeting businesses working with foreign suppliers and/or businesses that regularly perform wire transfer payments.” 22, 143 business have been affected — 14, 302 within the U.S. — with a total dollar loss of $3, 086, 250, 090, representing an increase of 1, 300% since January of 2015. Using social engineering or “computer intrusion techniques, ” the attackers target employees responsible for wire transfers (or issuing checks) using five scenarios, which include bogus invoices or executive requests for a wire transfer of funds, with some attackers even impersonating a corporate law firm. “Victims report that IP addresses frequently trace back to free domain registrars, ” warns the FBI’s Internet Crime Complaint Center, which also urges businesses to avoid free web-based e-mail accounts. Read more of this story at Slashdot.

More:
Businesses Lose $3.1 Billion to Email Scams, FBI Warns

Ken May

Tag: open source