open source – Page 182

Slack To Disable Thousands of Logins Leaked on GitHub

An anonymous reader writes: Thursday one technology site reported that thousands of developers building bots for the team-collaboration tool Slack were exposing their login credentials in public GitHub repositories and tickets. “The irony is that a lot of these bots are mostly fun ‘weekend projects’, reported Detectify. “We saw examples of fit bots, reminding you to stretch throughout the day, quote bots, quoting both Jurassic Park…and Don Quixote….” Slack responded that they’re now actively searching for publicly-posted login credentials, “and when we find any, we revoke the tokens and notify both the users who created them, as well as the owners of affected teams.” Detectify notes the lapse in security had occurred at a wide variety of sites, including “Forbes 500 companies, payment providers, multiple internet service providers and health care providers… University classes at some of the world’s best-known schools. Newspapers sharing their bots as part of stories. The list goes on and on…” Read more of this story at Slashdot.

Visit link:
Slack To Disable Thousands of Logins Leaked on GitHub

Cisco Finds Backdoor Installed On 12 Million PCs

Reader wiredmikey writes: Security researchers at Cisco have come across a piece of software that installed backdoors on 12 million computers around the world. Researchers determined that the application, installed with administrator rights, was capable not only of downloading and installing other tools, such as a known scareware called System Healer, but also of harvesting personal information. The software, which exhibits adware and spyware capabilities, was developed by a French online advertising company called Tuto4PC. The “features” have led Cisco Talos to classify the Tuto4PC software as a “full backdoor capable of a multitude of undesirable functions on the victim machine.” Tuto4PC said its network consisted of nearly 12 million PCs in 2014, which could explain why Cisco’s systems detected the backdoor on 12 million devices. An analysis of a sample set revealed infections in the United States, Australia, Japan, Spain, the UK, France and New Zealand.Tuto4PC has received flak from many over the years, including French regulators. Read more of this story at Slashdot.

House Passes Email Privacy Act, Requiring Warrants For Obtaining Emails

An anonymous reader quotes a report from TechCrunch: The U.S. House of Representatives has passed H.R. 699, the Email Privacy Act, sending it on to the Senate and from there, hopefully anyhow, to the President. The yeas were swift and unanimous. The bill, which was introduced in the House early last year and quickly found bipartisan support, updates the 1986 Electronic Communications Privacy Act, closing a loophole that allowed emails and other communications to be obtained without a warrant. It’s actually a good law, even if it is arriving a couple of decades late. “Under current law, there are more protections for a letter in a filing cabinet than an email on a server, ” said Congresswoman Suzan Delbene during the debate period. An earlier version of the bill also required that authorities disclose that warrant to the person it affected within 10 days, or 3 if the warrant related to a government entity. That clause was taken out in committee — something trade groups and some of the Representatives objected to as an unpleasant compromise. Read more of this story at Slashdot.

Continue Reading:
House Passes Email Privacy Act, Requiring Warrants For Obtaining Emails

Over 1M BeautifulPeople Dating Site User Details Leak Online

An anonymous reader writes: Personal information of over one million users stored by popular dating site BeautifulPeople has leaked, and is now accessible online. We already knew that BeautifulPixel.com was hacked (it happened in November 2015), but this is the first confirmation from a security researcher that the details are legitimate. (BeautifulPeople had downplayed it at the time, saying that it was a staging server, and not a production server, that was hacked.) Security researcher Troy Hunt, citing a source, noted that the data has been sold online. The leaked personal information include email addresses, phone numbers, as well as hair color, weight, job and other details.Troy also noted that of the 1.1 million users details, 170 of them have government email addresses. Some of you may remember BeautifulPixel as the creator the “Shrek” virus. Read more of this story at Slashdot.

This Battery-Free Computer Sucks Power Out Of Thin Air

An anonymous reader shares an article on Fast Co Design (edited and condensed for clarity): Researchers at University of Washington’s Sensor Lab have created the WISP, or Wireless Identification and Sensing Platform: a combination sensor and computing chip that doesn’t need a battery or a wired power source to operate. Instead, it sucks in radio waves emitted from a standard, off-the-shelf RFID reader — the same technology that retail shops use to deter shoplifters — and converts them into electricity. The WISP isn’t designed to compete with the chips in your smartphone or your laptop. It has about the same clock speed as the processor in a Fitbit and similar functionality, including embedded accelerometers and temperature sensors. It has about the same bandwidth as Bluetooth Low Energy mode, the wireless power-sipping technology which drives most Bluetooth speakers and wireless headphones. Read more of this story at Slashdot.

MongoDB Config Error Exposed 93M Mexican Voter Records

An anonymous reader cites an article on CSOOnline: A 132 GB database, containing the personal information on 93.4 million Mexican voters has finally been taken offline. The database sat exposed to the public for at least eight days after its discovery by researcher Chris Vickery, but originally went public in September 2015. Vickery, who works as a security researcher at Kromtech, discovered the MongoDB instance on April 14, but had difficulty tracking down the person or company responsible for placing the voter data on Amazon’s AWS. He first reached out to the U.S. State Department, as well as the Mexican Embassy, but had little success. The database contains all of the information that Mexican citizens need for their government-issued photo IDs that enable them to vote. Along with their municipality, and district information, the database records include the voter’s name, address, voter ID number, date of birth, the names of their parents, occupation, and more. Given that the database has been online since September 2015, it isn’t clear how many people have accessed the records. Additionally, the actual owner of the account hosting the data remains unknown. Read more of this story at Slashdot.

More here:
MongoDB Config Error Exposed 93M Mexican Voter Records

Scientist Shrinks Arduino To Size Of An AA Battery

An anonymous reader writes: Johan Kanflo has managed to make the already small Tiny328 Arduino clone into an even smaller computing platform about the size of a single AA battery. Not only will it fit in a typical AA battery holder, but it will actually draw power from the batteries beside it as it’s wired in “backwards” (with the + and – poles reversed). The Arduino platform consists of open-source hardware, open-source software, and microcontroller-based kits, making it easy to (re)program the processors, and develop software for hardware applications using a java-clone and an easy-to-learn IDE. For those interested in the AAduino, Johan has made his creation available online on Github with instructions and schematics to build your own. Read more of this story at Slashdot.

View article:
Scientist Shrinks Arduino To Size Of An AA Battery

Hacker’s Account of How He Took Down Hacking Team’s Servers

An anonymous reader writes: FinFisher, the hacker that broke into Italian firm Hacking Team, has published a step-by-step account of how he carried out the attacks, what tools he used, and what he learned from scouting HackingTeam’s network. Published on PasteBin, the attack’s timeline reveals he entered their network through a zero-day exploit in an (unnamed) embedded device, accessed a MongoDB database that had no password, discovered backups in the database, found a BES admin password in the backups, and eventually got admin access to the Windows Domain Server. From here, it was easy to reach into their email server and steal all the company’s emails, and later access Git repos and steal the source code of their surveillance software. Read more of this story at Slashdot.

Taken from:
Hacker’s Account of How He Took Down Hacking Team’s Servers

The Ars guide to building a Linux router from scratch

The Homebrew Special—looking a bit blurry, because I wanted to take a low-light shot to try to capture the disco glow. 2 more images in gallery After finally reaching the tipping point with off-the-shelf solutions that can’t match increasing speeds available, we recently took the plunge. Building a homebrew router turned out to be a better proposition than we could’ve ever imagined. With nearly any speed metric we analyzed, our little DIY kit outpaced routers whether they were of the $90- or $250-variety. Naturally, many readers asked the obvious follow-up—”How exactly can we put that together?” Today it’s time to finally pull back the curtain and offer that walkthrough. By taking a closer look at the actual build itself (hardware and software), the testing processes we used, and why we used them, hopefully any Ars readers of average technical abilities will be able to put together their own DIY speed machine. And the good news? Everything is as open source as it gets—the equipment, the processes, and the setup. If you want the DIY router we used, you can absolutely have it. This will be the guide to lead you, step-by-step. What is a router, anyway? At its most basic, a router is just a device that accepts packets on one interface and forwards them on to another interface that gets those packets closer to their eventual destination. That’s not what most of us are really thinking when we think of “a router” in the sense of something we’ll plug into our home or office to get to the Internet, though. What do we need to have before any homebrew device looks like a router? Read 66 remaining paragraphs | Comments

View post:
The Ars guide to building a Linux router from scratch

Mitel Buys Polycom For $1.96B In Enterprise Communications Consolidation Play

An anonymous reader quotes a report from TechCrunch: Mitel announced that it would acquire Polycom in a cash-and-stock deal with a total value of $1.96 billion, creating a company with combined sales of $2.5 billion and 7, 700 employees. Polycom’s acquisition by Mitel comes at a key time in the world of enterprise communications and collaboration. On one hand, it is a time of massive change and evolution. For years a lot of the services that companies used were based on legacy networking, but in the last decade there has been a big shift to IP-based networks for many of these services. However, at the same time the whole space has been massively disrupted by startups that are upsetting by tapping into the next phase of digital services — the internet. Companies like Microsoft by way of services like Skype and Yammer, and smaller startups like Slack, are overturning the whole idea of how people who are not in the same office floor can communicate and collaborate for work. These solutions are way cheaper than a lot of the legacy offerings; they tap into the cloud-based services that are now ubiquitous to share and work on files; and they are also built in very user-friendly ways, based around tech that ordinary consumers are using. Both companies compete against the likes of Cisco and Avaya. Mitel is perhaps best known for its IP telephony solutions, including PBX systems, while Polycom is a leader in conferencing services. They also cover SIP technology, and customers span 82% of Fortune 500 companies. Read more of this story at Slashdot.

Continued here:
Mitel Buys Polycom For $1.96B In Enterprise Communications Consolidation Play

Ken May

Tag: open source