Tag: open source

Millions of Android Devices Vulnerable To New Stagefright Exploit

An anonymous reader writes: Security researchers have found yet another flaw in Android’s Stagefright. The researchers were able to remotely hack an Android phone by exploiting the bugs. According to their estimation, the flaw exposes devices running Android software version between 5.0-5.1, or 36% of 1.4 billion, to security attacks. “I would be surprised if multiple professional hacking groups do not have working Stagefright exploits by now. Many devices out there are still vulnerable, so Zimperium has not published the second exploit in order to protect the ecosystem, ” Zuk Avraham, chairman of Zimperium, the firm which found the first Stagefright exploit told Wired. Read more of this story at Slashdot.

View post:
Millions of Android Devices Vulnerable To New Stagefright Exploit

Facebook’s Messenger Bot Store Could Be Most Important Launch Since App Store

An anonymous reader writes from an opinionated article on TechCrunch by Tom Hadfield: If Facebook announces the “Messenger Bot Store” at F8, as many predict, it would be arguably the most consequential event for the tech industry since Apple announced the App Store and iPhone SDK in March 2008. Today, Facebook Messenger has 800 million monthly active users — more than 100 times the number of iPhone owners when Apple launched the App Store. In January, TechCrunch first reported rumors of Facebook’s secret Chat SDK for building Messenger bots. If and when Facebook announces a Bot Store, it will mark the “end of the beginning” of a new era: messaging as a platform. Over the summer, The Information broke the news that AI-powered Facebook M would enable Messenger users to make purchases, restaurant reservations, and travel bookings within the messaging interface. A Messenger Bot Store would have far-reaching consequences not only for entrepreneurs and investors, but also developers and designers. Sam Lessin, the CEO of Fin, says the rise of chat-based user interfaces will mark “a fundamental shift that is going to change the types of applications that get developed and the style of service development.” For a time, bots were perceived to be plain-text exchanges and as such were often described as “invisible apps.” As Jonathan Libov at USV points out, “just because the container is a messenger doesn’t mean that all the apps inside are text-based.” Tomaz Stolfa says there is “unexplored potential in blending conversational interfaces with rich graphical UI elements.” If 800 million Facebook users start discovering bots in Messenger after F8, it will vindicate those who have been saying bots are the new apps. Read more of this story at Slashdot.

More:
Facebook’s Messenger Bot Store Could Be Most Important Launch Since App Store

5 Major Hospital Hacks: Horror Stories From the Cybersecurity Frontlines

the_newsbeagle writes: We don’t often get insider accounts of hacks against major institutions like hospitals because they immediately go into damage control mode. But at a SXSW talk, a couple of experts told tales out of school. The experts, [John Halamka, CIO of the Boston hospital Beth Israel Deaconness, and Kevin Fu, a University of Michigan engineering professor, recounted incidents in which hackers downloaded patient X-rays to China, took down entire networks, fooled Harvard doctors, and more. Read more of this story at Slashdot.

Read More:
5 Major Hospital Hacks: Horror Stories From the Cybersecurity Frontlines

Security Firms Say Chinese Hackers Behind U.S. Ransomware Attacks

An anonymous reader writes: According to four leading security firms, some of the recent ransomware attacks against U.S. companies have been performed by hacking groups working at the behest of China’s government. From the report, “Security firms Attack Research, InGuardians and G-C Partners, said they had separately investigated three other similar ransomware attacks since December. Although they cannot be positive, the companies concluded that all were the work of a known advanced threat group from China.” Read more of this story at Slashdot.

Read More:
Security Firms Say Chinese Hackers Behind U.S. Ransomware Attacks

Autonomous Cars? How About Autonomous Bikes?

R3d M3rcury writes: So we’ve all heard about the brave new world of autonomous cars which will be at our beck-and-call. But how about an autonomous bike? The i-Bike (not to be confused with the iBike computer) is the winner of KPIT Sparkle 2016, the All India Science and Engineering Student Contest. It started off as a bicycle suitable for use by people with disabilities. If you could use a smartphone, you could ride a bike. But the developers realized that this could be part of a bike-sharing system. You could rent a bike at the train station, ride to work, and then have the bike automatically return to the train station for the next person. Of course, the obvious question is: Will the bike stop at stop signs? Read more of this story at Slashdot.

More:
Autonomous Cars? How About Autonomous Bikes?

Linux Kernel 4.5 Officially Released

prisoninmate writes: Yes, you’re reading it right, after being in development for the past two months, Linux kernel 4.5 is finally here in its final production version. It is internally dubbed “Blurry Fish Butt” and received a total of seven RC builds since January 25, 2016. Prominent features of Linux kernel 4.5 include the implementation of initial support for the AMD PowerPlay power management technology, bringing high performance to the AMDGPU open-source driver for Radeon GPUs, scalability improvements in the free space handling of the Btrfs file system, and better epoll multithreaded scalability. The sources are now available for download from kernel.org. Update: 03/14 13:24 GMT by T : Reader diegocg lists some other notable features (A new copy_file_range() system call that allows to make copies of files without transferring data through userspace; support GCC’s Undefined Behavior Sanitizer (-fsanitize=undefined); Forwarded Error Correction support in the device-mapper’s verity target; support for the MADV_FREE flag in madvise(); the new cgroup unified hierarchy is considered stable; scalability improvements for SO_REUSEPORT UDP sockets; scalability improvements for epoll, and better memory accounting of sockets in the memory controller), and links to an explanation of the changes at Kernel Newbies. Read more of this story at Slashdot.

Read the original:
Linux Kernel 4.5 Officially Released

Dropbox Moves Users’ Data Off Amazon S3 to Its Own Infrastructure

Reader Richard_at_work writes: Dropbox today announced that it has been working on a “top secret” project called Magic Pocket for the past two and a half years to get data of more than 500 million users from Amazon S3 to its own custom-built infrastructure. The company says that it has migrated over 90% of its users’ data so far. Dropbox’s relationship with AWS isn’t completely over, however, as they will continue to use AWS for specific regional data stores where there is a requirement. Read more of this story at Slashdot.

Visit link:
Dropbox Moves Users’ Data Off Amazon S3 to Its Own Infrastructure

Hertz Had Sheriffs On Hand the Day It Cut IT

dcblogs writes: About 300 Hertz IT employees, most located in Oklahoma City, are being impacted [by] a decision to expand its outsourcing to IBM. About 75 will be hired by IBM and those workers [are expected] to receive offers this week while others are facing layoffs. The news was a shock for IT employees. There was “anger, resentment, ” especially by employees who “sacrificed that work/life balance to keep things going here, ” said one employee. Hertz took precautions. On the day that IT employees learned that their work was shifting to IBM, employees noticed Oklahoma sheriff patrol vehicles in the building’s parking lot. They believed plainclothes officers were inside the building. “We consider the safety and security of our people whenever there are circumstances or events that could increase the risk of a disturbance or some form of workplace violence, ” said Bill Masterson, a Hertz spokesman. “Knowing that this was a difficult announcement, we had additional security on hand, ” said Masterson. “Going forward, Hertz IT resources will be focused on development of future products and services for customers, ” he said. The majority of services will be cloud-based. According to the Computerworld article, along with severance pay, benefits also include three months of outplacement assistance. IT employees can receive up to $4, 000 toward retraining or skill certification, said Masterson. IBM India Private Limited, a IBM subsidiary, has filed paper for H-1B visa workers for Hertz Technology offices. Read more of this story at Slashdot.

More here:
Hertz Had Sheriffs On Hand the Day It Cut IT

600,000 TFTP Servers Can Be Abused For Reflection DDoS Attacks

An anonymous reader writes: Researchers have discovered that improperly configured TFTP servers can be easily abused to carry out reflection DDoS attacks that can sometimes have an amplification factor of 60, one of the highest such values. There are currently around 600, 000 TFTP servers exposed online, presenting a huge attack surface for DDoS malware developers. Other protocols recently discovered as susceptible to reflection DDoS attacks include DNSSEC, NetBIOS, and some of the BitTorrent protocols. Read more of this story at Slashdot.

Read the article:
600,000 TFTP Servers Can Be Abused For Reflection DDoS Attacks

Skype Co-Founder Launches End-To-End Encrypted ‘Wire’ App

An anonymous reader writes: A group of former Skype technologists, backed by the co-founder of the messaging platform, has introduced a new version of its own messaging service that promises end-to-end encryption for all conversations, including by video. Wire, a 50-person start-up mostly made up of engineers, is stepping into a global political debate over encryption that pits privacy against security advocates, epitomized by the standoff between the U.S. government and Apple. Wire, which is headquartered in Switzerland and Germany, two of the most privacy-friendly countries in the world, relays communications through its network of cloud computers where user communications are stored, in encrypted form, on their own devices. It delivers privacy protections that are always on, even when callers use multiple devices, such as a phone or desktop PC simultaneously. For voice and video calls, Wire uses the same DTLS and SRTP encryption standards found in the peer-to-peer WebRTC protocol. Rivals such as Facebook’s Messenger and WhatsApp or Telegram offer encryption on only parts of a message’s journey or for a specific set of services, the company said. “Everything is end-to-end encrypted: That means voice and video calls, texts, pictures, graphics — all the content you can send, ” Wire Executive Chairman Janus Friis told Reuters. Read more of this story at Slashdot.

Read this article:
Skype Co-Founder Launches End-To-End Encrypted ‘Wire’ App