Tag: reprints

Next Windows Server offer new even smaller “Nano Server” footprint

Microsoft is adding even more features to Windows Server to diversify and strengthen its support for virtualization and containerization on its platform. The next Windows Server will include an even more stripped down, lightweight install mode called Nano Server. Windows Server already has a shrunk install option, Server Core, that omits various features to reduce the memory and disk footprint, and to shrink its exposure to security flaws. Nano Server strips back the operating system further still, dropping things like the GUI stack, 32-bit Win32 support, local logins, and remote desktop support. Nano Server is designed for two kinds of workload; cloud apps built on runtimes such as .NET, Java, Node.js, or Python, and cloud infrastructure, such as hosting Hyper-V virtual machines. Compared to the full Server install, Microsoft claims that Nano Server shrinks the disk footprint by 93 percent, the number of critical security bulletins by 92 percent, and the number of reboots by 80 percent. Read 4 remaining paragraphs | Comments

View post:
Next Windows Server offer new even smaller “Nano Server” footprint

FBI would rather prosecutors drop cases than disclose stingray details

Not only is the FBI actively attempting to stop the public from knowing about stingrays, it has also forced local law enforcement agencies to stay quiet even in court and during public hearings, too. An FBI agreement, published for the first time in unredacted form on Tuesday , clearly demonstrates the full extent of the agency’s attempt to quash public disclosure of information about stingrays. The most egregious example of this is language showing that the FBI would rather have a criminal case be dropped to protect secrecy surrounding the stingray. Relatively little is known about how, exactly, stingrays, known more generically as cell-site simulators, are used by law enforcement agencies nationwide, although new documents have recently been released showing how they have been purchased and used in some limited instances. Worse still, cops have lied to courts about their use. Not only can stingrays be used to determine location by spoofing a cell tower, they can also be used to intercept calls and text messages. Typically, police deploy them without first obtaining a search warrant. Read 23 remaining paragraphs | Comments

View original post here:
FBI would rather prosecutors drop cases than disclose stingray details

Dell support software gets flagged by antivirus program

Diagnostic software preinstalled on many Dell computers is now being flagged as a potentially unwanted program by antivirus program Malwarebytes following the discovery of a vulnerability that allows attackers to remotely execute malicious code on older versions. The application known as Dell System Detect failed to validate code before downloading and running it, according to a report published last month by researcher Tom Forbes. Because the program starts itself automatically, a malicious hacker could use it to infect vulnerable machines by luring users to a booby-trapped website. According to researchers with AV provider F-Secure , the malicious website need only have contained the string “dell” somewhere in its domain name to exploit the weakness. www.notreallydell.com was just one example of a site that would have worked. Dell released an update in response to Forbes’s report, but even then, users remained vulnerable. That’s because the updated program still accepted downloads from malicious sites that had a subdomain with “dell” in it, for instance, a.dell.fakesite.ownedbythebadguys.com. Read 2 remaining paragraphs | Comments

Read More:
Dell support software gets flagged by antivirus program

Large Hadron Collider restarts after 2 years of maintenance

After being shut down for two years, the Large Hadron Collider (LHC) is back online, CERN announced Sunday. “Today at 10:41am [local time], a proton beam was back in the 27-kilometer ring, followed at 12:27pm by a second beam rotating in the opposite direction,” the European Organization for Nuclear Research reported in a statement . “These beams circulated at their injection energy of 450 GeV. Over the coming days, operators will check all systems before increasing energy of the beams.” Read 8 remaining paragraphs | Comments

See original article:
Large Hadron Collider restarts after 2 years of maintenance

How a $3.85 latte paid for with a fake $100 bill led to counterfeit kingpin’s downfall

Four men were indicted Wednesday on federal charges as part of an international online conspiracy to make and distribute “high-quality” counterfeits of over $1.4 million sold via Tor-enabled Dark Web sites. The new criminal charges expand on a previous case filed back in December 2014 against Ryan Andrew Gustafson , a man who went by the online monikers “Jack Farrel” and “Willy Clock”—he is also named as one of the four defendants. According to court records, Gustafson was previously positively identified via facial recognition against his Texas driver’s license. Prosecutors say the 27-year-old is an American living in Kampala, Uganda, and that he is currently on trial in the East African nation on counterfeiting charges. The United States does not have an extradition treaty nor a Mutual Legal Assistance Treaty (MLAT) with Uganda, so his return home is not a sure thing. Read 23 remaining paragraphs | Comments

More:
How a $3.85 latte paid for with a fake $100 bill led to counterfeit kingpin’s downfall

Change.org springs a leak, exposes private e-mail addresses

Online petitions service Change.org has a website bug that’s disclosing as many as 40,000 e-mail addresses that presumably belong to current or former subscribers. The disclosure bug was active at the time this post was being prepared and is exploitable using the search box provided on the site or via Google or Bing. The number of results returned ranged from 40,000 to 65,000, although not every result included an e-mail address. Still, a large number of them returned pages like the one above, which Ars has redacted out of fairness to the affected e-mail user. The leak appears to be the result of Change.org Web links that contain valid GET request tokens used to validate users after they have successfully entered their password. A bug appears to be adding the tokens automatically, even when the viewer hasn’t been authenticated. The following screenshot shows a portion of the token in the address bar: Read 2 remaining paragraphs | Comments

See the original article here:
Change.org springs a leak, exposes private e-mail addresses

TrueCrypt security audit is good news, so why all the glum faces?

The ongoing audit of the TrueCrypt whole-disk encryption tool used by millions of privacy and security enthusiasts has reached an important milestone—a detailed review of its cryptographic underpinnings that found no backdoors or fatal flaws. The 21-page Open Cryptographic review published Thursday uncovered four vulnerabilities, the most serious of which involved the use of a Windows programming interface to generate random numbers used by cryptographic keys. While that’s a flaw that cryptographers say should be fixed, there’s no immediate indication that the bug undermines the core security promise of TrueCrypt. To exploit it and the other bugs, attackers would most likely have to compromise the computer running the crypto program. None of the vulnerabilities appear to allow the leaking of plaintext or secret key material or allow attackers to use malformed inputs to subvert TrueCrypt. The report was produced by researchers from information security consultancy NCC Group . “The TL;DR is that based on this audit, TrueCrypt appears to be a relatively well-designed piece of crypto software,” Matt Green, a Johns Hopkins University professor specializing in cryptography and an audit organizer, wrote in a blog post accompanying Thursday’s report . “The NCC audit found no evidence of deliberate backdoors, or any severe design flaws that will make the software insecure in most instances.” Read 7 remaining paragraphs | Comments

Visit site:
TrueCrypt security audit is good news, so why all the glum faces?

OnLive shuts down streaming games service, sells patents to Sony

The first company to try to make a business out of streaming gameplay over the Internet will soon be shutting down its service. OnLive announced today that its servers will go offline on April 30, and that the company is selling its portfolio of patents to Sony Computer Entertainment America. The announcement comes almost exactly six years after OnLive first announced its plans in the nascent streaming gaming space. The idea was to take in user input over the Internet, put it through a game running on high-end hardware at a centralized server location, then send back video and audio to end user hardware that could be significantly cheaper and less powerful. The service and a $100 microconsole launched in late 2010 , but suffered from noticeable latency and image quality issues in our initial tests. With its pay-per-game service and a limited subscription-based streaming model failing to connect with many consumers, OnLive faced massive layoffs and a drastic business restructuring in 2012. The company soldiered on to launch a new hybrid streaming/downloadable game plan last year, though. Players who took part in that hybrid plan will still be able to play their purchased games through Steam, but streaming games purchased through Cloudlift or the older Playpass subscriptions will no longer be usable after the end of the month. OnLive will continue to exist as a corporate entity to manage remaining unsold assets such as trademarks, copyrights, and product designs. Read 4 remaining paragraphs | Comments

Visit link:
OnLive shuts down streaming games service, sells patents to Sony

Google Chrome will banish Chinese certificate authority for breach of trust

Google’s Chrome browser will stop trusting all digital certificates issued by the China Internet Network Information Center following a major trust breach last week that led to the issuance of unauthorized credentials for Gmail and several other Google domains . The move could have major consequences for huge numbers of Internet users as Chrome, the world’s most widely used browser, stops recognizing all website certificates issued by CNNIC. To give affected website operators time to obtain new credentials from a different certificate authority, Google will wait an unspecified period of time before implementing the change. Once that grace period ends, Google engineers will blacklist both CNNIC’s root and extended-validation certificates in Chrome and all other Google software. The unauthorized certificates were issued by Egypt-based MCS Holdings , an intermediate certificate authority that operated under the authority of CNNIC. MCS used the certificates in a man-in-the-middle proxy, a device that intercepts secure connections by masquerading as the intended destination. Such devices are sometimes used by companies to monitor employees’ encrypted traffic for legal or human resources reasons. Read 2 remaining paragraphs | Comments

Visit link:
Google Chrome will banish Chinese certificate authority for breach of trust

“Unquestionable greed,” the startup CEO who stole $765k from his friends

SAN FRANCISCO—Dressed in matching yellow scrubs from the nearby Alameda County Jail, Jon Mills looked resigned to his fate. After taking a plea deal on two felony counts of wire fraud, the young former startup CEO appeared in federal court Tuesday afternoon for sentencing. Mills had moved to California five years ago with a dream to hit it big in Silicon Valley. The company he founded, Motionloft , uses small sensors to perform analytics on in-store foot traffic. Everything worked. The company continues to succeed, and celebrity venture capitalist Mark Cuban remains its sole investor. But that success wasn’t enough. In early 2013, Mills told at least five people that if they gave him relatively small amounts of money, they would own stakes in the company. He claimed that a Cisco acquisition worth hundreds of millions of dollars was supposedly imminent, so Mills and all Motionloft shareholders others would stand to make a tidy profit. In reality, Mills knew the deal didn’t exist. Read 52 remaining paragraphs | Comments

See the original post:
“Unquestionable greed,” the startup CEO who stole $765k from his friends