Tag: yorker-vanity

New security protection, fixes for 39 exploitable bugs coming to Java

A dialog box presented by Java when it encounters an application that isn’t signed by a digital certificate. Java.com Oracle plans to release an update for the widely exploited Java browser plugin. The update fixes 39 critical vulnerabilities and introduces changes designed to make it harder to carry out drive-by attacks on end-user computers. The update scheduled for Tuesday comes as the security of Java is reaching near-crisis levels. Throughout the past year, a series of attacks hosted on popular websites has been used to surreptitiously install malware on unwitting users’ machines. The security flaws have been used to infect employees of Facebook and Apple in targeted attacks intended to penetrate those companies. The vulnerabilities have also been exploited to hijack computers of home and business users. More than once, attackers have exploited one previously undocumented bug within days or weeks of patching a previous “zero-day,” as such vulnerabilities are known, creating a string of attacks on the latest version of the widely used plugin. In all, Java 7 Update 21 will fix at least 42 security bugs, Oracle said in a pre-release announcement . The post went on to say that “39 of those vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password.” The advisory didn’t specify or describe the holes that will be patched. Security Exploration, a Poland-based security company that has discovered dozens of “security issues” in Java, has a running list of them here . Read 5 remaining paragraphs | Comments

Follow this link:
New security protection, fixes for 39 exploitable bugs coming to Java

New F-1B rocket engine upgrades Apollo-era design with 1.8M lbs of thrust

NASA has spent a lot of time and money resurrecting the F-1 rocket engine that powered the Saturn V back in the 1960s and 1970s, and Ars recently spent a week at the Marshall Space Flight Center in Huntsville, Alabama, to get the inside scoop on how the effort came to be . But there’s a very practical reason why NASA is putting old rocket parts up on a test stand and firing them off: its latest launch vehicle might be powered by engines that look, sound, and work a whole lot like the legendary F-1. This new launch vehicle, known as the Space Launch System , or SLS, is currently taking shape on NASA drawing boards. However, as is its mandate, NASA won’t be building the rocket itself—it will allow private industry to bid for the rights to build various components. One potential design wrinkle in SLS is that instead of using Space Shuttle-style solid rocket boosters, SLS could instead use liquid-fueled rocket motors, which would make it the United States’ first human-rated rocket in more than 30 years not to use solid-fuel boosters. The contest to suss this out is the Advanced Booster Competition , and one of the companies that has been down-selected as a final competitor is Huntsville-based Dynetics . Dynetics has partnered with Pratt Whitney Rocketdyne (designers of the Saturn V’s F-1 engine, among others) to propose a liquid-fueled booster featuring an engine based heavily on the design of the famous F-1. The booster is tentatively named Pyrios , after one of the fiery horses that pulled the god Apollo’s chariot; the engine is being called the F-1B. Read 34 remaining paragraphs | Comments

More:
New F-1B rocket engine upgrades Apollo-era design with 1.8M lbs of thrust

BlackBerry wants SEC to investigate “false reports” of Z10 returns

Yesterday, brokerage firm Detwiler Fenton claimed that more people were returning BlackBerry Z10s than had bought them at retail in the first place. Today, BlackBerry responded , saying not only that the Detwiler report was incorrect, but that it was going to ask the Securities and Exchange Commission in the US and the Ontario Securities Commission in Canada to review the report. Of the reports, BlackBerry CEO Thorsten Heins said, “Return rate statistics show that we are at or below our forecasts and right in line with the industry. To suggest otherwise is either a gross misreading of the data or a willful manipulation. Such a conclusion is absolutely without basis and BlackBerry will not leave it unchallenged.” The smartphone company also noted that Detwiler refused to make its report or methodology available. How more phones could be returned than were sold isn’t clear. Detwiler Fenton is the same firm that predicted that Microsoft would sell 2-3 million Surface Pro units in the fourth quarter of 2012, despite the fact that Microsoft explicitly said the device wouldn’t ship until three months after the Surface RT’s October launch. Read 2 remaining paragraphs | Comments

More here:
BlackBerry wants SEC to investigate “false reports” of Z10 returns

A beginner’s guide to building botnets—with little assembly required

Original photo by Michael Kappel / Remixed by Aurich Lawson Have a plan to steal millions from banks and their customers but can’t write a line of code? Want to get rich quick off advertising click fraud but “quick” doesn’t include time to learn how to do it? No problem. Everything you need to start a life of cybercrime is just a few clicks (and many more dollars) away. Building successful malware is an expensive business. It involves putting together teams of developers, coordinating an army of fraudsters to convert ill-gotten gains to hard currency without pointing a digital arrow right back to you. So the biggest names in financial botnets—Zeus, Carberp, Citadel, and SpyEye, to name a few—have all at one point or another decided to shift gears from fraud rings to crimeware vendors, selling their wares to whoever can afford them. In the process, these big botnet platforms have created a whole ecosystem of software and services in an underground market catering to criminals without the skills to build it themselves. As a result, the tools and techniques used by last years’ big professional bank fraud operations, such as the ” Operation High Roller ” botnet that netted over $70 million last summer, are available off-the-shelf on the Internet. They even come with full technical support to help you get up and running. Read 63 remaining paragraphs | Comments

Read this article:
A beginner’s guide to building botnets—with little assembly required

Waiting for a 1TB SSD below $1 per GB? Crucial says wait no more

Crucial announced in a press release this morning that it has begun selling its latest round of consumer-grade solid-state disks (SSDs), the M500 . The 2.5-inch SATA III SSDs are the follow-up to Crucial’s M4 SSDs, which are a pretty popular choice for people adding SSDs to existing systems (I think I have four or five M4s scattered in computers around my house). The drives use 20nm MLC NAND sourced from Micron (and if you’re not sure what MLC NAND is, we’ve got a great SSD primer right here ), along with a Micron-provided SSD controller. Performance for the M500 drives is what you’d expect from a drive in this class: sequential read and write speeds of 500MB per second and 400MB per second. But the big news about the announcement is the capacities. The M500 is available in standard pedestrian capacities of 120GB and 240GB, as well as a large capacity of 480GB, but the top-end SKU is the exciting one: 960GB for just $599.99 (62¢ per raw GB). The MSRPs for the smaller capacities are $129.99 for the 120GB (about $1 per raw GB), $219.99 for the 240GB (about 91¢ per raw GB), and $399.99 for the 480GB (about 83¢ per raw GB). Read 4 remaining paragraphs | Comments

Continue reading here:
Waiting for a 1TB SSD below $1 per GB? Crucial says wait no more

Apple says VPN changes coming in iOS thanks to VirnetX verdict

Apple has been forced to change how iOS devices use VPN following a $368.2 million patent verdict in favor of patent and research firm VirnetX. The company wrote about the changes in a support document posted to its website on Thursday (hat tip to AppleInsider ), saying the behavior of VPN On Demand would be different from expected starting with iOS 6.1, and the changes would come in an update that will be released this April. “Due to a lawsuit by VirnetX, Apple will be changing the behavior of VPN On Demand for iOS devices using iOS 6.1 and later,” Apple wrote. “This change will be distributed in an update later this month.” The changes are relatively minor—devices with VPN On Demand configured to “always” will instead behave as if they’re set up to “establish [a connection] if needed.” Apple says the device in question will then only establish a new VPN On Demand connection if it’s not able to resolve the DNS of the host it wants to reach (these settings can currently be found within Settings > General > VPN). Read 3 remaining paragraphs | Comments

Continued here:
Apple says VPN changes coming in iOS thanks to VirnetX verdict

Apple puts age ratings front and center on app product pages

The old App Store app page layout, left, and new layout, right. Apple has pushed the age ratings for its App Store apps to the top of the product pages in an effort to make buyers, especially parents, more aware of the type of content they’re getting. The age ratings are now directly below the app-maker’s name, and they sit above the user ratings. Apple has faced some disgraces lately with apps that have gained the spotlight only to blindside unexpecting users with adult content. The short-video sharing app Vine was featured as an App Store Editors’ Choice shortly before porn surfaced within the app’s Editors’ Picks ; the image-sharing app 500px was also yanked for its pornographic pictures. Both apps now have a 17+ rating slapped on them. While Apple’s new prominent app ratings won’t solve the unpredictable-user-generated-content problem, they will get parents and guardians to pay more attention to what kinds of apps they are downloading. This change also follows Apple’s addition of an “Offers In-App Purchases” label to app product pages to help account-owning parents anticipate which apps will allow their kids to wantonly bill items within an app—before they get the credit card bill. Read on Ars Technica | Comments

See the article here:
Apple puts age ratings front and center on app product pages

Report: Troubled Doom 4 being retargeted for next-generation systems

Nearly five years after it was officially announced and nine years after the release of Doom 3 , we’ve heard precious little about the development of Id Software’s Doom 4 . It seems that silence has masked a troubled development cycle that has been restarted at least once and is currently not all that close to being finished. Kotaku talked to a number of unnamed sources “with connections to the Id Software-developed game” and lays out a tale of mismanaged resources and distractions. Chief among these distractions was Rage , the 2011 release that developer Id thought would put it back on top of the first-person shooter heap. When that game was  savaged by harsh reviews and low sales, Id reportedly halted plans for DLC and a sequel and refocused the entire company on Doom 4 , which had largely languished during the work on Rage . “I kinda think maybe the studio heads were so distracted on shipping Rage that they were blind to the happenings of Doom , and the black hole of mediocrity [the team] was swirling around,” one source told Kotaku. Read 2 remaining paragraphs | Comments

See the original post:
Report: Troubled Doom 4 being retargeted for next-generation systems

Bitcoin value triples in a month to all-time high of more than $100

At the end of February, bitcoins hit an all-time trading high of just over $33 . That suddenly looks like chump change, with the value of bitcoins today moving past $100. You can see nearly real-time changes in the value of bitcoins at Coinlab  and track the currency’s steady rise over the past month at Blockchain . We’ve seen the value go up and down today, fluctuating between $99 and $105. The new high is remarkable given that bitcoins were only worth about $13.50 at the beginning of this year. The total value of the nearly 11 million bitcoins in circulation (its ” market cap “) has also soared past $1 billion, after being at less than $50 million one year ago: Read 1 remaining paragraphs | Comments

View post:
Bitcoin value triples in a month to all-time high of more than $100

A flood of prank iMessage texts shows the app can be crashed easily

Human can’t be blamed for thinking this show of affection comes off as a little clingy. Adam Bell/The Next Web On Friday, The Next Web reported that a group of iOS developers were experiencing rapid-fire texts over iMessage, causing bothersome and repetitious messages and notifications. While the prank wasn’t serious on the level of, say, a full-scale DDoS of a bank website , and concern over spam via iMessage is not new either, the unwanted messages were fresh proof of some problems with the iMessage app, specifically in the lack of good spam-detection in iMessage, and in the lack of a way for users to block a message sender. One of the recipients of the spam, an iOS jailbreak tool and app developer who goes by the moniker iH8sn0w , informed The Next Web of the prank when it happened. iH8sn0w told Ars over Twitter that he simply disabled the handle that was getting flooded. “It’s just a bunch of kids bored playing with AppleScript,” he said. Another app and extension developer for iOS devices, Grant Paul, reported on Twitter that he was getting spammed on iMessage with very large messages, causing his iMessage app to crash. “The iMessage spammer has now completely locked me out of my iOS Messages app, by sending long strings of Unicode chars. Definitely a DoS,” Paul wrote on his Twitter account . Ars reached out to Paul but has not yet heard back from him. Read 3 remaining paragraphs | Comments

Visit site:
A flood of prank iMessage texts shows the app can be crashed easily