RSS 생중계

OpenSSL development policy changes

lwn.net - 2시간 17분 지남
The OpenSSL project has announced a number of changes to how the project is developed. These include shutting down the openssl-dev mailing list in favor of discussing all patches on GitHub and the addition of a new, read-only (for the world) openssl-project list. "We are changing our release schedule so that unless there are extenuating circumstances, security releases will go out on a Tuesday, with the pre-notification being the previous Tuesday. We don’t see a need to have people ready to sacrifice their weekend every time a new CVE comes out."
카테고리:

How To Tame the Tech Titans

Slashdot - 3시간 22분 지남
dryriver shares an opinion piece from The Economist: Not long ago, being the boss of a big Western tech firm was a dream job. As the billions rolled in, so did the plaudits: Google, Facebook, Amazon and others were making the world a better place. Today these companies are accused of being BAADD -- big, anti-competitive, addictive and destructive to democracy. Regulators fine them, politicians grill them and one-time backers warn of their power to cause harm. Much of this techlash is misguided. The presumption that big businesses must necessarily be wicked is plain wrong. Apple is to be admired as the world's most valuable listed company for the simple reason that it makes things people want to buy, even while facing fierce competition. Many online services would be worse if their providers were smaller. Evidence for the link between smartphones and unhappiness is weak. Fake news is not only an online phenomenon. But big tech platforms, particularly Facebook, Google and Amazon, do indeed raise a worry about fair competition. That is partly because they often benefit from legal exemptions. Unlike publishers, Facebook and Google are rarely held responsible for what users do on them; and for years most American buyers on Amazon did not pay sales tax. Nor do the titans simply compete in a market. Increasingly, they are the market itself, providing the infrastructure (or "platforms") for much of the digital economy. Many of their services appear to be free, but users "pay" for them by giving away their data. Powerful though they already are, their huge stockmarket valuations suggest that investors are counting on them to double or even triple in size in the next decade. There is thus a justified fear that the tech titans will use their power to protect and extend their dominance, to the detriment of consumers (see article). The tricky task for policymakers is to restrain them without unduly stifling innovation.

Read more of this story at Slashdot.

카테고리:

Ajit Pai's FCC Can't Admit Broadband Competition Is a Problem

Slashdot - 5시간 2분 지남
An anonymous reader quotes a report from DSLReports: While the FCC is fortunately backing away from a plan that would have weakened the standard definition of broadband, the agency under Ajit Pai still can't seem to acknowledge the lack of competition in the broadband sector. Or the impact this limited competition has in encouraging higher prices, net neutrality violations, privacy violations, or what's widely agreed to be some of the worst customer service of any industry in America. The Trump FCC had been widely criticized for a plan to weaken the standard definition of broadband from 25 Mbps down, 3 Mbps up, to include any wireless connection capable of 10 Mbps down, 1 Mbps up. Consumer advocates argued the move was a ham-fisted attempt to try and tilt the data to downplay the industry's obvious competitive and coverage shortcomings. They also argued that the plan made no coherent sense, given that wireless broadband is frequently capped, often not available (with carrier maps the FCC relies on falsely over-stating coverage), and significantly more expensive than traditional fixed-line service. In a statement (pdf), FCC boss Ajit Pai stated the agency would fortunately be backing away from the measure, while acknowledging that frequently capped and expensive wireless isn't a comparable replacement for fixed-line broadband. "The draft report maintains the same benchmark speed for fixed broadband service previously adopted by the Commission: 25 Mbps download/3 Mbps upload," stated Pai. "The draft report also concludes that mobile broadband service is not a full substitute for fixed service. Instead, it notes there are differences between the two technologies, including clear variations in consumer preferences and demands." That's the good news. The bad news: the FCC under Pai's leadership continues to downplay and ignore the lack of competition in the sector, and the high prices and various bad behaviors most people are painfully familiar with.

Read more of this story at Slashdot.

카테고리:

Nintendo's Newest Switch Accessories Are DIY Cardboard Toys

Slashdot - 5시간 42분 지남
sqorbit writes: Nintendo has announced a new experience for its popular Switch game console, called Nintendo Labo. Nintendo Labo lets you interact with the Switch and its Joy-Con controllers by building things with cardboard. Launching on April 20th, Labo will allow you to build things such as a piano and a fishing pole out of cardboard pieces that, once attached to the Switch, provide the user new ways to interact with the device. Nintendo of America's President, Reggie Fils-Aime, states that "Labo is unlike anything we've done before." Nintendo has a history of non-traditional ideas in gaming, sometimes working and sometimes not. Cardboard cuts may attract non-traditional gamers back to the Nintendo platform. While Microsoft and Sony appear to be focused on 4K, graphics and computing power, Nintendo appears focused on producing "fun" gaming experiences, regardless of how cheesy or technologically outdated they me be. Would you buy a Nintendo Labo kit for $69.99 or $79.99? "The 'Variety Kit' features five different games and Toy-Con -- including the RC car, fishing, and piano -- for $69.99," The Verge notes. "The 'Robot Kit,' meanwhile, will be sold separately for $79.99."

Read more of this story at Slashdot.

카테고리:

Norway Will Make All Short-Haul Flights Electric By 2040

Slashdot - 6시간 22분 지남
Norway's public operator of air transport plans to make all short-haul flights in the country entirely electric by 2040. "State-owned Avinor, which operates most of Norway's civil airports, is aiming to be the 'first in the world' to switch to electric air transport," reports The Independent. From the report: "We think that all flights lasting up to 1.5 hours can be flown by aircraft that are entirely electric," chief executive Dag Falk-Petersen told AFP. The announcement confirms Norway's reputation as a leader in electric power. In a 2017 report, Avinor announced that in cooperation with the Norwegian Sports Aviation Association and major airlines, it had set up a development project for electric aircraft. Avinor said it had "called for Norway to be established as a test arena and innovation center for the development of electric aircraft." Avinor intends to reduce aircraft greenhouse gas emissions in the short term by phasing in biofuels in the coming years, and then build on these reductions by phasing in electric planes.

Read more of this story at Slashdot.

카테고리:

CVE-2017-12130

Latest 7 days CVE Lists - 6시간 23분 지남
An exploitable NULL pointer dereference vulnerability exists in the tinysvcmdns library version 2017-11-05. A specially crafted packet can make the library dereference a NULL pointer leading to a server crash and denial of service. An attacker needs to send a DNS query to trigger this vulnerability.

CVE-2017-14803

Latest 7 days CVE Lists - 6시간 23분 지남
In NetIQ Access Manager 4.3 and 4.4, a bug exists in Identity Server when accessing a basic SSO connector and downloading the BasicSSO connector plugins on IE11 where an attacker can execute arbitrary code on the system.

CVE-2017-15108

Latest 7 days CVE Lists - 6시간 23분 지남
spice-vdagent up to and including 0.17.0 does not properly escape save directory before passing to shell, allowing local attacker with access to the session the agent runs in to inject arbitrary commands to be executed.

CVE-2017-15111

Latest 7 days CVE Lists - 6시간 23분 지남
keycloak-httpd-client-install versions before 0.8 insecurely creates temporary file allowing local attackers to overwrite other files via symbolic link.

CVE-2017-15112

Latest 7 days CVE Lists - 6시간 23분 지남
keycloak-httpd-client-install versions before 0.8 allow users to insecurely pass password through command line, leaking it via command history and process info to other local users.

Google CEO Sundar Pichai Says He Does Not Regret Firing James Damore

Slashdot - 7시간 2분 지남
An anonymous reader quotes a report from The Verge: Google CEO Sundar Pichai responded today to the firing of employee James Damore over his controversial memo on workplace diversity, stating that while he does not regret the decision, he regrets that people misunderstood it as a politically motivated event. Speaking in a live conversation with journalist and Recode co-founder Kara Swisher, MSNBC host Ari Melber, and YouTube CEO Susan Wojcicki in San Francisco, Pichai said that the decision to fire Damore was about ensuring women at Google felt like the company was committed to creating a welcoming environment. "I regret that people misunderstand that we may have made this for a political belief one way or another," Pichai said. "It's important for the women at Google, and all the people at Google, that we want to make a inclusive environment." When pressed by Swisher on the issue of regret, Pichai stated more definitively, "I don't regret it." Wojcicki, who has spoken publicly about how Damore's memo affected her personally, followed up with, "I think it was the right decision."

Read more of this story at Slashdot.

카테고리:

CVE-2017-12113

Latest 7 days CVE Lists - 7시간 23분 지남
An exploitable improper authorization vulnerability exists in admin_nodeInfo API of cpp-ethereum's JSON-RPC (commit 4e1015743b95821849d001618a7ce82c7c073768). A JSON request can cause an access to the restricted functionality resulting in authorization bypass. An attacker can send JSON to trigger this vulnerability.

CVE-2017-12116

Latest 7 days CVE Lists - 7시간 23분 지남
An exploitable improper authorization vulnerability exists in miner_setGasPrice API of cpp-ethereum's JSON-RPC (commit 4e1015743b95821849d001618a7ce82c7c073768). A JSON request can cause an access to the restricted functionality resulting in authorization bypass. An attacker can send JSON to trigger this vulnerability.

CVE-2017-12118

Latest 7 days CVE Lists - 7시간 23분 지남
An exploitable improper authorization vulnerability exists in miner_stop API of cpp-ethereum's JSON-RPC (commit 4e1015743b95821849d001618a7ce82c7c073768). An attacker can send JSON to trigger this vulnerability.

CVE-2017-12119

Latest 7 days CVE Lists - 7시간 23분 지남
An exploitable unhandled exception vulnerability exists in multiple APIs of CPP-Ethereum JSON-RPC. Specially crafted JSON requests can cause an unhandled exception resulting in denial of service. An attacker can send malicious JSON to trigger this vulnerability.

CVE-2017-14457

Latest 7 days CVE Lists - 7시간 23분 지남
An exploitable information leak/denial of service vulnerability exists in the libevm (Ethereum Virtual Machine) `create2` opcode handler of CPP-Ethereum. A specially crafted smart contract code can cause an out-of-bounds read leading to memory disclosure or denial of service. An attacker can create/send malicious a smart contract to trigger this vulnerability.

CVE-2017-14460

Latest 7 days CVE Lists - 7시간 23분 지남
An exploitable overly permissive cross-domain (CORS) whitelist vulnerability exists in JSON-RPC of Parity Ethereum client version 1.7.8. An automatically sent JSON object to JSON-RPC endpoint can trigger this vulnerability. A victim needs to visit a malicious website to trigger this vulnerability.

Security Breaches Don't Affect Stock Price, Study Suggests

Slashdot - 7시간 42분 지남
Computer security professional Bruce Schneier highlights the key findings of a study that suggests security breaches don't affect stock price. The study has been published in the Journal of Information Privacy and Security. From the report: -While the difference in stock price between the sampled breached companies and their peers was negative (1.13%) in the first 3 days following announcement of a breach, by the 14th day the return difference had rebounded to + 0.05%, and on average remained positive through the period assessed. -For the differences in the breached companies' betas and the beta of their peer sets, the differences in the means of 8 months pre-breach versus post-breach was not meaningful at 90, 180, and 360 day post-breach periods. -For the differences in the breached companies' beta correlations against the peer indices pre- and post-breach, the difference in the means of the rolling 60 day correlation 8 months pre- breach versus post-breach was not meaningful at 90, 180, and 360 day post-breach periods. -In regression analysis, use of the number of accessed records, date, data sensitivity, and malicious versus accidental leak as variables failed to yield an R2 greater than 16.15% for response variables of 3, 14, 60, and 90 day return differential, excess beta differential, and rolling beta correlation differential, indicating that the financial impact on breached companies was highly idiosyncratic. -Based on returns, the most impacted industries at the 3 day post-breach date were U.S. Financial Services, Transportation, and Global Telecom. At the 90 day post-breach date, the three most impacted industries were U.S. Financial Services, U.S. Healthcare, and Global Telecom.

Read more of this story at Slashdot.

카테고리:

Trump Signs Surveillance Extension Into Law

Slashdot - 8시간 22분 지남
President Trump took to Twitter this afternoon to announce that he has signed a six-year renewal of a powerful government surveillance tool. "Just signed 702 Bill to authorize foreign intelligence collection," Trump tweeted. "This is NOT the same FISA law that was so wrongly abused during the election. I will always do the right thing for our country and put the safety of the American people first!" The Hill reports: Section 702 of the Foreign Intelligence Surveillance Act (FISA), which the Senate voted to renew with a few small tweaks this week, allows the U.S. to spy on foreigners overseas. The intelligence community says the program is a critical tool in identifying and disrupting terror plots. But the broader surveillance law, which governs U.S. spying on foreigners, has become politically entangled with the controversy over the federal investigation into Trump's campaign and Russia. Some Republicans have claimed that the FBI inappropriately obtained a politically motivated FISA warrant to spy on Trump during the transition and on Friday, Capitol Hill was consumed with speculation about a four-page memo produced by House Intelligence Committee Republicans that some GOP lawmakers hinted contained evidence of such wrongdoing.

Read more of this story at Slashdot.

카테고리:

CVE-2017-12112

Latest 7 days CVE Lists - 8시간 23분 지남
An exploitable improper authorization vulnerability exists in admin_addPeer API of cpp-ethereum's JSON-RPC (commit 4e1015743b95821849d001618a7ce82c7c073768). A JSON request can cause an access to the restricted functionality resulting in authorization bypass. An attacker can send JSON to trigger this vulnerability.

페이지

KLDP 수집기 구독하기