Feed aggregator

New Hacking Tool Lets Users Access a Bunch of DVRs and Their Video Feeds

Slashdot - Sun, 05/06/2018 - 14:10
An anonymous reader writes: "An Argentinian security researcher named Ezequiel Fernandez has published a powerful new tool yesterday that can easily extract plaintext credentials for various DVR brands and grant attackers access to those systems, and inherently the video feeds they're supposed to record," reports Bleeping Computer. "The tool, named getDVR_Credentials, is a proof-of-concept for CVE-2018-9995, a vulnerability discovered by Fernandez at the start of last month, [affecting TBK DVR systems]. Fernandez discovered that by accessing the control panel of specific DVRs with a cookie header of 'Cookie: uid=admin,' the DVR would respond with the device's admin credentials in cleartext." Tens of thousands of vulnerable devices available online can be hijacked with their video feeds assembled in voyeur sites, like it's been done in the past.

Read more of this story at Slashdot.

If Fortnite Were a Website, It Would Rival Reddit and Amazon

Slashdot - Sun, 05/06/2018 - 13:09
Tom's Guide gives us some perspective on just how big of a cultural phenomenon the game Fortnite is: "if Fortnite were a website, it would be one of the top five in the United States." From the report: Take a quick look at Alexa's list of top U.S. websites, and you'll see Google, YouTube, Facebook, Reddit and Amazon in the top five. No surprises there. But as a quick Google Trends search reveals, Fortnite has become a hotter search term than Reddit. What some might see as a flash-in-the-pan gaming fad is actually outpacing one of the web's hottest destinations. "More people in the U.S. are searching for 'Fortnite' on Google than they are for 'Reddit' and these searches have risen sharply over the last two months," said John DeFeo, VP of Internet Marketing at Purch, Tom's Guide's parent company. "When you consider that Fortnite had more than 3 million concurrent players in February, I believe that if Fortnite were a website, it would be among the top five in the U.S., duking it out with Reddit and Amazon."

Read more of this story at Slashdot.

How to install Tomcat 8.5 on Ubuntu 18.04

LXer - Sun, 05/06/2018 - 12:52
Apache Tomcat is an open source implementation of the Java Servlet, JavaServer Pages, Java Expression Language and Java WebSocket technologies. It is one of the most widely adopted applications and web servers in the world today. Tomcat is simple to use and has a robust ecosystem of add-ons. This tutorial demonstrates how to install Tomcat 8.5 on Ubuntu 18.04.

Placing Election Ads On Google Will Require a Government ID

Slashdot - Sun, 05/06/2018 - 12:08
Google announced new policies Friday that will require advertisers to prove they are a U.S. citizen or permanent resident when buying election ads. "Under the new guidelines, Google will ask advertisers -- be they individuals, organizations, or political action committees -- to prove they are who they claim to be," reports Gizmodo. "It will also require the ads to include a clear disclosure of who is paying for it." From the report: The change comes after Google and other social media companies revealed their advertising platforms were abused by foreign actors, including the Russian government-backed troll farm Internet Research Agency, during the 2016 U.S. presidential election. It also places Google's policies in line with U.S. laws for traditional media that restrict foreign entities from running election ads. Where Google's effort falls short, at least in its current iteration, is the new policies only cover ads featuring candidates running for office. So-called "issue ads" that advocate a certain point of view on hot-button topics are not covered in Google's policies.

Read more of this story at Slashdot.

UK Car Industry On Alert Over Reports Some Hybrids Face a Ban

Slashdot - Sun, 05/06/2018 - 11:07
An anonymous reader quotes a report from the BBC: The UK's car industry has hit out at the government over unconfirmed reports ministers will target hybrid vehicles as part of a new emissions crackdown. New cars unable to do at least 50 miles on electric power may be banned by 2040, a ruling that would hit the UK's best-selling hybrid, Toyota's Prius. The SMMT car trade body said "misleading" government messages were damaging the industry and hitting jobs. In a short statement, the Department for Transport denied plans for a ban. The Financial Times and Autocar said that the government's Road to Zero car emissions strategy was due to be unveiled imminently. It follows last year's announcement by the government that it would ban the sale of all new diesel and petrol cars in the UK by 2040. But the position on electrified models was unclear, and Road to Zero is due to clarify the situation. The FT and Autocar reported that vehicles which could not travel at least 50 miles using only electric power would be outlawed. "Unrealistic targets and misleading messaging on bans will only undermine our efforts to realize this future, confusing consumers and wreaking havoc on the new car market and the thousands of jobs it supports," said Mike Hawes, chief executive of the Society of Motor Manufacturers and Traders. "We cannot support ambition levels which do not appreciate how industry, the consumer or the market operate and which are based neither on fact nor substance. Consumers need clear information about the right vehicles for their driving needs and it is again disappointing for both industry and consumers that vitally important information about government policy is being communicated by leaks."

Read more of this story at Slashdot.

Post-Alice, Using Software Patents, Microsoft-Backed Patent Troll Finjan Continues Suing Microsoft's Competitors

LXer - Sun, 05/06/2018 - 10:58
Finjan's warpath of destruction shows no signs of stopping; it's now suing Check Point, a relatively large company that occasionally exposes issues in Microsoft's software

Telegram's Billion-Dollar ICO Has Become a Mess

Slashdot - Sun, 05/06/2018 - 10:06
Jon Russell and Mike Butcher from TechCrunch report of the mess that is Telegram's billion-dollar initial coin offering (ICO): Telegram's ICO was supposed to be a record-breaker to develop a platform that brings the decentralized internet to life. Instead, it has become a mess with the tightly controlled fundraising process in disarray as early backers sell their tokens for handsome returns. The company recently canceled the public sale piece of its ICO, the Wall Street Journal reported this week, after it raised $1.7 billion from private sale investors, according to SEC filings. But the issues date back further. Telegram's grand vision is to build the TON (Telegram Open Network), a blockchain-based platform that extends its messaging app, which counts 200 million active users, into a range of services that include payments, file storage, censorship-proof browsing and decentralized apps hosted on the platform. According to the original whitepaper, the plan was to raise $1.2 billion using both invite-only private investors and an open sale to the public. Telegram later extended the raise to $1.7 billion before it canceled the public sale altogether. That's almost certainly because it had already raised enough money to develop TON without the risk of running into the SEC's ongoing ICO probe by soliciting money from the public. The result is that the ordinary people can't buy Telegram's Gram crypto token until it is released on exchanges. There's currently no timeline for that. But, with massive demand for the messaging app and deep discounts for early backers, a secondary market for buying and selling tokens early has emerged -- with huge returns already realized by some.

Read more of this story at Slashdot.

Devices Supporting Google Assistant Have More Than Tripled In Last Four Months

Slashdot - Sun, 05/06/2018 - 09:05
In a blog post on Thursday, Google announced that their smart assistant is now compatible with more than 5,000 devices. That's up from the 1,500 devices it worked with back in January. The Verge reports: According to Google, it's a list made up of a huge variety of products, including "cameras, dishwashers, doorbells, dryers, lights, plugs, thermostats, security systems, switches, vacuums, washers, fans, locks, sensors, heaters, AC units, air purifiers, refrigerators, and ovens." It's a big jump -- at least, numerically speaking -- and if nothing else, it's a sign that the full court press that Google started at the beginning of the year with its massive Google Assistant-themed booth at CES is starting to show some results. For comparison, Apple's Homekit is compatible with 195 products while Amazon's Alexa assistant currently supports over 12,000 devices.

Read more of this story at Slashdot.

Raspberry Pi Series Part 3: From Purchase To Assembly

LXer - Sun, 05/06/2018 - 09:04
Welcome back to our Raspberry Series. This time we are going to touch on how to acquire a Raspberry, set up the raspberry with all the required peripherals and get the essential installations, especially a perfect Linux distro.

Chinese Government Is Behind a Decade of Hacks On Software Companies, Says Report

Slashdot - Sun, 05/06/2018 - 08:04
An anonymous reader quotes a report from Ars Technica: Researchers said Chinese intelligence officers are behind almost a decade's worth of network intrusions that use advanced malware to penetrate software and gaming companies in the US, Europe, Russia, and elsewhere. The hackers have struck as recently as March in a campaign that used phishing emails in an attempt to access corporate-sensitive Office 365 and Gmail accounts. In the process, they made serious operational security errors that revealed key information about their targets and possible location. Researchers from various security organizations have used a variety of names to assign responsibility for the hacks, including LEAD, BARIUM, Wicked Panda, GREF, PassCV, Axiom, and Winnti. In many cases, the researchers assumed the groups were distinct and unaffiliated. According to a 49-page report published Thursday, all of the attacks are the work of Chinese government's intelligence apparatus, which the report's authors dub the Winnti Umbrella. Researchers from 401TRG, the threat research and analysis team at security company ProtectWise, based the attribution on common network infrastructure, tactics, techniques, and procedures used in the attacks as well as operational security mistakes that revealed the possible location of individual members.

Read more of this story at Slashdot.

How to Fix the Leverage Browser Caching Warning in WordPress

LXer - Sun, 05/06/2018 - 07:09
We will show you How to Fix the Leverage Browser Caching Warning in WordPress, on a Linux based virtual private server. Leverage Browser Caching is a warning which you may encounter if you run a speed or performance test for your website using some of the tools which are available online.

Microsoft/Intellectual Ventures: Still Pairing to Tax the Entire World With Patent Lawsuits and Extortion

LXer - Sun, 05/06/2018 - 05:15
Bill's Microsoft and Nathan's Intellectual Ventures (with 95,000 'IP' 'assets') are still brewing a lot of legal trouble/Armageddon, distributing plenty of patents to various patent trolls which themselves file lawsuits through shells and proxies

Eight New Meltdown-Like Flaws Found

Slashdot - Sun, 05/06/2018 - 04:34
An anonymous reader quotes Reuters: Researchers have found eight new flaws in computer central processing units that resemble the Meltdown and Spectre bugs revealed in January, a German computing magazine reported on Thursday. The magazine, called c't, said it was aware of Intel Corp's plans to patch the flaws, adding that some chips designed by ARM Holdings, a unit of Japan's Softbank, might be affected, while work was continuing to establish whether Advanced Micro Devices chips were vulnerable... The magazine said Google Project Zero, one of the original collective that exposed Meltdown and Spectre in January, had found one of the flaws and that a 90-day embargo on going public with its findings would end on May 7... "Considering what we have seen with Meltdown and Spectre, we should expect a long and painful cycle of updates, possibly even performance or stability issues," said Yuriy Bulygin, chief executive officer of hardware security firm Eclypsium and a former Intel security researcher. "Hopefully, Meltdown and Spectre led to improvements to the complicated process of patching hardware." Neowin now reports that Intel "is expected to release microcode updates in two waves; one in May, and the other in August."

Read more of this story at Slashdot.

Weekend Reading: Qubes

LXer - Sun, 05/06/2018 - 03:20
Qubes OS is a security-focused operating system that, as tech editor Kyle Rankin puts it, "is fundamentally different from any other Linux desktop I've used". Join us this weekend in reading Kyle's multi-part series on all things Qubes.

Facebook Exec Admits 'No Real Understanding' for the Scope of Fake News

Slashdot - Sun, 05/06/2018 - 01:34
Three executives from Facebook, Twitter, and YouTube appeared at Stanford to discuss free speech in the social media age, with one law professor raising concerns about how the online giants are curating their services. All three tech executives talked about increasing transparency and authenticity. But all acknowledge that nothing is foolproof and political speech in particular is most difficult to regulate, if it should be at all. "That puts a lot of control in the hands of the companies sitting here in term of what kind of speech is allowed to have the global reach," said Juniper Downs, YouTube's global head of public policy and government relations. "That is a responsibility we take very seriously and something we owe to the public and a civil society...." Facebook is making information available on its platform to researchers to help understand the effect of Facebook usage on elections. Still, Facebook's Vice President of Public Policy Elliot Schrage urged caution. "There is no agreement whatsoever on the prevalence of false news and fake propaganda on our platform," he said. "We have no real understanding of what the scope of misinformation is." He suggested that despite these chaotic times, "I do think we should be pretty modest and circumspect in the approaches we take." Social media companies need to find creative ways to improve the spread of information, Schrage said. But it won't be easy. "No one company," he said, "is going to solve this problem."

Read more of this story at Slashdot.

Crisis at Void Linux as Lead Developer Goes Missing in Action

LXer - Sun, 05/06/2018 - 01:26
It was recently announced that the lead developer of Void Linux had gone silent. This has left the rest of the Void Linux community scrambling about the future of the project.

How to Turn Vim into a Word Processor

LXer - Sat, 05/05/2018 - 23:32
Vim is more a code editor, but with a few tweaks, you can write documents like you’re in MS Word. Here’s how you can turn Vim into a Word processor.

Ask Slashdot: Is the World Better Or Worse Because of Security Tech?

Slashdot - Sat, 05/05/2018 - 22:34
Slashdot reader krisdickie is a developer for embedded devices (and many other systems), and spends a lot of time being proactive about security. This is obviously important, and I don't necessarily see it as a distraction, but rather a complex problem that has some added thrill to being solved. I can't help but wonder though if I (and my team) would have been X times more productive or have come up with some amazing new concept or feature, if we didn't have to deal with implementing security measures. In a utopian world, where there are no bad actors, we would have likely forfeited many of the systems and ideas that have been put into place to prevent bad things from happening. So my question is -- are we more technically advanced because of the thoughtfulness that has gone into creating these systems? Or are we just losing precious resources and time dealing with the necessity of protecting ourselves from the perilous few? Share your own thoughts in the comments. Is the world better or worse off because of our ongoing development of security tech?

Read more of this story at Slashdot.

This Week in Open Source News: KubeCon + CloudNativeCon, Facebook to Open Source AI tools & More

LXer - Sat, 05/05/2018 - 21:37
This week in open source and Linux news, an update on all the happenings this week at KubeCon + CloudNativeCon Europe, Facebook announces plan to open source its AI tools, including Translate, and more!

How to install Gnome Shell Extensions on Ubuntu 18.04 Bionic Beaver Linux

LXer - Sat, 05/05/2018 - 19:43
Ubuntu 18.04 release comes with some extensions as part of its package repository. This article explains how to install Gnome Shell Extensions on Ubuntu 18.04 Bionic Beaver Linux.
Syndicate content