Sparrowvsrevolution writes with news of some particularly insecure security cameras. From the article: "Eighteen brands of security camera digital video recorders are vulnerable to an attack that would allow a hacker to remotely gain control of the devices to watch, copy, delete or alter video streams at will, as well as to use the machines as jumping-off points to access other computers behind a company's firewall, according to tests by two security researchers. And 58,000 of the hackable video boxes, all of which use firmware provided by the Guangdong, China-based firm Ray Sharp, are accessible via the Internet. Early last week a hacker who uses the handle someLuser found that commands sent to a Swann DVR via port 9000 were accepted without any authentication. That trick would allow anyone to retrieve the login credentials for the DVR's web-based control panel. To compound the problem, the DVRs automatically make themselves visible to external connections using a protocol known as Universal Plug And Play, (UPnP) which maps the devices' location to any local router that has UPnP enabled — a common default setting. ...Neither Ray Sharp nor any of the eighteen firms have yet released a firmware fix."
Migrate from GitHub to SourceForge quickly and easily with this tool. Check out all of SourceForge’s recent improvements.×
crankyspice writes "Having recently picked up the Erector set I've wanted since I was a kid, I quickly found myself wanting to plunge deeper into makerspace by adding more sophisticated electronics to moving devices (rovers, maybe eventually flying bots). My first instinct was Arduino (maybe because of brand recognition?), but that got me thinking — what's the 'best' platform out there (most flexible)? Arduino with its myriad options (Nano, Mega, Uno, Mini)? PICAXE? BASIC Stamp? Raspberry Pi? (The latter seems like it would easily be the most flexible, but at greater cost in terms of weight and complexity.) I'm a hobbyist programmer, having learned C and C++ in college and recently re-learning Java (took and passed the Oracle Certified Professional exam, FWIW)..."
hypnosec writes "Matthew Garrett published some patches today which break hibernate and kexec support on Linux when Secure Boot is used. The reason for disabling hibernation is that currently the Linux kernel doesn't have the capability of verifying the resume image when returning from hibernation, which compromises the Secure Boot trust model. The reason for disabling the kexec support while running in Secure Boot is that the kernel execution mechanism may be used to load a modified kernel thus bypassing the trust model of Secure Boot." Before arming your tactical nuclear flame cannon, note that mjg says "These patches break functionality that people rely on without providing any functional equivalent, so I'm not suggesting that they be merged as-is." Support for signed kexec should come eventually, but it looks like hibernation will require some clever hacking to support properly in a Restricted Boot environment.
sciencehabit writes "Each year, hundreds of millions of metric tons of dust, water, and humanmade pollutants make their way into the atmosphere, often traveling between continents on jet streams. Now a new study confirms that some microbes make the trip with them, seeding the skies with billions of bacteria and other organisms—and potentially affecting the weather. What's more, some of these high-flying organisms may actually be able to feed while traveling through the clouds, forming an active ecosystem high above the surface of the Earth."
adeelarshad82 writes "Twitter's new iOS-only app, Vine, was prominently featured by Apple as an 'Editor's Pick' in its App Store the day it launched. However, given Apple's policies for adult content, they may have rushed the whole thing since this past Sunday, a number of news outlets ran stories covering the rise of easily-accessible pornography on the new video sharing app. As Joshua Topolsky explains, the situation draws even more attention to the vague and sometimes confusing rules of Apple's App Store guidelines, and more clearly showcases the sporadic and often unusual criteria the iPhone-maker uses to decide the fates of applications. So it will be interesting to see how Apple handles this given that they've never been shy about banning similarly racy apps in the past."
chicksdaddy writes "Google cemented its reputation as the squarest company around Monday (pun intended), offering prizes totaling Pi Million Dollars — that's right: $3.14159 million greenbacks — in its third annual Pwnium hacking contest, to be held at the CanSecWest conference on March 7 in Vancouver, British Columbia. Google will pay $110,000 for a browser or system level compromise delivered via a web page to a Chrome user in guest mode or logged in. The company will pay $150,000 for any compromise that delivers 'device persistence' delivered via a web page, the company announced on the chromium blog. 'We believe these larger rewards reflect the additional challenge involved with tackling the security defenses of Chrome OS, compared to traditional operating systems,' wrote Chris Evans of Google's Security Team."
Nerval's Lobster writes "All your Tweets are belong to us... with a court order. Twitter's second transparency report reinforces what many already know: governments want online user data, and to yank select content from the Internet. Twitter's first two transparency reports cover the entirety of 2012, so there's not a deep historical record to mine for insight. Nonetheless, that year's worth of data shows all types of government inquiry—information requests, removal requests, and copyright notices—either on the increase or holding relatively steady. Governments requested user information from Twitter some 1,009 times in the second half of 2012, up slightly from 849 requests in the first half of that year. Content-removal requests spiked from 6 in the first half of 2012 to 42 in the second. Meanwhile, copyright notices declined a bit, from 3378 in the first half of 2012 to 3268 in the second."
LinuxFest Northwest happen. This is an event produced by the Bellingham Linux Users Group that "has been a tradition in Bellingham, WA since 2000." Bellingham is a small town about a 1.5 hour drive away from Seattle, and a shorter distance from Vancouver, Canada. Last year they had 1200 people. They have a core group of about 10 year-round volunteers, with as many as 60 participating in the event itself, many of whom are students at Bellingham Technical College, which is where LinuxFest Northwest is held.
snydeq writes "Security pros and government officials warn of a possible cyber 9/11 involving banks, utilities, other companies, or the Internet, InfoWorld reports. 'A cyber war has been brewing for at least the past year, and although you might view this battle as governments going head to head in a shadow fight, security experts say the battleground is shifting from government entities to the private sector, to civilian targets that provide many essential services to U.S. citizens. The cyber war has seen various attacks around the world, with incidents such as Stuxnet, Flame, and Red October garnering attention. Some attacks have been against government systems, but increasingly likely to attack civilian entities. U.S. banks and utilities have already been hit.'"
redletterdave writes "A new report released Monday revealed that Google+, less than a year and a half after its public debut, is now the No. 2 social network in the world with 343 million active users. Even better for Google, YouTube, which had not previously been tracked as a social network until recently, is now the No. 3 social network in the world with about 300 million active users. Google Plus and YouTube are being used by 25 percent and 21 percent of the global Internet populace, respectively."
benrothke writes "In its first week, Going Clear: Scientology, Hollywood, and the Prison of Belief was #3 on the New York Times Best Sellers list and will likely be #1 soon. The fact that the book is in print is somewhat miraculous given the voracious appetite Scientology has for litigation. It is the first time that such an expose could have been written and found such wide-scale reading. An interesting analysis of this fact is found in Why the Media Is No Longer Afraid of Scientology by Kim Masters. But as mesmerizing an expose as the book is, I doubt that this will be more than a speed bump to Scientology's growth and fund raising." Keep reading to be clear about what Ben has to say.
Frequent contributor Bennett Haselton writes "With the announcement of Verizon's "six strikes plan" for movie pirates (which includes reporting users to the RIAA and MPAA), and content companies continuing to sue users en masse for peer-to-peer downloads, I think it's inevitable that we'll see the rise of p2p software that proxifies your downloads through other users. In this model, you would not only download content from other users, but you also use other users' machines as anonymizing proxies for the downloads, which would make it impossible for third parties to identify the source or destination of the file transfer. This would hopefully put an end to the era of movie studios subpoenaing ISPs for the identities of end users and taking those users to court." Read below for the rest of Bennett's thoughts.
Dupple writes "After settling with the FTC, Google is under pressure again regarding user privacy. From the BBC: 'A group of Apple's Safari web browser users has launched a campaign against Google over privacy concerns. They claim that Google bypassed Safari's security settings to install cookies which tracked their movements on the internet. Between summer 2011 and spring 2012 they were assured by Google this was not the case, and believed Safari's settings to be secure. Judith Vidal-Hall, former editor of Index On Censorship magazine, is the first person in the UK to begin legal action. 'Google claims it does not collect personal data but doesn't say who decides what information is "personal,"' she said. 'Whether something is private or not should be up to the internet surfer, not Google. We are best placed to decide, not them.'"
colinneagle writes "About two weeks back, I was using my Android tablet and looking for a good graphics editor. I wanted something with layers and good text drawing tools. That's when it hit me. We already have that. Photoshop used to run on Windows 3.1. And Windows 3.1 runs great under both DOSBox and QEMU, both of which are Open Source emulators available for Android and every other platform under the sun. So I promptly set to work digging up an old copy of Photoshop. The last version released for Windows 3.1 was back in 1996. And finding a working copy proved to be...challenging. Luckily, the good folks at Adobe dug around in their vaults and managed to get me up and running. And, after a bit of tweaking, I ended up with an astoundingly functional copy of Photoshop that I can now run on absolutely every device I own. And the entire environment (fonts, working files and all) are automatically backed up to the cloud and synced between systems. But what other applications (and, potentially, games) does this give me access to? How far can I take this?"
SternisheFan writes "Airline safety inspectors have found no faults with the battery used on Boeing's 787 Dreamliner, Japan's transport ministry has said. The battery was initially considered the likely source of problems on 787s owned by two Japanese airlines. The world's entire fleet of 50 787s has been grounded while inspections are carried out. Attention has now shifted to the electrical system that monitors battery voltage, charging and temperature. Transport ministry official Shigeru Takano said 'we have found no major quality or technical problem' with the lithium-ion batteries. Shares in GS Yuasa, which makes the batteries, jumped 5% on the news. 'We are looking into affiliated parts makers,' he said. 'We are looking into possibilities.'"