Shared posts

08 Dec 02:22

Adobe Flash Responsible For Six of the Top 10 Bugs Used By Exploit Kits In 2016

by BeauHD
Trailrunner7 quotes a report from On the Wire: Vulnerabilities in Flash and Internet Explorer dominated the exploit kit landscape in the last year, with a high-profile bug in Flash being found in seven separate kits, new research shows. Exploit kits have long been a key tool in the arsenal of many attackers, from low-level gangs to highly organized cybercrime crews. Their attraction stems from their ease of use and the ability for attackers to add exploits for new vulnerabilities as needed. While there are dozens of exploit kits available, a handful of them attract the most use and attention, including Angler, Neutrino, Nuclear, and Rig. Researchers at Recorded Future looked at more than 140 exploit kits and analyzed which exploits appeared in the most kits in the last year, and it's no surprise that Flash and IE exploits dominated the landscape. Six of the top 10 most-refquently targeted vulnerabilities in the last year were in Flash, while the other four were in Microsoft products, including IE, Windows, and Silverlight. Flash has been a favorite target for attackers for a long time, for two main reasons: it's deployed on hundreds of millions of machines, and it has plenty of vulnerabilities. Recorded Future's analysis shows that trend is continuing, and one Flash bug disclosed October 2015 was incorporated into seven individual exploit kits. The flaw was used by a number of high-level attackers, including some APT groups. "Adobe Flash Player's CVE-2015-7645, number 10 in terms of references to exploit kits, stands out as the vulnerability with the most adoption by exploit kits. Exploit kits adopting the Adobe bug in the past year include Neutrino, Angler, Magnitude, RIG, Nuclear Pack, Spartan, and Hunter," the analysis by Recorded Future says.

Share on Google+

Read more of this story at Slashdot.

25 Nov 18:45

VLC Media Player Previews 360-degree Video Support

by msmash
VideoLAN has released a technical preview of VLC Media Player 3.0 with 360-degree video support. The new build handles videos following the Spatial Video format, and photos and panoramas following the Spherical spec (the official test page has sample files). From an article on SoftwareCrew:The files play back just like any other video, but you can now left-click and drag within the screen or use the numeric keypad arrows to look around. VideoLAN says there are multiple display modes -- Zoom, Little Planet and Reverse Little Planet -- although we couldn't immediately see how they were activated. This initial release is only available for Windows and Mac, but eventually 360-degree support will arrive for Android, iOS and Xbox One, with VR headset support likely to arrive in 2017.

Share on Google+

Read more of this story at Slashdot.

03 Mar 00:49

Google-Backed SSD Endurance Research Shows MLC Flash As Reliable As SLC

by timothy
MojoKid writes: Even for mainstream users, it's easy to feel the differences between using a PC that has an OS installed on a solid state drive versus a mechanical hard drive. Also, with SSD pricing where it is right now, it's also easy to justify including one in a new configuration for the speed boost. And there's obvious benefit in the enterprise and data center for both performance and durability. As you might expect, Google has chewed through a healthy pile of SSDs in its data centers over the years and the company appears to have been one of the first to deploy SSDs in production at scale. New research results Google is sharing via a joint research project now encompasses SSD use over a six year span at one of Google's data centers. Looking over the results led to some expected and unexpected findings. One of the biggest discoveries is that SLC-based SSDs are not necessarily more reliable than MLC-based drives. This is surprising, as SLC SSDs carry a price premium with the promise of higher durability (specifically in write operations) as one of their selling points. It will come as no surprise that there are trade-offs of both SSDs and mechanical drives, but ultimately, the benefits SSDs offer often far outweigh the benefits of mechanical HDDs.

Share on Google+

Read more of this story at Slashdot.

25 Mar 16:11

25 de marzo, Día del Documento Libre

by nettizen
ignacio.agullo nos cuenta: «Como todos los años desde 2008 a finales de marzo, la Fundación para la Programación Libre de Europa convoca el Día del Documento Libre. Se organizan eventos por todo el mundo para promover los estándares abiertos para la codificación de datos, permitiendo que cualquier programador pueda crear sus propias herramientas para trabajar con los datos o para convertirlos de formato. Es una celebración relacionada con la compatibilidad, pues lo que se trata de evitar es perder los datos que están codificados de forma indocumentada cuando el formato se queda sin soporte. Para los seguidores de las Celebraciones TIC Internacionales, la Asociación de Técnicos de Informática mantiene un Calendario de celebraciones internacionales dedicadas a las Tecnologías de la Información y las Comunicaciones.»
06 Jun 15:33

Vodafone Reveals Warrantless Wiretapping

by Soulskill
Charliemopps writes "According to Vodafone, multiple governments have installed equipment that collects data on its customers without a warrant. This includes metadata, location data, and voice. They say, "In a small number of countries, agencies and authorities have direct access to communications data stored within an operator’s network. In those countries, Vodafone will not receive any form of demand for communications data access as the relevant agencies and authorities already have permanent access to customer communications via their own direct link." It's a rather long, and very interesting report. Vodafone also criticized the transparency process: "In our view, it is governments – not communications operators – who hold the primary duty to provide greater transparency on the number of agency and authority demands issued to operators. We believe this for two reasons."'

Share on Google+

Read more of this story at Slashdot.








10 Apr 14:34

New French Law Prohibits After-Hours Work Emails

by timothy
Hugh Pickens DOT Com (2995471) writes "Lucy Mangan reports at The Guardian that a new labor agreement in France means that employees must ignore their bosses' work emails once they are out of the office and relaxing at home – even on their smartphones. Under the deal, which affects a million employees in the technology and consultancy sectors (including the French arms of Google, Facebook, and Deloitte), employees will also have to resist the temptation to look at work-related material on their computers or smartphones – or any other kind of malevolent intrusion into the time they have been nationally mandated to spend on whatever the French call la dolce vita. "We must also measure digital working time," says Michel De La Force, chairman of the General Confederation of Managers. "We can admit extra work in exceptional circumstances but we must always come back to what is normal, which is to unplug, to stop being permanently at work." However critics say it will impose further red tape on French businesses, which already face some of the world's tightest labor laws." (Continues)

Share on Google+

Read more of this story at Slashdot.








10 Mar 09:09

Unique Date

If our current civilization lasts another 8,000 years, it's probably fair to assume the Long Now Foundation got things right, and at some point we started listening to them and switched to five-digit years.
03 Nov 00:15

Inmates Program Logistics App For Prison

by Soulskill
schweini writes "Inmates in an Oklahoma prison developed software that attempts to streamline the prison's food logistics. A state representative found out, and he's trying to get every other prison in Oklahoma to use it, too. According to the Washington Post, 'The program tracks inmates as they proceed through food lines, to make sure they don’t go through the lines twice... It can help the prison track how popular a particular meal is, so purchasers know how much food to buy in the future. And it can track tools an inmate checks out to perform their jobs.' The program also tracks supply shipments into the system, and it showed that food supplier Sysco had been charging different prices for the same food depending on which facility it was going to. Another state representative was impressed, but realized the need for oversight: 'If they build on what they’ve done here, they actually have to script it out. If you have inmates writing code, there has to be a continual auditing process. Food in prison is a commodity. It’s currency.'"

Share on Google+

Read more of this story at Slashdot.