Windows

Microsoft Launches Windows 10 Update History Site To Share Update Release Notes (betanews.com) 56

Mark Wilson writes: Keeping up to date with the latest updates for Windows 10 can be something of a full time job, particularly if you're signed up to get Insider builds. To make it easier to keep track of what changes each update brings, Microsoft has launched the Windows 10 update history site.The site is in response to feedback from Windows 10 users who have been looking for an accessible way of learning about updates. The site provides details of exactly what the updates delivered through Windows Update. It is something of a work in progress at the moment, but one of the recent updates featured fixes a bug that meant browsing sessions in Microsoft Edge's InPrivate mode were not necessarily completely private.
Bug

The Internet of Broken Things (hackaday.com) 96

szczys writes: The Internet of Things is all the hype these days. On one side we have companies clamoring to sell you Internet-Connected-everything to replace all of the stuff you already have that is now considered "dumb." On the other side are security researchers screaming that we're installing remote access with little thought about securing it properly. The truth is a little of both is happening, and that this isn't a new thing. It's been around for years in industry, the new part is that it's much wider spread and much closer to your life. Al Williams walks through some real examples of the unintended consequences of IoT, including his experiences building and deploying devices, and some recent IoT gaffs like the NEST firmware upgrade that had some users waking up to an icy-cold home.
Security

Researcher Finds Tens of Software Products Vulnerable To Simple Bug (softpedia.com) 162

An anonymous reader writes: There's a German security researcher that is arduously testing the installers of tens of software products to see which of them are vulnerable to basic DLL hijacking. Surprisingly, many companies are ignoring his reports. Until now, only Oracle seems to have addressed this problem in Java and VirtualBox. Here's a short (probably incomplete) list of applications that he found vulnerable to this attack: Firefox, Google Chrome, Adobe Reader, 7Zip, WinRAR, OpenOffice, VLC Media Player, Nmap, Python, TrueCrypt, and Apple iTunes. Mr. Kanthak also seems to have paid special attention to antivirus software installers. Here are some of the security products he discovered vulnerable to DLL hijacking: ZoneAlarm, Emsisoft Anti-Malware, Trend Micro, ESET NOD32, Avira, Panda Security, McAfee Security, Microsoft Security Essentials, Bitdefender, Rapid7's ScanNowUPnP, Kaspersky, and F-Secure.
Security

Neutrino Exploit Kit Has a New Way To Detect Security Researchers (csoonline.com) 41

itwbennett writes: [The Neutrino exploit kit] is using passive OS fingerprinting to detect visiting Linux machines, according to Trustwave researchers who found that computers they were using for research couldn't make a connection with servers that delivered Neutrino. Daniel Chechik, senior security researcher at Trustwave's SpiderLabs division wrote that they tried changing IP addresses and Web browsers to avoid whatever was causing the Neutrino server to not respond, but it didn't work. But by fiddling with some data traffic that Trustwave's computers were sending to the Neutrino server, they figured out what was going on.
Bug

Some Reversible USB-C Cables/Adapters Could Cause Irreversible Damage 136

TheRealHocusLocus writes: Three Decembers ago I lauded the impending death of the trapezoid. Celebration of the rectangle might be premature however, because in the rush-to-market an appalling number of chargers, cables and legacy adapters have been discovered to be non-compliant. There have been performance issues with bad USB implementation all along, but now — with improved conductors USB-C offers to negotiate up to 3A in addition the 900ma base, so use of a non-compliant adapter may result in damage. Google engineer and hero Benson Leung has been waging a one-man compliance campaign of Amazon reviews to warn of dodgy devices and praise the good. Reddit user bmcclure937 offers a spreadsheet summary of the reviews. It's a jungle out there, don't get fried.
Bug

Have Your iPhone 6 Repaired, Only To Get It Bricked By Apple (theguardian.com) 409

New submitter Nemosoft Unv. writes: In case you had a problem with the fingerprint sensor or some other small defect on your iPhone 6 and had it repaired by a non-official (read: cheaper) shop, you may be in for a nasty surprise: error 53. What happens is that during an OS update or re-install the software checks the internal hardware and if it detects a non-Apple component, it will display an error 53 and brick your phone. Any photos or other data held on the handset is lost – and irretrievable. Thousands of people have flocked to forums to express their dismay at this. What's more insiduous is that the error may only appear weeks or months after the repair. Incredibly, Apple says this cannot be fixed by any hard- or software update, while it is clearly their software that causes the problem in the first place. And then you thought FTDI was being nasty ...
Bug

IRS Computer Problems Shut Down Tax Return E-file System (foxnews.com) 176

Mr.Intel writes: The IRS stopped accepting electronically filed tax returns Wednesday because of problems with some of its computer systems. The outage could affect refunds, but the agency said it doesn't anticipate "major disruptions." A "hardware failure" forced the shutdown of several tax processing systems, including the e-file system, the IRS said in a statement. The IRS.gov website remains available, but "where's my refund" and other services are not working. Some systems will be out of service at least until Thursday, the agency said. "The IRS is currently in the process of making repairs and working to restore normal operations as soon as possible," the IRS said.
Bug

Ask Slashdot: Fixing UVC Camera Issues Under Windows? 148

Khyber writes: I bought some cheap Chinese camera glasses with built-in microphones. These are (supposedly) UVC cameras manufactured in 2015. Under Windows XP, these cameras are seen perfectly fine and work as web cameras; even the microphones work. Under Windows 7, the camera appears to install just fine, however I get the 'This device can perform faster if you connect to USB 2.0' (which it is connected to) and when I try to load it up with any camera viewer such as manycam or any chat program's built-in previewer, I cannot receive any video from the camera. I can get audio from the camera microphones under Windows 7, so I am wondering if the camera device is having problems enumerating as a USB 2.0 device due to some change in Windows 7 (which it doesn't seem to have issues doing under XP,) or if the UVC driver for Windows 7 is missing something in comparison to the one used for Windows XP. Anybody else had issues getting newer UVC cameras to work in newer operating systems?
Technology

Ask Slashdot: How Can We Improve Slashdot? 1838

Hi all. Most of you are already aware that Slashdot was sold by DHI Group last week, and I very much enjoyed answering questions and reading feedback in the comments of that announcement story. There's no doubt that the Slashdot community is one of the most thoughtful, intelligent, and prolific communities on the web.

I wanted to use this opportunity to get a discussion going on how we can improve Slashdot moving forward. I am not talking about a full re-design that will detract from the original spirit of Slashdot, but rather: user experience, bug fixes, and feature improvements that are requested from actual /. users. We appreciated many of your suggestions in the story announcing the sale, and I have taken note of those suggestions. This story will serve as a more master list for feature requests and improvement suggestions.

We welcome any and all suggestions. Some ideas mentioned in the sale story were, in no particular order: Unicode support, direct messaging, increased cap on comment scores, put more weight on firehose voting to determine which stories make the front page, reduced time required between comments, and many more. We'd love a chance to discuss these suggestions and feature improvements and pros and cons here before we bring them back to our team for implementation.
Cellphones

Exploitable Backhole Accidentally Left In Some MediaTek-based Phones (ndtv.com) 79

Lirodon writes: MediaTek has confirmed findings by security researcher Justin Case, who discovered that some devices running Android KitKat on MediaTek processors (often used in lower-cost devices) had a debug function, meant to be removed on production devices, accidentally left in by their manufacturer. This hole could be used to trivially gain root access, among other possibilities.
Bug

Running "rm -rf /" Is Now Bricking Linux Systems (phoronix.com) 699

An anonymous reader writes: For newer systems utilizing UEFI, running rm -rf / is enough to permanently brick your system. While it's a trivial command to run on Linux systems, Windows and other operating systems are also prone to this issue when using UEFI. The problem comes down to UEFI variables being mounted with read/write permissions and when recursively deleting everything, the UEFI variables get wiped too. Systemd developers have rejected mounting the EFI variables as read-only, since there are valid use-cases for writing to them. Mounting them read-only can also break other applications, so for now there is no good solution to avoid potentially bricking your system, but kernel developers are investigating the issue.
Android

LG G3 'Snap' Vulnerability Leaves Owners At Risk of Data Theft (betanews.com) 39

Mark Wilson writes: Security researchers have discovered a vulnerability in LG G3 smartphones which could be exploited to run arbitrary JavaScript to steal data. The issue has been named Snap, and was discovered by Israeli security firms BugSec and Cynet. What is particularly concerning about Snap is that it affects the Smart Notice which is installed on all LG G3s by default. By embedding malicious script in a contact, it is possible to use WebView to run server side code via JavaScript. If exploited, the vulnerability could be used to gather information from SD cards, steal data from the likes of WhatsApp, and steal private photos.
Bug

FTDI Driver Breaks Hardware Again (eevblog.com) 268

janoc writes: It seems that the infamous FTDI driver that got famous by intentionally bricking counterfeit chips [NOTE: that driver was later removed] has got a new update that injects garbage data ('NON GENUINE DEVICE FOUND!') into the serial data. This was apparently going on for a while, but only now is the driver being pushed as an automatic update through Windows Update, thus many more people stand to be affected by this.

Let's hope that nobody dies in an industrial accident when a tech connects their cheap USB-to-serial cable to a piece of machinery and the controller misinterprets the garbage data.

Bug

Sensitive Information Can Be Revealed From Tor Hidden Services On Apache (dailydot.com) 37

Patrick O'Neill writes: A common configuration mistake in Apache, the most popular Web server software in the world, can allow anyone to look behind the curtains on a hidden server to see everything from total traffic to active HTTP requests. When an hidden service reveals the HTTP requests, it's revealing every file—a Web page, picture, movie, .zip, anything at all—that's fetched by the server. Tor's developers were aware of the issue as early as last year but decided against sending out an advisory. The problem is common enough that even Tor's own developers have made the exact same mistake. Until October 2015, the machine that welcomed new users to the Tor network and checked if they were running up-to-date software allowed anyone to look at total traffic and watch all the requests.
Bug

Search Suggestions Causing Apple's Safari Browser To Crash on Many Devices (theverge.com) 83

An anonymous reader writes: According to the Verge (and my wife) Apple Safari browsers are crashing left, right, and center due to Safari's search suggestions feature. "Simply disabling this feature will stop Safari crashing, or using the private mode option in the browser as a temporary workaround. Not everyone is affected, and this could be because some have the search suggestions cached locally or they're still able to reach Apple's servers thanks to a DNS cache."
Bug

Discrepancy Detected In GPS Time 187

jones_supa writes that on Tuesday, 26th January, Aalto University's Metsähovi observatory located in Kirkkonummi, Finland, detected a rare anomaly in time reported by the GPS system (Google translation). The automatic monitoring system of a hydrogen maser atomic clock triggered an alarm which reported a deviation of 13.7 microseconds. While this is tiny, it is a sign of a problem somewhere, and does not exclude the possibility of larger timekeeping problems happening. The specific source of the problem is not known, but candidates are a faulty GPS satellite or an atomic clock placed in one. Particle flare-up from sun is unlikely, as the observatory has currently not detected unusually high activity from sun.
Open Source

Developers Frustrated with GitHub Prod For Changes In Bug Reports, Transparency 99

DeveloperTech reports that a group of GitHub developers have posted an open letter, with nearly 1300 signatures, expressing dissatisfaction with GitHub's processes and policies, and in particular the site's level of transparency. A slice of the letter: "Those of us who run some of the most popular projects on GitHub feel completely ignored by you. We’ve gone through the only support channel that you have given us either to receive an empty response or even no response at all," he wrote. "We have no visibility into what has happened with our requests, or whether GitHub is working on them. Since our own work is usually done in the open and everyone has input into the process, it seems strange for us to be in the dark about one of our most important project dependencies."
Facebook

Fake Facebook Emails Deliver Malware Masquerading As Audio Message 47

An anonymous reader writes: A new spam campaign is targeting Facebook users. It uses the same approach as the recent one aimed at WhatsApp users, and Comodo researchers believe that the authors of both campaigns are likely the same. The fake emails are made to look like an official communication from the popular social network, and their goal is to make the victims believe they have received a voice message. The attachment that the recipients are urged to download and open contains a malicious executable — a variant of the Nivdort information-stealing Trojan.
Government

Backdoor Account Found On Devices Used By White House, US Military (sec-consult.com) 166

An anonymous reader writes: A hidden backdoor account was discovered embedded in the firmware of devices deployed at the White House and in various US Military strategic centers, more precisely in AMX conference room equipment. The first account was named Black Widow, and after security researchers reported its presence to AMX, the company's employees simply renamed it to Batman thinking nobody will notice. AMX did remove the backdoor after three months. In its firmware's official release notes, AMX claimed that the two accounts were only used for debugging, just like Fortinet claimed that its FortiOS SSH backdoor was used only internally by a management protocol.
Math

New Mersenne Prime Discovered, Largest Known Prime Number: 2^74,207,281 - 1 (mersenne.org) 132

Dave Knott writes: The Great Internet Mersenne Prime Search (GIMPS) has discovered a new largest known prime number, 2^74,207,281-1, having 22,338,618 digits. The same GIMPS software recently uncovered a flaw in Intel's latest Skylake CPUs, and its global network of CPUs peaking at 450 trillion calculations per second remains the longest continuously-running "grassroots supercomputing" project in Internet history. The prime is almost 5 million digits larger than the previous record prime number, in a special class of extremely rare prime numbers known as Mersenne primes. It is only the 49th known Mersenne prime ever discovered, each increasingly difficult to find.

Slashdot Top Deals