Daily Archives: August 7, 2015

Quick! Update Firefox to foil FILE-STEALING vulnerability exploit

Firefox users have been urged to update to browser version 39.0.3, following the discovery of a vulnerability which allows an attacker to read and steal sensitive local files on the victim’s computer via the browser’s PDF reader.

Discovered by security researcher Cody Crews, the Firefox exploit allows an attacker to violate the same origin policy and inject script into a non-privileged part of Firefox’s built-in PDF Viewer.

Mozilla reports that on the morning of 5 August, a user passed the organisation information showing how to exploit the vulnerability.

An advertisement on an unnamed news site in Russia was serving the exploit, according to Mozilla, and then uploading sensitive pilfered files to a server, apparently located in Ukraine.

Mozilla has now released a security update addressing the vulnerability.

Additionally, Mozilla notes the fix has been shipped in Firefox ESR 38.1.

All Firefox users are urged to update to Firefox 39.0.3

While the vulnerability does not allow remote code execution, it does enable attackers to inject a JavaScript payload into the local file context. This allows the attacker to search the machine for, and subsequently upload, sensitive local files.

Mozilla reports that the vulnerability is produced by the interaction of the mechanism that enforces JavaScript context separation (the “same origin policy”) and Firefox’s PDF Viewer.
continue http://www.theregister.co.uk/2015/08/07/update_firefox_to_foil_russian_filestealing_vuln_exploit/

Categories: Uncategorized

There’s a comedy show in Edinburgh that teaches you how to die

The Edinburgh Fringe show, which explores methods of assisted suicide and is presented by Australian euthanasia doctor Philip Nitschke, has been marred in controversy and closely watched by the authorities in the weeks leading up to its opening night.

The Metropolitan Police questioned Nitschke under caution about the content of the show in April and this week local officers in Edinburgh joined members of the city council in snooping around the logistics, threatening to derail the whole thing.

They share concerns that the performance, which is concerned with “teaching the funny side of the right-to-die debate,” breaches UK assisted suicide laws. Eventually, though, and after a stage full of people examined the equipment and general set-up at the last minute, the show was allowed to go on.

It’s an odd hour of entertainment, even by Edinburgh standards. Participants are asked if they’re police as they enter the gloomy cave that’s hosting proceedings, and disclaimers on each chair insist that if we end up taking our lives, it’s got nothing to do with the gig we’re about to see.

Viewers of the 'Dicing with Dr Death' show had to read a disclaimer.

Viewers of the ‘Dicing with Dr Death’ show had to read a disclaimer.

Image: Tim Chester/Mashable

Nitschke, meanwhile, cuts a striking figure as he ambles on stage, clutching a scythe that’s promptly dropped after a few seconds, white lab coat slung over a Hawaiian shirt, shorts and boots. A projector screen and a sinister machine hidden under a cloth complete the set-up.

From the outset, it’s clear Nitschke has laced the show with comic asides, some of which work better than others among the half-full auditorium. If we do commit suicide, he says, it’s not because we were taught to but because the “jokes were so bad.”

continue http://mashable.com/2015/08/07/euthanasia-show-edinburgh-fringe/

Categories: Uncategorized

WIFI SECURITY FROM HACKER’S PERSPECTIVE

Categories: video | Tags: ,

EFF creates ‘stronger’ standard for Do Not Track

Privacy advocates have long been working toward a coherent Do Not Track standard, and this week a new option is being put on the table. The Electronic Frontier Foundation, along with companies including Medium and DuckDuckGo, have introduced a new Do Not Track standard that they claim to be “stronger” than those currently going around. The standard sticks to Do Not Track’s existing tenets: it should be opt-in, and enabling it should tell websites and advertisers not to store and share information on the person visiting them. Supporting the standard is also voluntary, which is less of a choice and more of an acknowledgement that there’s no legal backing that requires websites not to track anyone.

“Adoption on a per-domain basis should help DNT spread more quickly.”

The EFF doesn’t call out why this standard is stronger than other Do Not Track policies, but it does suggest that it’s best used in conjunction with other privacy software. The groups behind this standard also hope that it’ll be easier to adopt, which would also have the effect of making it stronger. To ease adoption, the new Do Not Track policy says that companies can pick and choose where to include support. That means a website could support Do Not Track on its primary domain but decline to support it while offering services to third parties. “Adoption on a per-domain basis should help DNT spread more quickly,” the EFF writes.

continue http://www.theverge.com/2015/8/4/9094215/do-not-track-policy-created-eff

Categories: Uncategorized

Biometric behavioural profiling: Fighting that password you simply can’t change

Security researchers have developed a browser extension that supposedly defeats biometrics based on typing patterns, with the exercise designed, in part, to promote greater awareness about the emerging technology and the privacy risk it might pose.

Biometric behavioural profiling allows a site to collect metadata about how a person types, rather than just what they type.

When you type your username and password, the site can see how long it takes to type it, including how long each key is depressed (dwell time) and how long it takes to move from one key to another (gap time).

Some sites are moving beyond simple password/ID logins towards multi-factor solutions in an effort to bolster security.

This can happen to the detriment of the user experience, particular when it comes to continuous authentication/behavioural biometrics, according to Per Thorsheim, founder of PasswordsCon and independent IT security consultant Paul Moore.

Profiling technologies from firms such as BehavioSec and KeyTrac can improve security when added to a banking site, where they offer the potential to minimise fraud.

But use of the technologies elsewhere comes at the expense of privacy, according to the two security researchers. It’s unclear how many sites use biometrics based on typing patterns or, if they did, whether or not they inform users about their practices in this area.

“You can forget Tor, a VPN and your favourite proxy site,” Moore explained. “If you have JavaScript enabled and you’ve been profiled, there’s a very good chance they’ll identify you. The problem is … do you know when you’re being profiled?”

If a site is using biometric behavioural profiling, then this has deeper consequences than simply obliging users to change their passwords, Moore added.

continue http://www.theregister.co.uk/2015/07/28/behavioural_profiling_defeating_typing_biometrics/?BHT-c5af26af-b9c5-4baa-9bf7-c4e203b96783.7

Categories: technology | Tags: , ,

How to Get Desktop Class Downloading Features on any Android

Android’s downloader is the most basic part of the OS. Yes, there’s an app where you can view the progress of the download and stop it. Yes, the notification shows the progress of the download but nothing much. The download features we take for granted on the desktop – the basic ability to see the download speed, pause/resume download, multiple downloads and large file downloads are just not possible using the default Downloads app on Android.

Advanced Download Manager

Thankfully, a third party Android app is more than happy to take over the downloading duty while offering all the above features and more.

All things download: Did you know there’s a hassle free (ad-free) way of searching and downloading torrents right on your Android phone? Also, while we’re talking about torrenting, you really should ditch the bloated, malware infested uTorrent. But, since we’re talking about torrents, ensure you check the laws of your land before you start using them.

continue http://www.labnol.org/internet/embed-tweets/1933/

Categories: Uncategorized

How to Turn Your Smartphone Into a Hologram Projector

Finally, a use for all those old CD jewel cases: turning your smartphone into a tiny hologram projector.

By making a sort of half-prism with cut out pieces of a jewel case, your smartphone will reflect images from special “hologram” videos, making the projection appear 3D. Some YouTubers are less than impressed, dismissing the image as “just a reflection,” but the effect is still definitely cool even if it’s not technically a real hologram. (Other commenters are predictably requesting hologram porn.)

This tutorial was shot by Arun Maini, who runs the YouTube channel Mrwhosetheboss, and has already racked up over two million views in just two days. Maini’s channel is mostly product reviews, but he became intrigued by the hologram projector idea after a friend forwarded him a similar tutorial.

Maini is still adjusting to the increase in traffic on his channel, calling the experience phenomenal. “I shared the video to a few related Google+ communities, and before I knew it, the video had reached some influential people, and was on the front page of Reddit,” Maini says. “It just went on from there.”

Maini hopes to spin his YouTube channel into an eventual career in tech or media. If any recruiters are reading this, you should know that Maini aced four A-levels.

source http://motherboard.vice.com/read/how-to-turn-your-smartphone-into-a-hologram-projector

Categories: Uncategorized

The First 3D-Printed Drug Has Been Approved in the US

The US Food and Drug Administration (FDA) has approved a drug made by 3D printing for the first time, according to American pharma company Aprecia.

The company announced on Monday that the FDA had approved its drug Spritam, a branded version of the generic levetiracetam, as an oral treatment to help treat seizures in patients with epilepsy.

Levetiracetam is an anticonvulsant that’s been available to treat epilepsy in the US and UK for years, but Aprecia claims that its proprietary 3D-printed formulation disintegrates rapidly (in less than 10 seconds for a high-dose drug) and could offer more taste-masking possibilities.

The company explains that its “ZipDose” technology works by printing together layers of powder with a fluid to make a “porous, water-soluble matrix that rapidly disintegrates with a sip of liquid.” Using this 3D printing method sets the product apart from conventional pills that are compressed or moulded into shape.

So while the medication itself has the same effect, it’s intended to improve the experience of taking it by literally making it easier to swallow: the company claims that even the strongest doses of the drug could be taken with just a sip of water.

In its announcement, Aprecia wrote that, “While 3DP [3D printing] has been used previously to manufacture medical devices, this approval marks the first time a drug product manufactured with this technology has been approved by the FDA.”

3D printing techniques have been put to use across medical research to create surgical guides, implants, and even human tissue. And while Aprecia is still delivered in its finished form as a prescription tablet, many hail the potential of 3D printing to allow for greater personalisation of medicines. Perhaps one day they’ll even come as print-at-home downloads.

continue http://motherboard.vice.com/read/a-3d-printed-drug-has-been-approved-in-the-us-for-the-first-time

Categories: Uncategorized

Fed Finally Figures Out Soaring Student Debt Is Reason For Exploding College Costs

Back in May 2014, in one of its patented utterly worthless “analyses” (that cost taxpayers several tens of thousands of dollars) the San Francisco Fed, home of such titans of central planning thought as Janet Yellen, asked “is it still worth going to college.” Not surprisingly, its answer was yes after some contrived mathematics that completely forgot to include just one thing: debt.

At the time, we had the following comment:

Oddly enough, having perused the paper several times, and having done
a word search for both “loan” and “debt” (both of which return no
hits), we find zero mention of one particular hockeystick. This one:

Perhaps for the San Fran Fed to be taken seriously one of these
years, it will actually do an analysis that covers all sides of a given
problem, instead of just the one it was goalseeked to “conclude” before
any “research” was even attempted.

An analysis, even a painfully simple one, such as the one we put together less than a month later:

It is common knowledge that in the hierarchy of bubbles, not even the stock market comes close to the student loan bubble. If it isn’t, one glance at the chart below which shows the exponential surge in Federal student debt starting just after the great financial crisis, should put the problem in its context.

continue http://www.zerohedge.com/news/2015-08-03/fed-finally-figures-out-soaring-student-debt-reason-exploding-college-costs

Categories: Uncategorized

US Army Says Next Major War Will Be Fought By Robots And Cyborgs

The future battlefield will be overcrowded with robots, genetically engineered “super-humans” and a wide range of autonomous killer bots, according to a US Army Research Laboratory report.

The tactical battlefield of 2050 will surpass all expectations, since robots and super-human killers will be playing the first fiddle in the battle, according to thought leaders from the US Defense Department and the US Army Research Lab (ARL), scientists and security thinkers.

“The battlefield of the future will be populated by fewer humans, but these humans would be physically and mentally augmented with enhanced capabilities that improve their ability to sense their environment, make sense of their environment, and interact with one another, as well as with “unenhanced humans,” automated processes, and machines of various kinds,” the ARL report entitled “Visualizing the Tactical Ground Battlefield in the Year 2050: Workshop Report” stated.

“As a result, they would not only do things differently, but do different things compared to the human combatants of today with their limited forms of augmentation and enhancement,” the US analysts elaborated.According to the report, the success in future warfare would be determined by seven specific interrelated capabilities, namely: augmented humans, automated decision making and autonomous processes; misinformation as a weapon; micro-targeting; large-scale self-organization and collective decision making; cognitive modeling of the opponent; as well as the ability to understand and cope in a contested, imperfect information environment.

continue http://sputniknews.com/military/20150724/1025019293.html

download army report pdf here http://www.arl.army.mil/www/default.cfm?technical_report=7417

Categories: Uncategorized

NRA-Backed Mental Health Bill Needs to Address Key Questions | Starvin Larry

The Grey Enigma

Via David Codrea

“A+”-rated* Sen. John Cornyn has the National Rifle Association’s backing for a “modest” bill “that would reward states for sending more information about residents with serious mental problems to the federal background check system for firearms purchasers,” Fox News is reporting. The legislation is generating no small amount of debate among gun rights advocates, with some supporting it as a pragmatic move designed to thwart more draconian proposals, and others characterizing it as a preemptive surrender (and worse).

Without getting into that debate, because there will be plenty of others weighing in on both sides, I’d instead like to just ask a few questions that all who are interested in due process ought to be interested in seeing answered. By way of disclosure, my longstanding contention is that anyone who can’t be trusted with a gun can’t be trusted without a custodian, but that’s not likely to…

View original post 402 more words

Categories: Uncategorized

Election 2016: Analysis of Republican ‘Debate’

Categories: Uncategorized

Create a free website or blog at WordPress.com.

%d bloggers like this: