Monthly Archives: December 2016

History of the Internet – YouTube

Categories: Uncategorized

Obama’s Final Address Of 2016 To Americans: ‘You’re Welcome’

obama-radio-addressFor his final weekly address of 2016, Barack said “You’re Welcome” to the American people.He took a “victory lap” of sorts … but the track is muddy and he’s running around a tire fire.But he doesn’t seem to see it that way.He first tells us that he plans to stick around and continue his … umm, “community activism.”“As I prepare to take on the even more important role of citizen, know that I will be there with you every step of the way to ensure that this country forever strives to live up to the incredible promise of our founding — that all of us are created equal, and all of us deserve every chance to live out our dreams,” Obama said.Initially, when Obama was asked about this, he said he would want to live life outside the spotlight for a while and spend some of his time with his family.But that was when he was sure that Hillary Clinton will be president.But since Trump’s victory, he is singing a different tune.

Source: Obama’s Final Address Of 2016 To Americans: ‘You’re Welcome’ | The Federalist Papers

Categories: Uncategorized

MEDIA BLACKOUT! The DAPL Protests Are STILL Going Strong Because the Pipeline Is Still Being ILLEGALLY Built

Water protectors celebrated Christmas as the fight against the pipeline continues into 2017.Despite Christmas day bringing harsh winter conditions, Dakota Acess pipeline protestors have continued their fight and brought in the holidays together.Almost all of North and South Dakota were under blizzard, ice storm or winter storm warnings on Sunday as meteorologists forecast wintry weather for central U.S.The National Weather Service said that the blizzard warning for the Sioux County — where the Standing Rock protest camp is located — will run until Monday, with up to 12 inches of snow and winds reaching up to 45 mph expected.The service warned that the freezing weather would make ground travel near impossible and could hamper the holiday travel plans for millions across the United States. But this has not deterred the estimated hundreds of “water protectors” at protests camps braving the weather.

Source: MEDIA BLACKOUT! The DAPL Protests Are STILL Going Strong Because the Pipeline Is Still Being ILLEGALLY Built – The Indigenous Peoples

Categories: Uncategorized

Firefox 52 Borrows One More Privacy Feature from the Tor Browser

Mozilla engineers have added a mechanism to Firefox 52 that prevents websites from fingerprinting users using system fonts.The user privacy protection system was borrowed from the Tor Browser, where a similar mechanism blocks websites from identifying users based on the fonts installed on their computers.The feature has been active in the Tor Browser for some time and will become active in the stable branch of Firefox 52, scheduled for release on March 7, 2017.The font fingerprinting protection is already active in Firefox 52 Beta.Firefox 52 to use a system font whitelistThis new feature works just like in the Tor Browser, meaning Firefox 52 will use a whitelist of system fonts for each operating system.Firefox won’t block queries for system fonts but it will answer in the same way for every user, with a standard list of fonts installed by default on each OS. This whitelist makes the font fingerprinting technique irrelevant for Firefox users.The practice of font fingerprinting relies on website operators deploying Flash or JS scripts that query the user’s browser for a list of locally installed fonts.

Source: Firefox 52 Borrows One More Privacy Feature from the Tor Browser

Categories: Uncategorized

Facebook Developing Copyright ID System to Stem Music Rights Infringement

mark-zuckerberg-nov-19-2016-billboard-1548As Facebook continues to grapple with its role in proliferating “fake news” amidst the heated U.S. election this year, it has another showdown looming on the horizon — this one with the music industry. In the wake of NMPA president/CEO David Israelite‘s op-ed in Billboard in October, in which he called out the social media giant for hosting videos with copyrighted music without securing licensing deals or paying creators, Facebook is working to develop a copyright identification system — similar to YouTube’s Content ID — that would find and remove videos containing copyrighted music, a source tells Billboard. The story was first reported by the Financial Times.

“In a recent snapshot search of 33 of today’s top songs, NMPA identified 887 videos using those songs with over 619 million views, which amounts to an average of nearly 700,000 views per video,” Israelite wrote in his op-ed, noting that many of the videos are fan-created cover songs — and that none have been licensed by the publishing industry. “In reality, the scope of the problem is likely much greater because, due to privacy settings on Facebook, it’s almost impossible to gauge the true scale.”

continue http://www.billboard.com/articles/business/7639969/facebook-developing-copyright-id-system-music-rights-infringement

Categories: Uncategorized

Pollution from Dead Ivy League Lab Mice Worries Neighborhood

Neighbors of Dartmouth College property where for years the Ivy League school disposed of mice and other small animals used in science experiments say they fear pollution from the site has contaminated their groundwater and they worry the school hasn’t been completely up front with them.The site has contaminated the well water of at least one family, that of Richard and Debbie Higgins, who blame a variety of health problems on it, including rashes, hair and skin loss and dizziness. Even their dogs were not spared, they say, with one urinating blood and another vomiting.”We have been drinking the water for years and we had no idea, absolutely no idea,” Debbie Higgins said.Few nearby residents even knew the half-acre plot on the college’s Rennie Farm was used from the 1960s until 1978 to dump carcasses from “tracer experiments,” in which scientists used radioactive compounds to see how things moved through life systems. A nearby site also contained remains of human cadavers and stillborn fetuses used in medical classes.The obscurity of the fenced site changed in 2011, when Dartmouth chose to clean it up, removing 40 tons of carcasses and soil from scores of unlined pits that were legal at the time they were dug. That led to the discovery of hazardous waste and low-level radioactive materials and eventually evidence that at least one chemical used in the animal experiments, the suspected carcinogen 1,4-dioxane, had leaked into the groundwater.

Source: Pollution from Dead Ivy League Lab Mice Worries Neighborhood

Categories: Uncategorized

How to Improve the Security of Your Linux System with Firejail

Linux is always perceived as a more secure OS than its counterparts. However, that doesn’t mean it’s completely immune to viruses, worms, and other evil stuff. Like any other operating system, it has its own set of limitations, and a lot is dependent on how the individual uses it.

 Of course, nothing can guarantee absolute protection, but there are ways that make life very hard for viruses, worms, and hackers in general. If you are looking for such a solution, look no further, as in this tutorial we’ll be discussing a software, called Firejail, that can improve the security of your Linux system.

In order to boost your Linux box’s security, you need to install and use Firejail. It’s basically an SUID program that restricts the running environment of untrusted applications, reducing the risk of security breaches. Behind the scenes, what Firejail does is it enables a process as well as its children to have their own private view of the globally-shared kernel resources, including the network stack, process table, and mount table.

The application is written in C language and doesn’t have any dependencies. Of course, it has some requirements. For example, it’s only compatible with Linux machines running a 3.x kernel version or newer. As for what kind of processes the tool can sandbox, the answer is “any.” Yes, you can use it with servers and graphical applications, as well as games and user login sessions.

continue https://www.maketecheasier.com/improve-linux-security-with-firejail/

Categories: Uncategorized

Cocaine-eating moths? British govt mooted unusual plan to fight Latin American drug barons

 58663e40c461885f378b45b7
Former Prime Minister Margaret Thatcher wanted to use cocaine-eating moths as part of a plot to destroy Latin America’s booming drug trade, newly-declassified documents reveal.

The late PM ordered the Home Office to investigate the use of moths in Peru after Lord Rothschild, a close friend and Labour peer, suggested the idea in a letter.

The plan was abandoned when it was decided that only the Peruvian government could choose whether or not to use the pest within its borders.

Rothschild suggested the use of cocaine-eating moths in 1989, prompting an enthusiastic response from Thatcher, who ordered government officials to look into the “ingenious solution.

The Cabinet papers, released by the National Archives at Kew, southwest London, show how Rothschild suggested using the moths without the permission of Peruvian officials.

While virtually everyone agrees that those who take cocaine or crack, in the various ways available, should be punished, everyone, I think, agrees that it is the ‘drug baron’ who must be mercilessly ‘put down’,” the peer wrote in a letter.

Categories: Uncategorized

Woman Falls in Love with 3D-Printed Robot, Wants to Marry It

Leading artificial intelligence expert David Levy recently said that he expects human-robot marriages to become commonplace by 2050, and the recently revealed romantic relationship between a French woman and a robot she 3D-printed herself seems to confirm the beginning of this trend.The first time I saw this story circulating online, I was almost convinced it was just a prank, not because it seems impossible to believe, but because the media tends to blow things out of proportion to attracts as many eyes as possible. However, this one appears to be legit. The woman in question, known only as Lilly, or by her Twitter handle @LillyInMoovator, describes herself as a “proud robosexual” and told News.com.au via email that she is attracted only to robots and actually dislikes physical contact with human flesh.

Source: Woman Falls in Love with 3D-Printed Robot, Wants to Marry It | Oddity Central – Collecting Oddities

Categories: Uncategorized

Researchers Use World’s Smallest Diamonds to Make Wires Three Atoms Wide

Scientists at Stanford University and the Department of Energy’s SLAC National Accelerator Laboratory have discovered a way to use diamondoids – the smallest possible bits of diamond – to assemble atoms into the thinnest possible electrical wires, just three atoms wide.By grabbing various types of atoms and putting them together LEGO-style, the new technique could potentially be used to build tiny wires for a wide range of applications, including fabrics that generate electricity, optoelectronic devices that employ both electricity and light, and superconducting materials that conduct electricity without any loss. The scientists reported their results today in Nature Materials.”What we have shown here is that we can make tiny, conductive wires of the smallest possible size that essentially assemble themselves,” said Hao Yan, a Stanford postdoctoral researcher and lead author of the paper. “The process is a simple, one-pot synthesis. You dump the ingredients together and you can get results in half an hour. It’s almost as if the diamondoids know where they want to go.”

Source: Researchers Use World’s Smallest Diamonds to Make Wires Three Atoms Wide

Categories: Uncategorized

Republicans propose bill to impose fines for live-streaming from House floor

The House of Representatives has a new enemy — smartphones.House Speaker Paul Ryan (R-Wisc.) proposed new fines and ethics violations for House members that take photo and video from the floor of the chamber.

More: Trump is against net neutrality, and Republicans agree with him

This proposal is most likely in response to the 25-hour sit-in staged by Democrats earlier in 2016, protesting the lack of gun reform. According to Bloomberg, the first violation will net violators a $500 fine, which will be deducted from member’s paychecks. Second and subsequent violations will carry a steeper fine of $2,500 per incident.

Not only that, any other incidents that may disrupt decorum could be sent to the House Committee on Ethics, potentially leading to sanctions.

“These changes will help ensure that order and decorum are preserved in the House of Representatives so lawmakers can do the people’s work,” a spokeswoman for Ryan said in a statement.

Taking photo or video had already been prohibited on the floor, but was never enforced. But after the sit-in, led by John Lewis (D-Ga.), Ryan called a recess, effectively ending the C-SPAN broadcast. That is when Democrats used their phones and took to social media.

continue http://www.digitaltrends.com/social-media/livestream-ban-house-bill/

Categories: Uncategorized

How An Unexpected Friendship With A Wolf Transformed A Whole Town.

Despite their incredible beauty and their obvious similarities with our considerably tamer canine companions, everyone knoromeo1ws not to play with wolves. So when wildlife photographer Nick Jans and his Labrador encountered a wild wolf behind their home, adrenaline started pumping through them both.

When the wolf approached the Labrador, Nick could only stand helplessly by and watch. But what he didn’t know then, on that cold winter day of 2003 was that that encounter was the beginning of a relationship that defied all logic – and fundamentally transformed an entire community.During the winter of 2003, a jet-black wolf showed up on the edge of suburban Juneau, Alaska. But this wolf didn’t bear his teeth and growl aggressively. Instead, it seemed to long for companionship. Wildlife photographer Nick Jans was on his back porch when he saw the wolf for the first time. Despite the danger, Nick’s Labrador went to meet the visitor.

continue http://tinyurl.com/zea4loghttp://tinyurl.com/zea4log

Categories: Uncategorized

European border agency Frontex warns Isis is weaponising refugees

Western security officials are warning the Isis terror group may be trying to manipulate refugees into carrying out terrorist attacks.

There are also fears Isis will sneak in trained fighters among the mass movements of people fleeing war, hunger and extreme poverty.

Frontex, the European border and coast guard agency, stressed the need for the continent to be ready for the potential dangers.

“Some people might get radicalised or manipulated or used or utilised by terrorist groups after they enter the EU,” Fabrice Leggeri, executive director of Frontex, said, according to Voa News.

“This is something where I don’t have clear indications.”

A report from Europol, the EU law enforcement agency, noted the vulnerability of refugees to radicalisation.

continue http://tinyurl.com/zhuexf9

Categories: Uncategorized

Why do mosquitoes prefer some people to others?

Categories: Uncategorized

Spotify now officially even worse than the NSA

New terms and conditions popping up on Spotify users screens give the music-streaming company sweeping new rights.The “What we collect” section of the new terms seems scary enough: By using or interacting with the Service, you are consenting to: the collection, use, sharing, and processing of information about your location, including any related interactions with the Spotify service and other Spotify users (as described in The information we collect); the use of cookies and other technologies; the transfer of your information outside of the country where you live; the collection, use, sharing, and other processing of your information, including for advertising-related purposes (as described in the rest of this Privacy Policy, so please keep on reading!); and the public availability of your information and the controls over such information as described in Sharing information.But dig down and that additional information turns out to be pretty comprehensive: If you connect to the Service using credentials from a Third Party Application (as defined in the Terms and Conditions of Use) (e.g., Facebook), you authorise us to collect your authentication information, such as your username and encrypted access credentials. We may also collect other information available on or through your Third Party Application account, including, for example, your name, profile picture, country, hometown, email address, date of birth, gender, friends’ names and profile pictures, and networks.

Source: Spotify now officially even worse than the NSA • The Register

Categories: Uncategorized

The Recent Changes In Earth’s Magnetic Field

Changes in strength of Earth’s magnetic fieldMore about this video10 May 2016With more than two years of measurements by ESA’s Swarm satellite trio, changes in the strength of Earth’s magnetic field are being mapped in detail.Launched at the end of 2013, Swarm is measuring and untangling the different magnetic signals from Earth’s core, mantle, crust, oceans, ionosphere and magnetosphere – an undertaking that will take several years to complete.Although invisible, the magnetic field and electric currents in and around Earth generate complex forces that have immeasurable effects on our everyday lives.The field can be thought of as a huge bubble, protecting us from cosmic radiation and electrically charged atomic particles that bombard Earth in solar winds. However, it is in a permanent state of flux.The force that protects our planetPresented at this week’s Living Planet Symposium, new results from the constellation of Swarm satellites show where our protective field is weakening and strengthening, and importantly how fast these changes are taking place.

Source: Earth’s magnetic heartbeat / Swarm / Observing the Earth / Our Activities / ESA

Categories: Uncategorized

Gang Member Arrested For Exposing Witnesses On Facebook

Laquan Clark, an alleged gang member in Jersey City, N.J., was arrested Thursday after posting several videos of police interrogations of witnesses on Facebook earlier in the week.Though it is not yet known, Clark may have obtained the videos as part of compulsory disclosure from the April arrest, a law-enforcement source told The Jersey Journal.“This chip right here got everybody that’s telling, yo, like that’s telling in our case,” the unseen man says in a Facebook video posted Tuesday, according to The Jersey Journal. “I’m airing this s*** out as soon as I get in the house.”Clark was charged with multiple crimes in April after authorities arrested 12 people accused of being violent gang members.

One of the now-deleted posts on Clark’s Facebook page was an image of a package with the caption, “Paper work arrive. Let see how many ppl pointed fingers.”Clark, who is usually very active on Facebook, posted four videos on his Facebook profile throughout the day showing law enforcement questioning people. The content was ultimately removed.

“That’s why I roll solo don’t need co defendants they get you caught up,” one comment on the video read, reports The Jersey Journal.Clark is being charged with two counts of witness tampering, a crime that authorities consider very severe. He faces up to 20 years in prison if convicted, and bail has been set at $150,000 cash only.

Clearly this type of criminal behavior is meant to intimidate and harass any potential witnesses from co-operating with law enforcement,” Hudson County Prosecutor Esther Suarez said in a statement, according to The Jersey Journal. “We take any interference with the criminal justice system very seriously and will prosecute this individual to the fullest extent of the law.”Suarez said that Clark was currently on bail and was under the supervision of police through the use of an administered ankle monitor.

Source: Gang Member Arrested For Exposing Witnesses On Facebook | The Daily Caller

Categories: Uncategorized

This Website Has The List Of Every Torrent You Have Downloaded In Your Life

iknowwhatyoudownload-1-640x360Many people use torrent websites to download pirated and non-pirated content. It isn’t an unknown fact that it’s not much difficult to track anyone’s activities on the torrent network. And, to your ultimate happiness, this website called ‘I Know What You Download‘ actually tracks and saves the torrents people download in their everyday lives.

If you deleted the download history from you the torrent client, you could cross-check the names on ‘I Know What You Download.’ All you need to do is enter your IP address on the website and click Find IP.

In a matter of a few seconds, all of the downloads and the torrents you have distributed from your IP address will be displayed on your screen. Along with the date and time of the download, the list also includes the title and size of the torrent.

continue http://tinyurl.com/zgqnfar

Categories: Uncategorized

DUI Charge Dropped Against Caffeinated California Driver

(Newser) – He was busted for driving while intoxicated, and now, 16 months later, Joseph Schwab has had his DUI charge dropped. The California man had been pulled over in Solano County in August 2015 after it was reported he was driving erratically, and he was arrested for DUI, although later tests found he had no alcohol or drugs other than caffeine in his system. The DUI charge was kept on the books, however, because prosecutors contended his driving was so all over the place that he had to have had another drug in his system that wasn’t showing up in tests, per the San Francisco Chronicle. Schwab was also said to have failed sobriety tests at the scene.The Solano County DA’s office conceded this week, noting in a written statement that it was finally giving up and dropping the DUI charge because it didn’t think it could prove it beyond a reasonable doubt, though it still maintains it’s “highly likely the defendant was under the influence of a drug,” per KTLA. A misdemeanor charge against Schwab for reckless driving remains. (A man in Japan drank himself to death with caffeine.)

Source: DUI Charge Dropped Against Caffeinated California Driver Joseph Schwab

Categories: Uncategorized

The State of Linux Security/ Linux Security (2016)

Introduction

In the last 10 years, GNU/Linux achieved something some foreseen as almost impossible: powering both the smallest and biggest devices in the world, and everything in between. Only the desktop is not a conquered terrain yet.

The year 2016 had an impact on the world. Both from a real life perspective, as digitally. Some people found their personal details leaked on the internet, others found their software being backdoored. Let’s have a look back on what happened this year regarding Linux security.

Why this report?

With this article we want to capture the most important events of the last year. By looking back we might be able to better predict what there is to come in the upcoming years. This article is posted on this blog to provide a flexible shell. Any feedback is welcome in the comments section.

About CISOfy

This extensive article is created by the people at CISOfy. We focus on Linux and Unix security and created the open source tool Lynis and its bigger brother Lynis Enterprise. Helping you to perform a security scan on your systems and stay compliant with regulations.

25 years of Linux

This year included the celebration of the Linux project. It was 25 years ago that Linus Torvalds shared his initial creation. One of the lessons we can learn from his first announcement, is that security had to find its place. You just needed to spawn 64 processes to perform a denial of service. At that time a reasonable defect, considering the age of the project.

Security highlight: backdoors

Backdoor in Linux Mint (February 2016)

The popular Linux Mint distribution got a bad surprise. Users who downloaded the distribution on the 20th of February picked up a backdoored release.

What happened?

The server of the project was apparently breached via WordPress. The attackers were able to put up a new ISO, with a backdoor in it. If your distribution had the file /var/lib/man.cy, then it was confirmed that this was the bad release.

Lessons learned

Stop using MD5. If you still use SHA1, then add also the SHA256 or SHA512 hashes.

Linux kernel security and self-protection

A hot topic is around kernel hardening and the concept of ‘self-protection’. The kernel should be be able to defend itself to a basic set of attacks. Typically these are buffer overflows and result in unauthorized access to memory segments. Fortunately, some of these protections are now being discussed and the first set of patches have been applied to the official kernel sources.

One of these examples is the 4.9 release of Linux. The kernel can now enforce proper memory protections, based on the type of data stored in memory. Code memory is marked executable and read-only, with read-only data being marked read-only and non-executable, and writable data as non-executable.

Another recent addition is adding guard pages between stacks. Stacks are used for maintaining a list of activities of a process and determine the next step. The kernel has all these process stacks mapped together, with the risk of one process performing stack exhaustion (similar like a buffer overflow but for stacks). If that succeeds, a process can directly influence another process. With the guard pages this is protected, resulting in the kernel to send back a fault and thwart the attack.

Relevant links

Relevant kernel parameters

  • CONFIG_DEBUG_RODATA
  • CONFIG_DEBUG_SET_MODULE_RONX
  • CONFIG_CPU_SW_DOMAIN_PAN (ARM)
  • CONFIG_ARM64_PAN (ARM64)
  • CONFIG_X86_SMAP (X86)
  • CONFIG_KASAN_INLINE (for testing)
  • CONFIG_KASAN_OUTLINE (for testing)
  • CONFIG_UBSAN

Live patching of the kernel

The technology of patching a running kernel is not new. Several technologies were being developed over the years:

  • KernelCare
  • kexec
  • kGraft (SUSE)
  • kpatch (Red Hat)
  • Ksplice (Ksplice, now Oracle)

With support for kGraft in the kernel sources, distributions can now leverage this functionality. When a new security vulnerability hits the kernel, the distribution can create a related patch. This is then loaded as a kernel module and applies a bypass to the affected function that had the vulnerability. Great care should be put into creating these patches as they will change the running kernel. For this same reason, the kernel will mark itself as tainted to reflect this. It is similar to backdooring the kernel, except for a good cause. If you don’t allow loading kernel modules, then this technique won’t work obviously.

Canonical announced in October 2016 the availability of using Livepatch in Ubuntu. This service became available to both customers and free users, although limited up to three systems for the latter.

Average lifetime of security bugs

Kees Cook, currently working for Google, shared an interesting insight regarding the lifetime of security bugs before they are fixed. This can easily between 3 and 6 years for high and critical issues.

Linux vulnerabilities

Like previous years, this year had a fair number of serious vulnerabilities. With differences in timing between discovery and public disclosure, this list is ordered by CVE number.

CVE-2015-7547 – glibc

Issues in glibc, a very generic library affecting almost all Linux systems, caused some attention early in the year. Discovered by troubleshooting strange issues with SSH, it was discovered the cause was at another location: glibc.

CVE-2016-1247 – nginx (root privilege escalation)

Rotation of log files on systems running nginx on Debian or derivatives could be tricked into escalating privileges.

CVE-2016-0636 – OpenJDK

An issue in some versions of Java 7 and 8 hit in particular desktops, including those running on Linux. With the tendency of security professionals advising to disable Java and Flash, we wouldn’t be surprised that issues with this kind of packages will slowly decrease. Oracle bulletin for CVE-2016-0636

CVE-2016-0800 – DROWN attack

The DROWN attack was a discovered weakness with SSLv2. Although many web servers are now properly configured, there are still systems around having it enabled. And even your web server is not vulnerable, it can be if SSLv2 is enabled on another system (e.g. mail), while reusing the same key for the SSL certificate.

CVE-2016-0728 – 0-day Linux root exploit

An issue in the keyrings functionality could trigger a leakage of data. Those who discovered the issue explain how it can result in root privileges, in their great write-up.

CVE-2016-5696 – Linux kernel vulnerability for 4.6

Luckily without affecting many servers and desktops, it affected Android 4.4 KitKat and later. This vulnerability could be used to hijack TCP sessions.

CVE-2016-6662 – Critical issue in MySQL and MariaDB

This vulnerability could result in root privileges. A extensive write-up explains how it works.

CVE-2016-4484 – Linux Disk Encryption Bypass

This issue is very similar to the GRUB2 authentication bypass discovered in 2015.  This time it resulted in a root shell on the machine. Although you still can’t access data of the encrypted disks, it should not be there. This issue was limited to systems running Debian or a derivative.

CVE-2016-5195 – Dirty COW

Copy-on-write issues in memory resulting in “dirty COW”. This time with another great logo and official website.

Linux Malware

A lot of the things that hit the media were related to malicious software. Malware is not new on Linux and may exist since the beginning. Early 2000’s we saw rootkits, backdoored binaries, and an arsenal of tools to crash well-known software. We can say that the quality of most software increased. This is especially true when considering the addition of security settings and an ongoing trend to enable them by default. And while the effectiveness of most rootkits diminished, malware on Linux looks to be growing.

Mirai botnet

Botnets are a powerful tool for those who want to perform denial of service attacks, send spam email, or simply harvest bitcoins on the cost of others. Linux has a past of botnet clients, varying from simple IRC clients that could execute commands, up to heavily encrypted binaries with different mechanisms to be controlled by the botnet master. Fortinet disassembled the Mirai.B worm on their blog.

Core Infrastructure Initiative

The Linux Foundation released funds and energy into making Linux more secure. Not just the Linux kernel, but also commonly used software components like OpenSSL, or supporting other open source projects. This work is done under the Core Infrastructure Initiative, or CII.

With CII there are four projects which enhance each other and help projects all over the world. One of them is tooling, like offering the right tools. This helps with reproducible builds, something being used with Debian now. Also fuzzing tools, which throw garbage at tools to detect missing input validation or memory issues. Besides tooling there is education, helping projects to connect and find the right resources when it comes to security.

Then there are those special projects that need a little bit more attention. For example, because they are used by many other projects, or consist of a library. A flaw like we have seen in glibc can have a high impact due to this relationship with other software. These projects are tracked with the Census project and scored on risk.

The last interesting project is the Badge program, giving developers an extensive checklist to score your project [example].

Interesting reads

Conferences

 Conferences are a great way to share knowledge and insights. Two particular conferences can be highlighted that really focus on security in the area of Linux and open source.

O’Reilly Security

Most security conferences focus on the offensive side, think Black Hat and Defcon. Rarely we see conferences focused on just defensive. O’Reilly made the bold move to organize two events, one in New York, the other in Amsterdam. The recordings are available if you have a subscription to Safari.

Linux Security Summit

This yearly summit provides a good insight on the status of Linux security. There is so much to tell and to see. So have a look at the playlist.

source https://linux-audit.com/the-state-of-linux-security/

Categories: Uncategorized

Unlimited Internet Plans To Become Standard Under New CRTC Rules

Canada’s telecommunications watchdog has ordered Internet service providers to offer an unlimited data plan for home Internet access, and to issue easy-to-understand bills.

The new rules are part of an overhaul of the country’s Internet service regulations that the Canadian Radio-television and Telecommunications Commission (CRTC) announcedWednesday. The CRTC also declared broadband internet access a basic service across the country, just like current landline telephone service.

The CRTC also significantly increased target speeds for broadband Internet, to 50 Mbps download and 10 Mbps upload, 10 times the existing speed targets.

continue : Unlimited Internet Plans To Become Standard Under New CRTC Rules

Categories: Uncategorized

Virtual Reality Allows the Most Detailed, Intimate Digital Surveillance Yet

Why do I look like Justin Timberlake?”Facebook CEO Mark Zuckerberg was on stage wearing a virtual reality headset, feigning surprise at an expressive cartoon simulacrum that seemed to perfectly follow his every gesture.The audience laughed. Zuckerberg was in the middle of what he described as the first live demo inside VR, manipulating his digital avatar to show off the new social features of the Rift headset from Facebook subsidiary Oculus. The venue was an Oculus developer conference convened earlier this fall in San Jose. Moments later, Zuckerberg and two Oculus employees were transported to his glass-enclosed office at Facebook, and then to his infamously sequestered home in Palo Alto. Using the Rift and its newly revealed Touch hand controllers, their avatars gestured and emoted in real time, waving to Zuckerberg’s Puli sheepdog, dynamically changing facial expressions to match their owner’s voice, and taking photos with a virtual selfie stick — to post on Facebook, of course.The demo encapsulated Facebook’s utopian vision for social VR, first hinted at two years ago when the company acquired Oculus and its crowd-funded Rift headset for $2 billion. And just as in 2014, Zuckerberg confidently declared that VR would be “the next major computing platform,” changing the way we connect, work, and socialize.“Avatars are going to form the foundation of your identity in VR,” said Oculus platform product manager Lauren Vegter after the demo. “This is the very first time that technology has made this level of presence possible.”But as the tech industry continues to build VR’s social future, the very systems that enable immersive experiences are already establishing new forms of shockingly intimate surveillance. Once they are in place, researchers warn, the psychological aspects of digital embodiment — combined with the troves of data that consumer VR products can freely mine from our bodies, like head movements and facial expressions — will give corporations and governments unprecedented insight and power over our emotions and physical behavior.

continue : Virtual Reality Allows the Most Detailed, Intimate Digital Surveillance Yet

Categories: Uncategorized

13-ft-tall Method-2 Might Soon be Guarding Borders

Yes, you read that right and this isn’t science fiction but something that is very real! A South Korean robotics company — Hankook Mirae Technology — has managed to help the ginormous robot take its first baby steps.method2Claimed as first of its kind by the creators, the robot which is being trained and tested in Seoul, South Korea, has been christened Method-2.The 1.5-ton robot which shook the ground in its baby steps bears a close resemblance to the robots in the movie ‘Avatar’, as it also has a seat that can be used to pilot it via human intervention.“Our robot is the world’s first manned bipedal robot and is built to work in extremely hazardous areas where humans cannot go. The robot is one-year-old so it is taking baby steps; but just like humans, it will be able to move more freely in the next couple of years,” company chairman Yang Jin-Ho told phys.org.

Source: 13-ft-tall Method-2 Might Soon be Guarding Borders

Categories: Uncategorized

What Obama Just Said About Race Is Causing Some to Question His Sanity

obamadolezal

In an interview for The Atlantic with Ta-Nehisi Coates, President Obama’s take on race added to the list of bizarre things he’s said over the years. According to our outgoing president, “if you are perceived as African American, then you’re African American.”

Coates asked Obama, “I wonder how you came to think of yourself as black and why,” after a lengthy commentary about his upbringing that, frankly, could have been boiled down to the simple fact that Obama is mixed race — both white and black.

Obama responded: “Well, part of my understanding of race is that it’s more of a social construct than a biological reality.”

Okay wait, I had to stop it there. You can call just about anything a “social construct,” but there is a biological reality no matter how you look at it.

Obama continued his answer: “And in that sense, if you are perceived as African American, then you’re African American.”

Wow, I didn’t know it was that simple. If someone “perceives” you as something, that is what you are. So much for telling young people not to allow bullies to define who they are…

Remember Rachel Dolezal? The white woman who pretends to be black will surely be happy to hear about this!

racheldolezal

Apparently Obama takes the “one-drop theory” a step further and acknowledges the Dolezals of the world who want to identify as anything they want to no matter what the biological reality is.

continue

Categories: Uncategorized

Why haven’t we invented a sunscreen pill?

Antioxidants in Polypodium leucotomos, a tropical fern, can technically block UV radiation. But antioxidants are unstable molecules, so getting them from stomach to skin is hard. Today’s fern-extract pills, like Solaricare or Heliocare, reach only SPF 4, not nearly enough for daily protection, let alone a beach day. This instability issue won’t be solved soon, so keep slathering up.Want to know if your fantasy invention could become a reality? Tweet @PopSci or tell us on Facebook. Popular Science reader Chad Wells submitted this question via Facebook.

Source: Why haven’t we invented a sunscreen pill? | Popular Science

Categories: Uncategorized

Wisconsin’s Department of Natural Resources site no longer says humans cause climate change

Wisconsin’s Department of Natural Resources site no longer says humans cause climate change

Source: Wisconsin’s Department of Natural Resources site no longer says humans cause climate change – The Verge

Categories: Uncategorized

Vera Rubin, astronomer who proved existence of dark matter, dies at 88

Vera Rubin, an astronomer who proved the existence of dark matter, one of the fundamental principles in the study of the universe, but who battled sex discrimination throughout her career, died Dec. 25 at an assisted living facility in Princeton, N.J. She was 88.She had dementia, said a son, Allan Rubin.Dr. Rubin’s groundbreaking discoveries, made primarily with physicist W. Kent Ford, have revolutionized the way scientists observe, measure and understand the universe.The concept of “dark matter,” an unknown substance among stars in distant galaxies, had existed since the 1930s, but it was not proved until Dr. Rubin’s studies with Ford in the 1970s. It is considered one of the most significant and fundamental advances in astronomy during the 20th century.

Source: Vera Rubin, astronomer who proved existence of dark matter, dies at 88 – The Washington Post

Categories: Uncategorized

France’s National Front Finds Support Among Millennials

NICE, France — Sébastien Faustini’s decision to skip the firework display at the beach not only potentially saved his life — it steered his politics toward the far right.The soft-spoken 18-year-old stayed home with his cousin and watched the Bastille Day display on TV, instead of heading to the Nice promenade as they’d planned on July 14.A truck was driven into the crowd that night, killing 86 people.

“We could have been there,” said Faustini, who is now forced to pass by the scene of attack daily on his way to university. “Every day that hits me.”Three weeks ago, he joined France’s far-right National Front.”Certain media organizations stigmatize members of the National Front calling them fascists, insults that have nothing to do with the party’s program,” Faustini told NBC News.

Source: France’s National Front Finds Support Among Millennials – NBC News

Categories: Uncategorized

How GPS Became a Human Tracking Mechanism

Ralph and Robert Schwitzgebel were identical twins from Ohio, champion high school debaters who won the state title in 1951, graduated from different colleges, and both — unbeknownst to the other — applied to Harvard’s graduate program in psychology. “We kind of show up on campus one day — ‘What are you doing here?’ ” Robert recalls.It was a heady time at the Harvard psych department. The faculty included B. F. Skinner, behaviorism’s leading figure, and also Timothy Leary, who demonstrated during his brief time at the university that he was willing to go to unprecedented lengths to test the molding of human behavior. Leary became Ralph’s adviser. Ralph coauthored the paper detailing Leary’s infamous Concord Prison experiment, in which young inmates were given psilocybin as part of group therapy, between 1961 and 1963. The study proposed that the drug had a positive effect on the recidi- vism rate of the experimental group.Ralph took from his mentor a willingness — even an eagerness — to deploy unorthodox methodologies, especially in the treatment of young people on the margins of society. Ralph wanted to merge the experimental psychologist’s lab with the psychotherapist’s office.

Source: How GPS Became a Human Tracking Mechanism

Categories: Uncategorized

Tracking In Incognito?

It may surprise you that ads can still follow you around in “Incognito” and other “private browsing” modes.

That’s because Incognito mode isn’t really private.

Incognito mode only deletes your local search and browsing history – just the content on your computer. Websites, search engines, internet service providers, and governments can still easily track you across the web.

That’s why it’s important to use privacy alternatives that don’t share your personal information – such as DuckDuckGo for search.

Using Incognito mode to keep you private online is kind of like using a bucket to put out a raging fire:

In a study we ran, we found that 74% of people over-estimate the protection that private browsing modes offer. Now you don’t have to be part of that statistic — welcome to the Duck Side!
Proudly Private,

Dax the Duck,
Mascot – DuckDuckGo

Categories: Uncategorized

Create a free website or blog at WordPress.com.

%d bloggers like this: