Get HideMyAss! VPN, PC Mag's Top 10 VPNs of 2016 for 55% off for a Limited Time ×
First Person Shooters (Games)

Valve Threatens Counter Strike Gambling Sites (hngn.com) 28

An anonymous Slashdot reader quotes a report from HNGN: Game maker Valve is threatening to shut down sites dedicated to gambling with add-ons to its popular Counter Strike game. On Thursday the company sent cease and desist letters to 23 sites, demanding that gambling operations be stopped, and that the sites had 10 days to comply. The row revolves around the software overlays that change the appearance of the characters people play in Counter Strike: Global Offensive (CSGO) and the weapons and other virtual items. Last week the company reiterated that its user agreements ban external sites from asking users to connect their Steam accounts in order to trade items for real money. The company added that it would use "all available remedies" against sites that did not stop players using virtual goods to gamble.
Bloomberg reports that in June a class action lawsuit was filed against Valve "for its role in the multibillion-dollar gambling economy that has fueled the game's popularity" -- by a man who had been gambling on the site since 2014. This was followed in July by a second class action lawsuit by a mother on behalf of her son, reports ESPN. "The case alleges that the Valve knowingly allows and profits from teenagers participating in illegal, unregulated and underage gambling of in-game cosmetic weapon skins through third-party sites."
Security

'High-Risk Vulnerabilities' In Oracle File-Processing SDKs Affect Major Third-Party Products (csoonline.com) 11

itwbennett writes: "Seventeen high-risk vulnerabilities out of the 276 flaws fixed by Oracle Tuesday affect products from third-party software vendors," writes Lucian Constantin on CSOonline. The vulnerabilities, which were found by researchers from Cisco's Talos team, are in the Oracle Outside In Technology (OIT), a collection of SDKs that are used in third-party products, including Microsoft Exchange, Novell Groupwise, IBM WebSphere Portal, Google Search Appliance, Avira AntiVir for Exchange, Raytheon SureView, Guidance Encase and Veritas Enterprise Vault.

"It's not clear how many of those products are also affected by the newly patched seventeen flaws, because some of them might not use all of the vulnerable SDKs or might include other limiting factors," writes Constantin. But the Cisco researchers confirmed that Microsoft Exchange servers (version 2013 and earlier) are affected if they have WebReady Document Viewing enabled. In a blog post the researchers describe how an attacker could exploit these vulnerabilities.

TL;DR version: "Attackers can exploit the flaws to execute rogue code on systems by sending specifically crafted content to applications using the vulnerable OIT SDKs."
Advertising

Google Tests Ads That Load Faster and Use Less Power (bbc.co.uk) 94

Slashdot reader Big Hairy Ian quotes a report from the BBC: Google says it has found a way to make ads load faster on web pages viewed on smartphones and tablets. The company said the ads would also be less taxing on the handsets' processors, meaning their batteries should last longer. The technique is based on work it has already done to make news publishers' articles load more quickly. But it is still in development, and one expert said Google still had questions to answer. The California-based company's online advertising revenue totalled $67.4 billion last year...
The technique limits the scope of JavaScript, and "provides its own activity measurement tools, which are said to be much more efficient," according to article. A Google software engineer explains that this technique "only animates things that are visible on the screen," and throttles animation to fewer frames per second for weaker devices -- or disables the animations altogether. "This ensures that every device gets the best experience it can deliver and makes sure that ads cannot have a negative impact on important aspects of the user experience such as scrolling."
Security

Microsoft Rewrites Wassenaar Arms Control Pact To Protect The Infosec Industry (theregister.co.uk) 20

The Wassenaar Arrangement "is threatening to choke the cyber-security industry, according to a consortium of cyber-security companies...supported by Microsoft among others," reports SC Magazine. "'Because the regulation is so overly broad, it would require cyber responders and security researchers to obtain an export license prior to exchanging essential information to remediate a newly identified network vulnerability, even when that vulnerability is capable of being exploited for purposes of surveillance,' wrote Alan Cohn from the CRC on a Microsoft blog." Reporter Darren Pauli contacted Slashdot with this report: If the Wassenaar Arrangement carries through under its current state, it will force Microsoft to submit some 3800 applications for arms export every year, company assistant general counsel Cristin Goodwin says... The Wassenaar Arrangement caught all corners of the security industry off guard, but its full potentially-devastating effects will only be realised in coming months and years... Goodwin and [Symantec director of government affairs] Fletcher are calling on the industry to lobby their agencies to overhaul the dual-use software definition of the Arrangement ahead of a closed-door meeting in September where changes can be proposed.
Communications

Tinder Scam Promises Account Verification, But Actually Sells Porn (csoonline.com) 28

itwbennett writes: Tinder users should be on the lookout for Tinder profiles asking them to get "verified" and then sending them a link to a site called "Tinder Safe Dating." The service asks for credit card information, saying this will verify the user's age. Once payment information has been captured, the user is then signed up for a free trial of porn, which will end up costing $118.76 per month unless the service is cancelled. In Tinder's safety guidelines, the company warns users to avoid messages that contain links to third-party websites or ask money for an address.
Classic Games (Games)

Sega Announces Two New Sonic Games That Seek To Recapture The Glory Days (gamespot.com) 40

An anonymous reader writes: In celebration of Sonic the Hedgehog's 25th anniversary, Sega has announced two new Sonic games at Comic-Con in San Diego. The first game is called Sonic Mania and it's a 2D platformer that features visuals and gameplay reminiscent of the classic Genesis games. "It revamps zones and acts from Sonic the Hedgehog, Sonic the Hedgehog 2, Sonic CD, Sonic the Hedgehog 3, and Sonic and Knuckles, in addition to introducing new ones into the fold," writes Mat Paget from GameSpot. The second game has no title [besides "Project Sonic 2017"], but it does have a holiday 2017 release date for PS4, Xbox One, and Nintendo NX consoles. It reportedly features both classic and modern versions of Sonic, similar to 2011's Sonic Generations. Sega made two additional announcements. "Mobile game Sonic Dash has passed 200 million downloads and will receive a special in-game event that adds the Green Hill Zone and Classic Sonic as a playable character," reports GameSpot. "The event only lasts a week, but players can unlock both the classic level and character for use after the event." The second additional announcement is that the animated Sonic Boom series will be renewed for a second season. "Sonic Mania was born out of our fans' love of the classic Sonic 2D platform games,â said Sonic Team head Takashi Iizuka. "This type of collaboration is a first for Sega and we hope everyone will be both surprised and delighted by this title. Sonic Mania has been a passion project for the entire team and we look forward to sharing more details about it later this year. Having the game actually playable at the event itself tonight was testament to the dedication of the team behind it.â
Businesses

Cyanogen Inc. Reportedly Fires OS Development Arm, Switches To Apps (arstechnica.com) 115

An anonymous reader writes: Android Police is reporting that the Android software company Cyanogen Inc. will be laying off 20 percent of its workforce, and will transition from OS development to applications. The Android Police report says "roughly 30 out of the 136 people Cyanogen Inc. employs" are being cut, and that the layoffs "most heavily impact the open source arm" of the company. Android Police goes on to say that CyanogenMod development by Cyanogen Inc "may be eliminated entirely." Ars Technica notes the differences between each "Cyanogen" branding. Specifically, CyanogenMod is a "free, open source, OS heavily based on Android and compatible with hundreds of devices," while Cyanogen Inc. is "a for-profit company that aims to sell Cyanogen OS to OEMs." It appears that many of the core CyanogenMod developers will no longer be paid to work on CyanogenMod, though the community is still free to develop the software." Android Police details the firing process in their report: "Layoffs reportedly came after a long executive retreat for the company's leaders and were conducted with no advanced notice. Employees who were not let go were told not to show up to work today. Those who did show up were the unlucky ones: they had generic human resources meetings rather ominously added to their calendars last night. So, everyone who arrived at Cyanogen Inc. in Seattle this morning did so to lose their job (aside from those conducting the layoffs)." Early last year, Microsoft invested in a roughly $70 million round of equity financing for the then-startup Cyanogen Inc. Not too long before that, Google tried to acquire Cyanogen Inc., but the company turned down Google's offer to seek funding from investors and major tech companies at a valuation of around $1 billion. Cyanogen Inc. CEO Kirt McMaster once said the company was "attempting to take Android away from Google" and that it was "putting a bullet through Google's head."
Security

Auto Industry Publishes Its First Set of Cybersecurity Best Practices (securityledger.com) 38

chicksdaddy quotes a report from Security Ledger: The Automotive industry's main group for coordinating policy on information security and "cyber" threats has published a "Best Practices" document, giving individual automakers guidance on implementing cybersecurity in their vehicles for the first time. The Automotive Information Sharing and Analysis Center (ISAC) released the Automotive Cybersecurity Best Practices document on July 21st, saying the guidelines are for auto manufacturers as well as their suppliers. The Best Practices cover organizational and technical aspects of vehicle cybersecurity, including governance, risk management, security by design, threat detection, incident response, training, and collaboration with appropriate third parties. Taken together, they move the auto industry closer to standards pioneered decades ago and embraced by companies like Microsoft. They call on automakers to design software to be secure from the ground up and to take a sober look at risks to connected vehicles as part of the design process. Automakers are urged to test for and respond to software vulnerabilities, to develop methods for assessing and fixing security vulnerabilities, to create training programs, promote cybersecurity awareness for both information technology and vehicle specific risks, and educate employees about security awareness. The document comes after a Kelly Blue Book survey that found that 62% of drivers think "connected cars will be hacked," and that 42% say they "want cars to be more connected."
Businesses

VW Has Emissions-Cheating Fix Ready, Says Report (pressherald.com) 62

An anonymous reader writes from a report via Portland Press Herald: Volkswagen plans to fix the engines that were rigged to cheat on emissions tests by updating computer software and installing a larger catalytic converter to trap harmful nitrogen oxide, according to two dealers who were briefed by executives on the matter. The dealers said that limited details of the plan were made public last week at a regional dealer meeting in Newark, New Jersey, by Volkswagen of America Chief Operating Officer Mark McNabb. Portland Press Herald reports: "One dealer said the group was told that early testing of a small sample of repaired cars showed that the fix made 'no discernible difference' in the cars' mileage, horsepower or torque. Both dealers said they were told that more testing was needed and that the plans still had to be approved by the U.S. Environmental Protection Agency and the California Air Resources Board. One of the dealers said the so-called 'Generation 1' diesels -- about 325,000 VW Jettas, Golfs, Passats and Beetles from the 2009 to 2014 model years – would get new software and bigger catalytic converters in January or February of next year. About 90,000 'Generation 2' Passats already have sufficient emissions systems and would get only a software update early next year. Another 67,000 'Generation 3' 2015 models would get software in October and would get additional hardware a year later, the dealer said. Dealers also were told that they'd be reimbursed by VW for sales losses due to the scandal, and that new vehicles are coming." Last month, Volkswagen agreed to a record $14.7 billion settlement over the emissions cheating.
PlayStation (Games)

Sony Is the Only Remaining Obstacle To PS4-Xbox Cross-Play (kotaku.com) 56

In March, Microsoft announced native support for cross-platform play between Xbox One and Windows 10. At the time, the company also added that this support could be extended to "other console and PC networks," something which led people to wonder if truly cross-platform gaming, on any platform, was next. When asked, Sony did say that it was open to the idea. "PlayStation has been supporting cross-platform play between PC on several software titles starting with Final Fantasy 11 on PS2 and PC back in 2002. We would be happy to have the conversation with any publishers or developers who are interested in cross-platform play." But since then, it appears that Sony has had a change of heart, which has resulted in developers asking the company for an update. Kotaku reports: In recent days, the developers behind Rocket League and The Witcher 3 have both called for Sony to break down the walls separating PlayStation Network and Xbox Live and allow cross-platform multiplayer. What's changed in the last few days are developers making an open call for Sony to make good on having that conversation with publishers and developers. In an interview with IGN, Psyonix president Jeremy Dunham explained how the Rocket League developer had already taken care of the technical side of things. "We're literally at the point where all we need is the go-ahead on the Sony side," said Dunham, "and we can, in less than a business day, turn it on and have it up and working no problem. It'd literally take a few hours to propagate throughout the whole world, so really we're just waiting on the permission to do so." In another statement to IGN, CD Projekt RED CEO Marcin Iwinski supported Psyonix.
Movies

Man Builds $1.5 Million Star Trek-Themed Home Theater (cepro.com) 158

CIStud writes: This $1.5 million "Star Trek" home theater is the envy of every geek on the planet. The theater is a reconstruction of the bridge of the Starship Enterprise from "Star Trek: Next Generation" and also includes $1 million worth of memorabilia from the classic sci-fi TV show. The home theater was created by financier Marc Bell with the help from Jay Miller of Boca Raton-based Acoustic Innovations. The two started working on the home cinema in 2002 -- before construction of Bell's house even began -- and it took them four years to complete. CEPro reports: "A D-Box controller manipulates hydraulics installed beneath the floorboards, meaning the entire room shakes when anything loud happens on screen. The room also includes a JBL Synthesis sound system, which at the time of installation was only used in commercial theaters. The audio system is currently being upgraded to Dolby Atmos specifications and Bell plans to install a 4K projector. A big movie fan, Bell has had over 3,500 films digitized, which are stored and streamed through a Kaleidescape server. He also spent approximately $35,000 on a Prima Cinema system, allowing him and his family to watch films at home the day they are released in commercial cinemas. A wraparound control center surrounds the 11 custom leather chairs in the theater, eight of which recline into beds, while the doors that open into the theater are exact replicas of the Turbolift doors as seen on the TV show. When someone steps on the circular "transporter," the doors open with that familiar "whoosh" sound." Bell apparently likes to spend his money on others too. He has rented a local movie theater for every Star Trek film released in the past 25 years and has taken all of his employees, friends and their children along on opening night. The Wall Street Journal posted a video on YouTube of the home theater.
Advertising

Spotify Is Now Selling Your Information To Advertisers (engadget.com) 106

An anonymous reader writes from a report via Engadget: Spotify is now opening its data to targeted advertising. "Everything from your age and gender, to the music genres you like to listen to will be available to various third-party companies," reports Engadget. "Spotify is calling it programmatic ad buying (Warning: source may be paywalled) and has already enabled it." The nearly 70 million people that currently use Spotify's free, ad-supported streaming service across 59 countries will be affected. The ads will be audio-based and stretch between 15-30 seconds in length. The advertisers who buy ad spots will be able to look for specific users by viewing their song picks to find the best matches for the products they're selling. Two weeks ago, China has released its first ever set of digital ad regulations that seems to all but ban ad blocking.
Transportation

Tesla's Autopilot Mode Reportedly Saves Pedestrian's Life (electrek.co) 219

An anonymous reader writes: Following reports of Tesla's Autopilot mode being linked to a fatal crash, one Tesla Model S owner is reporting that the Autopilot mode has likely saved a pedestrian's life. The driver sent an email to Elon Musk explaining the situation, which was confirmed by Tesla through the vehicle logs: "I wanted to let you know that I think my car probably saved the life of a pedestrian last night, 7/16 around 10:30pm when I was driving in Washington DC with my daughter." The driver says him and his daughter were trying to locate where sirens were coming from "when a pedestrian stepped out in front of [their] Model S in the dark with dark clothes and in the middle of the road." The car slammed on its breaks before he could and "stopped just inches from hitting the pedestrian." The driver said, "I am not sure if I would have been able to stop before hitting him but I am so glad the car did." The Automatic Emergency Braking (AEB), which is standard on all Tesla vehicles and is part of Tesla's Autopilot mode, is what was at work here. It appears that many of the convenience features of Autopilot were not activated at the time of the incident. This is likely the first of many good press stories released by Elon Musk, who said he would consider releasing the stories of accidents prevented by the Autopilot mode with the authorization of the Tesla owners and by confirming the events through the vehicle logs. Elon Musk did also announce Tesla's 'Master Plan, Part Deux,' which includes new kinds of Tesla vehicles, expanded solar initiatives, updates on Tesla's 'autopilot' technology, and a ride-sharing program.
Chrome

Google Gets Rid Of App Launcher In Chrome 52, Browser's Mac Client Gets Material Design (9to5mac.com) 67

Google has finally removed App Launcher that it bundles with the Chrome browser for Windows and Mac with the release of Chrome v52. The Mac client, in addition, now embraces Google's Material Design approach, and comes with new icons and flatter and transparent interface. 9to5Mac documents more changes on Chrome for Mac and Windows: Besides a new flatter, sharper, and transparent design, Material is also a "huge engineering feat," especially for Chrome OS and Windows. Chrome is "now rendered fully programmatically including iconography, effectively removing the ~1200 png assets we were maintaining before," Google noted. "It also allows us to deliver a better rendering for a wide range of PPI configuration."
DRM

EFF Is Suing the US Government To Invalidate the DMCA's DRM Provisions (boingboing.net) 92

Cory Doctorow, writes for BoingBoing: The Electronic Frontier Foundation has just filed a lawsuit that challenges the Constitutionality of Section 1201 of the DMCA, the "Digital Rights Management" provision of the law, a notoriously overbroad law that bans activities that bypass or weaken copyright access-control systems, including reconfiguring software-enabled devices (making sure your IoT light-socket will accept third-party lightbulbs; tapping into diagnostic info in your car or tractor to allow an independent party to repair it) and reporting security vulnerabilities in these devices. EFF is representing two clients in its lawsuit: Andrew "bunnie" Huang, a legendary hardware hacker whose NeTV product lets users put overlays on DRM-restricted digital video signals; and Matthew Green, a heavyweight security researcher at Johns Hopkins who has an NSF grant to investigate medical record systems and whose research plans encompass the security of industrial firewalls and finance-industry "black boxes" used to manage the cryptographic security of billions of financial transactions every day. Both clients reflect the deep constitutional flaws in the DMCA, and both have standing to sue the US government to challenge DMCA 1201 because of its serious criminal provisions (5 years in prison and a $500K fine for a first offense).Doctorow has explained aspects of this for The Guardian today. You should also check Huang's blog post on this.
Businesses

Tesla's 'Master Plan, Part Deux' Includes Trucks, Buses and Ride-Sharing (latimes.com) 171

An anonymous reader writes from a report via Los Angeles Times: After teasing Part 2 of his "master product plan" for over a week, Elon Musk finally delivered. Los Angeles Times reports: "In a blog post published on the automaker's website, Musk introduced a multiyear, four-pronged strategy that includes new kinds of Tesla vehicles, expanded solar initiatives, updates on Tesla's 'autopilot' technology and a ride-sharing program. Commercial trucks, buses, a 'future compact SUV' and a 'new kind of pickup truck' will be added to Tesla's fleet of electric cars. A heavy-duty truck called the Tesla Semi and a shrunken bus that Musk called a 'high passenger density urban transport' vehicle are in early development stages 'and should be ready for unveiling next year,' he said. The smaller bus would be designed without a center aisle, with seats close to the entrances, and would be able to automatically pace themselves with traffic, the post said. The bus driver would become a 'fleet manager.' Musk also used the master plan to defend his bid for rooftop solar power provider SolarCity and said he aims to make Tesla's Autopilot robotic driver-assist system 10 times safer than cars that humans drive manually. Musk also plans to move Tesla into the popular ride-sharing business, not only with an Uber-like fleet but also with an app that lets Tesla owners rent out their vehicles when they're not using them, perhaps defraying a portion of their auto loans. This will happen, he said, 'when true self-driving is approved by regulators,' a turn of events that's at least several years away."
Piracy

US Navy Faces $600M Lawsuit For Allegedly Pirating 3D VR Software (hothardware.com) 115

An anonymous reader quotes a report from HotHardware: The U.S. Navy has been accused of pirating 3D software after first testing a software package offered by Germany company Bitmanagement Software GmbH. The company is suing the United States of America for nearly $600 million. HotHardware reports: "According to the court filing, Bitmanagement licensed its BS Contact Geo software for use on 38 Navy computers from 2011 to 2012. This limited rollout was 'for the purposes of testing, trial runs, and integration into Navy systems.' While this test period was underway, the Navy reportedly began negotiating to license the software for use on thousands of additional computers. However, even as the negotiations were ongoing, the Navy decided to go ahead and initiate its full-scale rollout without actually paying for the software. In total, the initial 38 computers allegedly swelled to 104,922 computers by October 2013. As of today, BS Contact GEO is claimed to be installed on 558,466 Navy computers, although 'likely this unauthorized copying has taken place on an even larger scale' according to the filing. As if the unauthorized installation of software onto hundreds of thousands of computers wasn't enough, Bitmanagement is alleging that the Navy during 2014 began disabling the Flexwrap software that is tasked with tracking the use of BS Contact Geo and helping to prevent it from being duplicated. When this software piracy was taking place, the retail price of a single BS Contact Geo license was $1067.76. With nearly 600,000 computers now in play, Bitmanagement is seeking a whopping $596,308,103 in damages. The lawsuit, which alleges willful copyright infringement was filed on July 15th."
The Internet

Engineer Gets Tired Of Waiting For Telecom Companies To Wire His town -- So He Does It Himself (backchannel.com) 106

Gurb, 75 kilometers north of Barcelona, is a quiet farming community of 2,500. It has suddenly become a popular place, thanks to being the birthplace of Guifi.net, one of the world's "most important experiments in telecommunications." It was built by an engineer who got tired of waiting for Telefonica, the Spanish telecom giant, to provide internet access to the people of his community. At first he wanted an internet access for himself, but it soon became clear that he also wanted to help his neighbors. Guifi has grown from a single wifi node in 2004, to 30,000 working nodes today, including some fiber connections, with thousands more in the planning stages. An article on Backchannel today documents the tale of Guifi. From the article: The project is a testament to tireless efforts -- in governance, not just in adding hardware and software -- by Ramon Roca (the engineer who started it) and his colleagues. They've been unwavering in their commitment to open access, community control, network neutrality, and sustainability. In 2004, he bought some Linksys WiFI hackable routers with a mission to get himself and his neighbors connected to the Internet. This is how he did it: Roca turned on a router with a directional antenna he'd installed at the top of a tall building near the local government headquarters, the only place in town with Internet access -- a DSL line Telefonica had run to municipal governments throughout the region. The antenna was aimed, line of sight, toward Roca's home about six kilometers away. Soon, neighbors started asking for connections, and neighbors of neighbors, and so on. Beyond the cost of the router, access was free. Some nodes were turned into "supernodes" -- banks of routers in certain locations, or dedicated gear that accomplishes the same thing -- that could handle much more traffic in more robust ways. The network connected to high-capacity fiber optic lines, to handle the growing demand, and later connected to a major "peering" connection to the global Internet backbone that provides massive bandwidth. Guifi grew, and grew, and grew. But soon it became clear that connecting more and more nodes wasn't enough, so he created a not-for-profit entity, the Guifi.net Foundation. The foundation, thanks to its cause and a cheerful community, has received over a million Euros to date -- from various sources including several levels of government. But as the article notes, a million Euros is a drop in the bucket next to the lavish subsidies and favors that state-approved monopolies such as Telefonica have enjoyed for decades. The article adds: The Guifi Foundation isn't the paid provider of most Internet service to end-user (home and business) customers. That role falls to more than 20 for-profit internet service providers that operate on the overall platform. The ISPs share infrastructure costs according to how much demand they put on the overall system. They pay fees to the foundation for its services -- a key source of funding for the overall project. Then they offer various kinds of services to end users, such as installing connections -- lately they've been install fiber-optic access in some communities -- managing traffic flows, offering email, handling customer and technical support, and so on. The prices these ISPs charge are, to this American (Editor's note: the author is referring to himself) who's accustomed to broadband-cartel greed, staggeringly inexpensive: 18 to 35 Euros (currently about $26-$37) a month for gigabit fiber, and much less for slower WiFi. Community ownership and ISP competition does wonders for affordability. Contrast this with the U.S. broadband system, where competitive dial-up phone access -- phone companies were obliged to let all ISPs use the lines as the early commercial Internet flourished in the 1990s -- gave way to a cartel of DSL and cable providers. Except in a few places where there's actual competition, we pay way more for much less.Read the story in its entirety here.
Android

Android Nougat Won't Boot If Your Phone's Software Is Corrupt Or Has Malware (androidauthority.com) 161

An anonymous reader shares a report on Android Authority: In a bid to increase the security of the Android operating system, Google has introduced a new check for malware as part of the boot process in all Android devices. Until Marshmallow, Android devices ran the check as part of the boot process and in Marshmallow, the phone would warn you that it was compromised but would continue to let the phone boot up. In Nougat however, Google is taking this security check to the next level. On the Android Developer's blog, the company explains that Android Nougat strictly enforces that boot check, giving you far more than a warning. The good news is that if your phone is infected with types of malware, it will refuse to boot or will boot in a limited capacity mode (presumably akin to safe mode). The bad news however, is that some non-malicious corruption of data could also mean that your phone will refuse to boot up. Considering that corrupted data may not always be malicious -- even a single-byte error could cause your phone to refuse to boot up -- Android Nougat brings additional code to guard against corruption.
Security

Software Flaw Puts Mobile Phones and Networks At Risk Of Complete Takeover (arstechnica.com) 51

Dan Goodin, reporting for Ars Technica: A newly disclosed vulnerability could allow attackers to seize control of mobile phones and key parts of the world's telecommunications infrastructure and make it possible to eavesdrop or disrupt entire networks, security experts warned Tuesday. The bug resides in a code library used in a wide range of telecommunication products, including radios in cell towers, routers, and switches, as well as the baseband chips in individual phones. Although exploiting the heap overflow vulnerability would require great skill and resources, attackers who managed to succeed would have the ability to execute malicious code on virtually all of those devices. The code library was developed by Pennsylvania-based Objective Systems and is used to implement a telephony standard known as ASN.1, short for Abstract Syntax Notation One."The vulnerability could be triggered remotely without any authentication in scenarios where the vulnerable code receives and processes ASN.1 encoded data from untrusted sources," researchers who discovered the flaw wrote in an advisory published Monday evening. "These may include communications between mobile devices and telecommunication network infrastructure nodes, communications between nodes in a carrier's network or across carrier boundaries, or communication between mutually untrusted endpoints in a data network."

Slashdot Top Deals