2018-01-01 00:00:00 ..
2018-05-22 22:25:53 UTC
2018-05-23 01:23:37 UTC
We always have a place for talented people, visit the Get Involved section on the wiki to see how you can make SoylentNews better.
Ars Technica is reporting that there are
critical PGP and S/MIME bugs which can reveal encrypted e-mails. Their advice is to uninstall the plugins, for the time being.
More information will be released tomorrow (Tuesday at 07:00 UTC, 3:00 AM EDT, midnight PDT).
Little is publicly known about the flaws at the moment. Both Schinzel and the EFF blog post said they will be disclosed late Monday night California time in a paper written by a team of European security researchers. Schinzel's Twitter messages used the hashtag #efail, a possible indication of the name the researchers have given to their exploit.
The EFF also published a warning, Attention PGP Users: New Vulnerabilities Require You To Take Action Now:
A group of European security researchers have released a warning about a set of vulnerabilities affecting users of PGP and S/MIME. EFF has been in communication with the research team, and can confirm that these vulnerabilities pose an immediate risk to those using these tools for email communication, including the potential exposure of the contents of past messages.
The full details will be published in a paper on Tuesday at 07:00 AM UTC (3:00 AM Eastern, midnight Pacific). In order to reduce the short-term risk, we and the researchers have agreed to warn the wider PGP user community in advance of its full publication.
The EFF also gives additional advice on disabling PGP in Thunderbird with Enigmail as well as other mail and mail-like clients.
Kim Jong-un has become the first North Korean leader to set foot in South Korea by crossing the military line that has divided the peninsula since the end of the Korean War in 1953. In a moment rich with symbolism and pomp, South Korean leader Moon Jae-in and Mr Kim shook hands at the border. Mr Kim said he hoped for "frank" discussion in a warm opening exchange.
Just months ago North Korean rhetoric was warlike, but now they may discuss a peace treaty and nuclear weapons. Much of what the summit will focus on has been agreed in advance, but many analysts remain deeply sceptical about the North's apparent enthusiasm for engagement.
During their private meeting, Kim told Moon he came to the summit to end the history of conflict and joked he was sorry for keeping Moon up with his late night missile tests, a South Korean official said.
North Korea's nuclear test site has collapsed after the region sustained damage from five nuclear blast trials, Chinese scientists said Wednesday — leading many to believe it may be the reason why Kim Jong Un suddenly announced the rogue regime would freeze its nuclear and missile tests.
Submitted via IRC for chromas
President Trump announced Friday night that the U.S. and its allies had launched attacks on Syria in response to an alleged chemical weapons attack last week by President Bashar Assad's regime.
In televised remarks from the White House, Trump said the attacks were underway, and that Great Britain and France were also taking part.
The president did not provide details, but U.S. warships in the Mediterranean Sea, armed with cruise missiles, were in position to strike. British and French forces were also in place.
[...] The president said the U.S. prepared to sustain effort until the Syrian regime stops using chemical weapons.
[...] In the days leading up to the U.S. attack, Russia had warned that it would defend its troops in Syria. This has raised fears of a possible direct clash of U.S. and Russian forces.
Submitted via IRC for fyngyrz
Police are responding to an active shooter at the headquarters of YouTube. A hospital has received "several" patients from the incident, a spokesman says.
Local TV news reports show pictures of people evacuating a building with their hands over their heads. Each person was being frisked by a police officer, apparently to make sure that they pose no threat.
Local law enforcement officials have not issued any information.
Police in San Bruno warned people in a Twitter message to stay away from the address where YouTube, owned by Alphabet Inc's Google, is based.
"We are responding to an active shooter. Please stay away from Cherry Ave & Bay Hill Drive," San Bruno police said on Twitter.
Lisa Kim, a spokeswoman for Stanford Health Care, said the hospital was receiving between four to five patients from the shooting incident at the YouTube offices.
The suspect in a spate of bombings that terrorized residents of Austin, Texas, died after detonating an explosive inside his vehicle as a SWAT team approached to apprehend him on the side of a highway, officials said.
Early Wednesday, authorities tracked the suspect — a 24-year-old white man — to a hotel in Round Rock, a city in the Austin metropolitan area, Austin Police Chief Brian Manley told a news conference early Wednesday.
They tracked his vehicle until it pulled over on Interstate 35 and the suspect "detonated a bomb inside the vehicle, knocking one of our SWAT officers back and one of our officers fired on the vehicle as well," Manley said.
The UK says that a Soviet-developed Novichok nerve agent was used against Sergei Skripal, his daughter, and bystanders, and has given Russia "until midnight tonight" to explain how it came to be used:
British Foreign Secretary Boris Johnson said Tuesday that Russia has "until midnight tonight" to explain how a lethal Novichok nerve agent that was developed in Russia came to be used on U.K. soil. Johnson said Britain is preparing to take "commensurate but robust" action.
Reiterating British Prime Minister Theresa May's statement that it was "highly likely" Russia was to blame for the poisoning of former Russian spy Sergei Skripal and his daughter, Yulia, Johnson said, "the use of this nerve agent would represent the first use of nerve agents on the continent of Europe since the Second World War."
Meanwhile, police are probing the death of a Russian exile living in London:
Nikolai Glushkov, a Russian exile who was a close friend of a noted critic of President Vladimir Putin, has died from an "unexplained" cause in London, police say. The Metropolitan Police says that its counter-terrorism unit is handling the case "because of associations that the man is believed to have had."
Glushkov, 68, was a close friend of former Russian oligarch Boris Berezovsky, a prominent critic of the Kremlin who was found dead in 2013. At the time, an inquiry found he had hanged himself — but Glushkov publicly disputed the idea that his friend and former business ally would have killed himself.
As British media began reporting Glushkov's death, the police issued a statement saying, "An investigation is underway following the death of a man in his 60s in Kingston borough."
[Ed note: After this story was submitted, it became known that there was a remote code execution (RCE) vulnerability on the Trustico web site which allowed malicious users to run arbitrary code as root on the server. Story at Ars Technica: Trustico website goes dark after someone drops critical flaw on Twitter. Link to the tweet. As of the time of this writing, the Trustico web site is unavailable. --martyb]
Customers of HTTPS certificate reseller Trustico are reeling after being told their website security certs – as many as 23,000 – will be rendered useless within the next 24 hours.
This is allegedly due to a security blunder in which the private keys for said certificates ended up in an email sent by Trustico. Those keys are supposed to be secret, and only held by the cert owners, and certainly not to be disclosed in messages. In the wrong hands, they can be used by malicious websites to masquerade as legit operations.
Unless the affected certificates are replaced in time, visitors to websites using Trustico-sold HTTPS certs will be turned away by their browsers, due to the digital certificates being revoked.
The whole situation is a mess, and possibly the result of a turf war. Here's what we've managed to ascertain.
What is Trustico?
Trustico, based in Croydon, UK, touted SSL/TLS certificates, which are used by websites to encrypt and secure their connections. It resold certs from the Symantec brand umbrella: Symantec, GeoTrust, Thawte, and RapidSSL. This umbrella is now owned and operated by DigiCert.
If you wanted to buy, say, a RapidSSL-issued certificate, you could do so via Trustico. The HTTPS cert ultimately leads back, along a chain of trust, to DigiCert, a root certificate authority trusted by web browsers and other software. In turn, a website presenting the Trustico-sold cert is trusted, its traffic secured using encryption, and the reassuring green padlock is displayed in visitors' browsers.
Why are the certificates being revoked?
According to DigiCert's chief product officer Jeremy Rowley earlier today, Trustico told DigiCert in early February that its resold certificates had been in some way "compromised," and that the certs needed to be mass revoked as a result.
DigiCert staff, we're told, asked Trustico for more information on this security mishap. The reseller replied it had a copy of the private keys, which is usually grounds for revocation, and thus insisted that DigiCert revoke the certificates.
When pressed for evidence, Trustico on Wednesday simply emailed DigiCert 23,000 certificates' private keys as proof it held this information, it is claimed. This forced DigiCert's hand: under the rulebook of standards set by the elders of the certificate security and browser worlds, the Trustico-sold certificates had to be revoked as a precaution within 24 hours. Specifically, the ones with their private keys in the email will be canceled.
There has been a "security incident" at the entrance to the NSA's headquarters in Fort Meade, Maryland:
Several people have been injured and a suspect was taken into custody after a car crashed outside the US National Security Agency's headquarters.
Gunfire rang out after the black SUV approached the facility in Fort Meade, Maryland, without authorisation.
An NSA spokesman said it was unclear if the shots had been fired by law enforcement officers or the suspect, adding that the scene was now secure.
Update: Launch seems to have been successful. The two side boosters landed nearly simultaneously. Footage from the drone ship was cut off. The car made it into space; but the third stage will need to coast through the Van Allen radiation belts for around six hours before it makes the final burn for trans-Mars injection.
SpaceX's newest rocket, the Falcon Heavy, is set to be launched at around 1:30 PM EST (6:30 PM UTC) today. The launch window extends to 4:00 PM EST (9:00 PM UTC).
SpaceX will attempt to recover all three boosters during the launch. The two previously-flown side boosters will attempt to land nearly simultaneously at Cape Canaveral Air Force Station's Landing Zones 1 and 2. The center core will attempt to land on a drone barge hundreds of miles off the coast of Florida.
The dummy payload for the Falcon Heavy is Elon Musk's personal 2008 Tesla Roadster. It is carrying a mannequin wearing SpaceX's
space suit flight suit that will be used when the company begins to send astronauts to the International Space Station. The car will be launched into a heliocentric orbit that will bring it close to Mars (and back near Earth) periodically, and is equipped with three cameras. Its stereo system will be playing David Bowie's Space Oddity.
If the launch is successful, the Falcon Heavy could be flown within the next 3 to 6 months for a customer such as the U.S. Air Force, Arabsat, Inmarsat, or ViaSat.
Falcon Heavy will be capable of launching 63,800 kg to low-Earth orbit (LEO), 26,700 kg to geosynchronous transfer orbit (GTO), 16,800 kg to Mars, or 3,500 kg to Pluto (New Horizons was 478 kg). It will supplant the Delta IV Heavy, which is capable of launching 28,790 kg to LEO or 14,220 kg to GTO. Space Launch System Block 1 will be capable of launching 70,000 kg to LEO (Block 1B: 105,000 kg to LEO, Block 2: 130,000 kg to LEO).
Musk has suggested that an additional two side boosters could be added to Falcon Heavy (perpendicularly?) to make a "Falcon Super Heavy" with even more thrust. This may not happen if SpaceX decides to focus on the BFR instead, which as planned would be able to launch 150,000 kg to LEO while being fully reusable and potentially cheaper than the Falcon 9 (or capable of launching 250,000 kg to LEO in expendable mode).
Computerworld has just posted a story warning that you should immediately hold off installing any of Intel's Meltdown/Spectre microcode fixes.
The warning, which encompasses just about every Intel processor out there, from all PC manufacturers, takes effect immediately. And there's no indication when it will get fixed.
You know how you're supposed to flash the BIOS or update the UEFI on all of your Intel machines, to guard against Meltdown/Spectre? Well, belay that order, private! Intel just announced that you need to hold off on all of its new patches. No, you can't uninstall them. To use the technical term, if you ran out and applied your Intel PC's latest firmware patch, you're hosed.
In what appears to be a catastrophic curtain call to the "oops" moment that I discussed ten days ago, it now seems that the bright, new firmware versions — which Intel has had six months to patch — have a nasty habit of causing "higher system reboots."
According to executive vice president Navin Shenoy, on the Intel Newsroom site, the current advice is:
We recommend that OEMs, cloud service providers, system manufacturers, software vendors and end users stop deployment of current versions, as they may introduce higher than expected reboots and other unpredictable system behavior.
And that covers just about everybody in the sentient non-ARM universe.
While the affected products site[*] doesn't list individual chips, the breadth of the recall is breathtaking — second-, third-, fourth-, fifth-, sixth-, seventh- and eighth-generation Core processors, Xeon, Atom, and lesser Core i3, i5 and i7 processors — they're all in the bin.
As we start the week, I want to provide an update on the reboot issues we reported Jan. 11. We have now identified the root cause for Broadwell and Haswell platforms, and made good progress in developing a solution to address it. Over the weekend, we began rolling out an early version of the updated solution to industry partners for testing, and we will make a final release available once that testing has been completed.
Based on this, we are updating our guidance for customers and partners:
- We recommend that OEMs, cloud service providers, system manufacturers, software vendors and end users stop deployment of current versions, as they may introduce higher than expected reboots and other unpredictable system behavior. For the full list of platforms, see the Intel.com Security Center site.
- We ask that our industry partners focus efforts on testing early versions of the updated solution so we can accelerate its release. We expect to share more details on timing later this week.
- We continue to urge all customers to vigilantly maintain security best practice and for consumers to keep systems up-to-date.
[*] Intel's updated security advisory lists the affected processors:
The following Intel-based platforms are impacted by this issue. Intel may modify this list at a later time. Please check with your system vendor or equipment manufacturer for more information regarding updates for your system.
- Intel® Core™ i3 processor (45nm and 32nm)
- Intel® Core™ i5 processor (45nm and 32nm)
- Intel® Core™ i7 processor (45nm and 32nm)
- Intel® Core™ M processor family (45nm and 32nm)
- 2nd generation Intel® Core™ processors
- 3rd generation Intel® Core™ processors
- 4th generation Intel® Core™ processors
- 5th generation Intel® Core™ processors
- 6th generation Intel® Core™ processors
- 7th generation Intel® Core™ processors
- 8th generation Intel® Core™ processors
- Intel® Core™ X-series Processor Family for Intel® X99 platforms
- Intel® Core™ X-series Processor Family for Intel® X299 platforms
- Intel® Xeon® processor 3400 series
- Intel® Xeon® processor 3600 series
- Intel® Xeon® processor 5500 series
- Intel® Xeon® processor 5600 series
- Intel® Xeon® processor 6500 series
- Intel® Xeon® processor 7500 series
- Intel® Xeon® Processor E3 Family
- Intel® Xeon® Processor E3 v2 Family
- Intel® Xeon® Processor E3 v3 Family
- Intel® Xeon® Processor E3 v4 Family
- Intel® Xeon® Processor E3 v5 Family
- Intel® Xeon® Processor E3 v6 Family
- Intel® Xeon® Processor E5 Family
- Intel® Xeon® Processor E5 v2 Family
- Intel® Xeon® Processor E5 v3 Family
- Intel® Xeon® Processor E5 v4 Family
- Intel® Xeon® Processor E7 Family
- Intel® Xeon® Processor E7 v2 Family
- Intel® Xeon® Processor E7 v3 Family
- Intel® Xeon® Processor E7 v4 Family
- Intel® Xeon® Processor Scalable Family
- Intel® Xeon Phi™ Processor 3200, 5200, 7200 Series
- Intel® Atom™ Processor C Series
- Intel® Atom™ Processor E Series
- Intel® Atom™ Processor A Series
- Intel® Atom™ Processor x3 Series
- Intel® Atom™ Processor Z Series
- Intel® Celeron® Processor J Series
- Intel® Celeron® Processor N Series
- Intel® Pentium® Processor J Series
- Intel® Pentium® Processor N Series
After 10 PM EST on Friday, The U.S. Senate rejected a deal that would fund the U.S. government for another month:
Only five Democrats voted to advance the bill — Sens. Joe Manchin (W.Va.), Joe Donnelly (Ind.), Heidi Heitkamp (N.D.) and Claire McCaskill (Mo.), who are all up for reelection this year in states carried by President Trump in 2016 election, and newly-elected Sen. Doug Jones (D-Ala.).
Republicans were also not united, as Sens. Rand Paul (Ky.), Lindsey Graham (S.C.), Mike Lee (Utah) and Jeff Flake (Ariz.) also voted against advancing the legislation. Sen. John McCain (R-Ariz.), who is battling brain cancer, was absent.
The procedural vote remained open late Friday, though it needed 60 votes to pass and was well short of that number with 48 senators voting against it.
Senate Majority Leader Mitch McConnell and Senate Minority Leader Charles Schumer continued to negotiate after the vote opened (archive), but no deal has been reached yet. As of midnight (5 minutes before this story went live), the government shutdown was in effect.
From the NY Daily News (and covered almost everywhere):
A Kansas man shot to death by police earlier this week was the victim of a misdirected online prank known as "swatting," according to social media chatter.
The victim, identified as Andrew Finch, was gunned down on Thursday night after cops responded to his Wichita home amid a false report that he had shot his father to death and was holding his mother, brother and sister hostage.
A responding officer fatally shot Finch, 28, when he came to the front door, Wichita deputy police chief Troy Livingston said during a press conference. Livingston declined to comment on what triggered the officer to open fire and would not say whether Finch was armed.
takyon: The swatting was quickly linked to a dispute between two Call of Duty players:
On Twitter, more than a dozen people who identified themselves as being in the gaming community told The Eagle that a feud between two Call of Duty players sparked one to initiate a "swatting" call. After news began to spread about what happened Thursday night, the people in the gaming community, through Twitter posts, pointed at two gamers.
"I DIDNT GET ANYONE KILLED BECAUSE I DIDNT DISCHARGE A WEAPON AND BEING A SWAT MEMBER ISNT MY PROFESSION," said one gamer, who others said made the swatting call. His account was suspended overnight.
According to posts on Twitter, two gamers were arguing when one threatened to target the other with a swatting call. The person who was the target of the swatting gave the other gamer a false address, which sent police to a nearby home instead of his own, according to Twitter posts. The person who was to be the target of the swatting sent a Tweet saying, "Someone tried to swat me and got an innocent man killed." [...] Dexerto, a online news service focused on gaming and the Call of Duty game, reported the argument began over a $1 or $2 wager over the game.
Update: 911 Call from suspect (4m58s).
Several people were killed Monday morning when an Amtrak train derailed and fell off a bridge over Interstate 5 near Mounts Road between Lakewood and Olympia. The Associated Press, citing an unnamed U.S. official, reported that at least six people were killed in the crash. Gov. Jay Inslee has called a state of emergency in response to the derailment.
Pierce County Sheriff's spokesman Ed Troyer told news media that there were fatalities on the train and that motorists had been injured, but not killed. A total of 77 people were sent to hospitals in Pierce and Thurston counties, according to CHI Franciscan Health, which operates numerous hospitals in Western Washington. Four of the injured are "level red" patients, with critical injuries. The injured are being taken to St. Joseph Medical Center in Tacoma, St. Claire Hospital in Lakewood, St. Anthony Hospital in Gig Harbor and Tacoma General Hospital and Providence St. Peter Hospital in Olympia.
There were 78 passengers and five crew members on the train when it derailed, according to Amtrak.
The train was running on a new, faster service route using a new bypass. This was the first day that the new route was used.
WASHINGTON — The Federal Communications Commission voted on Thursday to dismantle rules regulating the businesses that connect consumers to the internet, granting broadband companies the power to potentially reshape Americans' online experiences.
The agency scrapped the so-called net neutrality regulations that prohibited broadband providers from blocking websites or charging for higher-quality service or certain content. The federal government will also no longer regulate high-speed internet delivery as if it were a utility, like phone service.
The action reversed the agency's 2015 decision, during the Obama administration, to have stronger oversight over broadband providers as Americans have migrated to the internet for most communications. It reflected the view of the Trump administration and the new F.C.C. chairman that unregulated business will eventually yield innovation and help the economy.
It will take weeks for the repeal to go into effect, so consumers will not see any of the potential changes right away. But the political and legal fight started immediately. Numerous Democrats on Capitol Hill called for a bill that would reestablish the rules, and several Democratic state attorneys general, including Eric T. Schneiderman of New York, said they would file a suit to stop the change.
Explosion in Baumgarten (Austria) gas transit plant, russian gas delivery halted for Austria, Slovakia, Hungary, Slovenia, and Croatia. Italy declares energy crisis. Gas price in Europe jumps ~20%. Crude oil futures rise too.
* https://www.youtube.com/watch?v=IMyiQtm56co (far away video)
UPDATE from: http://www.bbc.com/news/world-europe-42321217
Police have cordoned off the area. Some victims suffering burns have been airlifted out by helicopter, Austrian ORF news reports.
One unconfirmed report spoke of 60 hurt.
"I heard a huge explosion and thought at first it was a plane crash," photographer Thomas Hulik, who lives in a nearby village in Slovakia, told AFP news agency. "Then I saw an immense ball of flame."
Gas Connect said the incident should have no effect on gas deliveries to Austria but those to Italy and Croatia might be reduced.
Meanwhile, Russia's Gazprom Export said it was working to redirect gas flows.
It said it was "doing everything possible to secure uninterrupted gas supplies" to customers in the region.
Spot prices rose sharply across Europe after the incident.