SoylentNews

"exec" writes:

Original URL: http://www.theregister.co.uk/2016/06/09/chromes_pdf_reader_has_arbitrary_code_execution_flaw/

A Researcher at Cisco's Talos limb have discovered an arbitrary code execution flaw in PDFium, the PDF reader installed by default in Google's Chrome browser.

The flaw looks like it is down to a tiny error by Chrome's developers, as Nikolic writes that “An existing assert call in the OpenJPEG library prevents the heap overflow in standalone builds, but in the build included in release versions of Chrome, the assertions are omitted.”

That omission means that when PDFium invokes the OpenJPEG library, it can create a buffer overflow. Once that's happened, bad guys can go to town with their own code.

[...] You can take advantage of that change by simply keeping Chrome up to date: version 51.0.2704.63 makes the change to knock the bug on the head. Chrome auto-updates unless instructed to do otherwise, so most users will be protected.

Original Submission

MrPlow writes:

Submitted via IRC for TheMightyBuzzard

Microsoft has created its own cut of FreeBSD 10.3 in order to make the OS available and supported in Azure

Jason Anderson, principal PM manager at Microsoft's Open Source Technology Center says Redmond “took on the work of building, testing, releasing and maintaining the image” so it could “ensure our customers have an enterprise SLA for their FreeBSD VMs running in Azure”.

Microsoft did so “to remove that burden” from the FreeBSD Foundation, which relies on community contributions.

Redmond is not keeping its work on FreeBSD to itself: Anderson says “the majority of the investments we make at the kernel level to enable network and storage performance were up-streamed into the FreeBSD 10.3 release, so anyone who downloads a FreeBSD 10.3 image from the FreeBSD Foundation will get those investments from Microsoft built in to the OS.”

Source: http://www.theregister.co.uk/2016/06/09/microsoft_freebsd/

Original Submission

frojack writes:

While Title IX is perhaps best known for its impact on high school and collegiate athletics, the original statute made no explicit mention of sports.

Shortly after it was passed in and signed into law by President Nixon in 1972, Title IX provided arguably the largest single benefit to women's athletic programs in US history. The provisions of the law broke a logjam in funding for women's teams at colleges and high schools all over the country.

It's not clear why congress did it, or how it remained hidden all these years, but apparently Title IX also contains the seeds of destruction of women's sport, or at least the funding thereof.

The new interpretation of Title IX means that there really can't be any such thing women's sports, and could conceivably collapse the funding for women's athletic programs, and women's scholarships, all the way up to the US Olympic team.

Title IX doesn't forbid funding women's athletic programs. But it apparently prevents there being such a thing as women's teams. Teams can not restrict membership by gender. Therefore men will join the team, win all competition for positions, and shut women out. Again.

Frojack's off his meds you say.

Except that is exactly what has happened in Alaska, where the school system decided to follow the new edict from Washington, opened women's teams to anyone "claiming" to be female and saw Women's State Championships fall to a Male. An anatomically intact male, taking no drugs to induce gender transition, with muscle mass typical of males of her age and ethnicity. Full story here, the "tell it it like it is version", as well as the "politically correct version".
The politically correct version sings "her" praises, and fails to mention that no actual transgender changes have occurred at the biological level.

Original Submission

Arthur T Knackerbracket has found the following story:

Uber and Fiat Chrysler are in talks about a partnership involving self-driving car technology, according to several reports.

According to a person familiar with the matter, the discussions are in the very early stage and Uber is in conversation with a number of other carmakers. There’s always a chance the deal could fall apart. Uber declined to comment about the possible partnership at this time.

The deal seems part of a growing trend among automakers and tech companies focused on transportation and Uber has been chatting with several automakers lately, according to the reports.

But it’s not the first to strike a deal with an auto manufacturer. In fact, several Uber rivals have started to make a play in the self-driving space – Volkswagen invested $300 million in Gett, Apple, which is making its own self-driving car, invested a billion in China’s Didi Chuxing last month and Lyft announced a half a billion dollar investment from GM in early January to help create the infrastructure for a fleet of self-driving vehicles.

Many traditional car makers have started forging a path to a self-driving future. Volkswagen, as mentioned, as well as Daimler, BMW and now Fiat Chrysler wants in on the autonomous tech race.

Original Submission

"exec" writes:

Spy officials allegedly voiced concerns back in 2010 that so much data was being collected by the UK security services, they risked overlooking useful intelligence. The draft report, apparently written for the UK government, was obtained by the Intercept website from US whistle-blower Edward Snowden. It suggests that "life-saving intelligence data" could be missed.

Its release comes as the Investigatory Powers Bill goes through Parliament.

The report is marked classified and dated 12 February 2010. It was allegedly prepared by British spy agency officials to brief the government's Cabinet Office and Treasury Department about the UK's surveillance capabilities. Those capabilities are currently due to be updated via the controversial Investigatory Powers Bill, which is now at the report stage in Parliament. It aims to give legal backing to the bulk collection of internet traffic, as well as requiring service providers to store browsing records for 12 months.

The government said these added powers were necessary in the fight against terrorism. A revised version was drawn up earlier this year after a raft of concerns about whether it had got the balance between privacy and security right.

The government needs the bill to go through before the end of year, when the current laws regulating surveillance expire.

-- submitted from IRC

Original Submission

MrPlow writes:

Submitted via IRC for TheMightyBuzzard

Leaked Source believes that the data legitimately belongs to Twitter users, but say that they do not believe it was stolen from Twitter's own databases.

Source: https://www.helpnetsecurity.com/2016/06/09/32m-twitter-login-credentials-stolen/

Original Submission

"exec" writes:

ITWorld.com has an article on a new EU/US data sharing agreement.

The European Commission has signed a landmark agreement with the U.S. in its quest to legitimize the transatlantic flow of European Union citizens' personal information.

No, it's not the embattled Privacy Shield, which the Commission hopes to conclude later this month, but the rather flimsier-sounding umbrella agreement or, more formally, the U.S.-EU agreement "on the protection of personal information relating to the prevention, investigation, detection, and prosecution of criminal offenses."

It covers the exchange between EU and U.S. law enforcers, during the course of their investigations of personal data including names, addresses and criminal records. U.S. Attorney General Loretta Lynch, European Commissioner for Justice Vĕra Jourová and Dutch Minister for Security and Justice Ard van der Steur signed the agreement in Amsterdam on Thursday.

One benefit of the agreement for EU citizens caught up in such investigations is that they will benefit from the same rights to judicial redress as US citizens if a privacy breach occurs, thanks to the recently passed Judicial Redress Act.

[...] The agreement won't become part of international law until the European Parliament, noticeably critical of the Commission's data protection plans in recent weeks, has given its approval.

-- submitted from IRC

Original Submission

butthurt writes:

SFGate reports that U.S. telecom giant Verizon has offered $3 billion for the Internet operations of Yahoo!, which reportedly "owns or leases 1.2 million square feet of office space" in the San Francisco Bay area. There is speculation that U.S. telecom giant AT&T may make a counter-offer. Verizon purchased AOL in 2015 for $4.4 billion.

Original Submission

HughPickens.com writes:

As we come up on the 50th anniversary of the original Star Trek, Manu Saudia, author of Trekonomics, has an interesting article on BoingBoing about how according to Gene Roddenberry himself, no author had more influence on The Original Star Trek than Robert Heinlein, and more specifically his juvenile novel Space Cadet. That book, published in 1948, is considered a classic. It is a bildungsroman , retelling the education of young Matt Dodson from Iowa, who joins the Space Patrol and becomes a man. (In an homage from Roddenberry Star Trek's Captain James Tiberius Kirk is also from Iowa.) The Space Patrol is a prototype of Starfleet: it is a multiracial, multinational institution, entrusted with keeping the peace in the solar system. In Space Cadet, Heinlein portrayed a society where racism had been overcome. Not unlike Starfleet, the Space Patrol was supposed to be a force for good. According to Saudia the hierarchical structure and naval ranks of the first Star Trek series (a reflection of Heinlein's Annapolis days), were geared to appeal to Heinlein's readers and demographic, all these starry-eyed kids who, like Roddenberry himself, had read Space Cadet and Have Spacesuit — Will Travel. Nobody cared about your sex or the color of your skin as long as you were willing to sign up for the Space Patrol or the Federal service.

Where it gets a little weird is that Heinlein's Space Patrol controls nuclear warheads in orbit around Earth, and its mission is to nuke any country that has been tempted to go to war with its neighbors. This supranational body in charge of deterrence, enforcing peace and democracy on the home planet by the threat of annihilation, was an extrapolation of what could potentially be achieved if you combined the UN charter with mutually assured destruction. "The fat finger on the nuclear trigger makes it a very doubtful proposition," concludes Saudia. "The Space Patrol, autonomous and unaccountable, is the opposite of the kind democratic and open society championed by Star Trek."

Original Submission

An Anonymous Coward writes:

Source: WSB Radio.

Source: Law Center to Prevent Gun Violence

I see a SCOTUS case defining "bear" in the near future.

Original Submission

Demose writes:

Krita is a QT based raster graphics editor. This release brings improvements to performance and user interface as well as the addition of 2d frame-by-frame animation. You can find in depth information on this release in these release notes.

Original Submission

MrPlow writes:

Submitted via IRC for TheMightyBuzzard

If you're a consumer, that piece of digital wordsmithery you purchased probably isn't worth the paper it isn't printed on. Like most digital media available for "purchase," ebooks are often "sold" as licenses that allow the publisher to control use of the product indefinitely, whether through DRM or by simply attaching EULAs no one will ever read to every download.

This works out great for publishers, who can make irrational, unilateral decisions to pull their catalogs from platforms as a "bargaining tool," leaving purchasers without access to their purchased goods. But publishers (including music publishers like UMG) only use the term "license" when it's most advantageous for them. When it comes to paying authors, the terminology suddenly changes. Now it's a "sale," with all the disadvantages for authors that entails.

Man, scams like this give everyone who uses licensing agreements a bad name.

Source: TechDirt

Original Submission

takyon writes:

A private venture that aimed to build high-speed rail between Los Angeles and Las Vegas has fallen apart:

XpressWest, the private U.S. firm proposing to build a high-speed rail link between Las Vegas and Los Angeles, terminated a joint venture with Chinese companies less than nine months after the deal was announced, citing delays faced by its partner.

Las Vegas-based XpressWest said the decision to end the relationship stemmed from problems with "timely performance" and challenges that the Chinese companies, grouped under a consortium called China Railway International (CRI), faced "obtaining required authority to proceed with required development activities".

XpressWest was started by Las Vegas developer Marnell Companies. It formed the venture with the Chinese consortium in September, infusing $100 million into the project. XpressWest had expected to break ground as soon as this year on the project, which one analyst estimated to be worth $5 billion.

The announcement is a blow to China, which has built the world's largest high-speed rail network in less than a decade. The XpressWest project was seen as a foothold into a burgeoning U.S. high-speed rail market and an opportunity to showcase China's technology.

One sticking point was a federal funding requirement that high-speed trains be built in the United States. XpressWest says it will continue to pursue other partnerships.

Related: Texas Company Looking to Japanese Partner to Build Dallas-Houston High-Speed Rail, Opposition Mounts

Original Submission

n1 writes:

The European Parliament on Wednesday condemned the "apathy shown by member states and EU institutions" over torture in secret CIA prisons in Europe.

A non-binding resolution, which passed 329-299, urged member states to "investigate, insuring full transparency, the allegations that there were secret prisons on their territory in which people were held under the CIA programme." It also called on the European Union to undertake fact-finding missions into countries that were known to house American black sites.

The resolution named Lithuania, Poland, Italy, and the United Kingdom as countries complicit in CIA operations.

The Parliament also expressed "regret" that none of the architects of the U.S. torture program faced criminal charges, and that the U.S. has failed to cooperate with European criminal probes.

Source: The Intercept

Original Submission

Arthur T Knackerbracket has found the following story:

Last month, dental technology startup ONVI introduced a toothbrush with a camera built in, so users could get a close up look at their teeth as they slowly rot away in their heads. This, thankfully, is not that.

In a lot of ways, Philips' new smart toothbrush is similar Oral-B's offering. The verbosely named Sonicare FlexCare Platinum Connected is a Bluetooth-enabled electric toothbrush designed to track and help improve people's brushing habits.

[...] Philips' big push here its 3D Mouth Map, designed for dentists to designate trouble areas due to over- or under-brushing for specific users. The app utilizes that information to determine where users should be spending their time while brushing. There's also a touchup feature that tacks on extra time after the requisite two minute to address spots that were missed.

Activity is tracked courtesy of on-board sensors, which display brushing in real-time. That information is recorded and aggregated over time, so dentists can determine the areas that need work before the next checkup. It's kind of like brushing homework.

Original Submission