SoylentNews

takyon writes:

The first launch of the SLS has slipped again:

NASA has decided it must delay the maiden flight of its Space Launch System rocket, presently scheduled for November 2018, until at least early 2019. This decision was widely expected due to several problems with the rocket, Orion spacecraft, and ground launch systems. The delay was confirmed in a letter from a NASA official released Thursday by the US Government Accountability Office.

The Falcon Heavy will be able to deliver payloads that are similar to what SLS Block 1 can carry:

In its maiden flight configuration, named Block 1, the heavy-lifter will be able to haul up to 77 tons (70 metric tons) of cargo to low Earth orbit, more than double the capacity of the most powerful launcher flying today — United Launch Alliance's Delta 4-Heavy. The Block 1 version of SLS will fly with an upper stage propelled by an Aerojet Rocketdyne RL10 engine, based on the Delta 4's second stage.

SpaceX's Falcon Heavy rocket, scheduled to make its first flight later this year, will come in just shy of the SLS Block 1's capacity if the commercial space company gave up recovering its booster stages.

NASA plans to introduce a bigger four-engine second stage on the EM-2 launch, a configuration of the SLS named Block 1B.

GAO report.

Original Submission

An Anonymous Coward writes:

Russian prosecutors requested a 3½ year prison sentence Friday for a blogger charged with inciting religious hatred for playing "Pokemon Go" in a church.

Prosecutors made the request as the trial of Ruslan Sokolovsky, 22, wrapped up in the city of Yekaterinburg. A judge said a verdict in the case would be issued May 11.

Sokolovsky posted a video on his blog showing him playing the smartphone game in a church built on the supposed spot where the last Russian tsar and his family were killed. He has been in detention since October.

He is charged with inciting religious hatred. It is the same offense that sent two women from the Pussy Riot punk collective to prison for two years in 2012.

Source: ABC News

Video: YouTube

Original Submission

AnonTechie writes:

In 1985, Neil Postman observed an America imprisoned by its own need for amusement. He was, it turns out, extremely prescient.

[...] Many Americans get their news filtered through late-night comedy and their outrages filtered through Saturday Night Live. They—we—turn to memes to express both indignation and joy.

[...] Postman today is best remembered as a critic of television: That's the medium he directly blamed, in Amusing Ourselves to Death, for what he termed Americans' "vast descent into triviality," and the technology he saw as both the cause and the outcome of a culture that privileged entertainment above all else. But Postman was a critic of more than TV alone. He mistrusted entertainment, not as a situation but as a political tool; he worried that Americans' great capacity for distraction had compromised their ability to think, and to want, for themselves. He resented the tyranny of the lol. His great observation, and his great warning, was a newly relevant kind of bummer: There are dangers that can come with having too much fun.

Phoenix666 writes:

Think passwords, people. Think long, complex passwords. Not because a breach dump's landed, but because the security-probing-oriented Kali Linux just got better at cracking passwords.

Kali is a Debian-based Linux that packs in numerous hacking and forensics tools. It's well-regarded among white hat hackers and investigators, who appreciate its inclusion of the tools of their trades.

The developers behind the distro this week gave it a polish, adding new images optimised for GPU-using instances in Azure and Amazon Web Services. The extra grunt the GPUs afford, Kali's backers say, will enhance the distribution's password-probing powers. There's also better supoprt for GPU cracking, hence our warning at the top of this story: anyone can use Kali and there's no way to guarantee black hats won't press it into service. And they can now do so on as many GPU-boosted cloud instances as they fancy paying for.

Could some users of Kali Linux technically be called "thugs?"

Original Submission

a-zA-Z0-9$_.+!*'(),- writes:

DataBreaches.net notes:

"On December 26, in an encrypted chat, TheDarkOverlord (TDO) informed DataBreaches.net that they had recently come across what they described as hundreds of GBs of unreleased and non-public media from a studio located in Hollywood...TDO would not reveal the attack method nor how much the ransom demand was, but DataBreaches.net was able to obtain a copy of a contract both TDO and a representative of Larson allegedly signed. The contract, signed December 27, indicated that the studio would pay TDO 50 BTC by January 31. TDO signed the contract as "Adolf Hitler." The signature of the company representative was indecipherable, but TDO claimed that it was the CFO of the firm who signed. "

https://www.databreaches.net/thedarkoverlord-leaks-upcoming-episode-of-orange-is-the-new-black-after-netflix-doesnt-pay-extortion-demand/

According to http://www.coindesk.com/price/ 50 BTC is US $65,984.32

This article contains more of the contract content: https://noise.getoto.net/tag/thedarkoverlord/ as well as links to the pastebin (removed) https://web.archive.org/web/20170428224235/https://pastebin.com/FKZAafQd.

And covered by TorrentFreak https://torrentfreak.com/hackers-leak-netflixs-orange-is-the-new-black-season-5-premiere-170429/

Original Submission

butthurt writes:

You were warned. Now it begins: The Chicago Tribune reports that the U.S. Environmental Protection Agency (EPA) is working on changes to its Web properties:

The EPA's extensive climate change website now redirects to a page that says "this page is being updated" and that "we are currently updating our website to reflect EPA's priorities under the leadership of President Trump and Administrator Pruitt." It also links to a full archive of how the page used to look on Jan. 19, before Trump's inauguration.

Original Submission

An Anonymous Coward writes:

Recently, someone in my family was not able to get into their home PC with their password, and called for assistance. This means having to drive down to the machine to see what they are doing, and log in with the appropriate account that can reset that password. Work commitments preclude driving there right away to see what is happening, and I am trying to locate a remote access solution. If they were logged into the machine, I could use some sort of remote assistance tool, but that is not an option in this case. There is the possibility of setting up SSH or OpenVPN to access the machine via the Internet, but I am not certain leaving those tools running all the time is the smartest idea in this day and age.

What recommendations do the Soylent community have for securely managing a machine over the Internet when someone is not logged into it?

Original Submission

NotSanguine writes:

In a Security Week article by Ionut Arghir about a newly discovered SNMP vulnerability which allows authentication mechanisms to be bypassed on dozens of network device models (more detail here and here), the author included a link to a github repository (https://github.com/string-bleed/StringBleed-CVE-2017-5135 -- Don't compile and execute the code, but by all means take a look) which purports to be a proof-of-concept (POC) exploit of the vulnerability. However, it's not. It's a trojan which will exfiltrate data from your system.

From the Security Week article:

The issue, the researchers say [this is the link to the trojaned "POC"], resides in the manner in which the SNMP agent in different devices (usually cable modems) handles a human-readable string datatype value called "community string" that SNMP version 1 and 2 use.

The folks at Mitre (who manage the CVE database) caught this and make mention of the issue in their DB entry:

Certain Technicolor devices have an SNMP access-control bypass, possibly involving an ISP customization in some cases. The Technicolor (formerly Cisco) DPC3928SL with firmware D3928SL-P15-13-A386-c3420r55105-160127a could be reached by any SNMP community string from the Internet; also, you can write in the MIB because it provides write properties, aka Stringbleed. NOTE: the string-bleed/StringBleed-CVE-2017-5135 GitHub repository is not a valid reference as of 2017-04-27; it contains Trojan horse code purported to exploit this vulnerability.

The github repository contains a license, a readme, a Makefile and one source file, poc-linux.c. Looking at the C code, it's immediately clear that this is *not* an SNMP exploit (extracts from poc-linux.c):

Arthur T Knackerbracket has found the following story:

Who asked for a bunch of "Avatar" sequels for Christmas? Your wish has been granted.

Better find out what the Na'vi want for Christmas, because the blue humanoids are going to be around for a lot of them.

The official Facebook page for James Cameron's sci-fi movie franchise announced on Saturday that dates have been set for the release of the next four "Avatar" sequels, and they're all right around the big December holiday movie rush, though in different years.

"Avatar takes flight as we begin concurrent production on four sequels," the post reads. "The journey continues December 18, 2020, December 17, 2021, December 20, 2024 and December 19, 2025!"

-- submitted from IRC

Original Submission

takyon writes:

http://www.npr.org/sections/thetwo-way/2017/04/26/525609671/recordings-reveal-baby-humpback-whales-whisper-to-their-mothers

Baby humpback whales seem to whisper to their mothers, according to scientists who have captured the infant whales' quiet grunts and squeaks.

The recordings, described in the journal Functional Ecology, are the first ever made with devices attached directly to the calves.

High suckling rates and acoustic crypsis of humpback whale neonates maximise potential for mother–calf energy transfer (open, DOI: 10.1111/1365-2435.12871) (DX)

Original Submission

MrPlow writes:

Submitted via IRC for TheMightyBuzzard

With slick marketing, catchy taglines and some pretty bold claims about their security, nomx claim to have cracked email security.

This thorough article tells all about the device, and it doesn't measure up at all to its marketing.

It would be very easy to conclude that this is a scam. The device is running standard mail server software running on a Raspberry Pi, most of which is outdated. They have presented at countless tech shows and can be constantly found making bold statements of 'absolute security' yet didn't pick up a CSRF vulnerability in their web interface.

Source: https://scotthelme.co.uk/nomx-the-worlds-most-secure-communications-protocol/

Fnord666 [soylentnews.org] adds:

Nomx has issued a reply on their main page in a post titled 'nomx Passes Security Tests After Blogger Claims to Have Penetrated nomx'. In that reply nomx states the following results:

No nomx user was affected by this threat. No nomx user could be affected by this threat in the future. No nomx data was compromised, and the blogger has (finally) reluctantly verified this. He still has not publicly shared these statements, except via an email response to the BBC when directly asked on April 25 the response was:

From the BBC to nomx: "I understand from your replies that you state categorically that no nomx accounts have been affected by this hack. I have put your questions to [blogger] who has confirmed to me that he cannot say that any have."

While nomx is no longer based on Raspberry devices, we still maintain that the users' data is secured as we've demonstrated to the blogger, the media and our customers.

Also at Ars Technica

Original Submission #1  Original Submission #2

butthurt writes:

It's reported that, as of 11 April, patches are available for a security bug in Microsoft Office and in Wordpad which was disclosed to the company in October. The flaw was widely exploited after McAfee blogged about it. It affects Microsoft Office 2007 SP3 and Windows Vista SP2; the latter was released in May 2009 and the former in October 2011.

In related news, The Register (nonCloud-flare link) says that

further information: CVE-2017-0199

coverage:

• Ars Technica
• Dark Reading
• Threatpost
• eWeek
• PC World
• Bleeping Computer
• Network World
• CyberScoop
• Cisco blog

related story:
After Microsoft Delays Patch Tuesday, Google Discloses Windows Bug

Original Submission

takyon writes:

An extremely cold and relatively small exoplanet has been discovered using gravitational microlensing. The planet orbits an ultracool red or brown dwarf at a distance of around 1.16 AU:

Scientists have discovered a new planet with the mass of Earth, orbiting its star at the same distance that we orbit our sun. The planet is likely far too cold to be habitable for life as we know it, however, because its star is so faint. But the discovery adds to scientists' understanding of the types of planetary systems that exist beyond our own.

[...] The newly discovered planet, called OGLE-2016-BLG-1195Lb, aids scientists in their quest to figure out the distribution of planets in our galaxy. An open question is whether there is a difference in the frequency of planets in the Milky Way's central bulge compared to its disk, the pancake-like region surrounding the bulge. OGLE-2016-BLG-1195Lb is located in the disk, as are two planets previously detected through microlensing by NASA's Spitzer Space Telescope.

Popsci press couldn't resist calling it "Hoth", although it would be even less hospitable.

Also at CNN and Scientific American (Space.com).

An Earth-mass Planet in a 1 au Orbit around an Ultracool Dwarf (open, DOI: 10.3847/2041-8213/aa6d09) (DX)

Original Submission

butthurt writes:

Kotaku reports that:

The new model is planned to be available in July in the United States, at around $150.

takyon: Is glasses-free 3D dead?

Nintendo 3DS was released in Japan on February 26, 2011 and worldwide the following month. The price was cut by $80 on July 28, 2011.

Original Submission

butthurt writes:

Softpedia News reports that version 2.02 of the GRUB boot loader has been released. Among the many new features are support for LZ4 compression on ZFS, 64-bit ext2, XFS v5, Morse code output and a modem-like output through the PC speaker, Xen paravirtualisation, TrueCrypt ISOs, Apple fat binaries on non-Apple hardware, and 16-bit mode on non-x86 hardware.

Further information:
NEWS file

Related stories:
Windows 8 Update Erases Grub, Enables Secure Boot
Press Backspace 28 times: Pwn Unlucky Linux Systems Running GRUB

Original Submission