It’s been a long time coming. Goodbye Java (plugin). That reminds me of those Java applets that I wrote in a different era. Now if I could only find and convert (rewrite) them to HTML5…
It will be removed some time after the release of Java 9.
Source: Oracle deprecates the Java browser plugin, prepares for its demise
Also mentioned here, the reported anti-virus software is so full of holes that it should strike fear in any company using TrendMicro Antivirus right now. Not only does it allow privileged command execution, it also exposes passwords that you store using the Password Manager.
The way I see it, it’s a combination of incompetence and lack of proper supervisory oversight. It’s exactly the kind of thing that will result if you ask a developer to just meet the specs, where the specs doesn’t talk about hygiene factors such as security etc.
This is an interesting project – running Android as the primary OS for your PC. And why not? It promises the ability to install and run apps from Google Play store, not unlike some of those cheap knockoff set-top boxes that we see. However the OS (called Remix OS) feels much more “desktop-like” – multiple windows, taskbar etc. Those who likes the Android ecosystem might appreciate something like this.
A PC experience unlike anything on Android. An Android experience unlike anything on a PC.
First sustained DDoS attacks. Now password leaks. The bad news never ends for Linode, which is unfortunate, since they are a very cheap and viable alternative to AWS especially if you factor in ingress/egress traffic.
Linode’s woes continue: the server hosting biz has just run a system-wide password reset on customer accounts after two Linode.com user credentials were discovered “on an external machine.”
Source: Under-attack Linode resets passwords after logins leak onto web
2016-01-06 11.22 SGT: As of now, the site is still having intermittent access.
Recovering contents directly from physical RAM of devices has been known for quite some time – it involves esoteric measures such as freezing the device using liquid nitrogen or by putting it in the freezer. It is interesting to see this technique being used to attack Android phones to recover disk encryption keys. Potentially this might defeat on-disk encryption for Android devices, though there are quite some caveats in the technique discussed on the website.
To this end we perform cold boot attacks against Android smartphones and retrieve disk encryption keys from RAM. We show that cold boot attacks against Android phones are generally possible for the first time, and we perform our attacks practically against Galaxy Nexus devices from Samsung.
This is bad. Juniper is a major network equipment provider and a backdoor like this could lead to huge security compromise.
During a recent internal code review, Juniper discovered unauthorized code in ScreenOS that could allow a knowledgeable attacker to gain administrative access to NetScreen® devices and to decrypt VPN connections. Once we identified these vulnerabilities, we launched an investigation into the matter, and worked to develop and issue patched releases for the latest versions of ScreenOS.
Source: Important Announcement about ScreenOS® – J-Net Community
Update (2015-12-20): It could be a state-sponsored attack.
Let’s Encrypt goes public beta. No more paying of ridiculous amounts for a simple SSL certificate. Yearly.
The process is still somewhat rough on the edges now. I expect it to get better when it goes 1.0. There’s another important thing to note when you’re using using certificates from Let’s Encrypt. In the interest of transparency, they publish the list of certificates issued by them. So if you’re uncomfortable about your domain appearing in a public website, you may want to reconsider.
Let’s Encrypt is a free, automated, and open certificate authority brought to you by the Internet Security Research Group (ISRG). ISRG is a California public benefit corporation, and is recognized by the IRS as a tax-exempt organization under Section 501(c)(3) of the Internal Revenue Code.
Source: Entering Public Beta
Yet another reason why device firmware must be made open source. This could create a botnet of potentially 600,000 nodes.
Source: w00tsec: ARRIS Cable Modem has a Backdoor in the Backdoor
The world is waiting with bated breath for this monster. Not quite Mr. Fusion yet, but hopefully it works as expected.
For more than 60 years, scientists have dreamed of a clean, inexhaustible energy source in the form of nuclear fusion.
It took 19 years to build this monster and this video shows just how complex the whole thing is.
This is a really cool idea – a good mashup of old retro game artwork and 3D printing. The author of this website has written an editor that takes in 8-bit sprites from various directions, and produce a working file that can be used for 3D printing.
There’s just something tangible about physical objects that makes them so appealing.
Source: Turning 8-Bit Sprites into Printable 3D Models | 0 FPS
PS: the online editor appears to be down at the moment