Security

OpenSSH Will Feature Key Discovery and Rotation For Easier Switching To Ed25519 23

Posted by Soulskill
from the all-about-the-upgrades dept.
ConstantineM writes: OpenSSH developer Damien Miller has posted about a new feature he implemented and committed for the next upcoming 6.8 release of OpenSSH hostkeys@openssh.com — an OpenSSH extension to the SSH protocol for sshd to automatically send all of its public keys to the client, and for the client to automatically replace all keys of such server within ~/.ssh/known_hosts with the fresh copies as supplied (provided the server is trusted in the first place, of course). The protocol extension is simple enough, and is aimed to make it easier to switch over from DSA to the OpenSSL-free Ed25519 public keys. It is also designed in such a way as to support the concept of spare host keys being stored offline, which could then seamlessly replace main active keys should they ever become compromised.
Open Source

Inkscape Version 0.91 Released 70

Posted by Soulskill
from the onward-and-upward dept.
Bryce writes: Four years since the last major Inkscape release, now news is out about version 0.91 of this powerful vector drawing and painting tool. The main reason for the multi-year delay is that they've switched from their old custom rendering engine to using Cairo now, improving their support for open source standards. This release also adds symbol libraries and support for Visio stencils, cross platform WMF and EMF import and export, a native Windows 64-bit build, scads of bug fixes, and much more. Check out the full release notes for more information about what has changed, or just jump right to downloading your package for Windows, Linux, or Mac OS X.
Linux Business

Dell Continues Shipping Fresh Linux Laptops 98

Posted by Soulskill
from the permanent-penguin dept.
jones_supa writes: In its latest move, Dell will be bringing Ubuntu 14.04 LTS to its top-of-the-line Precision M3800 workstation laptop and the latest model of the Dell XPS 13. Both systems will be running Ubuntu 14.04.1. According to Barton George, Dell's Director of Developer Programs, programmers had been asking for a better, officially-supported Ubuntu developer laptop. This came about from a combination of the efforts of Dell software engineer Jared Dominguez and enthusiastic feedback. Specs of M3800: 15.6" LCD @ 3840x2160, Intel i7 quad core CPU, NVIDIA Quadro GPU, up to 16 GB RAM. The bad news is, as Dominguez explained on his blog, this version of the M3800 doesn't support its built-in Thunderbolt 2 port out of the box. However, thanks to the hardware-enablement stack in Ubuntu, starting with upcoming Ubuntu 14.04.2, you will be able to upgrade your kernel to add some Thunderbolt support.
Programming

How Blind Programmers Write Code 71

Posted by Soulskill
from the one-line-at-a-time dept.
theodp writes: Yes, folks, there are blind programmers. There's Ed Summers, for one, who lost his vision at age 30 and now ghostblogs for Willie the Seeing Eye Dog. And if you've ever wondered how the blind can code, Florian Beijers, who has been blind since birth, explains that all he needs is a normal Dell Inspiron 15r SE notebook and his trusty open source NVDA screen reader software, and he's good-to-go. "This is really all the adaptation a blind computer user needs," Beijers adds, but he does ask one small favor: "If you're writing the next big application, with a stunning UI and a great workflow, I humbly ask you to consider accessibility as part of the equation. In this day and age, there's really no reason not to use the UI toolkits available."
The Military

US Army Releases Code For Internal Forensics Framework 36

Posted by Soulskill
from the see-what-kind-of-code-your-tax-dollars-can-buy dept.
An anonymous reader writes: The U.S. Army Research Laboratory in Maryland has released on GitHub a version of a Python-based internal forensics tool which the army itself has been using for five years. Dshell is a Linux-based framework designed to help investigators identify and examine compromised IT environments. One of the intentions of the open-sourcing of the project is to involve community developers in the creation of new modules for the framework. The official release indicates that the version of Dshell released to Github is not necessarily the same one that the Army uses, or at least that the module package might be pared down from the Army-issued software.
Oracle

VirtualBox Development At a Standstill 269

Posted by Soulskill
from the not-with-a-virtual-bang,-but-a-virtual-whimper dept.
jones_supa writes: Phoronix notes how it has been a long time since last hearing of any major innovations or improvements to VirtualBox, the virtual machine software managed by Oracle. This comes while VMware is improving its products on all platforms, and KVM, Xen, Virt-Manager, and related Linux virtualization technologies continue to advance as well. Is there any hope left for a revitalized VirtualBox? It has been said that there are only four paid developers left on the VirtualBox team at the company, which is not enough manpower to significantly advance such a complex piece of software. The v4.3 series has been receiving some maintenance updates during the last two years, but that's about it.
China

Tech Companies Worried Over China's New Rules For Selling To Banks 123

Posted by Soulskill
from the worried-all-the-way-to-the-bank dept.
An anonymous reader writes: China is putting into place a new set of regulations for how banks interact with technology, and it has many companies worried. While the rules might enhance security for the Chinese government, they devastate it for everyone else. For example, not only will China require that companies turn over source code for any software sold to banks, the companies building the software (and hardware) must also build back doors into their systems. The bad news for us is that most companies can't afford to simply refuse the rules and write China off. Tech industry spending is estimated to reach $465 billion in 2015, and it's projected for a huge amount of growth.
Businesses

LibreOffice Gets a Streamlined Makeover With 4.4 Release 145

Posted by samzenpus
from the check-it-out dept.
TechCurmudgeon sends word that LibreOffice 4.4 has been released. "The Document foundation announced availability of the latest version of LibreOffice on Thursday, which it says is the most beautiful version of the open source productivity suite yet. LibreOffice 4.4 also fixes some compatibility issues with files that are saved in Microsoft's OOXML formats. LibreOffice 4.4 has got a lot of UX and design love," Jan "Kendy" Holesovsky, who leads the design team for Libreoffice, said in a statement. LibreOffice 4.4 is currently available for Windows."
Intel

FSF-Endorsed Libreboot X200 Laptop Comes With Intel's AMT Removed 170

Posted by timothy
from the if-thine-eye-offends-thee dept.
gnujoshua (540710) writes "The Free Software Foundation has announced its endorsement of the Libreboot X200, a refurbished Lenovo ThinkPad X200 sold by Gluglug. The laptop ships with 100% free software and firmware, including the FSF's endorsed Trisquel GNU/Linux and Libreboot. One of the biggest challenges overcome in achieving FSF's Respects Your Freedom certification was the complete removal of Intel's ME and AMT firmware. The AMT is a controversial proprietary backdoor technology that allows remote access to a machine even when it is powered off. Quoting from the press release: "The ME and its extension, AMT, are serious security issues on modern Intel hardware and one of the main obstacles preventing most Intel based systems from being liberated by users. On most systems, it is extremely difficult to remove, and nearly impossible to replace. Libreboot X200 is the first system where it has actually been removed, permanently," said Gluglug Founder and CEO, Francis Rowe."
Security

Georgia Institute of Technology Researchers Bridge the Airgap 86

Posted by timothy
from the always-type-in-gibberish dept.
An anonymous reader writes Hacked has a piece about Georgia Institute of Technology researchers keylogging from a distance using the electromagnetic radiation of CPUs. They can reportedly do this from up to 6 meters away. In this video, using two Ubuntu laptops, they demonstrate that keystrokes are easily interpreted with the software they have developed. In their white paper they talk about the need for more research in this area so that hardware and software manufacturers will be able to develop more secure devices. For now, Faraday cages don't seem as crazy as they used to, or do they?
Government

Drone Maker Enforces No-Fly Zone Over DC, Hijacking Malware Demonstrated 164

Posted by samzenpus
from the fly-that-anywhere dept.
An anonymous reader writes A recent incident at the White House showed that small aerial vehicles (drones) present a specific security problem. Rahul Sasi, a security engineer at Citrix R&D, created MalDrone, the first backdoor malware for the AR drone ARM Linux system to target Parrot AR Drones, but says it can be modified to target others as well. The malware can be silently installed on a drone, and be used to control the drone remotely and to conduct remote surveillance. Meanwhile, the Chinese company that created the drone that crashed on the White House grounds has announced a software update for its "Phantom" series that will prohibit flight within 25 kilometers of the capital.
Businesses

One In Five Developers Now Works On IoT Projects 251

Posted by samzenpus
from the that's-a-whole-lot-of-things dept.
dcblogs writes Evans Data Corp., which provides research and intelligence for the software development industry, said that of the estimated 19 million developers worldwide, 19% are now doing IoT-related work. A year ago, the first year IoT-specific data was collected, that figure was 17%. But when developers were asked whether they plan to work in IoT development over the next year, 44% of the respondents said they are planning to do so, said Michael Rasalan, director of research at Evans.
Books

Book Review: Designing and Building a Security Operations Center 29

Posted by samzenpus
from the read-all-about-it dept.
benrothke writes Many organizations are overwhelmed by the onslaught of security data from disparate systems, platforms and applications. They have numerous point solutions (anti-virus, firewalls, IDS/IPS, ERP, access control, IdM, single sign-on, etc.) that can create millions of daily log messages. In addition to directed attacks becoming more frequent and sophisticated, there are regulatory compliance issues that place increasing burden on security, systems and network administrators. This creates a large amount of information and log data without a formal mechanism to deal with it. This has led to many organizations creating a security operations center (SOC). A SOC in its most basic form is the centralized team that deals with information security incidents and related issues. In Designing and Building a Security Operations Center, author David Nathans provides the basics on how that can be done. Keep reading for the rest of Ben's review
Programming

Ask Slashdot: What Makes a Great Software Developer? 210

Posted by Soulskill
from the highlander-style-combat dept.
Nerval's Lobster writes: What does it take to become a great — or even just a good — software developer? According to developer Michael O. Church's posting on Quora (later posted on LifeHacker), it's a long list: great developers are unafraid to learn on the job, manage their careers aggressively, know the politics of software development (which he refers to as 'CS666'), avoid long days when feasible, and can tell fads from technologies that actually endure... and those are just a few of his points. Over at Salsita Software's corporate blog, meanwhile, CEO and founder Matthew Gertner boils it all down to a single point: experienced programmers and developers know when to slow down. What do you think separates the great developers from the not-so-fantastic ones?
GNU is Not Unix

Serious Network Function Vulnerability Found In Glibc 211

Posted by Soulskill
from the audits-finding-gold dept.
An anonymous reader writes: A very serious security problem has been found and patched in the GNU C Library (Glibc). A heap-based buffer overflow was found in __nss_hostname_digits_dots() function, which is used by the gethostbyname() and gethostbyname2() function calls. A remote attacker able to make an application call to either of these functions could use this flaw to execute arbitrary code with the permissions of the user running the program. The vulnerability is easy to trigger as gethostbyname() can be called remotely for applications that do any kind of DNS resolving within the code. Qualys, who discovered the vulnerability (nicknamed "Ghost") during a code audit, wrote a mailing list entry with more details, including in-depth analysis and exploit vectors.
Opera

Opera Founder Is Back, WIth a Feature-Heavy, Chromium-Based Browser 158

Posted by timothy
from the sink-within-a-sink dept.
New submitter cdysthe writes Almost two years ago, the Norwegian browser firm Opera ripped out the guts of its product and adopted the more standard WebKit and Chromium technologies, essentially making it more like rivals Chrome and Safari. But it wasn't just Opera's innards that changed; the browser also became more streamlined and perhaps less geeky. Many Opera fans were deeply displeased at the loss of what they saw as key differentiating functionality. So now Jon von Tetzchner, the man who founded Opera and who would probably never have allowed those drastic feature changes, is back to serve this hard core with a new browser called Vivaldi. The project's front page links to downloads of a technical preview, available for Linux, Mac OS X, and Windows. Firefox users who likewise prefer a browser with more rather than fewer features (but otherwise want to stick with Firefox) might also consider SeaMonkey, which bundles not just a browser but email, newsgroup client and feed reader, HTML editor, IRC chat and web development tools.
Education

Brought To You By the Letter R: Microsoft Acquiring Revolution Analytics 105

Posted by timothy
from the interesting-choice-of-letter dept.
theodp writes Maybe Bill Gates' Summer Reading this year will include The Art of R Programming. Pushing further into Big Data, Microsoft on Friday announced it's buying Revolution Analytics, the top commercial provider of software and services for the open-source R programming language for statistical computing and predictive analytics. "By leveraging Revolution Analytics technology and services," blogged Microsoft's Joseph Sirosh, "we will empower enterprises, R developers and data scientists to more easily and cost effectively build applications and analytics solutions at scale." Revolution Analytics' David Smith added, "Now, Microsoft might seem like a strange bedfellow for an open-source company [RedHat:Linux as Revolution Analytics:R], but the company continues to make great strides in the open-source arena recently." Now that it has Microsoft's blessing, is it finally time for AP Statistics to switch its computational vehicle to R?
Internet Explorer

In Addition To Project Spartan, Windows 10 Will Include Internet Explorer 99

Posted by timothy
from the ultra-backwards-compatible dept.
An anonymous reader writes After unveiling its new Project Spartan browser for Windows 10, Microsoft is now offering more details. The company confirmed that Windows 10 will also include Internet Explorer for enterprise sites, though it didn't say how exactly this will work. Spartan comes with a new rendering engine, which doesn't rely on the versioned document modes the company has historically used. It also provides compatibility with the millions of existing enterprise websites specifically designed for Internet Explorer by loading the IE11 engine when needed. In this way, the browser uses the new rendering engine for modern websites and the old one for legacy purposes.
Encryption

OpenSSL 1.0.2 Released 96

Posted by timothy
from the early-days dept.
kthreadd writes The OpenSSL project has released its second feature release of the OpenSSL 1.0 series, version 1.0.2 which is ABI compatible with the 1.0.0 and 1.0.1 series. Major new features in this release include Suite B support for TLS 1.2 and DTLS 1.2 and support for DTLS 1.2. selection. Other major changes include TLS automatic EC curve selection, an API to set TLS supported signature algorithms and curves, the SSL_CONF configuration API, support for TLS Brainpool, support for ALPN and support for CMS support for RSA-PSS, RSA-OAEP, ECDH and X9.42 DH.
Communications

WhatsApp vs. WhatsApp Plus Fight Gets Ugly For Users 192

Posted by timothy
from the for-your-convenience-we-have-disabled-convenience dept.
BarbaraHudson writes WhatsApp is locking out users for 24 hours who use WhatsApp Plus to access the service. The company claims they brought in the temporary ban to make users aware that they are not using the correct version and their privacy could be comprised using the unofficial WhatsApp Plus. "Starting today, we are taking aggressive action against unauthorized apps and alerting the people who use them." Is this a more aggressive rerun of "This site best viewed with Internet Explorer"?