Search

Rss Posts

Rss Comments

Login

 

Honda engineer debunks own claim about cause of Takata airbag failures

Jun 25

Filed under:
,


Honda reiterated its position that it did not conceal knowledge of Takata defects, but instead was itself a victim of deception by Takata officials.

Continue reading Honda engineer debunks own claim about cause of Takata airbag failures

Honda engineer debunks own claim about cause of Takata airbag failures originally appeared on Autoblog on Sat, 24 Jun 2017 12:30:00 EDT. Please see our terms for use of feeds.

Permalink | 
Email this | 
Comments

View source

Seven awesome vintage car posters recently sold at auction

Jun 25

Filed under:
,


Seven vintage car posters were auctioned by Poster Auctions International on eBay, including ads for the Monaco Grand Prix, Michelin, and Texaco.

Continue reading Seven awesome vintage car posters recently sold at auction

Seven awesome vintage car posters recently sold at auction originally appeared on Autoblog on Sat, 24 Jun 2017 08:30:00 EDT. Please see our terms for use of feeds.

Permalink | 
Email this | 
Comments

View source

Account Registrations Enable ‘Password Reset Man In The Middle’ Attacks

Jun 25

“Attackers that have set up a malicious site can use users’ account registration process to successfully perform a password reset process on a number of popular websites and messaging mobile applications, researchers have demonstrated.” Orome1 quotes Help Net Security:
The Password Reset Man in the Middle attack exploits the similarity of the registration and password reset processes. To launch such an attack, the attacker only needs to control a website. To entice victims to make an account on the malicious website, the attacker can offer free access to a wanted resource. Once the user initiates the account registration process by entering their email address, the attacker can use that information to initiate a password reset process on another website that uses that piece of information as the username (e.g. Google, YouTube, Amazon, Twitter, LinkedIn, PayPal, and so on). Every request for input from that site is forwarded to the potential victim, and then his or her answers forwarded back to that particular site.

Interestingly, it can also beat two-factor authentication — since the targeted user will still input the phone code into the man-in-the-middle site.


Share on Google+

Read more of this story at Slashdot.

View source

Germany Cracks Down On Illegal Speech On Social Media.

Jun 25

ArmoredDragon writes: German police have raided 36 homes of people accused of using illegal speech on Facebook and Twitter. Much of it was aimed at political speech. According to the article, “Most of the raids concerned politically motivated right-wing incitement, according to the Federal Criminal Police Office, whose officers conducted home searches and interrogations. But the raids also targeted two people accused of left-wing extremist content, as well as one person accused of making threats or harassment based on someone’s sexual orientation.” This comes just as a new law is being debated that can fine social media platforms $53 million for not removing 70% of illegal speech (including political, defamatory, and hateful speech) within 24 hours of it being posted, which Facebook argues will make it obligatory for them to delete posts and ban users for speech that isn’t clearly illegal.


Share on Google+

Read more of this story at Slashdot.

View source

Linus Explains What Surprises Him After 25 Years Of Linux

Jun 25

Linus Torvalds appeared in a new “fireside chat” with VMware Head of Open Source Dirk Hohndel. An anonymous reader writes:
Linus explained what still surprises him about Linux development. “Code that I thought was stable continually gets improved. There are things we haven’t touched for many years, then someone comes along and improves them or makes bug reports in something I thought no one used. We have new hardware, new features that are developed, but after 25 years, we still have old, very basic things that people care about and still improve… Our processes have not only worked for 25 years, we still have a very strong maintainer group… And as these maintainers get older and fatter, we have new people coming in.”
Linus also says he’s surprised by the widespread popularity of Git. “I expected it to be limited mostly to the kernel — as it’s tailored to what we do… In certain circles, Git is more well known than Linux.” And he also shares advice if you want to get started as an open source developer. “I’m not sure my example is the right thing for people to follow. There are a ton of open source projects and, if you are a beginning programmer, find something you’re interested in that you can follow for more than just a few weeks… If you can be part of a community and set up patches, it’s not just about the coding, but about the social aspect of open source. You make connections and improve yourself as a programmer.”
Linus also says that “I really like what I’m doing. I like waking up and having a job that is technically interesting and challenging without being too stressful so I can do it for long stretches; something where I feel I am making a real difference and doing something meaningful not just for me.”


Share on Google+

Read more of this story at Slashdot.

View source

State Legislators Want Surveillance Cameras To Catch Uninsured Drivers

Jun 25

An anonymous reader quotes Ars Technica:
A Rhode Island legislative committee has approved a bill that would greatly expand the surveillance state through the deployment of license plate readers. For the first time in the US, these devices would be attached along Rhode Island highways and roads for the stated purpose of catching uninsured motorists from any state… The legislation spells out that the contractor for the project would get 50 percent of the fines paid by uninsured motorists ensnared under the program. The state and the contractor would each earn an estimated $15 million annually. Fines are as high as $120.

Many police departments nationwide are using surveillance cameras tacked onto traffic poles and police vehicles to catch traffic violators and criminal suspects. The proceeds from traffic fines usually are divvied up with contractors. But according to the Rhode Island lawmaker sponsoring this legislation, it’s time to put surveillance cameras to a new purpose — fining uninsured motorists.


Share on Google+

Read more of this story at Slashdot.

View source

Survey Says: Raspberry Pi Still Rules, But X86 SBCs Have Made Gains

Jun 25

DeviceGuru writes: Results from LinuxGizmos.com’s annual hacker-friendly single board computer survey are in, and not surprisingly, the Raspberry Pi 3 is the most desired maker SBC by a 4-to-1 margin. In other trends: x86 SBCs and Linux/Arduino hybrids have trended upwards. The site’s popular hacker SBC survey polled 1,705 survey respondents and asked for their first, second, and third favorite SBCs from a curated list of 98 community oriented, Linux- and Android-capable boards. Spreadsheets comparing all 98 SBCs’ specs and listing their survey vote tallies are available in freely downloadable Google Docs.

Other interesting findings:
“A Raspberry Pi SBC has won in all four of our annual surveys, but never by such a high margin.”The second-highest ranked board — behind the Raspberry Pi 3 — was the Raspberry Pi Zero W.”The Raspberry Pi’s success came despite the fact that it offers some of the weakest open source hardware support in terms of open specifications. This, however, matches up with our survey responses about buying criteria, which ranks open source software support and community over open hardware support.””Despite the accelerating Raspberry Pi juggernaut, there’s still plenty of experimentation going on with new board models, and to a lesser extent, new board projects.”


Share on Google+

Read more of this story at Slashdot.

View source

Should Your Company Switch To Microservices?

Jun 25

Walmart Canada claims that it was microservices that allowed them to replace hardware with virtual servers, reducing costs by somewhere between 20 and 50 percent. Now Slashdot reader snydeq shares an article by a senior systems automation engineer arguing that a microservices approach “offers increased modularity, making applications easier to develop, test, deploy, and, more importantly, change and maintain.”

The article touts things like cost savings and flexibility for multiple device types, suggesting microservices offer increased resilience and improved scalabiity (not to mention easier debugging and a faster time to market with an incremental development model). But it also warns that organizations need the resources to deploy the new microservices quicky (and the necessary server) — along with the ability to test and monitor them for database errors, network latency, caching issues and ongoing availability. “You must embrace devops culture,” argues the article, adding that “designing for failure is essential… In a traditional setting, developers are focused on features and functionalities, and the operations team is on the hook for production challenges. In devops, everyone is responsible for service provisioning — and failure.”

The original submission ends with a question for Slashdot reader. “What cautions do you have to offer for folks considering tapping microservices for their next application?”


Share on Google+

Read more of this story at Slashdot.

View source

Researcher Finds Critical OpenVPN Bug Using Fuzzing

Jun 25

“Guido Vranken recently published 4 security vulnerabilities in OpenVPN on his personal blog,” writes long-time Slashdot reader randomErr — one of which was a critical remote execution bug. Though patches have been now released, there’s a lesson to be learned about the importance of fuzzing — bug testing with large amounts of random data — Guido Vranken writes:

Most of these issues were found through fuzzing. I hate admitting it, but…the arcane art of reviewing code manually, acquired through grueling practice, are dwarfed by the fuzzer in one fell swoop; the mortal’s mind can only retain and comprehend so much information at a time, and for programs that perform long cycles of complex, deeply nested operations it is simply not feasible to expect a human to perform an encompassing and reliable verification.
ZDNet adds that “OpenVPN’s audits, carried out over the past two years, missed these major flaws. While a handful of other bugs are found, perhaps OpenVPN should consider adding fuzzing to their internal security analysis in the future.” Guido adds on his blog, “This was a labor of love. Nobody paid me to do this. If you appreciate this effort, please donate BTC…”


Share on Google+

Read more of this story at Slashdot.

View source

UK Parliament Emails Closed After ‘Sustained And Determined’ Cyber-Attack

Jun 25

An anonymous reader quotes the Guardian:
Parliament has been hit by a “sustained and determined” cyber-attack by hackers attempting to gain access to MPs’ and their staffers’ email accounts. Both houses of parliament were targeted on Friday in an attack that sought to gain access to accounts protected by weak passwords… The estate’s digital services team said they had made changes to accounts to block out the hackers, and that the changes could mean staff were unable to access their emails…
The international trade secretary, Liam Fox, told ITV News the attack was a “warning to everyone we need more security and better passwords. You wouldn’t leave your door open at night.” In an interview with the BBC, he added: “We know that there are regular attacks by hackers attempting to get passwords. We have seen reports in the last few days of even Cabinet ministers’ passwords being for sale online. We know that our public services are attacked, so it is not at all surprising that there should be an attempt to hack into parliamentary emails.”

One member of Parliament posted on Twitter “Sorry, no parliamentary email access today â” we’re under cyber-attack from Kim Jong-un, Putin or a kid in his mom’s basement or something.” He added later, “I’m off to the pub.”


Share on Google+

Read more of this story at Slashdot.

View source