SymmetricalDataSecurity: December 2014

Wednesday, December 31, 2014

FTC finalizes privacy settlement with Snapchat over 'deceived' users

Comments

from Hacker News http://bit.ly/1xwA1nm

Supreme Court, in Big Leap, Plans to Put Filings Online

Comments

from Hacker News http://nyti.ms/1vIcBoI

Vuln: MIT Kerberos 5 'svr_principal.c' Information Disclosure Vulnerability

MIT Kerberos 5 'svr_principal.c' Information Disclosure Vulnerability

from SecurityFocus Vulnerabilities http://bit.ly/1I1mbZJ

Vuln: Symantec Web Gateway CVE-2014-7285 Command Injection Vulnerability

Symantec Web Gateway CVE-2014-7285 Command Injection Vulnerability

from SecurityFocus Vulnerabilities http://bit.ly/1BnL27R

This is what Fred Wilson thinks happened in 2014

Comments

from Hacker News http://bit.ly/1EJ25XZ

Google discloses unpatched Windows vulnerability

A Google researcher found a privilege elevation bug in Windows. After 90 days he made it public. He gives no indication that he contacted Microsoft.

from Latest topics for ZDNet in Security http://zd.net/1tAFUyF

Tesla Is Working on Robotic Snakes That Emerge from the Wall to Charge Your Car

Comments

from Hacker News http://tcrn.ch/1tADNL4

The man who invented scotch tape

Comments

from Hacker News http://bit.ly/1wAtH7o

Why Sweden Has So Few Road Deaths

Comments

from Hacker News http://econ.st/1tkIUJE

Minecraft Modding Software To Teach Kids Coding

Comments

from Hacker News http://bit.ly/1x3OoOn

Don't React

Comments

from Hacker News http://bit.ly/1B42iAW

Native calls to Rust code from Java code

Comments

from Hacker News http://bit.ly/1B42ikB

Picasso and Einstein Got the Picture: Breakthroughs in Science and Art

Comments

from Hacker News http://bit.ly/1B42iks

8 tips to building a resilient storage protection architecture

Stages of Protection Storage Architecture | EMC

infocus.emc.com

EMC's Scott Burgess discusses the major milestones in developing a protection storage architecture

via EMC Feeds http://bit.ly/1rznLzR

8 tips to building a resilient storage protection architecture

Stages of Protection Storage Architecture | EMC

infocus.emc.com

EMC's Scott Burgess discusses the major milestones in developing a protection storage architecture

via EMC Feeds http://bit.ly/1rznLzR

Singapore wraps up 2014 with 'smart' ambitions, missteps

Government has invested significant resources to build a "smart nation" supported by big data analytics, but it also needs to dedicate sufficient effort in addressing data security and privacy concerns.

from Latest topics for ZDNet in Security http://zd.net/1AaAZ6G

India blocks 32 websites, including GitHub, Internet Archive, Pastebin, Vimeo

Internet users in India are starting to lose access to websites including GitHub, Internet Archive, Pastebin, and Vimeo under an order from India's DoT (Department of Telecom).

from Latest topics for ZDNet in Security http://zd.net/1AaAWYB

The CPAN Pull Request Challenge

Comments

from Hacker News http://bit.ly/1rzk7WP

F# 2014 – A Retrospective and Call to Action

Comments

from Hacker News http://bit.ly/1rzk4Kp

How Surround Sound for Headphones Works

Comments

from Hacker News http://bit.ly/1rzk4u7

Nasa to hack Mars rover Opportunity to fix 'amnesia' fault

Comments

from Hacker News http://bbc.in/1xxJKqp

Show HN: PHP Code Generator – A scaffolding framework

Comments

from Hacker News http://bit.ly/1xxJHuO

Show HN: Gopher Gala – The First Distributed Hackathon for Go

Comments

from Hacker News http://bit.ly/1tA9Qe3

Language choices for long-term projects

Comments

from Hacker News http://bit.ly/13S3j2n

New solar power material converts 90 percent of captured light into heat

Comments

from Hacker News http://bit.ly/1tk4Rsn

Show HN: Intentionally subtle headphone crossfeed filter

Comments

from Hacker News http://bit.ly/1tk4Pkc

This Guy Did the Coolest, but Possibly Most Illegal, DIY Project Ever

Comments

from Hacker News http://bit.ly/1tk4Rsb

Vuln: RETIRED: Linux Kernel 'Polkit' Local Privilege Escalation Vulnerability

RETIRED: Linux Kernel 'Polkit' Local Privilege Escalation Vulnerability

from SecurityFocus Vulnerabilities http://bit.ly/1vs5hwu

Bugtraq: [The ManageOwnage Series, part X]: 0-day administrator account creation in Desktop Central

[The ManageOwnage Series, part X]: 0-day administrator account creation in Desktop Central

from SecurityFocus Vulnerabilities http://bit.ly/1rz6y9O

Bugtraq: Defense in depth -- the Microsoft way (part 26): "Set Program Access and Computer Defaults" hides applications like Outlook

Defense in depth -- the Microsoft way (part 26): "Set Program Access and Computer Defaults" hides applications like Outlook

from SecurityFocus Vulnerabilities http://bit.ly/13RXFNr

NixOS 14.12 released

Comments

from Hacker News http://bit.ly/1vrZVBA

Uber breaking the rules, says Taiwan's transportation ministry

Comments

from Hacker News http://bit.ly/1EI0KAH

Ask HN: What are your big plans for 2015?

Comments

from Hacker News http://bit.ly/1xxrwFo

Did you know: Baseball generates a staggering 1.5 petabytes of data per year? See for yourself http://bit.ly/1Gu4xwW http://bit.ly/1rz1li9

via EMC Feeds http://bit.ly/1rz1jH3

Did you know: Baseball generates a staggering 1.5 petabytes of data per year? See for yourself http://bit.ly/1Gu4xwW http://bit.ly/1rz1li9

via EMC Feeds http://bit.ly/1rz1jH3

Vuln: Multiple WordPress Themes Multiple Arbitrary File Download Vulnerabilities

Multiple WordPress Themes Multiple Arbitrary File Download Vulnerabilities

from SecurityFocus Vulnerabilities http://bit.ly/1ryYOo6

Porting a Ray Tracer to Rust, Part 1

Comments

from Hacker News http://bit.ly/1B3DtoL

Nvidia Corporate Network Breached

Comments

from Hacker News http://onforb.es/1HgTt8O

Uber Suspends Its Ride-Sharing Service in Spain Following a Court Ruling

Comments

from Hacker News http://tcrn.ch/1HgTrhf

Enclosing the public domain: The restriction of public domain books

Comments

from Hacker News http://bit.ly/1D57iEP

A Newport Rhode Island Turtle Feast, 1767

Comments

from Hacker News http://bit.ly/1EHESFA

Tuesday, December 30, 2014

Line drawing on a grid

Comments

from Hacker News http://bit.ly/1A9Yflk

On Silos

Comments

from Hacker News http://bit.ly/1A9Yfld

Slow bugs

Comments

from Hacker News http://bit.ly/1A9Ydda

Vuln: Docker CVE-2014-9356 Multiple Directory Traversal Vulnerabilities

Docker CVE-2014-9356 Multiple Directory Traversal Vulnerabilities

from SecurityFocus Vulnerabilities http://bit.ly/1B3uVhM

Vuln: Docker CVE-2014-9357 Remote Privilege Escalation Vulnerability

Docker CVE-2014-9357 Remote Privilege Escalation Vulnerability

from SecurityFocus Vulnerabilities http://bit.ly/1B3uX9b

Vuln: Docker CVE-2014-9358 Multiple Directory Traversal Vulnerabilities

Docker CVE-2014-9358 Multiple Directory Traversal Vulnerabilities

from SecurityFocus Vulnerabilities http://bit.ly/1wzReFq

Rainforest QA (YC S12) Is Hiring Engineers in SF (or Remote)

Comments

from Hacker News http://bit.ly/13RGNGI

The Man Who Invented Scotch Tape

Comments

from Hacker News http://bit.ly/14bHlI9

Rr records nondeterministic executions and debugs them deterministically

Comments

from Hacker News http://bit.ly/13RGNGD

How the internet’s engineers are fighting mass surveillance

Comments

from Hacker News http://bit.ly/13RGMm5

Slurm: Yet Another Network Load Monitor

Comments

from Hacker News http://bit.ly/14bHnzN

Catching date-related failures before they become critical (2013)

Comments

from Hacker News http://bit.ly/13RGM5B

How did that program manage to pin itself to my taskbar when I installed it?

Comments

from Hacker News http://bit.ly/1xx8sXY

Discover how we helped overhaul the way IT services were being delivered to @Lotus_F1Team http://bit.ly/1B1CXrq http://bit.ly/13GP7Zu

via EMC Feeds http://bit.ly/1B1CXHK

Discover how we helped overhaul the way IT services were being delivered to @Lotus_F1Team http://bit.ly/1B1CXrq http://bit.ly/13GP7Zu

via EMC Feeds http://bit.ly/1B1CXHK

Top Trends in Tech for 2015 by Jonas Bonér

Comments

from Hacker News http://wrd.cm/1rx9aEY

Computationally Modeling Human Emotion

Comments

from Hacker News http://bit.ly/1xvg7WQ

Cheap randomness - real security

Modern cryptography protocols require real randomness. Sadly, most Random Number Generators (RNG) are pseudo-random and, therefore, hackable. Here's a cheap RNG for the rest of us.

from Latest topics for ZDNet in Security http://zd.net/1EEP4Pg

Saving a Project and a Company – Jacques Mattheij

Comments

from Hacker News http://bit.ly/1y3EjlZ

Matters Computational [pdf]

Comments

from Hacker News http://bit.ly/1wybgjB

Vuln: JasPer CVE-2014-8137 Double Free Remote Code Execution Vulnerability

JasPer CVE-2014-8137 Double Free Remote Code Execution Vulnerability

from SecurityFocus Vulnerabilities http://bit.ly/1xv8LlZ

Microsoft Could Kill Internet Explorer; New Spartan Browser Coming Soon

Bad News for Internet Explorer fans, if any! Microsoft's almost 20 years old Web browser with a big blue E sign might soon be a thing of the past. With the arrival of Windows 10, probably by next fall, Microsoft could come up with its brand new browser that’s more similar to Mozilla's Firefox and Google's Chrome, but less like Internet Explorer (IE), according to a recent report published

from The Hacker News http://bit.ly/1A7HAyG

The Year’s Biggest Winners and Losers in Privacy and Security

The biggest winner of the year may be you. But you're also the biggest loser.

The post The Year’s Biggest Winners and Losers in Privacy and Security appeared first on WIRED.

from WIRED » Threat Level http://wrd.cm/1rx2vLd

Everyday hassles in Go

Comments

from Hacker News http://bit.ly/1y3AWLE

Hacker Clones German Defense Minister's Fingerprint Using Just her Photos

Hackers have already bypassed Apple's fingerprint scanner using fake fingerprints, and now they have found a way to reproduce your fingerprints by using just a couple of photos of your fingers. Special Fingerprint sensors have already been used by Apple and Samsung in their smartphones for authentication purposes and in near future fingerprints sensors are believed to be the part of

from The Hacker News http://bit.ly/1EEthac

Mattermark is looking for our first dedicated DevOps Engineer

Comments

from Hacker News http://bit.ly/1A7uUYE

Scaled Inference Raises $13.6M to Build Out Machine Learning

Comments

from Hacker News http://on.wsj.com/1A7uWzU

Reducing Lwan memory usage by 2670%

Comments

from Hacker News http://bit.ly/1A7uWzK

Kyoto Tycoon for modern systems

Comments

from Hacker News http://bit.ly/1rwUiXf

Why the global financial system is about to collapse (2006)

Comments

from Hacker News http://bit.ly/1A7uTE8

Why I Drilled Holes in My MacBook Pro and Put It in the Oven

Comments

from Hacker News http://bit.ly/1tgI0hp

The Perl Jam: Exploiting a 20 Year-old Vulnerability [pdf]

Comments

from Hacker News http://bit.ly/14aiKDG

The Rapidly Disappearing Business of Design

Comments

from Hacker News http://wrd.cm/14aiIf5

Foundations of Privacy (2012)

Comments

from Hacker News http://bit.ly/1HZ3g1C

Predictions for the future from 1930

Comments

from Hacker News http://bbc.in/1x07i8K

BOS-SFO Trip Study: The Complexity of Airfare Search (2010)

Comments

from Hacker News http://bit.ly/1x07g0y

CEO Joe Tucci explains how EMC’s Federation strategy translates into flexibility for customers http://bit.ly/1HdxbVr http://bit.ly/1Hdxf7u

via EMC Feeds http://bit.ly/1Hdxf7E

By digitizing the historic Christmas Lectures, we are helping The Royal Institution improve and share STEM education http://bit.ly/1HdxeAD

via EMC Feeds http://bit.ly/1Hdxbow

Show HN: #Startup – A global startup community, on Slack

Comments

from Hacker News http://bit.ly/13Q2A1p

World War II’s Strangest Battle: When Americans and Germans Fought Together

Comments

from Hacker News http://thebea.st/14aePH6

This year's smartest UI design ideas

Comments

from Hacker News http://wrd.cm/13Q2xTm

Scavengers

Comments

from Hacker News http://bit.ly/13Q2xTj

Python: Faster Way

Comments

from Hacker News http://bit.ly/13Q2zKX

CEO Joe Tucci explains how EMC’s Federation strategy translates into flexibility for customers http://bit.ly/1HdxbVr http://bit.ly/1Hdxf7u

via EMC Feeds http://bit.ly/1Hdxf7E

By digitizing the historic Christmas Lectures, we are helping The Royal Institution improve and share STEM education http://bit.ly/1HdxeAD

via EMC Feeds http://bit.ly/1Hdxbow

Secrets of Intel's Management Engine

Comments

from Hacker News http://slidesha.re/1tgxV43

On the new Snowden documents

Comments

from Hacker News http://bit.ly/1tgxV3X

How Ebola Roared Back

Comments

from Hacker News http://nyti.ms/1EEaXOs

Working with queue and stack people

Comments

from Hacker News http://bit.ly/1tgxXsq

San Francisco Schools Transformed by the Power of Meditation

Comments

from Hacker News http://nbcnews.to/1EEaVGi

Show HN: “Listen to Twitter” lets you convert Twitter to music

Comments

from Hacker News http://bit.ly/1tgxXc9

Scaled Inference Raises $13.6M to Bring Machine Learning to the Masses

Comments

from Hacker News http://on.wsj.com/1EEaXhx

In his garage lab, Omahan aims to bend fabric of space

Comments

from Hacker News http://bit.ly/1JZhBir

Sakura: Cherry Tree Season in Japan

Comments

from Hacker News http://bit.ly/1zsMtzF

Watchface Generator for Pebble Smartwatch

Comments

from Hacker News http://bit.ly/1zsMtzx

Monday, December 29, 2014

Bugtraq: [SECURITY] [DSA 3116-1] polarssl security update

[SECURITY] [DSA 3116-1] polarssl security update

from SecurityFocus Vulnerabilities http://bit.ly/1HYHUl9

Bugtraq: [SECURITY] [DSA 3115-1] pyyaml security update

[SECURITY] [DSA 3115-1] pyyaml security update

from SecurityFocus Vulnerabilities http://bit.ly/1HYHRWo

Bugtraq: Remote Code Execution via Unauthorised File upload in Cforms 14.7

Remote Code Execution via Unauthorised File upload in Cforms 14.7

from SecurityFocus Vulnerabilities http://bit.ly/1HYHU4E

YourMechanic (YC W12) is hiring full stack engineers

Comments

from Hacker News http://bit.ly/1vog3nw

“Selfie” Protections Among Hundreds of New California Laws

Comments

from Hacker News http://bit.ly/1zNz9ea

Why Kim Dotcom buying off Lizard Squad was the wrong move

Kim Dotcom's gift to the hacker crew behind the Sony PlayStation and Microsoft Xbox networks attacks brought temporary relief, but it sets a bad example for the longer term.

from Latest topics for ZDNet in Security http://zd.net/1xdpiMw

How did the 2014 security predictions do?

The only real surprise I see is a good one having to do with Windows XP and Office 2003. There was other good news and lots of bad.

from Latest topics for ZDNet in Security http://zd.net/1Hd62C7

Deep Learning Reading list

Comments

from Hacker News http://bit.ly/1HYsAVM

Vuln: Torque Munge Authentication Bypass Vulnerability

Torque Munge Authentication Bypass Vulnerability

from SecurityFocus Vulnerabilities http://bit.ly/1vmqBUj

Vuln: torque 'job name' Argument Remote Buffer Overflow Vulnerability

torque 'job name' Argument Remote Buffer Overflow Vulnerability

from SecurityFocus Vulnerabilities http://bit.ly/1vmqBU4

Show HN: New HackerNews web client

Comments

from Hacker News http://bit.ly/1HaGkhy

OpenELEC 5.0

Comments

from Hacker News http://bit.ly/1xbUtYI

The Implications of Facebook Indexing a Trillion Posts

Comments

from Hacker News http://tcrn.ch/1AZb5UG

Xiaomi raises $1.1B on a $45B valuation

Comments

from Hacker News http://on.fb.me/1AZb5En

The 5 Most Dangerous Software Bugs of 2014

2014 was a really bad year for software vulnerabilities. These five are some of the worst security threats of the past 12 months.

The post The 5 Most Dangerous Software Bugs of 2014 appeared first on WIRED.

from WIRED » Threat Level http://wrd.cm/1y15jCD

Vuln: Linux Kernel 'fs/isofs/rock.c' Infinite Loop Denial of Service Vulnerability

Linux Kernel 'fs/isofs/rock.c' Infinite Loop Denial of Service Vulnerability

from SecurityFocus Vulnerabilities http://bit.ly/1EAYRG2

Classic NES Series Anti-Emulation Measures

Comments

from Hacker News http://bit.ly/1AZ74Qh

‘Monster Strike’ Gives Former Social Media Giant Mixi a Second Act

Comments

from Hacker News http://nyti.ms/1AZ74Q6

Bugtraq: [SECURITY] [DSA 3114-1] mime-support security update

[SECURITY] [DSA 3114-1] mime-support security update

from SecurityFocus Vulnerabilities http://bit.ly/1wvRzZE

Bugtraq: [SECURITY] [DSA 3113-1] unzip security update

[SECURITY] [DSA 3113-1] unzip security update

from SecurityFocus Vulnerabilities http://bit.ly/1wvRzJn

Vuln: file CVE-2014-8117 Denial of Service Vulnerability

file CVE-2014-8117 Denial of Service Vulnerability

from SecurityFocus Vulnerabilities http://bit.ly/1wvRzJg

Hacking Facebook Accounts Using Android 'Same Origin Policy' Vulnerability

A serious security vulnerability has been discovered in the default web browser of the Android OS lower than 4.4 running on a large number of Android devices that allows an attacker to bypass the Same Origin Policy (SOP). The Android Same Origin Policy (SOP) vulnerability (CVE-2014-6041) was first disclosed right at the beginning of September 2014 by an independent security researcher

from The Hacker News http://bit.ly/1HVhf8J

A philosopher, a mathematician and a student walk into a bar

Comments

from Hacker News http://bit.ly/1xbKliv

A First Guile Script

Comments

from Hacker News http://bit.ly/1vmc8aQ

Barnes-Hut implementation of t-SNE – pull request in Scikit-Learn

Comments

from Hacker News http://bit.ly/13Ojv4t

Reflections on Microconsoles

Comments

from Hacker News http://tcrn.ch/13Ojuxq

Power and Paranoia in Silicon Valley

Comments

from Hacker News http://bit.ly/13Ojuh8

Where FP meets OO

Comments

from Hacker News http://bit.ly/13Ojuh5

Устаревшие ИТ-системы тормозят развитие бизнеса и экономики

О проблеме

Бизнесу как никогда раньше необходимо соответствовать требованиям рынка, и ИТ-технологии становятся инструментом, создающим конкурентные преимущества. Новые технологии позволяют изменить способ ведения бизнеса и обогнать уже закрепившихся на рынке игроков.

Однако не все так просто. Исследование VMware мнения ИТ-руководителей в России, проведенное в мае 2014 года, показало, что две трети (66%) опрошенных видят разрыв между потребностями бизнеса и возможностями ИТ в пять месяцев. Это расхождение между нуждами бизнеса и поддержкой ИТ может повлечь за собой серьезные последствия как для бизнеса, так и для экономики в целом, если проблема не будет решена.

Экономическое влияние

ИТ-департаменты в регионе EMEA в среднем тратят около 14 часов в неделю на решение проблем, связанных с устаревшими ИТ-системами. Еще 11 часов уходит на работу с облачными приложениями. В результате на решение этих задач тратится около €14 миллиардов. Более глубокий анализ Центра экономических и бизнес исследований (Centre for Economics and Business Research) показал, что расходы бизнеса на решение этой проблемы в Нидерландах составляют более €400 миллионов в год, в России – €895 миллионов, в Германии – €738, и больше всех в Великобритании – €5,9 миллиардов. И это расходы только с точки зрения потраченного времени на ликвидацию ИТ-проблем. Основной тенденцией в данном случае является то, что разрыв между бизнесом и ИТ оказывает серьезное влияние на всю экономику в регионе EMEA.

Гонка за изменениями

Хотя компании могут не осознавать, что их повседневные решения имеют длительные последствия, выходящие далеко за рамки самой организации, сегодня мы видим небывалую потребность в ИТ-решениях. Исследование, о котором мы уже говорили, показало, что российские ИТ-директора испытывают огромное давление со стороны руководства с целью снизить затраты (47%), повысить мобильность работников (46%) и перенести всю инфраструктуру в облако (34%). И только 12% сотрудников ИТ-отделов полностью уверены, что ИТ-инфраструктура и рабочие инструменты их компании в настоящее время соответствуют запросам бизнеса. Таким образом, необходимость в инновациях становится более чем очевидной.

Компании появляются и исчезают вместе с волнами технологических инноваций, но лишь одна вещь остается неизменной. Успешным становится тот бизнес, который может быстро адаптироваться к постоянно изменяющимся условиям. Новые и более динамичные компании бросают вызов и побеждают уже устоявшихся игроков, обремененных устаревшими системами. И фактически, в современных условиях рынка инновации становятся не просто вызовом, а необходимостью.

Решение

Сегодня необходимо полностью изменить роль ИТ, чтобы они стали инструментами для определения стратегии организации и проактивного внедрения инноваций, позволяя компаниям сохранять лидирующие позиции. И это возможно, только если ИТ-отделы освободятся от необходимости тратить часы на поддержку устаревших систем и начнут использовать это время на развитие технологий будущего. Неправильно сбалансировав поддержку систем и внедрение инноваций, бизнес не только вредит своей же производительности, конкурентоспособности и снижает потенциал роста. Он также наносит урон всей экономике. Внедрение ИТ-инноваций позволит добиться повышения прибыли и благосостояния, таким образом, обеспечивая рост и развитие экономики.

via VMware Blogs http://bit.ly/1xbFHBj

Did you know: Baseball generates a staggering 1.5 petabytes of data per year? See for yourself http://bit.ly/1Gu4xwW http://bit.ly/1tdjMo0

via EMC Feeds http://bit.ly/1tdjOMG