Security

New Zero Day Disclosed In WordPress Core Engine

Posted by Soulskill
from the pressing-words-is-risky-business dept.
Trailrunner7 writes: WordPress security issues have for the most part involved a vulnerable plug-in, but a Finnish researcher has disclosed some details on a zero-day vulnerability he discovered in the WordPress 4.2 and earlier core engine that could lead to remote code execution on the webserver. Juoko Pynnonen of Klikki Oy reported a new and unpatched stored cross-site scripting vulnerability in the platform; a similar bug was patched this week by WordPress developers, but only 14 months after it was reported. The vulnerability allows an attacker to inject JavaScript in the WordPress comment field; the comment has to be at least 66,000 characters long and it will be triggered when the comment is viewed, Pynnonen said.

"An unauthenticated attacker can store JavaScript on WordPress pages and blog posts. If triggered by an administrator, this leads to server-side code execution under default settings," Pynnonen said. "A usable comment form is required. It looks like the script is not executed in the admin Dashboard, but only when viewing the post/page where the comment was entered. If comment moderation is enabled (the default setting) then the comment won't appear on the page until it has been approved by an admin/moderator. Under default settings, after one 'harmless' comment is approved, the attacker is free from subsequent moderation and can inject the exploit to several pages and blog posts."
Businesses

Valve Pulls the Plug On Paid Mods For Skyrim 30

Posted by Soulskill
from the entitled-wheel-gets-the-grease dept.
westlake writes: Valve has abandoned its attempt to introduce paid mods to Skyrim on Steamworks, following furious and unrelenting complaints by the gaming community that did not spare Gabe Newell. Valve said, "[O]ur main goals were to allow mod makers the opportunity to work on their mods full time if they wanted to, and to encourage developers to provide better support to their mod communities. We thought this would result in better mods for everyone, both free & paid." Bethesda had similar goals, saying, "There are certainly other ways of supporting modders, through donations and other options. We are in favor of all of them. One doesn't replace another, and we want the choice to be the community’s. Yet, in just one day, a popular mod developer made more on the Skyrim paid workshop than he made in all the years he asked for donations."
Privacy

New Privacy Threat: Automated Vehicle Occupancy Detection 50

Posted by Soulskill
from the shades-of-minority-report dept.
An anonymous reader writes: The Electronic Frontier Foundation is warning against a new potential privacy threat: cameras that look inside cars and try to identify how many people are inside. This technology is a natural combination of simpler ones that have existed for years: basic object recognition software and road-side cameras (red light cameras, speeding cameras, license plate readers — you name it). Of course, we can extrapolate just a bit further, and point out that as soon as the cameras have high enough resolution, they can start running face recognition algorithms on the images, and determine the identities of a vehicle's occupants.

"The San Diego Association of Governments (SANDAG), a government umbrella group that develops transportation and public safety initiatives across the San Diego County region, estimates that 15% of drivers in High Occupancy Vehicle (HOV) lanes aren't supposed to be there. After coming up short with earlier experimental projects, the agency is now testing a brand new technology to crack down on carpool-lane scofflaws on the I-15 freeway. ... In short: the technology is looking at your image, the image of the people you're with, your location, and your license plate. (SANDAG told CBS the systems will not be storing license plate data during the trial phase and the system will, at least for now, automatically redact images of drivers and passengers. Xerox's software, however, allows police the option of using a weaker form of redaction that can be reversed on request.)"
Transportation

The Engineer's Lament -- Prioritizing Car Safety Issues 122

Posted by Soulskill
from the backseat-engineering dept.
An anonymous reader writes: Malcolm Gladwell has an article in The New Yorker about how automotive engineers handle issues of safety. There have been tons of car-related recalls lately, and even before that, we'd often hear about how some piece of engineering on a car was leading to a bunch of deaths. Sometimes it was a mistake, and sometimes it was an intentional design. But we hear about these issues through the lens of sensationalized media and public outrage — the engineers working on these problems understand better that it's how you drive that gets you into trouble far more than what you drive.

For example, the Ford Pinto became infamous for catching fire in crashes back in the 1970s. Gladwell says, "That's a rare event—it happens once in every hundred crashes. In 1975-76, 1.9 per cent of all cars on the road were Pintos, and Pintos were involved in 1.9 per cent of all fatal fires. Let's try again. About fifteen per cent of fatal fires resulted from rear collisions. If we look just at that subset of the subset, Schwartz shows, we finally see a pattern. Pintos were involved in 4.1 per cent of all rear-collision fire fatalities—which is to say that they may have been as safe as or safer than other cars in most respects but less safe in this one. ... You and I would feel safer in a car that met the 301 standard. But the engineer, whose aim is to maximize safety within a series of material constraints, cannot be distracted by how you and I feel."
Space

Holographic Principle Could Apply To Our Universe 73

Posted by Soulskill
from the too-cool-for-the-third-dimension dept.
New submitter citpyrc sends this news from the Vienna University of Technology: The "holographic principle" asserts that a mathematical description of the universe actually requires one fewer dimension than it seems. What we perceive as three dimensional may just be the image of two dimensional processes on a huge cosmic horizon. Up until now, this principle has only been studied in exotic spaces with negative curvature. This is interesting from a theoretical point of view, but such spaces are quite different from the space in our own universe. Results obtained by scientists at Vienna (abstract) now suggest that the holographic principle even holds in a flat spacetime, like ours.
Wikipedia

An Open Ranking of Wikipedia Pages 27

Posted by Soulskill
from the citation-needed dept.
vigna writes: The Laboratory for Web Algorithmics of the Università degli studi di Milano did it again: after creating the first open ranking of the World Wide Web they have put together the first entirely open ranking of Wikipedia, using Wikidata to categorize pages. The ranking is based on classic and easily explainable centrality measures or page views, and it is entirely open — all data (Wikipedia and Wikidata dumps) and all software used is publicly available. Just in case you wonder, the most important food is chocolate, the most important band are the Beatles and the most important idea is atheism.
China

Alibaba Looks To Rural China To Popularize Its Mobile OS 20

Posted by samzenpus
from the taking-it-to-the-country dept.
itwbennett writes: E-commerce giant Alibaba Group hasn't given up on its YunOS mobile operating system, and is taking the software to China's rural markets through a series of low-cost phones, which will be built by lesser-known Chinese brands and will range from 299 yuan ($49) to 699 yuan. Slashdot readers may remember that in 2012, Google claimed it was a variant of its Android OS, sparking a clash that threatened to derail Alibaba's effort to popularize the mobile OS.
The Courts

Texas Admonishes Judge For Posting Facebook Updates About Her Trials 69

Posted by samzenpus
from the was-that-wrong? dept.
An anonymous reader writes: Michelle Slaughter, a Galveston County judge, says she will appeal a public admonition from state officials that criticized her Facebook posts about cases brought before her court. From the article: "The State Commission on Judicial Conduct ordered Michelle Slaughter, a Galveston County judge, to enroll in a four-hour class on the 'proper and ethical use of social media by judges.' The panel concluded that the judge's posts cast 'reasonable doubt' on her impartiality. At the beginning of a high-profile trial last year in which a father was accused of keeping his nine-year-old son in a six-foot by eight-foot wooden box, the judge instructed jurors not to discuss the case against defendant David Wieseckel with anyone. 'Again, this is by any means of communication. So no texting, e-mailing, talking person to person or on the phone or on Facebook. Any of that is absolutely forbidden,' the judge told jurors. But Slaughter didn't take her own advice, leading to her removal from the case and a mistrial. The defendant eventually was acquitted of unlawful-restraint-of-a-child charges."
Education

Imagination To Release Open MIPS Design To Academia 31

Posted by samzenpus
from the some-strings-attached dept.
DeviceGuru writes: Imagination Technologies has developed a Linux-ready academic version of its 32-bit MIPS architecture MicroAptiv processor design, and is giving it away free to universities for use in computer research and education. As the MIPSfpga name suggests, the production-quality RTL (register transfer level) design abstraction is intended to run on industry standard FPGAs. Although MIPSfpga is available as a fully visible RTL design, MIPSfpga is not fully open source, according to the announcement from Robert Owen, Manager of Imagination's University Programme. Academic users can use and modify MIPSfpga as they wish, but cannot build it into silicon. "If you modify it, you must talk to us first if you wish to patent the changes," writes Owen.
The Almighty Buck

Supreme Court To Consider Data Aggregation Suit Against Spokeo 55

Posted by samzenpus
from the getting-the-numbers-right dept.
BUL2294 writes: Consumerist and Associated Press are reporting that the Supreme Court has taken up the case of Spokeo, Inc. v. Robins — a case where Spokeo, as a data aggregator, faces legal liability and Fair Credit Reporting Act violations for providing information on Thomas Robins, an individual who has not suffered "a specific harm" directly attributable to the inaccurate data Spokeo collected on him.

From SCOTUSblog: "Robins, who filed a class-action lawsuit, claimed that Spokeo had provided flawed information about him, including that he had more education than he actually did, that he is married although he remains single, and that he was financially better off than he actually was. He said he was unemployed and looking for work, and contended that the inaccurate information would make it more difficult for him to get a job and to get credit and insurance." So, while not suffering a specific harm, the potential for harm based on inaccurate data exists. Companies such as Facebook and Google are closely watching this case, given the potential of billions of dollars of liability for selling inaccurate information on their customers and other people.
Java

JavaScript Devs: Is It Still Worth Learning jQuery? 144

Posted by samzenpus
from the to-learn-or-not-to-learn dept.
Nerval's Lobster writes: If you're learning JavaScript and Web development, you might be wondering whether to learn jQuery. After nearly a decade of existence, jQuery has grown into a fundamental part of JavaScript coding in Web development. But now we're at a point where many of the missing pieces (and additional features) jQuery filled in are present in browsers. So do you need to learn jQuery anymore? Some developers don't think so. The official jQuery blog, meanwhile, is pushing a separate jQuery version for modern browsers, in an attempt to keep people involved. And there are still a few key reasons to keep learning jQuery: Legacy code. If you're going to go to work at a company that already has JavaScript browser code, there's a strong possibility it has jQuery throughout its code. There's also a matter of preference: People still like jQuery and its elegance, and they're going to continue using it, even though they might not have to.
Transportation

Smart Headlights Adjust To Aid Drivers In Difficult Conditions 96

Posted by samzenpus
from the all-the-better-to-see-you-with dept.
An anonymous reader writes: Researchers at Carnegie Mellon University's Robotics Institute are developing smart headlights that not only trace a car's movement around bends, but are programmable to assist a driver in a wide range of driving conditions. The research team, at the institute's Illumination and Imaging Laboratory, is looking into designing headlights which do not highlight raindrops and snowflakes in bad weather, instead passing light around the individual drops and improving visibility. Its near-future design would also be able to avoid glare even when the high beam is in use, detecting up-coming vehicles and disabling the range of light that is directed at it. They also hope to incorporate GPS data to adjust the direction of the headlights according to the lane that a driver is occupying, illuminating it more brightly compared to surrounding lanes. The technology is supported by a looped system which will constantly read, assess and react to driving conditions. The prototype also features a built-in camera to capture visual data before transferring it to a computer processor installed in the vehicle, where it can be analyzed.
Television

ESPN Sues Verizon To Stop New Sports-Free TV Bundles 286

Posted by samzenpus
from the sports-or-nothing dept.
Mr D from 63 writes: ESPN isn't a fan of Verizon's new way of offering cable channels under its Fios TV service — they're now suing Verizon for it. The lawsuit comes after Verizon unveiled new bundles that allow customers to choose specific packages of channels that can be swapped every 30 days. ESPN claims this offer is not in compliance with their agreements with Verizon. In the U.S., ESPN depends heavily on viewership during the football season, then basketball. "ESPN is at the forefront of embracing innovative ways to deliver high-quality content and value to consumers on multiple platforms, but that must be done in compliance with our agreements," said an ESPN spokeswoman in a statement. "We simply ask that Verizon abide by the terms of our contracts."
Programming

Has the Native Vs. HTML5 Mobile Debate Changed? 142

Posted by samzenpus
from the brand-new-day dept.
itwbennett writes: The tools available to developers who need to build an application once and deploy everywhere have exploded. Frameworks like famo.us, Ionic, PhoneGap, Sencha Touch, Appcelerator, Xamarin, and others are reducing the grunt work and improving the overall quality of web based mobile applications dramatically. The benefits of a build once, deploy everywhere platform are pretty obvious, but are they enough to make up for the hits to user experience?
Privacy

The Sun Newspaper Launches Anonymous Tor-Based WikiLeaks-Style SecureDrop 57

Posted by samzenpus
from the keeping-your-name-out-of-it dept.
Mark Wilson writes: The likes of Julian Assange's WikiLeaks have set the standard for blowing the lid on huge stories based on tips from anonymous sources. Whistle-blowers such as Edward Snowden have brought to public attention stories which would otherwise have been kept hidden from the public, and it has been with the help of newspapers such as the Guardian that this information has been disseminated around the world.

Other newspapers are keen to ride on the coattails of those blazing a trail in the world of investigative journalism, and the latest to join the party is The Sun. Today, Murdoch-owned News Corp's newspaper and website launches SecureDrop — a way for whistle-blowers to anonymously leave tip-offs that can be further investigated.

The cloud service provides a means of getting in touch with journalists at The Sun without giving up anonymity — something which is particularly important when making revelations about companies and governments. The site provides a basic guide to getting started with the SecureDrop service, starting off with pointing would-be users in the direction of the Tor Browser Bundle.