Wordpress Brute Force Attacks Using Multiple Passwords Per Login Via XML-RPC ( 77

An anonymous reader writes: Online security firm Sicuri note a vertical rise in brute force attacks against WordPress websites using Brute Force Amplification, where a thousand passwords can be submitted within the scope of a single login attempt. The company notes that disabling the protocol is likely to interfere with the functionality of many plugins which rely on it. The Stack reports: "Sicuri note that most of the BFA calls are targeting the WordPress category enumerating hook wp.getCategories, and are targeting the ‘admin’ username, along with predictable default usernames. Sicuri recommend blocking system.multicall requests via a Web Access Firewall if available, but note that so many WordPress plugins depend on the point of vulnerability xmlrpc.php that blocking access to that functionality may interfere with normal operation of the site. The iThemes security system offers functionality to specifically disable XML-RPC as well, but this also requires a check against normal functioning of the site."

Cyberattacks: Do Motives and Attribution Matter? 44

An anonymous reader writes: Whenever people think of APTs and targeted attacks, they ask: who did it? What did they want? While those questions may well be of some interest, a potentially more useful question to ask is: what information about the attacker can help organizations protect themselves better? Let's look at things from the perspective of a network administrator trying to defend an organization. If someone wants to determine who was behind an attack, maybe the first thing they'll do is use IP address locations to try and determine the location of an attacker. However, say an attack was traced to a web server in Korea. What's not to say that whoever was responsible for the attack also compromised that server? What makes you think that site's owner will cooperate with your investigation?
First Person Shooters (Games)

Open-Source Doom 3 Advances With EAX Audio, 64-bit ARM/x86 Support ( 36

An anonymous reader writes: Dhewm3, one of the leading implementations of the Doom 3 engine built off the open-source id Tech 4 engine, has released a new version of the GPL-licensed engine that takes Doom 3 far beyond where it was left off by id Software. The newest code has full SDL support, OpenAL + OpenAL EFX for audio, 64-bit x86/ARM support, better support for widescreen resolutions, and CMake build system support on Linux/Windows/OSX/FreeBSD. This new open-source code can be downloaded from Dhewm3 on GitHub but continues to depend upon the retail Doom 3 game assets.

LogMeIn To Acquire LastPass For $125 Million ( 100

An anonymous reader writes: LogMeIn has agreed to acquire LastPass, the popular single-sign-on (SSO) and password management service. Under the terms of the transaction, LogMeIn will pay $110 million in cash upon close for all outstanding equity interests in LastPass, with up to an additional $15 million in cash payable in contingent payments which are expected to be paid to equity holders and key employees of LastPass upon the achievement of certain milestone and retention targets over the two-year period following the closing of the transaction.

World's First 5G Field Trial Delivers Speeds of 3.6Gbps Using Sub-6GHz 55

Mark.JUK writes: Global Chinese ICT firm Huawei and Japanese mobile giant NTT DOCOMO today claim to have conducted the world's first large-scale field trial of future 5th generation (5G) mobile broadband technology, which was able to deliver a peak speed of 3.6Gbps (Gigabits per second). Previous trials have used significantly higher frequency bands (e.g. 20-80GHz), which struggle with coverage and penetration through physical objects. By comparison Huawei's network operates in the sub-6GHz frequency band and made use of several new technologies, such as Multi-User MIMO (concurrent connectivity of 24 user devices in the macro-cell environment), Sparse Code Multiple Access (SCMA) and Filtered OFDM (F-OFDM). Assuming all goes well then Huawei hopes to begin a proper pilot in 2018, with interoperability testing being completed during 2019 and then a commercial launch to follow in 2020. But of course they're not the only team trying to develop a 5G solution.

University of Cape Town Team Breaks World Water Rocketry Record ( 35

New submitter Cycliclogic writes: A team of engineers based at the University of Cape Town recently had their record breaking flights of their water powered rocket Ascension III ratified by the Water Rocket Achievement World Record Association. This record is for a single stage rocket power purely on pressurized water. Two launches must be completed within two hours, the record being set at the mean above-ground altitude of the two flights. The record now stands at a whopping 2723 Feet (830m). You can watch videos of the launches here. (Warning: they're loud.)

Rookie Dongle Warns Parents When Their Kids Are Driving Too Fast ( 153

An anonymous reader writes: Dongle Apps, a Belgian tech company, has introduced a new system which alerts a car owner if the vehicle's driver is breaking the speed limit. Initially designed for parents and guardians to keep an eye on their young ones behind the wheel, the 'Rookie Dongle', connects to the vehicle's on-board diagnostics (OBD II) port, internal GPS and mobile technologies to push real-time data to the cloud and send notifications to car owners via email or text when the driver is speeding, suddenly accelerates, brakes hard or has high RPM levels.

Wealth of Personal Data Found On Used Electronics Purchased Online 70

An anonymous reader writes: After examining 122 used mobile devices, hard disk drives and solid state drives purchased online, Blancco Technology Group and Kroll Ontrack found 48% contained residual data. In addition, 35% of mobile devices contained emails, texts/SMS/IMs, and videos. From the article: "Upon closer examination, Blancco Technology Group and Kroll Ontrack discovered that a deletion attempt had been made on 57 percent of the mobile devices and 75 percent of the drives that contained residual data. Even more compelling was the discovery that those deletion attempts had been unsuccessful due to common, but unreliable methods used, leaving sensitive information exposed and potentially accessible to cyber criminals. The residual data left on two of the second-hand mobile devices were significant enough to discern the original users' identities. Whether it's a person's emails containing their contact information or media files involving a company's intellectual property, lingering data can have serious consequences."
The Internet

Yale Makes Available Online 170,000 Photographs From WWII Period 49

schwit1 writes: Yale University had posted online 170,000 Library of Congress photographs taken in the United States from 1935 to 1945. The photos come from all over the U.S., and can be accessed with this easy-to-use interactive map. They also used the original captions allowing the viewer to get an honest feel for the time period.

Ubuntu Plans To Make ZFS File-System Support Standard On Linux 274

An anonymous reader writes: Canonical's Mark Shuttleworth revealed today that they're planning to make ZFS standard on Ubuntu. They are planning to include ZFS file-system as "standard in due course," but no details were revealed beyond that. However, ZFS On Linux contributor Richard Yao has said they do plan on including it in their kernel for 16.04 LTS and the GPL vs. CDDL license worries aren't actually a problem. Many Linux users have been wanting ZFS on Linux, but aside from the out of tree module there hasn't been any luck in including it in the mainline kernel or with tier-one Linux distributions due to license differences.

CodeWeavers To Release CrossOver For Android To Run Windows Programs 66

An anonymous reader writes: For the better part of three years there has been talk about running Wine on Android to bring Windows x86 programs to Android phones/tablets, and it's going to become a reality. CodeWeavers is planning to release CrossOver For Android before the end of the year. This will allow native Windows binaries to run on Android, but will be limited to Android-x86 due to struggles in emulating x86 Windows code on ARM. The tech preview will be free and once published the open-source patches will be published for Wine.

On-Chip Liquid Cooling Permits Smaller Devices With No Heatsinks Or Fans 45

An anonymous reader writes: DARPA-funded research into on-chip liquid cooling has resulted in a field-programmable gate array (FPGA) liquid-cooled device that can operate at 24 degrees Celsius, versus 60 degrees Celsius for an equivalent air-cooled device. The cooling fluid resides only nanometers from the heat it must address, and operates so efficiently as to offer potential to stack CPUs and GPUs using copper columns, as well as dispensing with heat-sinks and fan systems. With those components removed, the system can facilitate far more compact designs than are currently feasible.

Advertising Malware Affects Non-Jailbroken iOS Devices 69

An anonymous reader writes: Malware called YiSpecter is infecting iOS devices belonging to Chinese and Taiwanese users, and is the first piece of malware that successfully targets both jailbroken and non-jailbroken devices, Palo Alto Networks researchers warn. What's more, the techniques it uses for hiding are making it difficult to squash the infection. YiSpecter's malicious apps were signed with three iOS enterprise certificates issued by Apple so that they can be installed as enterprise apps on non-jailbroken iOS devices via in-house distribution. Through this kind of distribution, an iOS app can bypass Apple's strict code review procedures and can invoke iOS private APIs to perform sensitive operations.

TiVo's Latest Offering Detects and Skips Ads, Adds 4K Capability 85

As described by The Verge, the newest generation of TiVo is in some ways a step backward: it comes with fewer tuners than some earlier models, and less storage as well. However, two big features that distinguish the company's new Bolt DVR may entice users anyhow: it adds 4K recording, and (probably of use to more people, given the scarcity of 4K content, not to mention its file size) also can recognize and skip commercials, a feature that users have sorely missed as a mainstream feature in standalone DVRs for quite a while. (And it's possible that broadcasters will come up with a way to kill the commercial-skip function as they did with Dish's AutoHop.)

OpenIndiana Hipster 2015.10: Keeping an Open-Source Solaris Going 149

An anonymous reader writes: It's been five years since Oracle killed off OpenSolaris while the community of developers are letting it live on with the new OpenIndiana "Hipster" 15.10 release. OpenIndiana 15.10 improves its Python-based text installer as it looks to drop its GUI installer, switches out the Oracle JDK/JRE for OpenJDK, and updates its vast package set. However, there are still a number of outdated packages on the system like Firefox 24 and X.Org Server 1.14 while the default office suite is a broken OpenOffice build, due to various obstacles in maintaining open-source software support for Solaris while being challenged by limited contributors. Download links are available via the release notes. There's also a page for getting involved if wishing to improve the state of open-source Solaris.

DHS Detains Mayor of Stockton, CA, Forces Him To Hand Over His Passwords 399

schwit1 writes: Anthony Silva, the mayor of Stockton, California, recently went to China for a mayor's conference. On his return to San Francisco airport he was detained by Homeland Security, and then had his two laptops and his mobile phone confiscated. They refused to show him any sort of warrant (of course) and then refused to let him leave until he agreed to hand over his password.
GNU is Not Unix

FLIF: Free Lossless Image Format 310

nickweller sends a link to an informational post about FLIF, the Free, Lossless Image Format. It claims to outperform PNG, lossless WebP, and other popular formats on any kind of image. "On photographs, PNG performs poorly while WebP, BPG and JPEG 2000 compress well (see plot on the left). On medical images, PNG and WebP perform relatively poorly while BPG and JPEG 2000 work well (see middle plot). On geographical maps, BPG and JPEG 2000 perform (extremely) poorly while while PNG and WebP work well (see plot on the right). In each of these three examples, FLIF performs well — even better than any of the others." FLIF uses progressive decoding to provide fully-formed lossy images from partial downloads in bandwidth-constrained situations. Best of all, FLIF is free software, released under the GNU GPLv3.

NASA Targets Venus, Asteroids With Potential Missions 47

coondoggie writes: NASA this week picked five possible contenders for a relatively low-cost robotic mission to space. The five candidates from a batch of 27 –include Venus, near-Earth object and asteroid operations – will ultimately be whittled down to one or two that will cost approximately $500 million, not including launch vehicle or post-launch operations, NASA stated. The DAVINCI probe would "study the chemical composition of Venus' atmosphere during a 63-minute descent. It would answer scientific questions that have been considered high priorities for many years, such as whether there are volcanoes active today on the surface of Venus and how the surface interacts with the atmosphere of the planet." A longer-range spacecraft called Lucy would "perform the first reconnaissance of the Jupiter Trojan asteroids, objects thought to hold vital clues to deciphering the history of the solar system."

500 Million Users At Risk of Compromise Via Unpatched WinRAR Bug 129

An anonymous reader writes: A critical vulnerability has been found in the latest version of WinRAR, the popular file archiver and compressor utility for Windows, and can be exploited by remote attackers to compromise a machine on which the software is installed. "The issue is located in the 'Text and Icon' function of the 'Text to display in SFX window' module," Vulnerability Lab explained in a post on on the Full Disclosure mailing list. "Remote attackers are able to generate own compressed archives with malicious payloads to execute system specific codes for compromise."

(Over-)Measuring the Working Man 165 writes: Tyler Cowen writes in MIT Technology Review that the improved measurement of worker performance through information technology is beginning to allow employers to measure value fairly precisely and as we get better at measuring who produces what, the pay gap between those who make more and those who make less grows. Insofar as workers type at a computer, everything they do is logged, recorded, and measured. Surveillance of workers continues to increase, and statistical analysis of large data sets makes it increasingly easy to evaluate individual productivity, even if the employer has a fairly noisy data set about what is going on in the workplace. Consider journalism. In the "good old days," no one knew how many people were reading an article, or an individual columnist. Today a digital media company knows exactly how many people are reading which articles for how long, and also whether they click through to other links. The result is that many journalists turn out to be not so valuable at all. Their wages fall or they lose their jobs, while the superstar journalists attract more Web traffic and become their own global brands.

According to Cowen, the upside is that measuring value tends to boost productivity, as has been the case since the very beginning of management science. We're simply able to do it much better now, and so employers can assign the most productive workers to the most suitable tasks. The downsides are several. Individuals don't in fact enjoy being evaluated all the time, especially when the results are not always stellar: for most people, one piece of negative feedback outweighs five pieces of positive feedback.