Story 2014-05-16

myGov Site Exposed Australians' Private Information

Anonymous Coward
in security on (#3M0)
story imageThe Australian Department of Human Services has been blasted over its "appalling response" to a security researcher's report which found it has been exposing millions of Australians' personal information by leaving serious security flaws unchecked in a critical government website that is a portal to several government services and which may soon be required to be used by Australians for interacting with government services online.
The vulnerabilities were found in the myGov website, which stores the private records of Australians, including their doctor visits, prescription drugs, childcare and welfare payments. The Tax Office is expected to make the site mandatory for electronic tax returns this year.

What Is Your Offsite Storage Solution?

in ask on (#3KZ)
We're talking data here, not your funky old couch and cassette collection. Steven J. Vaughan-Nichols is reviewing six solutions for stuffing all your data in the cloud [1]. He reviews Amazon CloudDrive, Box, Dropbox, GoogleDrive, OneDrive, and SpiderOak. He then concludes, lamely , "I can't tell you what the perfect cloud storage is because there's no such thing. It all depends on your needs."

OK, so the article was clickbait, and I'll stick with my current back-up solution: burning lots of DVDs, labelling, and then mailing them offsite in case my house burns down. I'm guessing the Pipedot community can do better: what offsite services do you use and recommend? Any providers you'd avoid? What's the best option for a small business hoping to maintain access to docs from different locations and systems? What's the best option for a homebody nerd making sure his carefully curated collection of .. um .. downloaded images stays backed up in case of catastrophic hardware failures at home?

[1]Footnote: Interesting article, but also a test of whether you have successfully installed this browser plug-in .

Self-Lensing Binary Star System: Eclipse Actually Brightens the Light

in space on (#3KY)
Not every eclipse consists of one celestial object blocking the light of another. There's an interesting article over at Scientific American about a recently discovered phenomenon where a smaller-but-dense star passes in front of its binary partner, and its stronger gravity actually creates a lens that bends gravity and makes the light of the "behind" star brighter, rather than occulting it. We live in an amazing universe, and we barely understand any of it. Like other eclipses, better not look at this one with the naked eye or you will probably melt your brain.

Sick of Hearing about the Cloud? Here's a Browser Plug-in for You

in code on (#3KX)
story imageCloud, cloud, cloud, cloud, cloud. Tired of hearing it? I am. Especially if you know something about server technologies, it's not hard to recognize the cloud is only marginally better than other server technologies, but is being marketed to death by breathless corporate drones who see it as an opportunity to sell, sell, sell.

If that's your case, then you need this browser plug-in, cloud-to-butt . Written by somebody who's sicker of it than you are, it replaces all occurrences of "the cloud" on a webpage with "my butt." Check out the screenshots for some hilarious examples.

This has been a Pipedot Public Service Announcement [PPSA].

[Ed. Note: plugin is available for Chrome, Firefox, Safari and Opera, so you can be sure your butt's covered]

NSA 'Upgrade Point' Implants Backdoors on Hardware

in security on (#3KW)
story imageHere's how the NSA is doing its part to sink the American tech sector by ensuring no one ever buys American products anymore. Ars Technica reports the NSA is intercepting hardware and implanting its backdoors ("beacons") before they are rerouted back to the original destination – the customer. This quote is taken from Glenn Greenwald's No Place to Hide book detailing his investigations and Snowden's allegations. The statement was made by an NSA rep:
Here’s how it works: shipments of computer network devices (servers, routers, etc,) being delivered to our targets throughout the world are intercepted. Next, they are redirected to a secret location where Tailored Access Operations/Access Operations (AO-S326) employees, with the support of the Remote Operations Center (S321), enable the installation of beacon implants directly into our targets’ electronic devices. These devices are then re-packaged and placed back into transit to the original destination. All of this happens with the support of Intelligence Community partners and the technical wizards in TAO.
Already, most of the world has decided that storing data on American servers or using American service providers is a risk. Thanks, NSA, for making sure no one buys American hardware either.

European Court Backs Your Right to Disappear Online

in legal on (#3KV)
story imageGood news for European Internet users: Europe's highest court stunned the U.S. tech industry Tuesday by recognizing an expansive right to privacy that allows citizens to demand that Google delete links to embarrassing personal information - even if it's true.

It's going to change not only the legal climate on the 'Net but the economics, too, as cumbersome and expensive processes will be necessarily implemented in order to comply. Per the article:
The ruling has potentially wide-ranging consequences for an industry that reaps billions of dollars in profit by collecting, sorting and redistributing data touching on the lives of people worldwide. That includes more than 500 million people in the European Union who now could unleash a flood of deletion requests that Google would have little choice but to fulfill, no matter how cumbersome.
As for you people who have never used the Internet (can you hear me?), no worries - you are safe.

Patch out for Dangerous Linux Kernel Vulnerability

in linux on (#3KT)
story imageGet ready to start your updating tool: a serious vulnerability in the Linux kernel has just been identified. Threatpost describes it:
The bug appears to be a memory corruption vulnerability that could be exploited to execute code. The National Vulnerability Database describes it as follows: “The n_tty_write function in drivers/tty/n_tty.c in the Linux kernel through 3.14.3 does not properly manage tty driver access in the “LECHO & !OPOST” case, which allows local users to cause a denial of service (memory corruption and system crash) or gain privileges by triggering a race condition involving read and write operations with long strings.”
Happily, this being Linux, the vulnerability has been fixed. No word if Android and other projects that use the Linux kernel are also affected. To be safe, stay in your basement with the lights out and your modem/router and all phones turned off, unplugged, and buried in a pot of marmalade.

Nanotechnology in Your Sunscreen!

in science on (#3KS)
story imageHere's one place you didn't expect to find application of nanotechnology: your sunscreen. And here's one place you might have been surprised to find leading the race for scientific innovation in this sector: Mexico. Maybe it's because they've got a lot of sun. From the article:
A high-tech dispersion physicochemical process was designed, which will ensure that the nanoparticles remain stable in the formulation of the final product. The advantage in the cosmetic formula is that using titanium dioxide nanoparticles increases the photo protective efficacy, since it has been demonstrated that the lower the particle size the better the protective UV efficiency. In addition to the cosmetic industry, the company seeks to implement the nanoparticles on other products, such as waterproofing paints, coatings and plastics, because it improves resistance to environmental exposure.
The cosmetics industry – and sunscreen is a part of it – is one of the most competitive sectors in the market, and the race to identify new products and processes is a high-intensity one. Bonus: innovative sunscreen will lead to some sexy new advertisements, unlike nanotech laboratory gloves.

Dice Holdings Trading down on Disappointing Earnings

in internet on (#3KR)
Dice Holdings, the company that now owns Slashdot and runs specialty job boards, seems to have hit a rough patch. An article from earlier this month reports Dice Holdings is trading down by 4.1% due to disappointing earnings. Yahoo's stock charts don't make it look like the situation is too bad, but look to Dice's CEO for guidance and you'll be surprised. Turns out Scott Melland is feeling bearish and recently sold over $500,000 in Dice stock. Here is the transcript of the earnings call, in which they unleash the bad news about Dice earnings.

Personally, I recommend they plaster Slashdot with more obnoxious banner ads .