An anonymous reader writes: Shifu is a banking trojan that's currently attacking 14 Japanese banks. Once it has infected a victim's machine, it will install a special module that keeps other banking-related trojans at bay. If this module sees suspicious, malware-looking content (unsigned executables) from unsecure HTTP connections, it tries to stop them. If it fails, it renames them to "infected.exx" and sends them to its C&C server. If the file is designed to autorun, Shifu will spoof an operating system "Out of memory" message.
An anonymous reader writes: Google's autonomous cars have a very good safety record so far — the accidents they've been involved in weren't the software's fault. But that doesn't mean the cars are blending seamlessly into traffic. A NY Times article explains how doing the safest thing sometimes means doing something entirely unexpected to real, human drivers — which itself can lead to dangerous situations. "One Google car, in a test in 2009, couldn't get through a four-way stop because its sensors kept waiting for other (human) drivers to stop completely and let it go. The human drivers kept inching forward, looking for the advantage — paralyzing Google's robot." There are also situations in which the software's behavior may be so incomprehensible to human passengers that they end up turning it off. "In one maneuver, it swerved sharply in a residential neighborhood to avoid a car that was poorly parked, so much so that the Google sensors couldn't tell if it might pull into traffic."
msm1267 writes: Google, Microsoft and Mozilla today announced they've settled on an early 2016 timeframe to permanently deprecate the shaky RC4 encryption algorithm in their respective browsers. Mozilla said Firefox's shut-off date will coincide with the release of Firefox 44 on Jan. 26. Google and Microsoft said that Chrome and Internet Explorer 11 (and Microsoft Edge) respectively will also do so in the January-February timeframe. Attacks against RC4 are growing increasingly practical, rendering the algorithm more untrustworthy by the day.
An anonymous reader writes: Gizmodo's Annalee Newitz looked through the source code contained in the recent Ashley Madison data dump and found evidence that the company created tens of thousands of bot accounts designed to spur their male users into action by sending them messages. "The code tells the story of a company trying to weave the illusion that women on the site were plentiful and eager." The evidence suggests bots sent over 20 million messages on the website, and chatted with people over 11 million times. The vast majority of fake accounts — 70,529 to 43 — pretended to be female, and the users targeted were almost entirely men. Comments left in the code indicate some of the issues Ashley Madison's engineers had to solve: "randomizing start time so engagers don't all pop up at the same time" and "for every single state that has guest males, we want to have a chat engager." The AI was unsophisticated, though one type of bot would try to convince men to pay and then pass them to a real person.
MojoKid writes: Intel is following up on its Skylake launch bonanza by opening the floodgates on at least two dozen SKUs mostly covering the mobile sector. The company is divvying up the range into four distinct series. There's the Y-Series, which is dedicated to 2-in-1 convertibles, tablets, and Intel's new Compute Stick venture. Then there's the U-Series, which is aimed at thin and light notebooks and "portable" all-in-one machines. The H-Series is built for gaming notebooks and mobile workstations, while the S-Series is designated for desktops, all-in-one machines, and mini PCs. Also, the Y-Series that was previously known as simply the Core M, (the chip found in products like the 12-inch Apple MacBook and Asus Transformer Book Chi T300) is now expanding into a whole family of processors. There will be Core m3, Core m5, and Core m7 processors, similar to Intel's Core i3, Core i5, and Core i7 CPU models in other desktop and notebook chips.
An anonymous reader sends news that three employees of Vice News were arrested in Turkey because one of them used an encryption system on his personal computer. That particular type of encryption has been used by the terrorist organization known as the Islamic State, so the men were charged with "engaging in terrorist activity." The head of a local lawyers association said, "I find it ridiculous that they were taken into custody. I don't believe there is any accuracy to what they are charged for. To me, it seems like an attempt by the government to get international journalists away from the area of conflict." The Turkish government denied these claims: "This is an unpleasant incident, but the judiciary is moving forward with the investigation independently and, contrary to claims, the government has no role in the proceedings."
An anonymous reader writes: The torrent-based video streaming software Popcorn Time has been in the news lately as multiple entities have initiated legal action over its use. Now, 16 Oregon-based Comcast subscribers have been targeted for their torrenting of the movie Survivor. The attorney who filed the lawsuit (PDF) says his client, Survivor Productions Inc., doesn't plan to seek any more than the minimum $750 fine, and that their goal is to "deter infringement." The lawsuit against these Popcorn Time users was accompanied by 12 other lawsuits targeting individuals who acquired copies of the movie using more typical torrenting practices.
An anonymous reader writes: LLVM 3.7 was released today as the newest six-month update. LLVM 3.7 has OpenMP 3.1 support via Clang, a new On-Request Compilation JIT API, the Berkeley Packet Filter back-end was added, the AMDGPU back-end now supports OpenGL 4.1 when paired with Mesa 11.0, and many other functional changes. Early benchmarks against GCC show its performance quite competitive with GCC5, even superior in some workloads, and should be more competitive in scientific applications with there now being OpenMP support.
An anonymous reader writes: Google today launched Chrome 45 for Windows, Mac, Linux, and Android with some expected changes and new developer tools. First and foremost, Chrome now automatically pauses less important Flash content (rolling out gradually, so be patient). This has been a longtime coming from both Google and Adobe, with the goal to make Flash content more power-efficient in Chrome: In March, a setting was introduced to play less Flash content on the page, but it wasn't turned on by default, and in June, the option was enabled in the browser's beta channel. Now it's being turned on for everyone.
For some time, Comcast has been testing 300 GB monthly data caps in certain markets. An anonymous reader notes a policy change unveiled today that gives customers in those markets the ability to switch back to unlimited data for $30 extra. Previously (and currently, for customers who don't pay the extra $30), Comcast would charge $10 per 50GB above the cap. "Comcast's intent on this front has been clear for some time. Comcast lobbyist and VP David Cohen last year strongly suggested that usage caps would be arriving for all Comcast customers sooner or later. The idea of charging users a premium to avoid arbitrary usage restrictions has been a pipe dream of incumbent ISP executives for a decade." The new policy goes into effect on October 1.
Yes, it's 3-D, and works with the Firefox browser. But that's not all. The MozVR virtual reality system is not just for Firefox, and it can incorporate infrared and other sensors to give a more complete picture than can be derived from visible light alone. In theory, the user's (client) computer needs no special hardware beyond a decent GPU and an Oculus Rift headset. Everything else lives on a server.
Is this the future of consumer displays? Even if not, the development is fun to watch, which you can start doing at mozvr.com -- and if you're serious about learning about this project you may want to read our interview transcript in addition to watching the video, because the transcript contains additional information.
WheezyJoe writes: ghacks and Ars Technica are providing more detail about Windows 10's telemetry and "privacy invasion" features being backported to Windows 7 and 8. The articles list and explain some of the involved updates by number (e.g., KB3068708, KB3022345, KB3075249, and KB3080149). The Ars article says the Windows firewall can block the traffic just fine, and the service sending the telemetry can be disabled. "Additionally, most or all of the traffic appears to be contingent on participating in the CEIP in the first place. If the CEIP is disabled, it appears that little or no traffic gets sent. This may not always have been the case, however; the notes that accompany the 3080149 update say that the amount of network activity when not part of CEIP has been reduced." The ghacks article explains other ways block the unwanted traffic and uninstall the updates.
sciencehabit writes: Moms and sleep researchers alike have stressed the importance of solid shuteye for years, especially when it comes to fighting off the common cold. Their stance is a sensible one—skimping on sleep weakens the body's natural defense system, leaving it more vulnerable to viruses. But the connection relied largely on self-reported, subjective surveys—until now (abtract). For the first time, a team of scientists reports that they have locked down the link experimentally, showing that sleep-deprived individuals are more than four times more likely to catch a cold than those who are well-rested.
BrianFagioli tips news that Mozilla, Microsoft, Google, Cisco, Intel, Amazon, and Netflix are teaming up to create the Alliance for Open Media, "an open-source project that will develop next-generation media formats, codecs and technologies in the public interest." Several of these companies have been working on this problem alone: Mozilla started Daala, Google has VP9 and VP10, and Cisco just recently announced Thor. Amazon and Netflix, of course, are major suppliers of online video streaming, so they have a vested interested in royalty-free codecs. They're inviting others to join them — the more technology and patents they get on their side, the less likely they'll run into the issues that Microsoft's VC-1 and Google's VP8 struggled with. "The Alliance will operate under W3C patent rules and release code under an Apache 2.0 license. This means all Alliance participants are waiving royalties both for the codec implementation and for any patents on the codec itself."
Trailrunner7 writes: The CERT/CC is warning users that some Belkin home routers contain a number of vulnerabilities that could allow an attacker to spoof DNS responses, intercept credentials sent in cleartext, access the web management interface, and take other actions on vulnerable routers. The vulnerabilities affect the Belkin N600 DB Wireless Dual Band N+ router, model F9K1102 v2 with firmware version 2.10.17, and potentially earlier versions of the firmware, as well. The vulnerabilities have not been patched by Belkin, the advisory from the CERT/CC says there aren't any practical workarounds for them. "DNS queries originating from the Belkin N600, such as those to resolve the names of firmware update and NTP servers, use predictable TXIDs that start at 0x0002 and increase incrementally. An attacker with the ability to spoof DNS responses can cause the router to contact incorrect or malicious hosts under the attacker's control," the advisory says.
한국LUG 사이트는 1024 x 768 해상도(운영자 노트북:14")에 최적화 되어 있습니다. : LINUX FANSITE
WWW.LUG.OR.KR Server is made by CentOS Linux, P4 1.8G, Memory 512MB, Main HDD 160GB, Backup HDD 40GB and LAMP, qmail MTA.
CentOS Linux & Mozilla Firefox UTF-8 Base Created.
1998-2015 www.lug.or.kr Directed By Great Dragon, Kim.
LUG 포인트 정책 : [회원가입 : +100점] [로그인(하루한번) : +100점] [글쓰기 : +20점] [코멘트 : +10점] [다운로드 : -200점] [질문 포인트 : 최소 200점]
데스크탑 프로그래밍(gcc, g++, wxGTK[wxWidgets] 등)은 "Fedora"를 사용하고, 서버 운영(WEB, FTP 등)은 "CentOS"를 사용하시길 권장합니다.
도전하는자, 자신을 투자하는자만이 뜻하는바를 이룰 수 있다.
Information should be Exchanged with Interactive, not One Way Direction.
관리자 Be Maker!
인생에서, 100% 순이익을 보장하는건 없다. 1%의 지식을 나눔으로써, 가끔씩 손해볼 필요도 있다.
그대가 가진 1%의 지식만이라도 공공을 위해 포스팅하라. 손해본다는 생각이 앞선다면 그대의 인생은 힘들어질것이다.
자신이 가진 지식의 1%도 투자하지 않고, 오로지 자신의 이익만 탐하는자와는 동지가 되지마라.
만나서 대화하면 모두 좋은 사람들이지만, 유독 인터넷에서만 자신을 밝히지 않고, 좀비로 서식하는 사람들이 많다.
부지불식간[不知不識間], 좀비(하류) 인생이 될지도 모르니, 항상 자신을 경계하도록 하라.
1. CentOS Linux
2. gcc로 공부하는 C++