USA Software Created at 2016-09-26 06:00

USA Software Created at 2016-09-26 06:00

Announcement USA software 18 articles, created at 2016-09-26 06:00 1 Node.js v7 Beta Brings Canary in a Gold Mine The Node.js Foundation have released the v7 beta for Node.js. Its release coincides w ith v6 becoming the foundation's second LTS release, w here its life w ill continue under Active LTS and Maintenance until April 2019. 2016-09-25 22:00 3KB www.infoq.com 2 Researcher Raises Privacy Concerns Regarding W3C Proximity Sensor API W3C recently released the first draft of the Proximity Sensor API based on the Generic Sensor API specification. Researcher and W3C Invited Expert Lukasz Olejnik has raised privacy a few concerns regarding the W3C Proximity Sensor API, specifically that it could be used for user fingerprinting. 2016-09-25 21:25 3KB feedproxy.google.com 3 Apple done nothing wrong Having read the European Commission’s original ruling, some prior rulings, the Treasury's w hite paper about the European Commission’s actions and a lot of.. 2016-09-25 21:00 5KB feedproxy.google.com 4 Swiss Vote to Give Their Government More Spying Powers Sw iss approve new surveillance law w ith 66.5% majority 2016-09-25 20:30 2KB news.softpedia.com 5 Parsix GNU/Linux 8.10 "Erik" Gets the Latest Debian Security Fixes, Update Now Parsix GNU/Linux 8.5 "Atticus" also received new updates 2016-09-25 20:20 2KB news.softpedia.com 6 Food delivery startup Deliveroo expands with Business tier for corporate accounts Fresh from raising $275 million this August at around a $1 billion valuation, Deliveroo is now taking the next step in its bid to corner the market in Europe.. 2016-09-25 19:51 5KB feedproxy.google.com 7 Australia must take cyber security opportunity Australia may never be able to create an IT industry like that in the US, but it can lead in cyber security 2016-09-25 19:05 2KB www.computerweekly.com 8 LXQt 0.11.0 Desktop Environment Arrives After Almost One Year of Development Brings many updated components and technologies 2016-09-25 18:40 2KB news.softpedia.com 9 Krebs Back Online After Getting Help from Google's Project Shield Apparently Google's Project Shield is not just a PR stunt 2016-09-25 18:30 2KB news.softpedia.com 10 Blue Bottle Coffee is raising another big round of funding The coffee w ars of San Francisco are back on! We're now hearing from sources that Blue Bottle is raising a big round of financing a little more than a year.. 2016-09-25 18:24 4KB feedproxy.google.com 11 Super Mario Clone SuperTux 0.5.0 Is Out with In-Game Level Editor, Improvements The Forest Island and Antarctica levels w ere updated 2016-09-25 18:10 2KB news.softpedia.com 12 wattOS 10 Microwatt Edition Comes with Less of Everything, Based on Ubuntu 16.04 It lets users create their ow n personal w attOS system 2016-09-25 17:40 2KB news.softpedia.com 13 Can’t wear Snap sunglasses at night Unless you plan on bumping into stuff, don't expect to record after-dark concerts and parties on your Snap Inc Spectacles. The company formerly know n as.. 2016-09-25 17:33 2KB feedproxy.google.com 14 Over 850,000 Devices Affected by Unpatched Cisco Zero-Day Lots of critical equipment vulnerable to BENINGCERTAIN 0-day 2016-09-25 17:30 2KB news.softpedia.com 15 Linux Kernel 4.7.5 Released with Numerous ARM and Networking Improvements All users of the Linux 4.7 kernel series must upgrade 2016-09-25 17:25 2KB news.softpedia.com 16 Two in Five Sysadmins (Are Crazy) Store Admin Passwords in Word Files Some system administrators just need to get fired 2016-09-25 17:25 2KB news.softpedia.com 17 Antivirus Live CD 20.0-0.99.2 Uses ClamAV 0.99.2 to Protect Your PC from Viruses It is based on the 4MLinux 20.0 operating system 2016-09-25 17:10 2KB linux.softpedia.com 18 How to pull workers back from the brink of burnout Work/life balance in startup culture is total BS. And you are probably part of the problem. Until you say “enough” -- and fight back, stand up and resist.. 2016-09-25 17:00 6KB feedproxy.google.com Articles USA software 18 articles, created at 2016-09-26 06:00 1 /18 Node.js v7 Beta Brings Canary in a Gold Mine The Node.js Foundation have released the v7 beta for Node.js. Its release coincides with v6 becoming the foundation's second LTS release, where its life will continue under Active LTS and Maintenance until April 2019. Rod Vagg, chairperson for the Node.js Technical Steering Committee, told InfoQ: The key focus for v7 is to make sure modules in the ecosystem are keeping up with Node Core. The Node.js Core Technical Steering Committee has identified 68 of the most dependent Node.js modules in the ecosystem, and is using a technology called Canary in the Gold Mine (citgm) to ensure that when updates happen with Node.js versioning, modules won't break. Citgm is a smoke testing utility that automates running unit tests of various various modules in the node.js ecosystem. It has been incredibly successful, finding all sorts of regressions across the ecosystem and in Node core itself. Vagg describes modules as being "essential" to the Node.js ecosystem, and attributes it to the pace of technology in recent years, with the Node.js ecosystem being the largest and among the fastest growing, with more than 320,000 npm modules. Among the notable changes to Node.js v6.6 are a commit to re-add crypto.timingSafeEqual , as well as making the "max event listeners" memory leak warning more accessible and unhandled rejections now emitting a process warning after the first tick. Announcing security updates for all of its active release lines, the foundation reported a list of vulnerabilities affecting Node.js. Among these are CVE-2016-2183: SWEET32 Mitigation. " SWEET32 is a new attack on older block cipher algorithms that use a block size of 64 bits," Vagg said. "OpenSSL has moved DES-based ciphers from the HIGH to MEDIUM group. As Node.js includes HIGH , but not MEDIUM , in its default suite, affected ciphers are no longer included unless the default suite is not used. " This vulernability, while not considered critical, all versions of Node.js are affected. Also affecting all versions of Node.js is CVE-2016-6304: OCSP Status Request extension unbounded memory growth , considered to be a flaw of high severity. The vulnerability allows a malicious client to exhaust a server's memory, resulting in a DoS by sending very large OCSP Status Request extensions in a single session. Node.js servers using TLS are vulnerable. Node.js v5 reached the end of its natural life after two months in Maintenance mode in June 2016. V6 will become the second LTS release for Node.js in October, with the release of V7. 2016-09-25 22:00 James Chesters www.infoq.com 2 /18 Researcher Raises Privacy Concerns Regarding W3C Proximity Sensor API In June of this year, W3C released the first draft of the Proximity Sensor API based on the Generic Sensor API specification. The W3C Generic Sensor API specification aims to define a framework for exposing sensor data and promote consistency across sensor APIs. The Proximity Sensor API specification has been updated so that it extends the Generic Sensor API providing data about the proximity level and defining a sensor interface for detecting nearby objects and reporting their distance (proximity to the device) in centimeters. Lukasz Olejnik, a security and privacy consultant, researcher, and W3C Invited Expert, recently published a blog post raising privacy concerns regarding the updated draft of the W3C Proximity Sensor API, the draft based on the Generic Sensor API. Olejnik suggests that it is possible for a malicious attacker to use the W3C Proximity Sensor API to obtain behavioral information about individual users which can then be used for user fingerprinting. He makes several recommendations in regards to the issue of fingerprinting e.g. the device should be able to alert users in the event proximity sensor data is accessed by a website and that proximity sensors should be subject to user permissions. About a month ago the W3C released an updated working draft of the Generic Sensor API that includes security and privacy considerations such as user fingerprinting. The draft says that when sensors are used together along with other functionality, privacy risks can arise such as "correlation of data and user identification through fingerprinting. " The draft also mentions the need for developers to enable user permissions when it comes to sensors: "User agents should consider providing the user an indication of when the sensor is used and allowing the user to disable it. " There is also an interesting paper on the Cornell University Library arXiv site titled "Stealing PINs via Mobile Sensors: Actual Risk versus User Perception. " The research paper takes a look at using JavaScript-based code, mobile sensors, and an artificial neural network to successfully steal user PINs on mobile devices. Clearly developers need to take into consideration user privacy and security when creating applications and websites that utilize mobile sensors and specifications like the W3C Proximity Sensor API. For more information about the W3C Proximity Sensor API, visit the W3C Editor's Draft on GitHub or the current working draft on the official W3C website .

View Full Text

Details

  • File Type
    pdf
  • Upload Time
    -
  • Content Languages
    English
  • Upload User
    Anonymous/Not logged-in
  • File Pages
    20 Page
  • File Size
    -

Download

Channel Download Status
Express Download Enable

Copyright

We respect the copyrights and intellectual property rights of all users. All uploaded documents are either original works of the uploader or authorized works of the rightful owners.

  • Not to be reproduced or distributed without explicit permission.
  • Not used for commercial purposes outside of approved use cases.
  • Not used to infringe on the rights of the original creators.
  • If you believe any content infringes your copyright, please contact us immediately.

Support

For help with questions, suggestions, or problems, please contact us