66865681
submission
NotInHere writes:
The advocacy group "European Digital Rights" (EDRi) reports from leaked documents that the presidency of the council of the EU Italy plans to remove vital parts from the telecommunications package that introduced net neutrality. The changes include removing the definition of "net neutrality" and replacing it with a "reference to the objective of net neutrality", which EDRi critizises impair enforceability. Also the proposed changes would allow ISPs to "block, slow down, alter, degrade or discriminate" traffic in order to meet "obligations under a contract with an end-user to deliver a service requiring a specific level of quality to that end-user". EDRi writes that "[w]ith all of the talk of the need for a single digital market in Europe, we would have new barriers and new monopolies."
The council of the EU is one of its two legislative chambers. The EU parliament can now object or propose further changes to prevent the modified telecommunications package from passing. Currently, Italy is presidency of the council of the EU.
65492719
submission
NotInHere writes:
Only three days after the large public has known about ChromeOS to disable ext2fs support for external drives, and linux users voiced many protests on websites like reddit, slashdot, or the issue tracker, the ChromeOS team now plans to support it again. To quote Ben Goodger's comment:"
Thanks for all of your feedback on this bug. We’ve heard you loud and clear.
We plan to re-enable ext2/3/4 support in Files.app immediately. It will come back, just like it was before, and we’re working to get it into the next stable channel release."
63906497
submission
NotInHere writes:
After the Google 'project Zero' has devised an exploit of an out-of-bounds NUL write in glibc it has disclosed one month ago to gain root access using the setuid binary pkexec in order to convince sceptic glibc developers, the now 44day has been fixed.
62771603
submission
NotInHere writes:
As promised, version 33 of the Firefox browser will fetch the OpenH264 module from Cisco, which enables Firefox to decode and encode H.264 video, for both the <video> tag and WebRTC, which has a codec war on this matter. The module won't be a traditional NPAPI plugin, but a so-called Gecko Media Plugin (GMP), Mozilla's answer to the disliked Pepper API. Firefox had no cross-platform support for H.264 before.
62100015
submission
NotInHere writes:
As Google writes on its Online Security Blog, the National Informatics Centre of India (NIC) used its intermediate CA certificate issued by Indian CCA, to issue several unauthorized certificates for Google domains, allowing to do Man in the middle attacks. Possible impact however is limited, as, according to Google, the root certificates for the CA were only installed on Windows, which Firefox doesn't use, and for the Chrom{e,ium} browser, the CA for important Google domains is pinned to the Google CA.
According to its website, the NIC CA has suspended certificate issuance, and according to Google, its root certificates were revoked by Indian CCA.
61592645
submission
NotInHere writes:
In 1996, Markus F. X. J. Oberhumer wrote an implementation of the Lempel–Ziv compression, which is used in various places like the linux kernel, libav, openVPN, or the Curiosity rover. As security researchers have found out, the code contained integer overflow and buffer overrun vulnerabilities, in the part of the code that was responsible to process not compressed parts of the data. Those vulnerabilities are however very hard to exploit, and their scope is dependent on the actual implementation.
According to Oberhumer, the problem only affects 32 bit systems. "I personally do not know about any client program that actually is affected", Oberhumer sais, calling the news about the possible security issue a media hype.
60183425
submission
NotInHere writes:
Mozilla has introduced a new program, called MWoS or "Mozilla Winter of Security", to involve university students into security projects. The attending students will write code for a Mozilla security tool during (northern hemisphere) winter. Unlike GSoC, attending it involves no monetary payment, but the student's universities are expected to activlely cooperate and to give the students a credit for their work.
From TFA:
MWoS is a win for all. Students get a chance to work on real-world security projects, under the guidance of an experienced security engineer. Professors get to implement cutting-edge security projects into their programs. Mozilla and the community get better security tools, which that we would not have the resources to build or improve ourselves.
