From https://twitter.com/Philae2014
More stunning images from this historic voyage here.
From xkcd….
See the full xkcd animation at http://xkcd.com/1446/
Category Archives: Current Events
Space probe lands on comet in historic mission
The three-legged lander had to be released at exactly the right time and speed because it could not be controlled on its descent. On its way down, Philae gathered data and images, which were relayed back to Earth.
Engineers designed the lander not knowing what type of terrain they would find on the comet’s surface. Rosetta has been taking pictures of the comet and collecting samples from its atmosphere as it approaches the sun, showing it is not as smooth as initially hoped, making landing more tricky.
via Space probe lands on comet in historic mission – Chicago Tribune.
From: Philae landing preview: What to expect on landing day
Philae’s legs are designed to damp out the forces of a hard landing to reduce the lander’s chance of bouncing. When Philae touches down, it will fire two harpoons to attach it firmly to the comet’s surface. A thruster on top of the lander fires at the same time as the harpoons, keeping the lander on the ground. Ice screws also deploy from the three lander feet.
From Twitter
UPDATE: From Rosetta mission: Philae craft may have bounced during comet landing – as it happened
Philae may have landed not once but twice – that’s the final message from Esa this evening.
According to Stephan Ulamec, Philae Lander Manager, DLR, the lander team believe that Philae may have bounced from the surface and settled again in a slightly different place.
Obama: Treat broadband—including mobile—as a utility
In a plan released today, Obama said, “The time has come for the FCC to recognize that broadband service is of the same importance [as the traditional telephone system] and must carry the same obligations as so many of the other vital services do. To do that, I believe the FCC should reclassify consumer broadband service under Title II of the Telecommunications Act—while at the same time forbearing from rate regulation and other provisions less relevant to broadband services. This is a basic acknowledgment of the services ISPs provide to American homes and businesses, and the straightforward obligations necessary to ensure the network works for everyone—not just one or two companies.”
via Obama: Treat broadband—including mobile—as a utility | Ars Technica.
Reclassification of broadband service is almost certain to bring lawsuits from the telecommunications industry.
‘Every Drupal 7 Site Was Compromised’ Unless Patched By Oct. 15
The vulnerability, which became public on Oct. 15, is a SQL injection flaw in a Drupal module that’s designed specifically to help prevent SQL injection attacks.
The Internet Dodges Another Bullet With Wget Flaw
“It was found that wget was susceptible to a symlink attack which could create arbitrary files, directories or symbolic links and set their permissions when retrieving a directory recursively through FTP,” developer Vasyl Kaigorodov wrote in a Red Hat Bugzilla comment. –
via The Internet Dodges Another Bullet With Wget Flaw.
Wget is a linux command that allows a shell script to download a web page and store it to a file. This bug pertains to using a URL to do File Transfer Protocol (FTP) and not HTTP which is what wget was designed for. Here are a couple more snippets of this bug.
“Random bug found by accident, but the implication is that the FTP server can overwrite your entire filesystem,” Moore tweeted to eWEEK.
Don’t use wget for ftp. Don’t run wget with root permissions.
So just to recap here, Wget is on nearly every Linux server in the world, and it had a flaw that could have enabled anyone to overwrite directories on a server. That’s very serious.
You should only use wget for http downloads. This doesn’t sound like one of those Internet Dodges a Bullet problems.
The Horror of a ‘Secure Golden Key’
A “golden key” is just another, more pleasant, word for a backdoor—something that allows people access to your data without going through you directly. This backdoor would, by design, allow Apple and Google to view your password-protected files if they received a subpoena or some other government directive. You’d pick your own password for when you needed your data, but the companies would also get one, of their choosing. With it, they could open any of your docs: your photos, your messages, your diary, whatever.
Flurry of Scans Hint That Bash Vulnerability Could Already Be In the Wild
What is it? A vulnerability in a command interpreter found on the vast majority of Linux and UNIX systems, including web servers, development machines, routers, firewalls, etc. The vulnerability could allow an anonymous attacker to execute arbitrary commands remotely, and to obtain the results of these commands via their browser. The security community has nicknamed the vulnerability “shellshock” since it affects computer command interpreters known as shells.
via Flurry of Scans Hint That Bash Vulnerability Could Already Be In the Wild – Slashdot.
This is a very confusing issue. I found the above comment to be the most informative right now as this issue unfolds.
How bad could it be? Very, very bad. The vulnerability may exist on the vast majority of Linux and UNIX systems shipped over the last 20 years, including web servers, development machines, routers, firewalls, other network appliances, printers, Mac OSX computers, Android phones, and possibly iPhones (note: It has yet to be established that smartphones are affected, but given that Android and iOS are variants of Linus and UNIX, respectively, it would be premature to exclude them). Furthermore, many such systems have web-based administrative interfaces: While many of these machines do not provide a “web server” in the sense of a server providing content of interest to the casual or “normal” user, many do provide web-based interfaces for diagnotics and administration. Any such system that provides dynamic content using system utilities may be vulnerable.
TrueCrypt Getting a New Life
TrueCrypt Lives on
Despite this, a new Swiss TrueCrypt website that claims to be “the gathering place for all up-to-date information” on TrueCrypt has sprung up. The site is the home of a new project which is taking the TrueCrypt code forward and evolving it into a new application called CipherShed.
Notes on the Celebrity Data Theft
After this story broke I spent some time immersed in the crazy, obsessive subculture of celebrity nudes and revenge porn trying to work out what they were doing, how they were doing it and what could be learned from it.
1. What we see in the public with these hacking incidents seems to only be scratching the surface. There are entire communities and trading networks where the data that is stolen remains private and is rarely shared with the public. The networks are broken down horizontally with specific people carrying out specific roles, loosely organized across a large number of sites (both clearnet and darknet) with most organization and communication taking place in private (email, IM).
via New Web Order > Nik Cubrilovic – – » Notes on the Celebrity Data Theft.
Why would Chinese hackers want hospital patient data?
people without health insurance can potentially get treatment by using medical data of one of the hacking victims.Halamka, who also runs the “Life as a healthcare CIO” blog, said a medical record can be worth between US$50 and $250 to the right customer — many times more than the amount typically paid for a credit card number, or the cents paid for a user name and password.
via Why would Chinese hackers want hospital patient data? | ITworld.