Home Tags Interrupt

Tag: Interrupt

Soylent recalls powder after dairy accidentally slips into 1.8 powder

The meal-replacement powder was supposed to be lactose free, but no illnesses reported.

Head of Samsung faces arrest in presidential corruption scandal

Neilson Barnard / Getty Imagesreader comments 12 Share this story Lee Jae-yong, the vice chairman of Samsung Group and acting head of the company, could soon be facing formal corruption charges.
South Korean prosecutors are currently seeking the arrest of the Samsung heir, accusing him of bribery, embezzlement, and perjury.

The warrant must first be approved by a court, which will convene Wednesday. The accusation sucks Samsung into the ongoing corruption scandal that has rocked South Korea, where impeachment hearings for President Park Geun-hye have already started. Lee is accused of paying bribes to a nonprofit connected to the South Korean president in exchange for approval of a merger of two Samsung Group affiliates—Cheil Industries and Samsung C&T—in 2015. Once merged, the two companies became one of the largest investors in Samsung Electronics, solidifying the Lee family's control over the crown jewel of the Samsung empire.

The prosecutor's office estimated that the total size of the alleged bribes was ₩43 billion ($36 million). The possible arrest of Lee comes at a time when Samsung is still sorting through the Note 7 recall debacle, and it could interrupt Lee Jae-yong's massive ongoing reorganization of Samsung Group. Samsung executives are no strangers to legal trouble. Lee Kun-hee, Lee Jae-yong's father and the chairman of Samsung Group, was convicted of bribery in 1996 and of tax evasion and breach of trust in 2009.
In both cases he was never arrested or served jail time, and his criminal record was later erased through presidential pardons. Lee Kun-hee resigned from Samsung in 2008 after a slush-fund scandal but returned to the company in 2010.

A 2014 heart attack sidelined Kun-hee and allowed his son to become acting head of Samsung Group, but Kun-hee is expected to hold on to the title of "Chairman" until his death. Last week Lee was the subject of a 22-hour-long interrogation at the prosecutor’s office, and the heads of LG and Hyundai have been questioned as well.
Samsung represents around 23 percent of South Korea's GDP, and while a spokesman for the special prosecutor’s office said they considered what effect the arrest could have on South Korea's economy, “it is more important to seek justice.”

5 signs we're finally getting our act together on security

The high-water line in information security gets higher each year. Just as we think we’ve finally figured out how to defend against attacks, then attackers come up with something new and we are right back to trying to figure out what to do next. For example, ransomware has surged in the last year.

Although that kind of malware has been around for years, the current model of encrypting user files to hold data hostage came about just recently.
Infections quadrupled in 2016, with the FBI estimating an average of 4,000 attacks a day.

A recent IBM survey of 600 business leaders in the United States found that one in two had experienced a ransomware attack in the workplace, and that companies paid the ransom 70 percent of the time.

As a result, criminals are on track to make nearly $1 billion this year from ransomware, IBM X-Force said. And there’s been seemingly no end to hackers getting into corporate databases. Just ask Yahoo. Or the Democratic National Committee.

Even the FBI was able to find a firm to hack into the Apple iPhone 5c, which for a while seemed unhackable. For IT and security professionals, this endless fire fighting gets exhausting. Old threats come back in new forms, and new attacks keep making the list of things to worry about even longer. Malicious word macros are back.

Exploit kits still love Flash.
SMS text messages with one-time codes for second-factor authentication proved hackable.
It all makes you want to give up and curl up in a dark corner. But 2016 wasn’t all bad news for enterprise security, and there are some wins that give hope for a more secure future. 1. We’re looking at passwords in a better light Authentication, especially how we use passwords, was a recurring theme with every data breach. Yes, password reuse is still a problem and weak passwords like “password1” and “123456” are still a thing, but we are seeing more people use password managers to secure their online accounts and fingerprint sensors to lock their physical devices. “Biometrics will no longer be seen as novel in 2017, but necessary,” said Daniel Ingevaldson, CTO of security company Easy Solutions. There are fingerprint sensors on the market today with security features including TLS 1.2 and 256-bit encryption, anti-spoofing technologies, live-or-dead detection, and match-in-sensor architectures, said Anthony Gioeli, a vice president at Synaptics’s biometrics division.

Apple has had hardware-secured fingerprint sensors in its mobile devices for several years, and now in its newest MacBook Pro.
Samsung and Google use similar technology in their latest smartphones.

And Microsoft has built in support for biometrics in Windows 10 and beefed up the security in this year’s Windows 10 Anniversary Update. The National Institute of Standards and Technology is also tackling the problem.

The draft version of the Digital Authentication Guideline document includes new guidance on password policies, such as allowing for longer passwords; allowing spaces and other characters; removing special character requirements (such as what combination of letters, numbers, and non-alphanumeric characters must be used); and doing away with password hints. NIST also said in the draft that sending unique passcodes via SMS messages should not be used as part of a two-factor authentication scheme, and that stronger authentication schemes should be adopted. Although the guidance is still in draft form and the official public comment period doesn’t start until early 2017, IT departments can use it to start thinking about how to improve authentication, such as rolling out multifactor authentication and changing password requirements. Another bonus: NIST’s Mary Theofanos said mandatory password changes don’t make sense, so IT departments can now work on alternative methods — and stop torturing users. 2. We may finally be taking IoT security seriously Last year, we could see the ransomware wave coming.

This year, it’s internet of things (IoT) security — or the extreme lack thereof — that is clearly on the horizon. The distributed denial-of-service (DDoS) attacks this fall, which spread through home security cameras, VCRs, and other connected devices, took down the internet and seemed to be the industry wakeup call that finally worked. Made up of compromised IoT devices, the Mirai botnet launched large attacks against French service provider OVH, the website of security blogger Brian Krebs, and networking company Dyn. The last time DDoS was the big story, it was about hacktivists and online pranksters targeting financial websites and other visible targets.

This time, botnets are launching large, multivector attacks that can exceed 1 terabit per second — and interrupt internet access for millions.   Security experts have been warning for some time about the millions of devices that are connected to the internet without even the most basic security features, so the Mirai attack shouldn’t have been a surprise.

And with Mirai’s source code publicly available, it is safe to assume there are other IoT botnets waiting in the shadows to strike. With all these devices connecting to the internet, we are ripe for an IoT worm, said Lamar Bailey, senior director of security research and development at Tripwire.

Fixing the problem will require a lot of coordination, creativity, and persistence, but perhaps people are actually seeing the risks. The silver lining is that the Mirai attack was a “fairly cheap lesson in what a compromised IoT [threat] would look like while there’s still time to do something about it,” said Geoff Webb, vice president of solution strategy at Micro Focus.

But IoT vendors need to get serious about security fast — and consumers should avoid their products until they do. 3. We’re getting other benefits on the coattails of new security technology It’s always a good sign when adopting something for security reasons winds up having other benefits. New protocols like Transport Layer Security (TLS) 1.3 and HTTP2 will make the web safer, but there are clear performance improvements as well.
It’s very likely the uptick in adoption of TLS 1.3 and HTTP2 by web developers will be spurred by the increased speeds the protocols enable, said Ryan Kearny, CTO of networking company F5 Networks. “In 2017, the increase in web speed will spur rapid adoption of TLS 1.3 —- and that will, in turn, make the web more secure,” Kearny said. 4. We’re getting more realistic about security Security was one of those things people never really understood.

TV shows and movies didn’t help, with slick graphics and fancy dramatizations of what hacking supposedly looks like.

Then, along came the TV show “Mr. Robot,” and the show’s star, Rami Malek, winning an Emmy for his portrayal of Elliott Alderson. “Out of all the attempts that Hollywood has made to tell a compelling story using cyber as the backdrop, Mr. Robot is the most complete,” said Rick Howard, CSO of networking security company Palo Alto Networks. If nothing else, nonsecurity professionals now have a better understanding of just how bad things can get.
It’s no longer just that one weak password, one link in an email, or that one old software application that hasn’t been updated.

There is no need to oversensationalize the security issues in “Mr. Robot” — the reality is bad enough. That better understanding should help users understand why they need to pay more attention to at least security basics.

And why they keep getting breach notices from the likes of Yahoo and Dailymotion. But it doesn’t help that there’s still a culture of silence about breaches among security pros and the companies they work for. No one likes to talk about their failures or to be a headline.

But because no one is sharing what mistakes were made, the same breaches keep happening over and over. That’s why the formation of new Information Sharing and Analysis Centers (ISAC) is a positive — though small — development, a sign of realism creeping into the security professionals’ culture, too.

Although existing ISAC and commercial information-sharing platforms are expanding to include more enterprises, they need to become even more widespread. Developers have plenty of places where they can post code snippets and get programming help.
IT and security professionals should have forums where they can share their security stories, ask questions without judgment, and learn about what worked for their peers, said Jeannie Warner, a security strategist at WhiteHat Security. “The bad guys have Tor, Reddit, and other social networks to share information and tools.

The good guys need to adopt theirs just as freely,” Warner said. It’s easy to see information security as a never-ending stream of attacks. Perhaps the most distressing thing about the year’s outages and breaches is the fact that there is an awful lot happening that IT doesn’t know about.
Security experts frequently warn that just because there is no evidence of a breach doesn’t mean there isn’t a breach.

That was definitely true at Yahoo: The internet company disclosed two gigantic breaches, but the scariest thing wasn’t the number of victims — it was the fact that they happened years ago and no one even suspected. “We went years with billions of records being sucked out from right under our noses and we didn’t even know it,” wrote security expert Troy Hunt. He called the current mindset “conscious incompetence,” where we know we have a big problem.

That’s a better place to be than the previous stage, where the prevailing attitude was, “It won’t happen to me.” The big question is knowing where to go next. “How much more are we going to discover over the next year? Or not discover at all?” Hunt asked.
If we’re finally getting real about security, and come out of the shadows, we should finally begin to make real progress. 5. We may finally get security promises we can bank on As consumers, we demand money back when we are not satisfied with a product’s performance or functionality.

But IT typically doesn’t get that option with security products. Only 25 percent of U.S.
IT security decisionmakers said their primary security vendor is willing to guarantee their product by covering the costs of a breach, including lawsuits and ransoms, according to a recent survey by endpoint security company SentinelOne.

But most IT security professionals in the survey said they would like security vendors to offer a guarantee their products would deliver on their promises — and 88 percent claimed they would change providers if a competitor offered such a guarantee. “The industry has reached a tipping point, where security vendors will need to guarantee that their products will hold up against cyberattacks and assume responsibility if they fail to do so,” said Jeremiah Grossman, chief of security strategy at SentinelOne. “Customers are tired of paying additional fees to address security breaches, especially when they have already paid for security defenses in the first place.” There are now a handful of companies that offer security guarantees.
SentinelOne’s guarantee covers $1,000 per endpoint, or $1 million per company payout, in the event of a successful ransomware infection after installing SentinelOne’s Endpoint Protection Platform.

Cymmetria covers the costs incurred in notifying victims, hiring attorneys, bringing in digital forensics investigators, and repairing the damage in case of an advanced persistent threat gaining unauthorized access, moving laterally through the network, and stealing protected information from compromised systems in organizations that have deployed Cymmetria’s MazeRunner cyber-deception platform.

Trusona and WhiteHat Security also have similar product guarantees. As we’ve seen over the past few months, even security products can have vulnerabilities.

But in several of the cases, the mistakes seemed fairly basic, even avoidable — not at all at the level of what a security provider should be delivering. Providing product guarantees should wring out such sloppiness from security providers, because they’ll finally pay a real price for their own neglect. “It’s high time people in our industry started putting their money where their mouth is and taking responsibility for what they sell, assuring what they do works,” said Gadi Evron, Cymmetria’s CEO.

Security Experts Predict Prominent Cyber-Trends for 2017

Upstream Providers Become Targets Chase Cunningham, director of cyber operations at A10 networks, expects that upstream providers increasingly will be targets for attackers in the new year.

The DDoS attack launched against DNS provider Dyn, which resulted in knocking out many major sites that use Dyn for DNS services, made headlines because it highlighted what can happen when threat actors target a service provider as opposed to the end customers.

Attacks on upstream providers, he noted, cause ripple effects that interrupt service—not only for the provider, but also all of their customers and users.

The attack on Dyn set a dangerous precedent and likely will be emulated several times over in the coming year, he said.

Google publishes national security letters for the first time

Google is providing for the first time a look into the world of national security letters—demands from the Federal Bureau of Investigation to hand over details about account holders and keep quiet about it. The letters are a part of business for Google and other major internet companies, but  traditionally they have been barred from acknowledging the letters’ existence.

That changed in 2013 when, in light of revelations about Internet surveillance by U.S. intelligence agencies, Google and others started fighting to disclose more about the demands. That led to the creation of Google’s “transparency report,” which revealed the company receives thousands of requests for user data each month from law enforcement agencies around the globe.

The national security letters remained secret, but on Tuesday, Google published a handful that are no longer covered by nondisclosure rules. The eight letters cover a period from March 2010 to September 2015 and request information on 21 user accounts. The precise email addresses have been redacted.

All but one of the redactions covers just the user name, showing they are “@gmail.com” accounts. One covers the entire email address, hinting that it could be for a non-Gmail address hosted on Google servers. Google/IDGNS A list of email addresses in a national security letter sent to Google. The letters are all similar, referencing the law (18 U.S.

Code § 2709) and Google’s duty to provide the name, address, length of service and electronic communications transactional records associated with the account.

They go on to note that the FBI is not seeking the subject line or content of any email messages sent. “While fulfilling your obligations under this letter, please do not disable, suspend, lock, cancel or interrupt service,” the letter notes. And then the gag order. “You, any officer, employee, or agent of yours are prohibited from disclosing this letter or disclosing that the FBI has sought or obtained access to information,” it said. Google/IDGNS A gag order in a national security letter sent to Google. Google is allowed to publish some of the national security letters under the USA Freedom Act, which was enacted in response to the Snowden revelations and widespread demands for more transparency in government surveillance. Legally, the FBI allowed Google to publish the identities of the accounts that were sought, but the company chose not to do so.
It was asked to redact the name and contact details of the FBI officer making the request, and it complied.

San Francisco Transit System Hit by Ransomware Attack

Riders on San Francisco municipal transit system were able to board light rail trains for free after the fare payment terminals were hit by a suspected ransomware attack. The San Francisco Municipal Transportation Agency (MUNI) was the victim of a rans...

Definitely not another Stuxnet, researchers claim as they demo industrial control...

Undetectable ghost in the controller Black Hat EU Security researchers have come up with another way to hack Programmable Logic Controllers (PLCs) at industrial plants. Ali Abbasi, a PhD student at the University of Twente, and Majid Hashemi, a research engineer at Quarkslab, have developed an attack that involves tweaking the PIN configuration of a system chip in order to manipulate the physical process a PLC controls. "The attack is feasible due to lack of hardware interrupt on the PLC's SoC and intensified by PIN Control subsystem inability for hardware level Pin Configuration detection," the researchers explained. During a presentation at the Black Hat EU conference last week, the duo showed how it was possible to use the approach to interfere with the on/off control of an LED to keep it permanently on while its associated controller thought it was blinking. Embedded controllers are used to control physical processes in power plants, factories and more so compromised devices present a significant security risk. The researchers also demonstrated how to circumvent current host-based detection mechanisms by avoiding typical function hooking or modifying kernel data structure. Their talk was entitled, Ghost in the PLC: Designing an Undetectable Programmable Logic Controller Rootkit. The duo hope their work will help lay the foundations for the design of more robust detection techniques specifically tailored for PLCs. Hashemi stated that the talk on rootkits and associated hack techniques against industrial control systems was "not about developing another Stuxnet" (the presumed US-Israeli cyber-weapon that physically hobbled high-speed centrifuges at an Iranian nuclear plant). For one, there are much easier ways to hack industrial control plants, according to Hashemi. "You see default passwords everywhere, even in critical systems," he said. Gabriel Gonzalez, principal security consultant at IOActive and an expert in SCADA security who attended the talk, said hackers would need to have secured control of a system in order to plant a rootkit and manipulate its operation in the way outlined by Abbasi and Hashemi. ® Sponsored: Customer Identity and Access Management

RHBA-2016:2673-1: qemu-kvm-rhev bug fix and enhancement update

Updated qemu-kvm-rhev packages that fix several bugs and add variousenhancements are now available for Red Hat Virtualization Hypervisor 7. Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linuxon AMD64 and Intel 64 systems.


RHSA-2016:1815-1: Important: kernel security and bug fix update

An update for kernel is now available for Red Hat Enterprise Linux 6.7 ExtendedUpdate Support.Red Hat Product Security has rated this update as having a security impact ofImportant.

A Common Vulnerability Scoring System (CVSS) base score, which givesa detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operatingsystem.Security Fix(es):* It was found that the RFC 5961 challenge ACK rate limiting as implemented inthe Linux kernel's networking subsystem allowed an off-path attacker to leakcertain information about a given connection by creating congestion on theglobal challenge ACK rate limit counter and then measuring the changes byprobing packets.

An off-path attacker could use this flaw to either terminateTCP connection and/or inject payload into non-secured TCP connection between twoendpoints on the network. (CVE-2016-5696, Important)Red Hat would like to thank Yue Cao (Cyber Security Group of the CS departmentof University of California in Riverside) for reporting this issue.Bug Fix(es):* When an interrupt request occurred and the new API was scheduled on adifferent CPU, the enic driver previously generated a warning message.

Thisbehavior was caused by a race condition between the vnic_intr_unmask() functionand the enic_poll_unlock_napi() function.

This update fixes the napi_poll()function to unlock before unmasking the interrupt.

As a result, the warningmessage no longer occurs in the described situation. (BZ#1351192) Red Hat Enterprise Linux Server EUS (v. 6.7.z) SRPMS: kernel-2.6.32-573.34.1.el6.src.rpm     MD5: 0e5680de540e4fe4e601254a52c5533dSHA-256: ebbb9ef00625559b1fe608cf0246beab50cec4f122d3e1781cf62904f08180d3   IA-32: kernel-2.6.32-573.34.1.el6.i686.rpm     MD5: 883e19c9d3f683d9624a8cf5f12403f6SHA-256: 072ef01c747c150104a01a3ff1c449ef072b798438dc31373605c5fe346d2182 kernel-abi-whitelists-2.6.32-573.34.1.el6.noarch.rpm     MD5: e1d8c0949348472f813825219c69bcc8SHA-256: 4c630516e1432b03c5a1d9a0d78a4ad25f58cea327472bf13bff0a3b9ef7554e kernel-debug-2.6.32-573.34.1.el6.i686.rpm     MD5: 092e088ff4396c65f7dd0ba0ff628565SHA-256: f7c49f8a8dee8ed22cff1100726e2caf02047edff83e9171981bad59156d65dd kernel-debug-debuginfo-2.6.32-573.34.1.el6.i686.rpm     MD5: 4fcec5f5f984d15c4b7fc0c3d6069911SHA-256: d3038e23daf0eb296af40aaed61c91712670696497918ec1c88926b0318d2c39 kernel-debug-devel-2.6.32-573.34.1.el6.i686.rpm     MD5: 752b84dcc2917ac84f6e2bd6cc1125b2SHA-256: 756afa381b0a2574466f85c84244c5b0d4b48a5d2d10c3949641b11485fa8686 kernel-debuginfo-2.6.32-573.34.1.el6.i686.rpm     MD5: 9576dd5304bf0bd9a55fd31f5ccf9520SHA-256: e3a8d7f5aaee91a4b0c96c524f977a4979fc36fb2b1240bea4781ecdd0ad9934 kernel-debuginfo-common-i686-2.6.32-573.34.1.el6.i686.rpm     MD5: 6c1405194038cc29b701736964a3944aSHA-256: 0f5fb84830a865e62b45acb41f70747592a77e9988b4bf265855fde360cffdb8 kernel-devel-2.6.32-573.34.1.el6.i686.rpm     MD5: 8f805fbd303b1c77dcb7da421b1cf417SHA-256: ba75ffd564e12c9e6976f51a75863f7002f3bc6f9a822c7b2ba0f3560bea50af kernel-doc-2.6.32-573.34.1.el6.noarch.rpm     MD5: c43fc204faaf3afd2507e42995793b52SHA-256: 4fb11a3f50d1930c8eaf8341bea8e294d76f3578df5218312bf3ad2c0f998996 kernel-firmware-2.6.32-573.34.1.el6.noarch.rpm     MD5: 8a0539cea44b9ecea7639b561e0906feSHA-256: e8d48f2e94c5a8cc09787756077f7dbfddc05f02b5f813d5ed402c708308ac62 kernel-headers-2.6.32-573.34.1.el6.i686.rpm     MD5: a4c2d1fa218e4e682fb4fd24fed078b4SHA-256: 6a2bb3834341fac92b5e250c588a94bae06dc04a90b7f701d130ee25e88568fd perf-2.6.32-573.34.1.el6.i686.rpm     MD5: 73cb36781fb7ed96d62a0dca1a5f22e6SHA-256: ca77737675ff79d682d4bf872554a3570d820c5b656ac2c6bd2a0b4d71802ebf perf-debuginfo-2.6.32-573.34.1.el6.i686.rpm     MD5: 386072f60e232bcd497cad0b937e31dbSHA-256: 40ef71becacfab603938fa6a226d1d9bff810c14ea175a7c3dcb893bd0caa69d python-perf-2.6.32-573.34.1.el6.i686.rpm     MD5: 0e0c9ee0a7becf20cd1e0915b347d252SHA-256: 57393d6f333b3e21ac36762fd00a42c729326fa6c7574c61fb123637c18ae83f python-perf-debuginfo-2.6.32-573.34.1.el6.i686.rpm     MD5: a0ea984c54a7b2ef6941806f5a5cbb2dSHA-256: 52bd336f598ded6150e4cd9a7d06f9a11ced672b6a9e1c10d558d74c0ffe3d91   PPC: kernel-2.6.32-573.34.1.el6.ppc64.rpm     MD5: 078823288b5f1e1e37d86cb843d6033cSHA-256: ec9df5d796333c0b5b9e5225fe56e499a3dcd992728522182da273abafab017a kernel-abi-whitelists-2.6.32-573.34.1.el6.noarch.rpm     MD5: e1d8c0949348472f813825219c69bcc8SHA-256: 4c630516e1432b03c5a1d9a0d78a4ad25f58cea327472bf13bff0a3b9ef7554e kernel-bootwrapper-2.6.32-573.34.1.el6.ppc64.rpm     MD5: 109766cd1a1af009a57ec909eb76b17cSHA-256: 50c2e6f7325eadbb470c9797aa3ed22efcbae0b44d81ed1ad219e4231c4aecec kernel-debug-2.6.32-573.34.1.el6.ppc64.rpm     MD5: 1b6ecb98ec2b4f16173d0e709ee04acdSHA-256: 99d75da31e51d5a2610b76e4a2c173f85bd3d30588a01de8f7eadab189a7993f kernel-debug-debuginfo-2.6.32-573.34.1.el6.ppc64.rpm     MD5: bbd95c8311e39f7c21838f6214dd4aa7SHA-256: dbba0931d101e601b245cdf11d10a598d4b45fed72867e009cb4939c4e7ea813 kernel-debug-devel-2.6.32-573.34.1.el6.ppc64.rpm     MD5: 2f71ed52e3f1de43647a5bed2a65cb2bSHA-256: 2e8e3fa90efdb1defb81653f8ada46b9168af82eaf7969da604ba693d32993ad kernel-debuginfo-2.6.32-573.34.1.el6.ppc64.rpm     MD5: 1958435f5133fdb9ececff1e3f729639SHA-256: 5ee26cfe66fda2ab23bf188b66bdbae2cba5f9896b93639eb7d86104c7b2f93b kernel-debuginfo-common-ppc64-2.6.32-573.34.1.el6.ppc64.rpm     MD5: 87c809c8201190de2af349baa92b21b2SHA-256: e1629265e696025ff6e288afe01c829db07ad27b9cfa8689241b2229b75ee4b4 kernel-devel-2.6.32-573.34.1.el6.ppc64.rpm     MD5: fc456b63601fa22c1f8b927d0bc70c27SHA-256: 0b74a075545f2fd227043b4d7f44f0954b6dc8bfa933029204cd0c12e5423280 kernel-doc-2.6.32-573.34.1.el6.noarch.rpm     MD5: c43fc204faaf3afd2507e42995793b52SHA-256: 4fb11a3f50d1930c8eaf8341bea8e294d76f3578df5218312bf3ad2c0f998996 kernel-firmware-2.6.32-573.34.1.el6.noarch.rpm     MD5: 8a0539cea44b9ecea7639b561e0906feSHA-256: e8d48f2e94c5a8cc09787756077f7dbfddc05f02b5f813d5ed402c708308ac62 kernel-headers-2.6.32-573.34.1.el6.ppc64.rpm     MD5: 79782389d5c16e4d78eda1546eb96a66SHA-256: bff6f3f57ffa09759cb538b24c993aabb331874a36a04a6805bfa03110d07cc4 perf-2.6.32-573.34.1.el6.ppc64.rpm     MD5: 1c6f213a23a323343446324ebf3223eeSHA-256: c1f765410a87db737e5671aa70b2213209488d516091b2a39bb0f9ea2971b3fd perf-debuginfo-2.6.32-573.34.1.el6.ppc64.rpm     MD5: ca4d376cabb35c6d31dc27718d286094SHA-256: 5a79d7c6eb41ad559fa64a12103ea655b5d85a584907ac8a62817ea9d87574f2 python-perf-2.6.32-573.34.1.el6.ppc64.rpm     MD5: f96b965ff28895da4c4be458b6367b8aSHA-256: 8fd9a8ded31abee5541341c29b7c58fc831bf890761251b6b9cd4d16af12c578 python-perf-debuginfo-2.6.32-573.34.1.el6.ppc64.rpm     MD5: b43f639504e0eb204a38b9a6261d4fd9SHA-256: 5f311a786730a75af505aa14fe16983ddd69bdff3db808c7b31d1ac3033b70ef   s390x: kernel-2.6.32-573.34.1.el6.s390x.rpm     MD5: fc4c1226b6abe56d821cfa7b1c00de84SHA-256: 6a3c685dcc87eadce7b41b440ba356aa1b0b4197d534a1964e4f3e8300f817df kernel-abi-whitelists-2.6.32-573.34.1.el6.noarch.rpm     MD5: e1d8c0949348472f813825219c69bcc8SHA-256: 4c630516e1432b03c5a1d9a0d78a4ad25f58cea327472bf13bff0a3b9ef7554e kernel-debug-2.6.32-573.34.1.el6.s390x.rpm     MD5: e362ecf5787f6d197174f85995c2598dSHA-256: f81885651a7011cfe5e2fa2fce9b5a47efba3c3a8091dc2f2af03ebfea124ba5 kernel-debug-debuginfo-2.6.32-573.34.1.el6.s390x.rpm     MD5: 392089f535dfa7b2144ada73429a6a4bSHA-256: efaaebcc35b3b8312731c60c5e34ef897e3c070ee5d7c09b6967ac37b6126bf3 kernel-debug-devel-2.6.32-573.34.1.el6.s390x.rpm     MD5: 65d5d0c207932459b992a1447e8568c1SHA-256: fd297621ab471efa3962130f6b09ab5906a613cc172f0a530a3e0238f89f3584 kernel-debuginfo-2.6.32-573.34.1.el6.s390x.rpm     MD5: 9814cb1643edd648809fefa26753d57cSHA-256: 681e0881679e2f896fe5a68c2e79729884c8bc7bc61eccd135432967bbf83556 kernel-debuginfo-common-s390x-2.6.32-573.34.1.el6.s390x.rpm     MD5: d48103792e6b285c87e4639b09213c9cSHA-256: 2bb2d346b40815e9af7365a5ffb93884dd33edbe2dcc3bbf783accbee53c033f kernel-devel-2.6.32-573.34.1.el6.s390x.rpm     MD5: 5549fa9d1d4af279356a16ad28acfcbeSHA-256: c186142d2dfe622b97eaf3ca502e2232d39f6625f9b1dff9439f33f31730a39d kernel-doc-2.6.32-573.34.1.el6.noarch.rpm     MD5: c43fc204faaf3afd2507e42995793b52SHA-256: 4fb11a3f50d1930c8eaf8341bea8e294d76f3578df5218312bf3ad2c0f998996 kernel-firmware-2.6.32-573.34.1.el6.noarch.rpm     MD5: 8a0539cea44b9ecea7639b561e0906feSHA-256: e8d48f2e94c5a8cc09787756077f7dbfddc05f02b5f813d5ed402c708308ac62 kernel-headers-2.6.32-573.34.1.el6.s390x.rpm     MD5: 8c251bf42c3eeff59c69337df42e1e97SHA-256: c8ef540eaccb1bd1eceb4a65e20d4b0b1ae5ed4bc15d708d05d50cca1ff27e90 kernel-kdump-2.6.32-573.34.1.el6.s390x.rpm     MD5: a42431f5d2c9eaff7e46430c1d5566c0SHA-256: 708e1036277199659e8987eafebe08fa5048a1604e72ec302b881657868533b3 kernel-kdump-debuginfo-2.6.32-573.34.1.el6.s390x.rpm     MD5: 20e86b5c8721e314fad62d87db7d379cSHA-256: d428df5ff08ec9e6cc87c9e90978c1439f87b55a01cb77d482d7511c4d4491b9 kernel-kdump-devel-2.6.32-573.34.1.el6.s390x.rpm     MD5: ba707fc894863d9a78ec44aedf26b618SHA-256: a7617571df5576e48fb245f2d397b282d6bdfeefffcd94c7f051089a37ac8799 perf-2.6.32-573.34.1.el6.s390x.rpm     MD5: 778056a628a4601df10ec5da51eb7d94SHA-256: 942b1a8840f9176542077987285e0213eb914529b61da41fa2c9d1373bd415c9 perf-debuginfo-2.6.32-573.34.1.el6.s390x.rpm     MD5: 05a5ca426bcbdced7ce812589341a40eSHA-256: 36f73885d7ac490a40160b23cc702f0a24dde5613c12e6658e5cd24c1c089dd1 python-perf-2.6.32-573.34.1.el6.s390x.rpm     MD5: 61a03552d640ff598b23fba18fe36304SHA-256: d652a7140fd0fb721d3eebf611859699b213697c3414896b628aa10f42ccc382 python-perf-debuginfo-2.6.32-573.34.1.el6.s390x.rpm     MD5: 1f1c2725587c834f3c52ce636d25715fSHA-256: 5c6e5fcca600c5463516f2cca13eda5ad2eda0f9af81536d1f2932eb3e1a7b73   x86_64: kernel-2.6.32-573.34.1.el6.x86_64.rpm     MD5: 01f4d4bb5acf6bfd9039ee10a69fdc79SHA-256: 8b51c1a7a195c2841adc9798fe5f5dd39cbf0ad99e7179c2fe0dd7ccb057daf8 kernel-abi-whitelists-2.6.32-573.34.1.el6.noarch.rpm     MD5: e1d8c0949348472f813825219c69bcc8SHA-256: 4c630516e1432b03c5a1d9a0d78a4ad25f58cea327472bf13bff0a3b9ef7554e kernel-debug-2.6.32-573.34.1.el6.x86_64.rpm     MD5: ee375f3cba525962af6dc3f5592c7d28SHA-256: 61f0bed66cae2cc0cdb9005276fbe51883c8e0097abd910e00bc10c7291884e8 kernel-debug-debuginfo-2.6.32-573.34.1.el6.i686.rpm     MD5: 4fcec5f5f984d15c4b7fc0c3d6069911SHA-256: d3038e23daf0eb296af40aaed61c91712670696497918ec1c88926b0318d2c39 kernel-debug-debuginfo-2.6.32-573.34.1.el6.x86_64.rpm     MD5: 746cfe1a4a8d512aa861d69e38b19377SHA-256: 9673cdfa69209b29e1212a9f4cabb736a3dfbfba928a9c15244e724593e46947 kernel-debug-devel-2.6.32-573.34.1.el6.i686.rpm     MD5: 752b84dcc2917ac84f6e2bd6cc1125b2SHA-256: 756afa381b0a2574466f85c84244c5b0d4b48a5d2d10c3949641b11485fa8686 kernel-debug-devel-2.6.32-573.34.1.el6.x86_64.rpm     MD5: 96cd1eb4b4821361eb5383ee676877bcSHA-256: 9303da37c04b82d3c76d99e95d4700f0c2fdbb2ffd1102e9e503770c1dde7d49 kernel-debuginfo-2.6.32-573.34.1.el6.i686.rpm     MD5: 9576dd5304bf0bd9a55fd31f5ccf9520SHA-256: e3a8d7f5aaee91a4b0c96c524f977a4979fc36fb2b1240bea4781ecdd0ad9934 kernel-debuginfo-2.6.32-573.34.1.el6.x86_64.rpm     MD5: 9a4bc58fbfc04e60c42998c394f72cbeSHA-256: 31b885f9929a280d215e3191ed023327d96ccce2bc4de6be4302a9bfc5af47f4 kernel-debuginfo-common-i686-2.6.32-573.34.1.el6.i686.rpm     MD5: 6c1405194038cc29b701736964a3944aSHA-256: 0f5fb84830a865e62b45acb41f70747592a77e9988b4bf265855fde360cffdb8 kernel-debuginfo-common-x86_64-2.6.32-573.34.1.el6.x86_64.rpm     MD5: 58fe6f3ed8e1f94ee36dbccfa4b7f33cSHA-256: d3efba33f93c0bd64880e52a6494ae10853d84313c4fc0488566f8e355a298bd kernel-devel-2.6.32-573.34.1.el6.x86_64.rpm     MD5: 3515ab712f56d6512dc9661b68e0ccadSHA-256: c2beee1d1c6201c83e92b3c36b60990f01e79c64eb7965931def5de26ba44838 kernel-doc-2.6.32-573.34.1.el6.noarch.rpm     MD5: c43fc204faaf3afd2507e42995793b52SHA-256: 4fb11a3f50d1930c8eaf8341bea8e294d76f3578df5218312bf3ad2c0f998996 kernel-firmware-2.6.32-573.34.1.el6.noarch.rpm     MD5: 8a0539cea44b9ecea7639b561e0906feSHA-256: e8d48f2e94c5a8cc09787756077f7dbfddc05f02b5f813d5ed402c708308ac62 kernel-headers-2.6.32-573.34.1.el6.x86_64.rpm     MD5: 5c1170ea37ef1a1a4ac1ff768af0f511SHA-256: f6324fb85fd3124acee8c2b587cc8b3855326f8f4b0b5f7b3130e3c968824537 perf-2.6.32-573.34.1.el6.x86_64.rpm     MD5: e21ed32d957773510554b1e1c3084181SHA-256: 33dcb4c1e265df4a177bcc2bdbf7268ec7bf7cdf6961e41504c201a4d8cb9bb9 perf-debuginfo-2.6.32-573.34.1.el6.i686.rpm     MD5: 386072f60e232bcd497cad0b937e31dbSHA-256: 40ef71becacfab603938fa6a226d1d9bff810c14ea175a7c3dcb893bd0caa69d perf-debuginfo-2.6.32-573.34.1.el6.x86_64.rpm     MD5: 833028541e816ded22a15cd55f9729fbSHA-256: 46862ff452643996f3ab689677ab2536a30f1481626ca10dca42a0df3b898240 python-perf-2.6.32-573.34.1.el6.x86_64.rpm     MD5: 8a8bc557979864838cb6c6768c8ae8a5SHA-256: 34613e9d664366026a560efa393b309062fc2b405e975aa1ccdaa895a4fd520a python-perf-debuginfo-2.6.32-573.34.1.el6.i686.rpm     MD5: a0ea984c54a7b2ef6941806f5a5cbb2dSHA-256: 52bd336f598ded6150e4cd9a7d06f9a11ced672b6a9e1c10d558d74c0ffe3d91 python-perf-debuginfo-2.6.32-573.34.1.el6.x86_64.rpm     MD5: 05042f6cbfa3f136aa89684b7708452eSHA-256: 411e0dbb0b8fea641fe6d4a51fca02ec723fda0b7c59504d63851c5df3f2d37f   (The unlinked packages above are only available from the Red Hat Network) These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:

If this headline was a security warning 90% of you would...

Boffins find interrupting users with pop-ups in the middle of things just doesn't work Developers, advertisers, and scammers be warned; boffins say your pop ups will be almost universally ignored if they interrupt users. The work examined how users respond to web-based messages during times of varying concentration and found users who are engaged deeply in some task will ignore pop ups. The university quintet finds messages, notably those flagging legitimate information such as security warnings, should be displayed as soon as users land on a site, have finished watching a video, or are switching domains.

At any other times, they'll be ignored. The reason is that we're collectively rubbish at multi-tasking, leading the team to say 90 percent of people clicking ignore, dismiss, or cancel when legitimate but distracting messages appear. Users are notorious for dismissing security warnings and patch requests pushing the technology industry to make updates automatic and silent. But the paper More Harm Than Good? How Messages That Interrupt Can Make Us Vulnerable [PDF] shows messages can be effective when user activity is monitored, either by understanding when user interaction with a site or service is low, or by tracking user mouse movements. "Cancel!" Subjects are sent into the fMRI.
Image: Supplied. "We show that neural activation is substantially reduced under a condition of high DTI (multitasking), and the degree of reduction in turn significantly predicts security message disregard," the paper says. "Interestingly, we show that when a message immediately follows a primary task, neural activity in the medial temporal lobe is comparable to when attending to the message is the only task. "We demonstrate a practical way to mitigate the DTI effect by presenting the warning at low-DTI times, and show how mouse cursor tracking and psychometric measures can be used to validate low-DTI times in other contexts." The boffins reached their conclusions after observing people in a functional magnetic resonance imaging (fMRI) machine that revealed significantly more activation in the medial temporal lobe region of the brain when messages were shown during low periods of engagement suggesting they processed the pop ups more completely. The team of Brigham Young University's Jeffrey L. Jenkins; Bonnie Brinton Anderson; Anthony Vance, and C.

Brock Kirwan, along with the University of Pittsburgh's David Eargle, suggest messages like software updates, backup requests, and malware scan notifications can be optimised in the suggested manner unlike, for example, SSL warnings which should take place immediately for security's sake. It could, this writer imagines, help scammers better hook users too. Phishing pop ups that lead users to various drive-by exploit pages could be shown during low interaction times rather than blasting users when their attention is captured elsewhere. @BBCRadio4 think I'm a true #supertasker! pic.twitter.com/VWL5fCEKSp — Julie Barker (@earlyyearsjules) June 26, 2016 The research means little for the estimated 2.5 per cent of people who are considered supertaskers for their total dominance of multitasking. These people, many of whom seem unaware of their freakish skills, are able to process multi tasks with high levels of proficiency. University of Utah academics Nathan Medeiros-Ward, Jason M. Watson, and David L.
Strayer explain in their 2014 paper On Supertaskers and the Neural Basis of Efficient Multitasking that supertaskers are characterised by "more efficient recruitment of anterior cingulate and posterior frontopolar prefrontal cortices." ® Sponsored: Global DDoS threat landscape report

New air-gap jumper covertly transmits data in hard-drive sounds

Cyber Security Labs @ Ben Gurion Universityreader comments 18 Share this story Researchers have devised a new way to siphon data out of an infected computer even when it has been physically disconnected from the Internet to prevent the leakage of s...

Karamba Unveils Carwall for Automotive Security

Karamba's Carwall platform is aimed at securing vehicles' electronic control units, which could be exposed externally to threats. Startup Karamba Security on June 6 debuted its flagship Carwall security platform, designed to help protect cars, old and ...