Feed aggregator

DSA-3626 openssh - security update

Debian Security Advisories (Long) -

Eddie Harari reported that the OpenSSH SSH daemon allows user enumeration through timing differences when trying to authenticate users. When sshd tries to authenticate a non-existing user, it will pick up a fixed fake password structure with a hash based on the Blowfish algorithm. If real users passwords are hashed using SHA256/SHA512, then a remote attacker can take advantage of this flaw by sending large passwords, receiving shorter response times from the server for non-existing users.

Can Iris-Scanning ID Systems Tell the Difference Between a Live and Dead Eye?

Slashdot -

the_newsbeagle writes: Iris scanning is increasingly being used for biometric identification because it's fast, accurate, and relies on a body part that's protected and doesn't change over time. You may have seen such systems at a border crossing recently or at a high-security facility, and the Indian government is currently collecting iris scans from all its 1.2 billion citizens to enroll them in a national ID system. But such scanners can sometimes be spoofed by a high-quality paper printout or an image stuck on a contact lens. Now, new research has shown that post-mortem eyes can be used for biometric identification for hours or days after death, despite the decay that occurs. This means an eye could theoretically be plucked from someone's head and presented to an iris scanner. The same researcher who conducted that post-mortem study is also looking for solutions, and is working on iris scanners that can detect the "liveness" of an eye. His best method so far relies on the unique way each person's pupil responds to a flash of light, although he notes some problems with this approach.

Read more of this story at Slashdot.

Korora Linux-A forked beautiful distribution of Fedora

LXer -

Korora is based on Fedora which gave it a solid platform.It gets the huge repository of Fedora, it has all the updates from Fedora, it has the solid platform to develop it further.it uses RPM package management. Korora uses default repository of Fedora for software and applications.

Coinwallet.eu scam?

Bitcoin feeds -

I am pretty new to bitcoin and decided to sign up with one of the wallets since I was gonna receive money from a gambling website betonline.ag. As I began searching for ways to open up a bitcoin wallet coinwallet.eu popped out as one of the first searches for me. I am not blaming anyone, but myself for not doing enough research and trying to gather my winnings as fast as possible.

So Betonline.ag sends me my BTC and I receive on coinwallet.eu and I begin withdrawing using paypal, I've waited a day and decided to ask customer support of coinwallet.eu when will I get my money to paypal? I begin trying to write an email to ''info@coinwallet.eu'', but It doesn't work. I try calling them, but the phone is invalid. Their business address is a virtual office.

Why is this website still active? Why has no one shut it down? I guess maybe I am the only one who got scammed by this website? Any comments will be appreciated.

submitted by /u/RomanescoCS
[link] [comments]

Phones Without Headphone Jacks Are Here... and They're Extremely Annoying

Slashdot -

A few weeks ago, we had an intense discussion on what would happen if Apple's next iPhone doesn't have a headphone port -- and what that means for the rest of the industry, as well as the pros and cons of ditching the legacy port. Over the past few months, we have seen many smartphone manufacturers launch new handsets that don't have a headphone jack. Mashable has a report today in which it says that it is already causing frustration among users. From the article: In the Android camp, phones like Lenovo's Moto Z and Moto Z Force and China's LeEco have already scrapped the 3.5mm headphone jack; to listen to music on the company's three latest phones, users need to plug in USB Type-C headphones, go wireless, or use a dongle. I'm all for letting go of old technologies to push forward, but what is happening is actually going to make things worse. The headphone jack has worked for 50 years and it can work for another 50 more because it's universal. Headphones I plug into my iPhone work in an Android phone, in a BlackBerry, in my computer, in my PS4 controller, in my tablet, in any speaker with audio-out, and so on. I can walk into any electronics store and pick up a pair of headphones and not have to worry about compatibility with any of my devices. I know it'll work. [...] With a universal headphone jack, I never have to worry whether or not the crappy pack-in iPhone EarPods I have will work with the Android phone I'm reviewing or not. I also never have to worry if I'll be able to plug my headphones into a friend's phone to listen to some new song. Same applies for when I want to use my earbuds and headphones with another person's device. And there lies the real issue. I will need different dongles -- a Lightning-to-headphone-jack and a USB-Type-C-to-headphone-jack to be prepared because I do carry both iPhone and Android phone on me daily. Dongles also get lost.

Read more of this story at Slashdot.

DNC Votes to Keep Superdelegates, But Sets Some Conditions

The Intercept -

The rule-making body of the Democratic National Committee on Saturday defeated an amendment brought by Bernie Sanders delegates to abolish superdelegates — the unelected party elites who make up 15 percent of all delegates and are allowed to cast a vote for the presidential candidate of their choice, unbound by the popular vote. But the rules committee did approve a compromise measure that binds some superdelegates to the results of their state primaries.

The debate over the first amendment, which failed 108 to 58, pit insurgent Sanders backers against the party establishment.

Advocates of the amendment argued that it would make the presidential selection process more democratic, ensuring that all presidential delegates are elected by popular vote. Opponents of the amendment argued that the superdelegate system ensured a greater diversity of voices and that there should be more deliberation before it is changed.

“It’s been stated that if this resolution were adopted that it would pit elected officials or politicians against community activists who would be vying to become delegates to the convention,” said former Cook County Commissioner Chuy Garcia, an amendment backer. “As a politician and as a community activist in my community, all I can say is this is a silly argument to make!”

Garcia was referring to an argument first raised in a Congressional Black Caucus letter sent in June where the lawmakers argued that they preferred the superdelegate system because it allowed them to evade “the burdensome necessity of competing against constituents for the honor of representing the state during the nominating process.”

“I am fully aware of those who have concerns with the superdelegate process. But I’m also aware of the issues of diversity and the balance that superdelegates have given,” said Rep. Sheila Jackson Lee, D-Texas, defending the current system as allowing greater diversity. “I want no one left along the highway of despair because their voice was not heard.”

“On the issue of inclusion, on the issue of racial justice, this is not justice,” Lilian Sharpley, an African-American Ohio Democrat who backed the amendment, argued. “We need to trust the people to vote.”

Former Denver Mayor Wellington Webb, a superdelegate speaking on behalf of the Clinton campaign, offered procedural arguments saying that the issue itself was not germane to the committee.

“Everyone agrees that this is a complicated issue; it’s an issue that needs to be addressed. But it’s not an issue that this committee can definitely address today,” he said. He also went on to cite a Vietnam veteran he personally knew who was a superdelegate, saying that the system “has provided opportunities for participation.”

After the defeat of the first amendment, the Sanders and Clinton camps met and came up with draft language for a “unity commission” to meet shortly after the general election to draw up changes to the party’s nominating process.

As part of the language of that proposal, which passed the committee 158 to 6, the commission will be charged to “make specific recommendations providing that members of Congress, governors and distinguished party leaders … remain unpledged and free to support their nominee of choice, but that remaining unpledged delegates be required to cast their vote at the convention for candidates in proportion to the vote received for each candidate in their state.”

The Washington Post‘s Dave Weigel reports that this would effectively bind two-thirds of superdelegates to voting as their states vote in the presidential nominating process.

Sign up for The Intercept Newsletter here.

The post DNC Votes to Keep Superdelegates, But Sets Some Conditions appeared first on The Intercept.

Pages

Subscribe to debianHELP aggregator