Containers or Virtual Machines: Which is More Secure?

Are virtual machines (VM) more secure than containers? You may think you know the answer, but IBM Research has found containers can be as secure, or more secure, than VMs. From a report: James Bottomley, an IBM Research Distinguished Engineer and top Linux kernel developer, writes: “One of the biggest problems with the current debate about Container vs Hypervisor security is that no-one has actually developed a way of measuring security, so the debate is all in qualitative terms (hypervisors ‘feel’ more secure than containers because of the interface breadth) but no-one actually has done a quantitative comparison.” To meet this need, Bottomley created Horizontal Attack Profile (HAP), designed to describe system security in a way that it can be objectively measured. Bottomley has discovered that “a Docker container with a well crafted seccomp profile (which blocks unexpected system calls) provides roughly equivalent security to a hypervisor.”

Share on Google+

of this story at Slashdot.

    

Posted in Uncategorized

Who Owns the Moon? A Space Lawyer Answers

An anonymous reader shares a report: While the legal status of the Moon as a “global commons” accessible to all countries on peaceful missions did not meet any substantial resistance or challenge, the Outer Space Treaty left further details unsettled. Contrary to the very optimistic assumptions made at the time, so far humankind has not returned to the moon since 1972, making lunar land rights largely theoretical. That is, until a few years ago when several new plans were hatched to go back to the moon. In addition at least two U.S. companies, Planetary Resources and Deep Space Industries, which have serious financial backing, have started targeting asteroids for the purpose of mining their mineral resources. Geek note: Under the aforementioned Outer Space Treaty, the moon and other celestial bodies such as asteroids, legally speaking, belong in the same basket. None of them can become the “territory” of one sovereign state or another. The very fundamental prohibition under the Outer Space Treaty to acquire new state territory, by planting a flag or by any other means, failed to address the commercial exploitation of natural resources on the moon and other celestial bodies. This is a major debate currently raging in the international community, with no unequivocally accepted solution in sight yet. Roughly, there are two general interpretations possible.

Share on Google+

of this story at Slashdot.

    

Posted in Uncategorized

Droppers Is How Android Malware Keeps Sneaking Into the Play Store

Catalin Cimpanu, writing for BleepingComputer: For the past year, Android malware authors have been increasingly relying on a solid trick for bypassing Google’s security scans and sneaking malicious apps into the official Play Store. The trick relies on the use of a technique that’s quite common in desktop-based malware, but which in the last year is also becoming popular on the Android market. The technique involves the usage of “droppers,” a term denoting a dual or multiple-stage infection process in which the first stage malware is often a simplistic threat with limited capabilities, and its main role is to gain a foothold on a device in order to download more potent threats. But while on desktop environments droppers aren’t particularly efficient, as the widespread use of antivirus software detects them and their second-stage payloads, the technique is quite effective on the mobile scene.

Share on Google+

of this story at Slashdot.

    

Posted in Uncategorized

Microsoft PowerShell Core For Linux Now Available as a Snap

Canonical announced on Friday that Microsoft’s PowerShell Core is now available on Linux platform as a Snap. From a report: If you aren’t familiar, a Snap is essentially a packaged version of a program that can be easily installed on many Linux distributions. Many see it as the future of Linux, as it has the potential to reduce fragmentation. “Built on the .NET Framework, PowerShell is an open source task-based command-line shell and scripting language with the goal of being the ubiquitous language for managing hybrid cloud assets. It is designed specifically for system administrators and power-users to rapidly automate the administration of multiple operating systems and the processes related to the applications that run on those operating systems,” says Canonical.

Share on Google+

of this story at Slashdot.

    

Posted in Uncategorized

Facebook Notification Spam Has Crossed the Line

Facebook has always nudged truant users back to its platform though emails and notifications. But recently, those prods have evolved beyond comments related to activity on your own profile. From a report: Now Facebook will nag you when an acquaintance comments on someone else’s photo, or when a distant family member updates their status. The spamming has even extended to those who sign up for two-factor authentication — which is a great way to turn people off to that extra layer of security. “The part of it that bugs me is that two-factor authentication is something [Facebook] should be encouraging people to use, but instead the way this is working here is that they’re driving people away from two-factor and making people less secure,” says Matt Green, a professor at the Johns Hopkins University Information Security Institute, who has done contracted security work for Facebook in the past. “It’s abusive, people’s attention is deliberately tweaked by what looks like a two-factor authentication message.” Green says he’s received near-daily SMS messages from Facebook since January alerting him that one of his friends performed some action on the platform. Before he started receiving the messages, Green says he hadn’t logged into Facebook for a long time and had actually forgotten his password. The weirdest part about the SMS notifications is what happens if you reply to them. If you respond, your message is posted to your own profile. Further reading: Facebook Really Wants You To Come Back, Facebook Is Spamming Users Via Their 2FA Phone Numbers, and Facebook Makes Moves On Instagram’s Users.

Share on Google+

of this story at Slashdot.

    

Posted in Uncategorized

Why London’s Heathrow Airport Sometimes Hosts ‘Ghost Flights’ With No One on Them

An anonymous reader writes: Six times per week, an empty plane used to fly from London’s Heathrow Airport to Cardiff, Wales. The next day, the plane would make the return trip without a single passenger. Half As Interesting, the second channel from Planelopnik-approved Wendover Productions, details why ghost flights like this sometimes operate from Britain’s biggest airport in his new video. Despite being one of the most crowded airports in the world, Heathrow operates with only two runways. As a result, it’s extremely difficult to get a “slot pair” — rights for airlines to land and take off at a certain time. Only 650 slot pairs exist per day, so airlines are prepared to drop massive cash in order to get prime slot pairs. And they can trade and sell them, too.

Share on Google+

of this story at Slashdot.

    

Posted in Uncategorized

Venmo Refuses To Say Why Transactions Are Public By Default

Venmo, the mobile payments app, won’t say why it exposes users’ data to the world whenever they make a transaction. ZDNet: Hang Do Thi Duc, a Berlin-based privacy researcher found that every time someone sent or received money using the PayPal-owned mobile app (which had over seven million users in 2017), the transaction was “public” by default and was broadcast on Venmo’s API. In other words, everyone can see your transactions — even without the app. The company did not respond to ZDNet’s queries, but in a blanket statement said it takes privacy of users seriously. Further reading: People Are Using Venmo To Spy On Cheating Spouses.

Share on Google+

of this story at Slashdot.

    

Posted in Uncategorized

Google, Which Owns Duck.com, Confuses Users Searching For Its Rival DuckDuckGo and Redirects Them Back To Google

Commenting on the record $5 billion fine on Google by the European Commission, privacy focused search engine DuckDuckGo said this week it welcomes the decision as it has “felt [Google's] effects first hand for many years and has led directly to us having less market share on Android vs iOS and in general mobile vs desktop.” The company said: Up until just last year, it was impossible to add DuckDuckGo to Chrome on Android, and it is still impossible on Chrome on iOS. We are also not included in the default list of search options like we are in Safari, even though we are among the top search engines in many countries. The Google search widget is featured prominently on most Android builds and is impossible to change the search provider. For a long time it was also impossible to even remove this widget without installing a launcher that effectively changed the whole way the OS works. Their anti-competitive search behavior isn’t limited to Android. Every time we update our Chrome browser extension, all of our users are faced with an official-looking dialogue asking them if they’d like to revert their search settings and disable the entire extension. Google also owns http://duck.com and points it directly at Google search, which consistently confuses DuckDuckGo users.

Share on Google+

of this story at Slashdot.

    

Posted in Uncategorized

Google Accused of Redirecting Users Searching For Rival Service DuckDuckGo To Duck.com, a Domain It Owns

Commenting on the record $5 billion fine on Google by the European Commission, privacy focused search engine DuckDuckGo said this week it welcomes the decision as it has “felt [Google's anti-competitive] effects first hand for many years and has led directly to us having less market share on Android vs iOS and in general mobile vs desktop.” The company said: Up until just last year, it was impossible to add DuckDuckGo to Chrome on Android, and it is still impossible on Chrome on iOS. We are also not included in the default list of search options like we are in Safari, even though we are among the top search engines in many countries. The Google search widget is featured prominently on most Android builds and is impossible to change the search provider. For a long time it was also impossible to even remove this widget without installing a launcher that effectively changed the whole way the OS works. Their anti-competitive search behavior isn’t limited to Android. Every time we update our Chrome browser extension, all of our users are faced with an official-looking dialogue asking them if they’d like to revert their search settings and disable the entire extension. Google also owns http://duck.com and points it directly at Google search, which consistently confuses DuckDuckGo users.

Share on Google+

of this story at Slashdot.

    

Posted in Uncategorized

Hashflare, One of the Largest Cloud Bitcoin Mining Companies, Abruptly Disables SHA-256 Mining Contracts, Leaving Customers Furious

Hashflare, one of the largest bitcoin mining companies, said on Friday it is disabling its SHA-256 hardware and also discontinuing support for mining services on the active SHA-256 contracts. The move comes as Hashflare continues to struggle with generating revenues, the company said, putting the blame on market fluctuations. In an email to active customers, the company added: For over a month our users encountered a situation when the payouts were lower than the maintenance fees, resulting in zero accruals to the balance. As of 18.07.2018, the payouts were lower than maintenance for 28 consecutive days. BTC mining continues being unprofitable, in light of which we would like to inform you that on 18.07.2018 we were forced to start disabling SHA hardware and today, on 20.07.2018, stop the mining service of active SHA-256 contracts in accordance with clause 5.5 of our Terms of Service, which are required to be accepted when creating a purchase and are the basis of concluding the contract. We expect that the cryptocurrency market situation will stabilize in the nearest future and we will be able to offer our users new advantageous solutions. Customers are understandably furious.

Share on Google+

of this story at Slashdot.

    

Posted in Uncategorized