Artem S. Tashkinov writes: The Register reports that it is possible to crash network-facing Linux servers, PCs, smartphones and tablets, and gadgets, or slow down their network connections, by sending them a series of maliciously crafted packets. It is also possible to hamper FreeBSD machines with the same attack. Patches and mitigations are available, and can be applied by hand if needed, or you can wait for a security fix to be pushed or offered to your at-risk device. A key workaround is to set /proc/sys/net/ipv4/tcp_sack to 0. At the heart of the drama is a programming flaw dubbed SACK Panic aka CVE-2019-11477: this bug can be exploited to remotely crash systems powered by Linux kernel version 2.6.29 or higher, which was released 10 years ago.

Read more of this story at Slashdot.

Egyptian government failed to allow Morsi 'adequate medical care' leading to his 'entirely predictable' death, HRW says.

The EU remains tight-lipped about its potential response to Iran's threatened uranium stockpiling.

Brexit is the main issue as candidates battle to lead the UK's Conservative Party.

Critics of the plan argue it is cruel to cut off aid to governments grappling with hunger and violence.

An anonymous reader shares a report: In the heart of Boston, Tufts Medical Center treats scores of health conditions, from administering measles vaccines for children to pioneering next-generation tools that can eradicate the rarest of cancers. But doctors, administrators and other hospital staff struggled to contain a much different kind of epidemic one April morning last year: a wave of thousands of robocalls that spread, like a virus, from one phone line to the next, disrupting communications for hours to come. For most Americans, such robocalls represent an unavoidable digital-age nuisance, resulting in constant interruptions targeting their phones each month. For hospitals, though, the spam calls amount to a literal life-or-death challenge, one that increasingly is threatening doctors and patients in a setting where every second can count. At Tufts Medical Center, administrators registered more than 4,500 calls between about 9:30 and 11:30 a.m. on April 30, 2018, said Taylor Lehmann, the center's chief information security officer. Many of the messages seemed to be the same: Speaking in Mandarin, an unknown voice threatened deportation unless the person who picked up the phone provided their personal information. Such calls are common, widely documented scams that seek to swindle vulnerable foreigners, who may surrender their private data out of fear their families and homes are at risk. But it proved especially troubling at Tufts, which is situated amid Boston's Chinatown neighborhood, Lehmann said. Officials there couldn't block the calls through their telecom carrier, Windstream, which provides phone and web services to consumers and businesses. "There's nothing we could do," Lehmann said Windstream told them.

Read more of this story at Slashdot.

Cloudflare, along with a group of individual and academic partners, is forming a new coalition that will provide truly random, unpredictable numbers for a variety of applications, including election systems and lotteries. From a report: The problem of producing truly random numbers on a consistent basis has been a thorny one for cryptographers for many years. There have been plenty of efforts to establish sources of randomness, with some success, but one of the drawbacks is that any single randomness generator can be a target for abuse by privileged insiders or outside attackers. This is especially true in high-value applications that require random numbers, such as lottery or election systems. Also, if a given source of random numbers fails for any reason, the applications that rely on it can be crippled, as well. To help address this problem, Cloudflare has teamed up with the University of Chile, the Ecole polytechnique federale de Lausanne, and several individual researchers to form a consortium of randomness beacons distributed around the world. The system is based on the drand randomness beacon developed by Nicholas Gailly, a researcher at Protocol Labs, a research lab for network protocols, and the aim is to have a distributed network of beacons that will always be available. "Our founding members are contributing their individual high-entropy sources to provide a more random and unpredictable beacon to generate publicly verifiable random values every sixty seconds. The fact that the drand beacon is decentralized and built using appropriate, provably-secure cryptographic primitives, increases our confidence that it possesses all the aforementioned properties," Dina Kozlov, a product manager at Cloudflare, said. "This global network of servers generating randomness ensures that even if a few servers are offline, the beacon continues to produce new numbers by using the remaining online servers. Even if one or two of the servers or their entropy sources were to be compromised, the rest will still ensure that the jointly-produced entropy is fully unpredictable and unbiasable." Random numbers are vital to many kinds of systems and there are plenty of hardware and software-based random number generators. But more than one RNG has been found to have a bias, whether intentional or accidental, so randomness beacons emerged.

Read more of this story at Slashdot.

The Muslim Brotherhood leader was the country's first democratically elected president but was removed in a 2013 coup.

Igor Rudnikov's supporters strongly contested the extortion charges, saying they were punishment for his journalism.

Microsoft has released To-Do for Mac, finally giving Apple users access to the task management tool on their desktops. The Mac app will allow users to work offline, view their upcoming tasks under "My Day," share to-do lists with friends and colleagues and see flagged emails. From a report: "Today, we'd like to announce the arrival of a new family member -- that's right, the moment many of you have been waiting for is here -- say hello to the Mac app. If you've already been using our app on Android, iOS, Windows, or web, then the Mac app will feel very familiar. Sign in and all your tasks will be waiting for you, ready to be checked off. You can work offline, add tasks to My Day, see your flagged email in your Flagged email list, and share your lists with colleagues or friends and family. The Planner integration isn't available yet, but we're already working on bringing the Assigned to Me list to you," says Polly Davidson, Social Media Strategist, Microsoft.

Read more of this story at Slashdot.

Over a quarter of all the major content management systems (CMSs) use the old and outdated MD5 hashing scheme as the default for securing and storing user passwords. From a report: Some of the projects that use MD5 as the default method for storing user passwords include WordPress, osCommerce, SuiteCRM, Simple Machines Forum, miniBB, MyBB, SugarCRM, CMS Made Simple, MantisBT, Phorum, Observium, X3cms, and Composr. The MD5 algorithm has been cracked for years now, meaning all passwords stored in this format can be reversed back to their plaintext version. This means that unless website owners changed these default settings by modifying the CMS source code, most websites built on top of these CMSs puts user passwords at risk in the case a hacker steals the site's database. This revelation is just one of the many observations that came out of an extensive academic research project at the University of Piraeus, in Greece. Academics examined 49 commonly used CMSs and 47 popular web application frameworks and looked at their default password storage mechanism, namely their password hashing schemes.

Read more of this story at Slashdot.

Court leaves in place lower court ruling that invalidated 11 state House districts for racial discrimination.

Trump enjoys 90 percent support in the Republican Party, a party he has remade in his own image.

Critics denounce 'politics of fear' as Quebec province bans some gov't employees from wearing religious symbols at work.

Tehran blames Riyadh's own 'misguided approach' for causing current tensions in the region.