The Category5.TV Newsroom

Here are the stories we're following for the week of Wednesday September 19, 2018

Bristol Airport has blamed a cyber attack for causing flight display screens to fail for two days.

Bristol Airport has blamed a cyber attack for causing flight display screens to fail for two days.

An airport spokesman said the information screens were taken offline early on Friday in order to contain an attack similar to so-called "ransomware."

The spokesman said no "ransom" had been paid to get the systems working again.

Ransomware is a form of malware in which computer viruses threaten to delete files unless a ransom is paid.

Spokesman James Gore said: "We believe there was an online attempt to target part of our administrative systems and that required us to take a number of applications offline as a precautionary measure, including the one that provides our data for flight information screens.

"That was done to contain the problem and avoid any further impact on more critical systems.

Mr Gore said flights were unaffected, but contingency measures and "manual processes," including whiteboards and marker pens, had to be used in place of display screens.

"At no point were any safety or security systems impacted or put at risk."

He said it had taken "longer than people might have expected" to rectify due to a "cautious approach."

"Given the number of safety and security critical systems operating at an airport, we wanted to make sure that the issue with the flight information application that experienced the problem was absolutely resolved before it was put back online."

No flights are understood to have been disrupted as a result.

Source: www.bbc.co.uk

Sent to us by: Roy W. Nash

It could soon prove expensive for media makers to chase online pirates in Canada. The country's Supreme Court has unanimously ruled that internet providers are entitled to "reasonable" compensation when asked to link pirates' IP addresses to customer details.

It could soon prove expensive for media makers to chase online pirates in Canada. The country's Supreme Court has unanimously ruled that internet providers are entitled to "reasonable" compensation when asked to link pirates' IP addresses to customer details.

Voltage Pictures (the production firm behind The Hurt Locker) intended to sue roughly 55,000 customers of telecom giant Rogers for allegedly bootlegging movies, but balked when Rogers wanted to charge $100 per hour to comply with the requests for information. Rogers won the initial Federal Court case, but had to defend itself at the Supreme Court when Voltage appealed the case.

Voltage had insisted that these kinds of fees would make it too costly to pursue pirates. Justice Russell Brown rejected this notion, however, and suggested that media producers could wind up imposing stiff costs on ISPs. He noted that the costs "may well be small" right now, but that it would be wrong to assume that they would always be inconsequential.

Not surprisingly, Rogers characterized the decision as a victory for customers, claiming that millions of people faced "open season" on their personal data if ISPs had to provide info no matter what the cost.

This doesn't mean that Canadian ISPs could ask for blank cheques. Brown indicated that Rogers should go back to a lower court to prove its costs. Even so, it adds a barrier to Hollywood studios and music labels expecting to track down pirates—they can't just assume ISPs will work pro bono on their behalf.

Source: www.engadget.com

Sent to us by: Jeff Weston

A few lines of CSS is all it takes to bring Apple devices to their knees.

A few lines of CSS is all it takes to bring Apple devices to their knees.

Apple iPhones, iPads, and Mac computers that stray onto websites with malicious CSS code, while using Safari, can crash or fall over—due to a flaw in the web browser.

The WebKit rendering engine vulnerability can be triggered by just a few lines of code in a CSS file. On iOS devices, at least, it all starts to go wrong when the browser tries to parse a processor-intensive CSS feature called backdrop-filter on nested page elements.

The so-called Safari Reaper attack—developed by a Berlin-based security researcher and uploaded to GitHub this week—effectively crashes iOS devices, from iPads to iPhones running iOS 7 to 12, and even Apple smartwatches. The CSS causes the rendering engine to exhaust the system's resources, and force the gadgets to reboot to recover.

Macs can be similarly frozen by the same exploit, forcing them to restart, so don't try this at home. Other browsers that make use of WebKit are likely also vulnerable. On systems that don't crash, the HTML renders a picture of a "triggered" Thomas the Tank Engine.

The same trick crashes tabs on IE and Edge. The researcher came across the vulnerability while researching browser-crashing attacks more generally last week.

Source: www.theregister.co.uk

Sent to us by: Roy W. Nash

The father of Linux, Linus Torvalds, would like to apologize for years of being a jerk, and is taking time off to learn empathy.

The father of Linux, Linus Torvalds, would like to apologize for years of being a jerk, and is taking time off to learn empathy.

inux creator Linus Torvalds has apologized for years of rants, swearing, and general hostility directed at other Linux developers, saying he's going to take a temporary break from his role as maintainer of the open source kernel to learn how to behave better.

For many years, Torvalds has been infamous for his expletive-filled, aggressive outbursts on the Linux Kernel Mailing List (LKML), chewing out developers who submit patches that he believes aren't up to the standards necessary for the kernel. He's defended this behavior in the face of pushback from other developers, insisting that people being nice to one another was an American ideology.

But that may be coming to an end. In a lengthy email posted to the mailing list Sunday night, Torvalds expressed a change of heart. Taken to task over attacks that he recognizes were "unprofessional and uncalled for," he says he now recognizes that his behavior was "not OK" and he is "truly sorry." He's going to step back from kernel development for a while—something he's done before while developing the Git source control system—so that he can "get help on how to behave differently."

At the same time, the Linux project now has a code of conduct. Previously, the project had a "code of conflict": a short document that asserts that the code quality is the only thing that matters and implores developers to "be excellent to each other." The new code of conduct is more extensive and sets explicit standards for behavior, requiring it to be positive, professional, welcoming, and inclusive.

Source: arstechnica.com

Sent to us by: Robbie Ferguson