[slashdot.org] Yahoo Insiders Believe Hackers Could Have Stolen Over 1 Billion Accounts
An anonymous reader quotes a report from Business Insider: The actual tally of stolen user accounts from the hack Yahoo experienced could be much larger than 500 million, according to a former Yahoo executive familiar with its security practices. The former Yahoo insider says the architecture of Yahoo's back-end systems is organized in such a way that the type of breach that was reported would have exposed a much larger group of user account information. To be sure, Yahoo has said that the breach affected at least 500 million users. But the former Yahoo exec estimated the number of accounts that could have potentially been stolen could be anywhere between 1 billion and 3 billion. According to this executive, all of Yahoo's products use one main user database, or UDB, to authenticate users. So people who log into products such as Yahoo Mail, Finance, or Sports all enter their usernames and passwords, which then goes to this one central place to ensure they are legitimate, allowing them access. That database is huge, the executive said. At the time of the hack in 2014, inside were credentials for roughly 700 million to 1 billion active users accessing Yahoo products every month, along with many other inactive accounts that hadn't been deleted. In late 2013, Yahoo CEO Marissa Mayer said the company had 800 million monthly active users globally. It currently has more than 1 billion.

Read more of this story at Slashdot.

[linuxtoday.com] Let's Encrypt Wants to Help Improve the CA Model

eSecurityPlanet: Josh Aas, executive director of the Internet Security Research Group discusses technologies and approaches that can be used to further improve the Certificate Authority system.

[slashdot.org] Implication of Sabotage Adds Intrigue To SpaceX Investigation
An anonymous reader quotes a report from The Washington Post: The long-running feud between Elon Musk's space company and its fierce competitor United Launch Alliance took a bizarre twist this month when a SpaceX employee visited its facilities at Cape Canaveral, Fla., and asked for access to the roof of one of ULA's buildings. About two weeks earlier, one of SpaceX's rockets blew up on a launchpad while it was awaiting an engine test. As part of the investigation, SpaceX officials had come across something suspicious they wanted to check out, according to three industry officials with knowledge of the episode. SpaceX had still images from video that appeared to show an odd shadow, then a white spot on the roof of a nearby building belonging to ULA, a joint venture between Lockheed Martin and Boeing. The SpaceX representative explained to the ULA officials on site that it was trying to run down all possible leads in what was a cordial, not accusatory, encounter, according to the industry sources, who spoke on the condition of anonymity because of the ongoing investigation. The building, which had been used to refurbish rocket motors known as the SMARF, is just more than a mile away from the launchpad and has a clear line of sight to it. A representative from ULA ultimately denied the SpaceX employee access to the roof and instead called Air Force investigators, who inspected the roof and didn't find anything connecting it to the rocket explosion, the officials said. This week, ten members of Congress sent a four-page letter to several government agencies about the SpaceX explosion, raising the question as to whether or not SpaceX should be leading the investigation. Elon Musk said the investigation into what went wrong is the company's "absolute top priority." He added, "We've eliminated all of the obvious possibilities for what occurred there. So what remains are the less probable answers." SpaceX aims to resume flights in November.

Read more of this story at Slashdot.

[slashdot.org] Rosetta's 12-Year Mission Ends With Landing On Comet
sciencehabit writes: It was an unusual grand finale. The crowded European Space Agency (ESA) operations center in Darmstadt, Germany, waited in silence and then the signal from the descending Rosetta mission simply stopped at 1.19 pm local time showing that the spacecraft had, presumably, landed on comet 67P/Churyumov-Gerasimenko some 40 minutes earlier, due to the time the signal takes to reach Earth. Mission controllers hugged each other; there was gentle applause from onlookers; and that was it. There were no last minute crises. Seven of Rosetta's instruments kept gathering data until the end. Holger Sierks, principal investigator of the 12-year mission's main camera, showed the gathered staff, officials, and journalists Rosetta's final picture: a rough gravelly surface with a few larger rocks covering an area 10 meters across. Earlier, it had snapped the interior of deep pits on the comet (shown above, from an altitude of 5.8 kilometers) that may show the building blocks it is made of. "It's very crude raw data but this will keep us busy," Sierks said. It is hoped that this last close-up data grab will help to clarify the many scientific questions raised by Rosetta.

Read more of this story at Slashdot.

[linuxtoday.com] ownCloud Desktop Client 2.2.4 Released with Updated Dolphin Plugin, Bug Fixes

ownCloud Desktop Client 2.2.4 is now the most advanced stable release of the open-source, free, and cross-platform software that acts as a graphical user interface for users to interact with an ownCloud server.

[linux.com] LFD460 Embedded Linux Development with Yocto Project -ENEA

Obtain a solid understanding of embedded development using the Yocto Project, including the Poky Reference Distribution and Bitbake, the use of emulators, building images for multiple architectures and the creation of board support packages (BSP).

[slashdot.org] Feds Go After Mylan For Scamming Medicaid Out of Millions On EpiPen Pricing
An anonymous reader quotes a report from Ars Technica: Over the nine or so years that Mylan, Inc. has been selling -- and hiking the price -- of EpiPens, the drug company has been misclassifying the life-saving device and stiffing Medicaid out of full rebate payments, federal regulators told Ars. Under the Medicaid Drug Rebate Program, drug manufacturers, such as Mylan, can get their products covered by Medicaid if they agree to offer rebates to the government to offset costs. With a brand-name drug such as the EpiPen, which currently has no generic versions and has patent protection, Mylan was supposed to classify the drug as a "single source," or brand name drug. That would mean Mylan is required to offer Medicaid a rebate of 23.1 percent of the costs, plus an "inflation rebate" any time Mylan raises the price of the brand-name drug at a rate higher than inflation. Mylan has opted for such price increases -- a lot. Since Mylan bought the rights to EpiPen in 2007, it has raised the price on 15 separate occasions, bringing the current list price to $608 for a two-pack up from about $50 a pen in 2007. That's an increase of more than 500 percent, which easily beats inflation. But instead of classifying EpiPen as a "single source" drug, Mylan told regulators that it's a "non-innovator multiple source," or generic drug. Under that classification, Mylan is only required to offer a rebate of 13 percent and no inflation rebates. It's unclear how much money Mylan has skipped out on paying in total to state and federal governments. But according to the state health department of Minnesota, as reported by CNBC, the misclassification cost that state $4.3 million this year alone.

Read more of this story at Slashdot.