Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

×
Security

How Security Companies Peddle Snake Oil 25

Posted by Soulskill
from the but-this-snake-oil-is-in-the-cloud! dept.
penciling_in writes: There are no silver bullets in Internet security, warns Paul Vixie in a co-authored piece along with Cyber Security Specialist Frode Hommedal: "Just as 'data' is being sold as 'intelligence', a lot of security technologies are being sold as 'security solutions' rather than what they really are: very narrow-focused appliances that, as a best case, can be part of your broader security effort." We have to stop playing "cops and robbers" and pretending that all of us are potential targets of nation-states, or pretending that any of our security vendors are like NORAD, warn the authors.

Vixie adds, "We in the Internet security business look for current attacks and learn from those how to detect and prevent those attacks and maybe how to predict, detect, and prevent what's coming next. But rest assured that there is no end game — we put one bad guy in prison for every hundred or so new bad guys who come into the field each month. There is no device or method, however powerful, which will offer a salient defense for more than a short time. The bad guys endlessly adapt; so must we. Importantly, the bad guys understand how our systems work; so must we."
The Internet

Why the Journey To IPv6 Is Still the Road Less Traveled 146

Posted by samzenpus
from the that-has-made-all-the-difference dept.
alphadogg writes The writing's on the wall about the short supply of IPv4 addresses, and IPv6 has been around since 1999. Then why does the new protocol still make up just a fraction of the Internet? Though IPv6 is finished technology that works, rolling it out may be either a simple process or a complicated and risky one, depending on what role you play on the Internet. And the rewards for doing so aren't always obvious. For one thing, making your site or service available via IPv6 only helps the relatively small number of users who are already set up with the protocol, creating a nagging chicken-and-egg problem.
Programming

Swift Tops List of Most-Loved Languages and Tech 105

Posted by samzenpus
from the apple-of-you-eye dept.
Nerval's Lobster writes Perhaps developers are increasingly overjoyed at the prospect of building iOS apps with a language other than Objective-C, which Apple has positioned Swift to replace; whatever the reason, Swift topped Stack Overflow's recent survey of the "Most Loved" languages and technologies (cited by 77.6 percent of the 26,086 respondents), followed by C++11 (75.6 percent), Rust (73.8 percent), Go (72.5 percent), and Clojure (71 percent). The "Most Dreaded" languages and technologies included Salesforce (73.2 percent), Visual Basic (72 percent), WordPress (68.2 percent), MATLAB (65.6 percent), and SharePoint (62.8 percent). Those results were mirrored somewhat in recent list from RedMonk, a tech-industry analyst firm, which ranked Swift 22nd in popularity among programming languages (based on data drawn from GitHub and Stack Overflow) but climbing noticeably quickly.
Crime

New Dark Web Market Is Selling Zero-Day Exploits 28

Posted by samzenpus
from the finest-crime dept.
Sparrowvsrevolution writes Over the last month, a marketplace calling itself TheRealDeal Market has emerged on the dark web, with a focus on sales of hackers' zero-day attack methods. Like the Silk Road and its online black market successors like Agora and the recently defunct Evolution, TheRealDeal runs as a Tor hidden service and uses bitcoin to hide the identities of its buyers, sellers, and administrators. But while some other sites have sold only basic, low-level hacking tools and stolen financial details, TheRealDeal's creators say they're looking to broker premium hacker data like zero-days, source code, and hacking services, often offered on an exclusive, one-time sale basis.

Currently an iCloud exploit is being offered for sale on the site with a price tag of $17,000 in bitcoin, claiming to be a new method of hacking Apple iCloud accounts. "Any account can be accessed with a malicious request from a proxy account," reads the description. "Please arrange a demonstration using my service listing to hack an account of your choice." Others include a technique to hack WordPress' multisite configuration, an exploit against Android's Webview stock browser, and an Internet Explorer attack that claims to work on Windows XP, Windows Vista and Windows 7, available for around $8,000 in bitcoin. None of these zero days have yet been proven to be real, but an escrow system on the site using bitcoin's multisignature transaction feature is designed to prevent scammers from selling fake exploits.
Security

D-Link Apologizes For Router Security 91

Posted by samzenpus
from the our-bad dept.
Mark Wilson writes D-Link has issued an apology to its customers for an on-going security issue with many of its routers. A problem with the Home Network Administration Protocol (HNAP) means that it is possible to bypass authorization and run commands with escalated privileges. The list of routers affected by the issue is fairly lengthy, and D-Link has already issued one patch. But rather than fixing the problem, last week's update left routers wide open to exactly the same problem. As it stands at the moment, a firmware patch is still being produced for a total of 17 routers. In the meantime, all D-Link has to offer is an apology. While unhelpful patches have already been issued, D-Link is currently working away on replacement firmware updates. The release dates for these patches is not yet set in stone, but some are due today (20 April), some tomorrow (21 April) and the remainder on 24 April.
Security

Chrome 43 Should Help Batten Down HTTPS Sites 69

Posted by timothy
from the yes-yes-we-know dept.
River Tam writes The next version of Chrome, Chrome 43, promises to take out some of the work website owners — such as news publishers — would have to do if they were to enable HTTPS. The feature might be helpful for publishers migrating legacy HTTP web content to HTTPS when that old content can't or is difficult to be modified. The issue crops up when a new HTTPS page includes a resource, like an image, from an HTTP URL. That insecure resource will cause Chrome to flag an 'mixed-content warning' in the form of a yellow triangle over the padlock.
Spam

Whoah, Small Spender! Steam Sets Limits For Users Who Spend Less Than $5 207

Posted by timothy
from the are-you-committed-or-just-involved dept.
As GameSpot reports, Valve has implemented a policy that reduces the privileges of Steam users unless those users have spent $5 through the service. Along the same lines as suggestions to limit spam by imposing a small fee on emails, the move is intended to reduce resource abuse as a business model. From the article: "Malicious users often operate in the community on accounts which have not spent any money, reducing the individual risk of performing the actions they do," Valve said. "One of the best pieces of information we can compare between regular users and malicious users are their spending habits as typically the accounts being used have no investment in their longevity. Due to this being a common scenario we have decided to restrict certain community features until an account has met or exceeded $5.00 USD in Steam." Restricted actions include sending invites, opening group chats, and taking part in the Steam marketplace.
The Military

US Military To Recruit Civilian Cybersecurity Experts 65

Posted by timothy
from the which-masters-would-you-prefer? dept.
An anonymous reader writes The U.S. Army is to create a new cybersecurity division, Cyber Branch 17, and is also considering launching a cyber career track for civilians, according to an announcement made this week by Lt. Gen. Edward C. Cardon. Cardon, who currently heads the U.S. Army's cyber command, ARCYBER, spoke to the Senate Armed Services subcommittee on Tuesday about the growing threats and capabilities used in cyber warfare. He argued that creating a cyber career management field for civilians would result in an easier recruitment process, as opposed to recruiting internally and trying to retain the talent, he said. Cardon maintains that recruiting and retaining talent in the field is often challenging, given internal employment constraints surrounding compensation and slow hiring processes.
Communications

Norway Will Switch Off FM Radio In 2017 279

Posted by timothy
from the video-sought-by-police-for-questioning dept.
New submitter titten writes The Norwegian Ministry of Culture has announced that the transition to DAB will be completed in 2017. This means that Norway, as the first country in the world to do so, has decided to switch off the FM network. Norway began the transition to DAB in 1995. In recent years two national and several local DAB-networks has been established. 56 per cent of radio listeners use digital radio every day. 55 per cent of households have at least one DAB radio, according to Digitalradio survey by TNS Gallup, continuously measuring the Norwegian`s digital radio habits.
Data Storage

Kingston HyperX Predator SSD Takes Gumstick M.2 PCIe Drives To 1.4GB/sec 50

Posted by timothy
from the sure-hope-those-drives-appreciated-it dept.
MojoKid writes Kingston recently launched their HyperX Predator PCIe SSD that is targeted at performance-minded PC enthusiasts but is much less expensive than enterprise-class PCIe offerings that are currently in market. Kits are available in a couple of capacities and form factors at 240GB and 480GB. All of the drives adhere to the 80mm M.2 2280 "gumstick" form factor and have PCIe 2.0 x4 connections, but are sold both with and without a half-height, half-length adapter card, if you'd like to drop it into a standard PCI Express slot. At the heart of the Kingston HyperX Predator is Marvell's latest 88SS9293 controller. The Marvell 88SS9293 is paired to a gigabyte of DDR3 memory and Toshiba A19 Toggle NAND. The drives are rated for read speeds up to 1.4GB/s and writes of 1GB/s and 130 – 160K random 4K IOPS. In the benchmarks, the 480GB model put up strong numbers. At roughly $1 per GiB, the HyperX Predator is about on par with Intel's faster SSD 750, but unlike Intel's new NVMe solution, the Kingston drive will work in all legacy platforms as well, not just Z97 and X99 boards with a compatible UEFI BIOS.
Space

Incorrectly Built SLS Welding Machine To Be Rebuilt 146

Posted by timothy
from the but-in-a-crash-you'd-be-totally-safe dept.
schwit1 writes A giant welding machine, built for NASA's multi-billion dollar Space Launch System (SLS), has to be taken apart and rebuilt because the contractor failed to reinforce the floor, as required, prior to construction: "Sweden's ESAB Welding & Cutting, which has its North American headquarters in Florence, South Carolina, built the the roughly 50-meter tall Vertical Assembly Center as a subcontractor to SLS contractor Boeing at NASA's Michoud Assembly Facility in New Orleans.

ESAB was supposed to reinforce Michoud's floor before installing the welding tool, but did not, NASA SLS Program Manager Todd May told SpaceNews after an April 15 panel session during the 31st Space Symposium here. As a result, the enormous machine leaned ever so slightly, cocking the rails that guide massive rings used to lift parts of the 8.4-meter-diameter SLS stages The rings wound up 0.06 degrees out of alignment, which may not sound like much, "but when you're talking about something that's 217 feet [66.14 meters] tall, that adds up," May said.

Asked why ESAB did not reinforce the foundation as it was supposed to, May said only it was a result of "a miscommunication between two [Boeing] subcontractors and ESAB."

It is baffling how everyone at NASA, Boeing, and ESAB could have forgotten to do the reinforcing, even though it was specified in the contract. It also suggests that the quality control in the SLS rocket program has some serious problems.
Security

Exploit For Crashing Minecraft Servers Made Public 117

Posted by timothy
from the hey-fellas-door's-unlocked dept.
An anonymous reader writes "After nearly two years of waiting for Mojang to fix a security vulnerability that can be used to crash Minecraft servers, programmer Ammar Askar has released a proof of concept exploit for the flaw in the hopes that this will force them to do something about it. "Mojang is no longer a small indie company making a little indie game, their software is used by thousands of servers, hundreds of thousands people play on servers running their software at any given time. They have a responsibility to fix and properly work out problems like this," he noted." Here is Askar's own post on the exploit, and his frustration with the response he's gotten to disclosing it to the developers.
Microsoft

Microsoft Open Technologies Is Closing: Good Or Bad News For Open Source? 110

Posted by timothy
from the sea-change-or-see-no-change dept.
BrianFagioli writes When Microsoft Open Technologies was founded as a subsidiary of Microsoft — under Steve Ballmer's reign — many in the open source community hailed it as a major win, and it was. Today, however, the subsidiary is shutting down and being folded into Microsoft. While some will view this as a loss for open source, I disagree; Microsoft has evolved so much under Satya Nadella, that a separate subsidiary is simply no longer needed. Microsoft could easily be the world's biggest vendor of open source software, which is probably one reason some people don't like the term.
Security

FBI Accuses Researcher of Hacking Plane, Seizes Equipment 265

Posted by Soulskill
from the security-theater dept.
chicksdaddy writes: The Feds are listening, and they really can't take a joke. That's the apparent moral of security researcher Chris Roberts' legal odyssey on Wednesday, which saw him escorted off a plane in Syracuse by two FBI agents and questioned for four hours over a humorous tweet Roberts posted about his ability to hack into the cabin control systems of the Boeing 737 he was flying. Roberts (aka @sidragon1) joked that he could "start playing with EICAS messages," a reference to the Engine Indicating and Crew Alerting System.

Roberts was traveling to Syracuse to give a presentation. He said local law enforcement and FBI agents boarded the plane on the tarmac and escorted him off. He was questioned for four hours, with officers alleging they had evidence he had tampered with in-flight systems on an earlier leg of his flight from Colorado to Chicago. Roberts said the agents questioned him about his tweet and whether he tampered with the systems on the United flight -something he denies doing. Roberts had been approached earlier by the Denver office of the FBI which warned him away from further research on airplanes. The FBI was also looking to approach airplane makers Boeing and Airbus and wanted him to rebuild a virtualized environment he built to test airplane vulnerabilities to verify what he was saying.

Roberts refused, and the FBI seized his encrypted laptop and storage devices and has yet to return them, he said. The agents said they wished to do a forensic analysis of his laptop. Roberts said he declined to provide that information and requested a warrant to search his equipment. As of Friday, Roberts said he has not received a warrant.
Stats

IT Worker's Lawsuit Accuses Tata of Discrimination 294

Posted by timothy
from the not-all-discrimination-is-invidious dept.
dcblogs writes An IT worker is accusing Tata Consultancy Services (TCS) of discriminating against American workers and favoring "South Asians" in hiring and promotion. It's backing up its complaint, in part, with numbers. The lawsuit, filed this week in federal court in San Francisco, claims that 95% of the 14,000 people Tata employs in the U.S. are South Asian or mostly Indian. It says this practice has created a "grossly disproportionate workforce." India-based Tata achieves its "discriminatory goals" in at least three ways, the lawsuit alleges. First, the company hires large numbers of H-1B workers. Over from 2011 to 2013, Tata sponsored nearly 21,000 new H-1B visas, all primarily Indian workers, according to the lawsuit's count. Second, when Tata hires locally, "such persons are still disproportionately South Asian," and, third, for the "relatively few non-South Asians workers that Tata hires," it disfavors them in placement, promotion and termination decisions.
Security

Calling Out a GAO Report That Says In-Flight Wi-Fi Lets Hackers Access Avionics 113

Posted by timothy
from the this-postcard-is-just-an-atom-bomb dept.
An anonymous reader writes A new report from the U.S. Government Accountability Office (GAO) warns that in-flight W-Fi, including wireless entertainment and internet-based cockpit communications, may allow hackers to gain remote access to avionics systems and take over navigation. At the same time, a cyber expert and pilot called the report "deceiving" and said that "To imply that because IP is used for in-flight WiFi and also on the avionics networks means that you can automatically take over the avionics network makes about as much sense as saying you can take over the jet engines because they breathe air like the passengers and there is no air gap between passengers who touch the plane and the engines which are attached to the plane."
GUI

KDE Plasma 5.3 Beta Brings Lot of Improvements 63

Posted by timothy
from the gui-not-gooey dept.
jones_supa writes: The KDE project today announced the release of KDE Plasma 5.3 beta. It brings better power management, improved Bluetooth support, improved widgets, Wayland support, new media center, and nearly 350 bugfixes. The power management improvements include settings that can be independently configured per activity, there is a new energy usage monitor available in KInfoCenter, and a battery applet identifies applications that hog power. Bluetooth applet brings added support for blocking and unblocking devices. New touchpad module has been added as well. The combined window manager and compositor KWin is now able to start a nested XWayland server, which acts as a bridge between the old X11 and the new Wayland world.
Cloud

Google Sunsetting Old Version of Google Maps 206

Posted by timothy
from the nothing-beats-mapblast's-vector-directions dept.
New submitter Robertgilberts writes with word that Google is dropping the old version of Maps. The new version of Google Maps came out of preview back in February 2014 and was in beta for several months before that. The only way to access the old version of Google Maps was via a special URL or if you had a very old browser that did not support the new version of Google Maps. Consolation prize: There will still be a lighter-weight version, which "drops out many of the neat Google Maps features in exchange for speed and compatibility."
Security

The Voting Machine Anyone Can Hack 105

Posted by samzenpus
from the vote-now-vote-often dept.
Presto Vivace writes about a study published by the Virginia Information Technology Agency outlining just how bad the security of the AVS WINVote machine is. "Virginia election officials have decertified an electronic voting system after determining that it was possible for even unskilled people to surreptitiously hack into it and tamper with vote counts. The AVS WINVote, made by Advanced Voting Solutions, passed necessary voting systems standards and has been used in Virginia and, until recently, in Pennsylvania and Mississippi. It used the easy-to-crack passwords of 'admin,' 'abcde,' and 'shoup' to lock down its Windows administrator account, Wi-Fi network, and voting results database respectively, according to a scathing security review published Tuesday by the Virginia Information Technologies Agency. The agency conducted the audit after one Virginia precinct reported that some of the devices displayed errors that interfered with vote counting during last November's elections."
United States

Gyro-Copter Lands On West Lawn of US Capitol, Pilot Arrested 322

Posted by samzenpus
from the just-mail-your-taxes-next-time dept.
An anonymous reader writes that Doug Hughes, 61, a mailman from Ruskin, Florida was arrested for landing a gyro-copter on the West Lawn of the U.S. Capitol. "A 61-year-old Florida mailman was arrested Wednesday after he landed a gyrocopter on the U.S. Capitol west lawn. The gyrocopter was carrying the pilot and 535 stamped letters for members of Congress urging 'real reform' to campaign finance laws. Doug Hughes told the Tampa Bay Times ahead of the afternoon stunt that he notified authorities 'well over an hour in advance of getting to the no-fly zone, so they know who I am and what I'm doing.' Capitol police sent dogs and a bomb squad to the scene. Nothing hazardous was found. A city block from the Capitol had been cordoned off."