Compare cell phone plans using Wirefly's innovative plan comparison tool ×
Media

The Slashdot Interview With VideoLAN President and Lead VLC Developer Jean-Baptiste Kempf 36

You asked, he answered!

VideoLan President and Lead Developer of VLC Jean-Baptiste Kempf has responded to questions submitted by Slashdot readers. Read on to find out about the upcoming VideoLAN projects; how they keep VLC sustainable; what are some mistakes they wish they hadn't made; and what security challenges they face, among others!
Canada

Ashley Madison Security Protocols Violated Canada, Austrialia Privacy Laws (www.cbc.ca) 29

The Office of the Privacy Commissioner of Canada said Tuesday that the Canada-based online dating and social networking service Ashely Madison used inadequate privacy and security technology while marketing itself as a discreet and secure way for consenting adults to have affairs. CBC.ca reports: "In a report Tuesday, the privacy watchdog says the Toronto-based company violated numerous privacy laws in Canada and abroad in the era before a massive data breach exposed confidential information from their clients to hackers. The hack stole correspondence, identifying details and even credit card information from millions of the site's users. The resulting scandal cost the company about a quarter of its annual revenues from irate customers who demanded refunds and cancelled their accounts. Working with a similar agency in Australia, the privacy group says the company knew that its security protocols were lacking but didn't do enough to guard against being hacked. The company even adorned its website with the logo of a 'trusted security award' -- a claim the company admits it fabricated." The report found that "poor habits such as inadequate authentication processes and sub-par key and password management practices were rampant at the company" and that "much of the company's efforts to monitor its own security were 'focused on detecting system performance issues and unusual employee requests for decryption of sensitive user data.'" What's more is that Ashley Madison continued to store personal information of its users even after some of which had deleted or deactivated their account(s). These people then had their information included in databases published online after the hack.
Security

Has WikiLeaks Morphed Into A Malware Hub? (backchannel.com) 125

Slashdot reader mirandakatz writes: In releasing an unredacted database of emails from the Turkish party AKP, WikiLeaks exposed the public to a collection of malware -- and even after a Bulgarian security expert pointed this out publicly, the organization only removed the select pieces of malware that he identified, leaving well over a thousand malicious files on the site.

That AKP leak also included the addresses and other personal details of millions of Turkish women, not unlike the recent DNC leak, which included the personal data of many private individuals. WikiLeaks says this is all in the name of its "accuracy policy," but the organization seems to be increasingly putting the public at risk.

The article opens with the question, "What the hell happened to WikiLeaks?" then argues that "Once an inspiring effort at transparency, WikiLeaks now seems more driven by personal grudges and reckless releases of information..."
Security

Millions Of Steam Game Keys Stolen After Hacker Breaches Gaming Site (zdnet.com) 68

An anonymous reader writes:A little over nine million keys used to redeem and activate games on the Steam platform were stolen by a hacker who breached a gaming news site last month. The site, DLH.net, provides news, reviews, cheat codes, and forums, was breached on July 31 by an unnamed hacker, whose name isn't known but was also responsible for the Dota 2 forum breach. The site also allows users to share redeemable game keys through its forums, which along with the main site has around 3.3 million unique registered users, according to breach notification site LeakedSource.com, which obtained a copy of the database. A known vulnerability found in older vBulletin forum software, which powers the site's community, allowed the hacker to access the databases. The data stolen from the forum includes full names, usernames, scrambled passwords, email addresses, dates of birth, join dates, avatars, Steam usernames, and user activity data. Facebook access tokens were stolen for those who signed in with their social account.
Education

From Now On You'll Be Able To Access NASA Research For Free (vice.com) 64

An anonymous reader writes:Fancy some super nerdy bedtime reading? NASA has announced that it will now provide public access to all journal articles on research funded by the agency. Any scientists publishing NASA-funded work will be required to upload their papers to a free, online database called PubSpace within a year of publication. PubSpace is managed by the National Institutes of Health (NIH) PubMed Central, which archives biomedical research. You can see NASA-funded studies here, with recent examples including a paper on cardiovascular disease in Apollo astronauts and one on Martian tsunamis caused by meteor impacts. NASA explains that the new web portal is a response to a 2013 government request for federally-funded research to be more accessible. There are a few obvious exceptions to what's included, such as and material that's related to national security or affected by export controls. NASA's openness follows a trend to make science results more accessible outside of published, often paywalled journals.
Businesses

Twitch Acquires Curse, Its Sites, Tools For Gamers, and Databases (venturebeat.com) 25

An anonymous reader writes from a report via VentureBeat: The Amazon-owned, game-streaming site Twitch has announced today that it has acquired Curse, a company that creates programs like voice clients, databases, and mod managers for PC games for some 30 million users. Twitch did not disclose how much they paid for Curse. VentureBeat reports: "Twitch has more than 100 million users a month, and it has helped to popularize new trends gaming like esports and the rise of influencers and personalities who create fanbases that watch them (and donate money to them) while they play. Curse has over 30 million users a month across its website, social media channels, and desktop applications. The company hosts popular websites for hit PC games like Hearthpwn for Hearthstone: Heroes of Warcraft and MMO Champion for World of Warcraft. Outside of its site, Twitch hasn't made many services for gamers. It could use this acquisition to extend a reach into that field."
Programming

Ask Slashdot: What Are Some Bad Programming Ideas That Work? (infoworld.com) 671

snydeq writes: Cheaper, faster, better side effects -- sometimes a bad idea in programming is better than just good enough, writes InfoWorld's Peter Wayner: "Some ideas, schemes, or architectures may truly stink, but they may also be the best choice for your project. They may be cheaper or faster, or maybe it's too hard to do things the right way. In other words, sometimes bad is simply good enough. There are also occasions when a bad idea comes with a silver lining. It may not be the best approach, but it has such good side-effects that it's the way to go. If we're stuck going down a suboptimal path to programming hell, we might as well make the most of whatever gems may be buried there." What bad programming ideas have you found useful enough to make work in your projects? Don't be shy or ashamed, we all want to hear your responses!
Power

Tesla Preps Bigger 100 KWh Battery For Model S and Model X (theverge.com) 113

An anonymous reader writes: Tesla will soon offer a 100 kWh battery for the Model S and Model X that will allow for increased range -- perhaps as much as 380 miles for the Model S. Currently, the 90 kWh batteries are the company's largest capacity. Kenteken.TV is reporting that the Dutch regulator that certifies Tesla's vehicles for use in the European Union, RDW, has recently published a number of new Tesla variants. RDW's public database now includes entries for a Tesla "100D" and "100X," which are titles that follow Tesla's current naming system based on battery capacity. The listing for the 100D claims the vehicle has a range of 381 miles or 613 kilometers. The motor output is reported as 90 kilowatts (121 horsepower), which is the maximum output the Tesla motors can sustain without overheating. Autoblog notes that EU range estimates tend to be more optimistic than those issued by the U.S. EPA. A more realistic range might be 310 to 320 miles.
Australia

Internal 'Set Of Blunders' Crashed Australia's Census Site (cso.com.au) 92

Slashdot reader River Tam explains the crash of Australia's online census site, citing the account of a security researcher who says IBM and the Australian Bureau of Statistics "were offered DDoS prevention services from their upstream provider...and said they didn't need it." From an article on CSO: The ABS and IBM gambled on a plan to ask its upstream network provider to block traffic from outside Australia in the event that a denial-of-service attack was detected... Offshore traffic to the site was blocked in line with the plan, however, another attack, for which the ABS had no contingency to repel, was directed at it from within Australia. The attack crippled the firewall and the census site's operators opted to restart it and fall back to a secondary firewall. However, they forgot to check that it had the same configuration as the primary firewall. That crippled the census site.

In an unfortunate confluence of events, IBM's security warning systems started flagging some unusual activity, which indicated that information on the ABS servers was heading offshore. The site's operators, thinking the DDoS activity was a distraction, interpreted the alarms as a successful hack...these were little more than benign system logs and the technical staff monitoring the situation poorly understood it. Amid the confusion they naturally erred on the side of caution, [and] decided to pull the plug on the site...

Classic Games (Games)

Hacked Hobbit Pinball Machine Joins IoT, Broadcasts Itself Over Twitch (lachniet.com) 45

Random web surfers could send a text message or even upload an image to be displayed on the back glass of Mark Lachniet's pinball machine, according to Mael517, while the machine itself webcast footage of both its playing field and backglass using Twitch. Interestingly, all the extra functionality was coded directly into the machine, according to Lachniet, who added only the webcam and an ethernet cord. The Hobbit [machine] has a whole bunch of hardware that I don't really understand and can barely fix... However, it has a computer in its guts, and this I can mostly understand.
After identifying the pinball machine's motherboard, CPU, operating system (Ubuntu) and an SQL database, Lachniet was able to backup its software, and then create his own modifications. He envisions more possibilities -- for example, the ability to announce high scores on social media accounts or allow remote servicing of the machine. Lachniet even sees the possibility of a world-wide registry of pinball game scores with each player's location overlaid on Google Maps "so you could view pinball hot spots and where the high scores were coming from," and maybe even networking machines together to allow real-time global competition."
Education

Bill Gates Has Spent $1+ Million To Get Mark Zuckerberg's Software In Schools 105

theodp writes: "Today is a milestone for personalized learning," boasted Mark Zuckerberg in a Facebook post Tuesday. "For the first time, more than 100 new schools will adopt personalized learning tools this school year. [...] A couple of years ago, our engineering team partnered with Summit [a Zuckerberg, Facebook, and Gates Foundation supported charter school network] to build out their personalized learning software platform so more schools could use it. [...] Congratulations to the Summit team, the new Basecamp schools and the entire personalized learning community on an exciting milestone!" Perhaps Zuckerberg should have also given a shout-out to the Bill and Melinda Gates Foundation, which awarded a $1.1 million grant last year "to support the Summit BaseCamp Program that will bring Next Generation learning at no cost to all partner schools that are accepted into the program." The New York Times characterized the Facebook-Summit partnership as "more of a ground-up effort to create a national demand for student-driven learning in schools." Before you scoff at that idea, consider that an earlier Gates-Zuckerberg collaboration helped give rise to a national K-12 Computer Science crisis!
Databases

Linux Trojan Mines For Cryptocurrency Using Misconfigured Redis Servers (softpedia.com) 62

An anonymous reader writes: In another installment of "Linux has malware too," security researchers have discovered a new trojan that targets Linux servers running Redis, where the trojan installs a cryptocurrency miner. The odd fact about this trojan is that it includes a wormable feature that allows it to spread on its own. The trojan, named Linux.Lady, will look for Redis servers that don't have an admin account password, access the database, and then download itself on the new target. The trojan mines for the Monero crypto-currency, the same one used by another worm called PhotoMiner, which targets vulnerable FTP servers. According to a recent Risk Based Security report from last month, there are over 30,000 Redis servers available online without a password, of which 6,000 have already been compromised by various threat actors.
Security

Dota 2 Forum Breach Leaks 2 Million User Accounts (zdnet.com) 34

Reader cloud.pt writes: In another case of serious programmer impairment, the DOTA 2 official forums have been hacked, making available to the perpetrators around 2 million emails, usernames, and MD5 hashed passwords. [...] From the report: The hack was carried out last month on July 10. The copy of the leaked database was provided to breach notification site LeakedSource.com, which allows users to search their usernames and email addresses in a wealth of stolen and hacked data. The hacker took advantage of an SQL injection vulnerability used by the older vBulletin forum software, which powers the community. That allowed them to access the database of limited user data, such as username, email, IP address of the user. The data also includes the user's hashed password -- which uses the MD5 algorithm, which is widely considered insecure by today's standards, alongside the salt, used to scramble the password further. A member of the LeakedSource group told me that 1.54 million of the passwords -- or about 80 percent -- have already been unscrambled using rudimentary and run-of-the-mill cracking tools.
Earth

6 Million Americans Exposed To High Levels of Chemicals In Drinking Water, Says Study (businessinsider.com) 166

An anonymous reader quotes a report from Business Insider: A new study out Tuesday in the journal Environmental Science and Technology Letters looked at a national database that monitors chemical levels in drinking water and found that 6 million people were being exposed to levels of a certain chemical that exceed what the Environmental Protection Agency considers healthy. The chemicals, known as poly- and perfluoroalkyl substances, or PFASs, are synthetic and resistant to water and oil, which is why they're used in things like pizza boxes and firefighting foam. They're built to withstand the environment. But PFASs also accumulate in people and animals and have been observationally linked to an increased risk of health problems including cancer. And they can't be easily avoided, like with a water filter, for example. You can view the chart to see the tested areas of the U.S. where PFASs exceed 70 ng/L, which is what's considered a healthy lifetime exposure.
Businesses

Nigerian Scammers Infect Themselves With Own Malware, Reveal New Fraud Scheme (ieee.org) 38

"A pair of security researchers recently uncovered a Nigerian scammer ring that they say operates a new kind of attack...after a few of its members accidentally infected themselves with their own malware," reports IEEE Spectrum. "Over the past several months, they've watched from a virtual front row seat as members used this technique to steal hundreds of thousands of dollars from small and medium-sized businesses worldwide." Wave723 writes: Nigerian scammers are becoming more sophisticated, moving on from former 'spoofing' attacks in which they impersonated a CEO's email from an external account. Now, they've begun to infiltrate employee email accounts to monitor financial transactions and slip in their own routing and account info...The researchers estimate this particular ring of criminals earns about US $3 million from the scheme.
After they infected their own system, the scammers' malware uploaded screenshots and all of their keystrokes to an open web database, including their training sessions for future scammers and the re-routing of a $400,000 payment. Yet the scammers actually "appear to be 'family men' in their late 20s to 40s who are well-respected, church-going figures in their communities," according to the article. SecureWorks malware researcher Joe Stewart says the scammers are "increasing the economic potential of the region they're living in by doing this, and I think they feel somewhat of a duty to do this."
The Internet

The World's First Web Site Celebrates 25 Years Online (info.cern.ch) 136

An anonymous reader quotes a report from CNN: Twenty-five years ago, the first public website went live. It was a helpful guide to this new thing called the World Wide Web. The minimalist design featured black text with blue links on a white background. It's still online today if you'd like to click around and check out the frequently asked questions or geek out over the technical protocols.
Its original URL was info.cern.ch, where CERN is now also offering a line-mode browser simulator and more information about the birth of the web. CNN is also hosting screenshots of nine web "pioneers", including the Darwin Awards site, the original Yahoo, and the San Francisco FogCam, which claims to be the oldest webcam still in operation.

What are some of the first web sites that you remember reading? (Any greybeards remember when the Internet Movie Database was just a Usenet newsgroup where readers collaborated on a giant home-made list of movie credits?)
AI

Yahoo's New Anti-Abuse AI Outperforms Previous AI (wired.co.uk) 119

16.4% of the comments on Yahoo News are "abusive," according to human screeners. Now Yahoo has devised an abuse-detecting algorithm "that can accurately identify whether online comments contain hate speech or not," reports Wired UK: In 90 per cent of test cases Yahoo's algorithm was able to correctly identify that a comment was abusive... The company used a combination of machine learning and crowdsourced abuse detection to create an algorithm that trawled the comment sections of Yahoo News and Finance to sniff out abuse. As part of its project, Yahoo will be releasing the first publicly available curated database of online hate speech.
The machine-learning algorithm was "trained on a million Yahoo article comments," according to the article, and Slashdot reader AmiMoJo writes "The system could help AIs avoid being tricked into making abusive comments themselves, as Microsoft's Tay twitter bot did earlier this year."
Government

Is The US Social Security Site Still Vulnerable To Identity Theft? (krebsonsecurity.com) 46

Slashdot reader DERoss writes: Effective 1 August, the U.S. Social Security Administration (SSA) requires users who want to access their SSA accounts to use two-factor authentication. This involves receiving a "security" code via a cell phone text message. This creates two problems. First of all, many seniors who depend on the Social Security benefits to pay their living costs do not have cell phones [or] are not knowledgeable about texting.

More important, cell phone texting is NOT secure. Text messages can be hacked, intercepted, and spoofed. Seniors' accounts might easily be less secure now than they were before 1 August... This is not because of any law passed by Congress. This is a regulatory decision made by top administrators at SSA.

In addition, Krebs on Security reports that the new system "does not appear to provide any additional proof that the person creating an account at ssa.gov is who they say they are" and "does little to prevent identity thieves from fraudulently creating online accounts to siphon benefits from Americans who haven't yet created accounts for themselves." Users are only more secure after they create an account on the social security site -- and Krebs also notes that ironically, the National Institute for Standards and Technology already appears to be deprecating the use of SMS-based two-factor authentication.
Crime

Car Thieves Arrested After Using Laptop and Malware To Steal More Than 30 Jeeps (abc13.com) 215

New submitter altnuc writes: Two thieves in Houston stole more than 30 Jeeps by using a laptop and a stolen database. The thieves simply looked up the vehicles' VIN numbers in a stolen database, reprogramed a generic key fob, started the cars, and drove away. Chrysler has confirmed that more than 100 of their vehicles have been stolen in the Houston area since November. Chrysler/Jeep owners should always make sure their vehicles are locked! The Wall Street Journal issued a report in July with more details about how hackers are able to steal cars with a laptop. The whole process takes roughly 6 minutes. CrimeStopHouston has posted a video on YouTube of one of the thieves in action.
Privacy

This Company Has Built a Profile On Every American Adult (bloomberg.com) 225

Reader schwit1 writes: Every move you make. Every click you take. Every game you play. Every place you stay. They'll be watching you. IDI, a year-old company in the so-called data-fusion business, is the first to centralize and weaponize all that information for its customers. The Boca Raton, Fla., company's database service, idiCORE, combines public records with purchasing, demographic, and behavioral data. Chief Executive Officer Derek Dubner says the system isn't waiting for requests from clients -- it's already built a profile on every American adult, including young people who wouldn't be swept up in conventional databases, which only index transactions. 'We have data on that 21-year-old who's living at home with mom and dad,' he says.

Slashdot Top Deals